WO2023032011A1

WO2023032011A1 - Biometric authentication control unit, system, control method for biometric authentication control unit, and recording medium

Info

Publication number: WO2023032011A1
Application number: PCT/JP2021/031782
Authority: WO
Inventors: 統坂口; 智弘波多江; 麻衣伊藤
Original assignee: 日本電気株式会社
Priority date: 2021-08-30
Filing date: 2021-08-30
Publication date: 2023-03-09
Also published as: JPWO2023032011A1

Abstract

Provided is a biometric authentication control unit that suitably controls the passage of users. The biometric authentication control unit comprises an authentication subject detection unit, a request unit, a tracking control unit, and a notification unit. The authentication subject detection unit detects an authentication subject. The request units transmits an authentication request including biometric information from the authentication subject to a server device. The tracking control unit transmits a tracking start instruction including location information for the authentication subject to a tracking unit which tracks a tracking subject using a distance measurement sensor. The tracking control unit also acquires a tracking result from the tracking unit. The notification unit uses the result of biometric authentication of the authentication subject by the server device and the tracking result of the tracking unit as a basis to determine whether the authentication subject can pass through a gate device and transmits the determination result to the gate device.

Description

Biometric authentication control unit, system, control method of biometric authentication control unit, and storage medium

The present invention relates to a biometric authentication control unit, a system, a control method for the biometric authentication control unit, and a storage medium.

The spread of services using face recognition has begun. For example, face recognition has started to be applied to various procedures (eg, check-in, luggage deposit, security check, etc.) at airports. Alternatively, the development of ticket gates compatible with face recognition is also underway. Various techniques related to biometric authentication are being developed.

For example, in Patent Document 1, for specific users of paid facilities, IC (Integrated Circuit) cards are used to reduce usage fees such as discounts and prevent unauthorized use by others. Are listed. The face authentication automatic ticket gate of Patent Literature 1 includes a storage unit, a card information reading unit, an imaging unit, and a fee discount determination unit. The storage unit stores face verification data in which the face image of a specific user and the ID of the wireless card possessed by the user are associated with each other. The card information reading unit reads information from the wireless card at the entrance of the toll facility. The imaging unit captures an image of the face of the user entering the aisle. The fee discount determination unit uses the ID read from the wireless card as a key to read out a face image having a matching ID from the face matching data stored in the storage unit and compares the face image with the photographed image. If the images match as a result of collation, the fee discount determination unit applies a fee discount according to the discount flag read from the wireless card.

Patent Document 2 states that it is possible to prevent unauthorized passage by unauthorized persons while maintaining the convenience of walk-through face authentication with a simple configuration. The face authentication system disclosed in Patent Literature 2 authenticates the face of a person passing through an authentication area and determines whether the person is allowed to pass. The system comprises image acquisition means, storage means, face matching means, and authorization means. The image obtaining means sequentially obtains input images by photographing the authentication area. The storage means stores a pre-registered registered face image of the user. The face collation means collates the face image of the person extracted from the input image with the registered face image, and authenticates that the person is the user. The authorization means permits passage of the authenticated person when the size of the area indicating the authenticated person in the input image is equal to or larger than a predetermined size. Even if an authorized user is authenticated by facial recognition, the system does not permit passage if the authenticated person is away from the camera. To give permission.

The information processing device of Patent Document 3 includes image processing means, distance estimation means, and matching means. The image processing means extracts the feature amount of the object in the photographed image of the area before passing through the gate, and stores collation information relating to the collation of the object based on the feature amount. The distance estimation means estimates the distance from the gate to the object in the captured image. The collation means performs collation determination based on the estimated distance and the stored collation information of the target for which the distance was estimated.

JP 2010-097272 A JP 2015-001790 A JP 2019-133364 A

Problems can arise when biometric authentication is applied to gate devices that are used by many users, such as ticket gates installed at stations. Specifically, a problem may arise if authentication of a person positioned in front of a gate device is initiated, but another person interrupts in front of the person. In this case, there is a possibility of allowing an unauthenticated person to pass through.

This problem cannot be solved by applying the techniques disclosed in Patent Documents 1 to 3. This is because these documents only disclose gate devices and the like using biometric authentication.

The main purpose of the present invention is to provide a biometric authentication control unit, a system, a biometric authentication control unit control method, and a storage medium that contribute to appropriately controlling the passage of users.

According to a first aspect of the present invention, a person-to-be-authenticated detecting unit that detects a person to be authenticated; a requesting unit that transmits an authentication request including biometric information of the person to be authenticated to a server device; a tracking control unit that transmits a tracking start instruction including location information of the person to be authenticated to a tracking unit that tracks a person to be tracked using a tracking control unit that acquires a tracking result from the tracking unit; A notification unit that determines whether or not the person to be authenticated can pass through the gate device based on the result of the biometric authentication of the person to be authenticated and the result of the tracking by the tracking unit, and notifies the gate device of the determination result. and a biometric control unit.

According to a second aspect of the present invention, including a server device that stores biometric information of each of a plurality of users and performs biometric authentication, and a gate device equipped with a biometric authentication control unit and a tracking unit, The biometric authentication control unit detects a person to be authenticated, transmits an authentication request including the detected biometric information of the person to be authenticated to the server device, and sends location information of the person to be authenticated to the tracking unit. and the tracking unit sets a person existing at a location corresponding to the position information included in the tracking start instruction as a person to be tracked, and tracks the person to be tracked using a range sensor. and when the tracked person enters the gate device, a notification of entry of the person to be authenticated is transmitted to the biometric authentication control unit, and when the biometric authentication control unit receives the notification of entry of the person to be authenticated, the server device A system is provided that determines whether or not the person to be authenticated can pass through the gate device based on an authentication result, and notifies the gate device of the determination result.

According to a third aspect of the present invention, the biometric authentication control unit detects a person to be authenticated, transmits an authentication request including the biometric information of the person to be authenticated to the server device, a tracking start instruction including the location information of the person to be authenticated is transmitted to a tracking unit that tracks the person, a tracking result is obtained from the tracking unit, and a biometric authentication result of the person to be authenticated by the server device; , the tracking result by the tracking unit, and whether or not the person to be authenticated can pass through the gate device, and notifies the gate device of the determination result. .

According to a fourth aspect of the present invention, a computer installed in a biometric authentication control unit performs processing for detecting a person to be authenticated and processing for transmitting an authentication request including the biometric information of the person to be authenticated to a server device. a process of transmitting a tracking start instruction including location information of the person to be authenticated to a tracking unit that tracks the person to be tracked using a range sensor, and obtaining a tracking result from the tracking unit; determining whether or not the person to be authenticated can pass through the gate device based on the biometric authentication result of the person to be authenticated and the tracking result by the tracking unit, and notifying the gate device of the determination result A computer readable storage medium is provided that stores a program for executing and.

According to each aspect of the present invention, a biometric authentication control unit, a system, a control method for the biometric authentication control unit, and a storage medium that contribute to appropriately controlling the passage of users are provided. In addition, the effect of this invention is not limited above. Other effects may be achieved by the present invention instead of or in addition to this effect.

FIG. 1 is a diagram for explaining an overview of one embodiment. FIG. 2 is a diagram showing an example of a schematic configuration of an authentication system according to the first embodiment. FIG. 3 is a diagram for explaining the operation of the authentication system according to the first embodiment. 4 is a diagram illustrating an example of a processing configuration of a biometric authentication control unit according to the first embodiment; FIG. FIG. 5 is a diagram showing an example of an authentication-subjected person information table according to the first embodiment. FIG. 6 is a diagram showing an example of an authentication request according to the first embodiment. 7 is a diagram illustrating an example of a processing configuration of a tracking unit according to the first embodiment; FIG. 8A and 8B are diagrams for explaining the operation of the tracking unit according to the first embodiment. FIG. 9 is a diagram illustrating an example of a processing configuration of the gate device according to the first embodiment; 10 is a sequence diagram illustrating an example of operations of the biometric authentication control unit and the gate device according to the first embodiment; FIG. FIG. 11 is a diagram illustrating an example of a processing configuration of the gate device according to the first embodiment; FIG. 12 is a diagram illustrating an example of a user information database according to the first embodiment; FIG. 13 is a diagram illustrating an example of an authentication status database according to the first embodiment; 14 is a flowchart illustrating an example of the operation of the server device according to the first embodiment; FIG. 15 is a sequence diagram illustrating an example of the operation of the authentication system according to the first embodiment; FIG. FIG. 16 is a diagram for explaining the operation of the authentication system according to the first embodiment; FIG. 17 is a diagram for explaining the operation of the authentication system according to the first embodiment; FIG. 18 is a diagram illustrating an example of a hardware configuration of a biometric authentication control unit disclosed in the present application; FIG. 19 is a diagram illustrating an example of a hardware configuration of a gate device according to the disclosure of the present application.

First, an outline of one embodiment will be described. It should be noted that the drawing reference numerals added to this outline are added to each element for convenience as an example to aid understanding, and the description of this outline does not intend any limitation. Also, unless otherwise specified, the blocks shown in each drawing represent the configuration of each function rather than the configuration of each hardware unit. Connecting lines between blocks in each figure include both bi-directional and uni-directional. The unidirectional arrows schematically show the flow of main signals (data) and do not exclude bidirectionality. In addition, in the present specification and drawings, elements that can be described in the same manner can be omitted from redundant description by assigning the same reference numerals.

The biometric authentication control unit 100 according to one embodiment includes an authentication subject detection unit 101, a request unit 102, a tracking control unit 103, and a notification unit 104 (see FIG. 1). The to-be-authenticated person detection unit 101 detects the to-be-authenticated person. The request unit 102 transmits an authentication request including the biometric information of the person to be authenticated to the server device. The tracking control unit 103 transmits a tracking start instruction including the location information of the person to be authenticated to a tracking unit that tracks the person to be tracked using a range sensor, and acquires the tracking result from the tracking unit. The notification unit 104 determines whether or not the person to be authenticated can pass through the gate device based on the biometric authentication result of the person to be authenticated by the server device and the tracking result by the tracking unit, and notifies the gate device of the determination result. do.

The biometric authentication control unit 100 detects a user who is far from the gate device as a person to be authenticated. When the biometrics control unit 100 detects a person to be authenticated, it starts biometrics authentication and tracking of the person to be authenticated. Specifically, the biometrics control unit 100 requests the server device to biometrically authenticate the person to be authenticated, and requests (instructs) the tracking unit to track the person to be authenticated. When the tracking of the person to be authenticated is completed (for example, the fact that the person to be authenticated has entered the gate device is obtained from the tracking unit), the biometrics control unit 100 confirms the authentication result of the person to be authenticated. The biometrics control unit 100 permits the person to be authenticated to pass through the gate device when the biometrics authentication of the person to be authenticated whose tracking has been completed is successful. In other words, a user who interrupts from the side of the person to be authenticated is not required to be biometrically authenticated by the server device, and tracking is not completed, so the user cannot pass through the gate device. Can not. That is, the traffic of users is appropriately controlled.

Here, it is conceivable to use image data showing the person to be authenticated for tracking the person to be authenticated. However, as a result of intensive studies by the inventors, it has been found that sufficient tracking accuracy cannot be obtained by tracking a person to be authenticated using image data. Specifically, in tracking using image data, it was found that accurate tracking cannot be performed when users overlap because the tracking target is determined based on the position in the image. The biometric authentication control unit 100 solves the above problems by instructing a tracking unit that performs tracking using a distance measuring sensor (for example, a three-dimensional distance sensor; 3D LiDAR) to track the person to be authenticated. That is, since the accurate current position of the person to be authenticated is grasped by tracking the person to be authenticated using the distance measuring sensor, even if the person to be authenticated overlaps with the person to be authenticated, there is no right to pass through the gate device. Users will definitely be excluded. The biometric authentication control unit 100 extracts the person to be authenticated from the image data, and causes the tracking unit that controls the range sensor to track the extracted person to be authenticated, thereby appropriately controlling the passage of the user. .

Specific embodiments will be described in more detail below with reference to the drawings.

[First Embodiment]
The first embodiment will be described in more detail with reference to the drawings.

[System configuration]
FIG. 2 is a diagram showing an example of a schematic configuration of an authentication system according to the first embodiment. Referring to FIG. 2, the authentication system includes a plurality of gate devices 10-1 to 10-3 and a server device 20. FIG.

In the following description, the gate devices 10-1 to 10-3 are simply referred to as "gate device 10" unless there is a particular reason to distinguish them. Similarly, other configurations are represented by the symbols to the left of the hyphen.

The gate device 10 and the server device 20 are configured to be able to communicate with each other through wired or wireless communication means. The server device 20 may be installed in the same building as the gate device 10, or may be installed on a network (cloud).

The gate device 10 is, for example, a device installed at airports and stations. The gate device 10 controls passage of users. In the first embodiment, the gate device 10 will be described as a ticket gate installed at a station. However, it is needless to say that the gate device 10 is not intended to be limited to ticket gates installed at stations.

The server device 20 is a device that controls the entire authentication system. The server device 20 is a device that performs biometric authentication of a user who is going to pass through the gate device 10 . If the user is qualified (authorized) to pass through the gate device 10, the server device 20 permits the user to pass through. If the user is not qualified to pass through the gate device 10, the server device 20 denies the user passage.

[Overview of system operation]
Next, an outline of operation of the authentication system according to the first embodiment will be described with reference to the drawings.

As shown in FIG. 3, the gate device 10 includes a camera 11 installed so as to capture a user walking towards the gate device 10 . The gate device 10 also includes a detection sensor 12 for detecting a user who has entered the gate device 10, and a gate 13 for controlling the passage of the user.

The gate device 10 also includes a biometric authentication control unit 14 . The biometric authentication control unit 14 is a unit that can be retrofitted (add-on) to the gate device 10 . The gate device 10 and the biometric authentication control unit 14 are connected by a bus standard such as USB (Universal Serial Bus), PCI (Peripheral Component Interconnect), or Ethernet (registered trademark). Also, the biometric authentication control unit 14 is configured to be able to communicate with the camera 11 and the like, and controls (uses) these devices to realize the biometric authentication function of the gate device 10 .

Furthermore, the gate device 10 includes a tracking unit 15 . The tracking unit 15 is also a unit that can be retrofitted (add-on) to the gate device 10 . The tracking unit 15 is attached to the gate device 10 when adding a tracking function of the person to be authenticated to the gate device 10 . The biometric authentication control unit 14 and the tracking unit 15 are connected by a bus standard such as USB or Ethernet (registered trademark), for example. Also, the tracking unit 15 is configured to be able to control a range sensor 16 capable of detecting an object, and uses this device to track the user.

In this way, the biometric authentication control unit 14 and the tracking unit 15 are installed in the gate device 10 according to the first embodiment.

The ranging sensor 16 is a sensor that scans the distance to an object in space. A stereo camera, a TOF (Time Of Flight) distance image sensor, a three-dimensional distance sensor (3D LiDAR), or the like can be used as the distance measurement sensor 16 .

The biometric authentication control unit 14 detects a person (user, passenger) present within a predetermined range in front of the gate device 10 . For example, the biometric control unit 14 detects a user who is closer to the gate device 10 than the position X1 in FIG. In other words, the biometrics control unit 14 does not detect users who are far from the gate device 10 .

When the biometric authentication control unit 14 detects a user, it sets the user as an authentication target (authenticated person). For example, in the example of FIG. 3, user A1 is set as the person to be authenticated. User A2 is not set as a person to be authenticated because he is away from the gate device 10 .

The biometric authentication control unit 14 gives an ID (Identifier) to the person to be authenticated. For example, in the example of FIG. 3, "ID_A1" is assigned to user A1. In the following description, an ID for identifying a person to be authenticated will be referred to as a "person to be authenticated ID".

For example, when a user is detected at a position (for example, position X1) near the gate device 10, the biometric authentication control unit 14 requests the server device 20 to biometrically authenticate the detected user. Specifically, the biometric authentication control unit 14 transmits an “authentication request” including the biometric information of the user and the ID of the person to be authenticated to the server device 20 .

Upon receiving the authentication request, the server device 20 identifies the user through verification processing (authentication processing) using pre-registered biometric information. The server device 20 determines whether or not the specified user is qualified to pass through the gate device 10 . For example, the server device 20 confirms the pre-registered user's charge amount and the like, and determines whether or not the person to be authenticated can pass. The server device 20 may make an inquiry to an external server or the like when determining whether or not the person to be authenticated can pass. Whether or not to inquire of an external server or the like depends on the specifications, design, etc. of the system, and is different from the gist of the present disclosure, so a description of the system configuration including the external server will be omitted.

The server device 20 transmits a response (authentication result) to the authentication request to the biometric authentication control unit 14, which is the source of the request. Specifically, the server device 20 notifies the biometric authentication control unit 14 of “successful authentication” when it is determined that “passage is permitted”. If it is determined that the passage is not allowed, the server device 20 notifies the biometric authentication control unit 14 of the "authentication failure".

The server device 20 notifies the gate device 10 of the ID of the person to be authenticated along with the result of the biometric authentication (authentication success, authentication failure). In the above example, the authentication target ID “ID_A1” is notified to the gate device 10 together with the authentication result of the user A1.

Also, the gate device 10 starts tracking the user (person to be authenticated detected at position X1) at substantially the same timing as the transmission of the authentication request (start of authentication). Specifically, the biometric control unit 14 instructs the tracking unit 15 to start tracking the person to be authenticated.

At that time, the biometric authentication control unit 14 estimates the position (coordinates; X coordinate, Y coordinate) of the user whose face image was extracted. For example, the biometric authentication control unit 14 estimates the position (X coordinate, Y coordinate) of the person corresponding to the face from the position and size of the face included in the image data. For example, the biometric authentication control unit 14 estimates the position of each user whose facial image is extracted (user's ID to be authenticated), such as "ID_A: X1, Y1".

The biometric authentication control unit 14 notifies the tracking unit 15 of the location information and the ID of the person to be authenticated whose face image has been extracted. Specifically, the biometrics control unit 14 transmits to the tracking unit 15 a “tracking start instruction” including the location information of the person to be authenticated and the ID of the person to be authenticated. In this way, the biometric authentication control unit 14 sets the tracking unit 15 that the user (object) present at the position (coordinates) where the face image is extracted is the tracking target.

The tracking unit 15 uses the ranging sensor 16 to detect objects existing around the gate device 10 . After that, the tracking unit 15 associates and manages the object (an object presumed to be a person) detected at substantially the same position as the position notified from the biometrics control unit 14 and the person-to-be-authenticated ID.

The tracking unit 15 tracks the person associated with the person-to-be-authenticated ID. In the example of FIG. 3, the tracking unit 15 is notified of the position (X1, Y1) of the user A1 and the ID of the person to be authenticated "ID_A1", and the tracking unit 15 starts tracking the user A1.

In this way, when the biometric authentication control unit 14 detects the person to be authenticated within a predetermined range, it instructs the tracking unit 15 to track the person to be authenticated at substantially the same timing as the authentication request to the server device 20 .

While the server device 20 is processing the authentication request, the person to be authenticated (for example, the user A1 photographed at the position X1) moves toward the gate device 10. For example, the biometric authentication control unit 14 receives a response to the authentication request from the server device 20 at the timing when the person to be authenticated moves to the location X2.

Even if the biometric authentication control unit 14 receives the authentication result from the server device 20, it does not instruct the gate device 10 to open or close the gate 13 at that timing.

The person to be authenticated further approaches the gate device 10 and enters its interior (the person to be authenticated reaches position X3). When a tracked person enters the gate device 10, the tracking unit 15 notifies the biometric control unit 14 of the subject ID of the tracked person. Specifically, the tracking unit 15 notifies the biometric authentication control unit 14 of a “person to be authenticated entrance notification” including the to-be-authenticated person ID of the person to be tracked who has entered the inside of the gate device 10 . For example, in the example of FIG. 3, the tracking unit 15 notifies the biometric authentication control unit 14 of the user A1's ID "ID_A1".

The biometrics control unit 14 stores the ID of the person to be authenticated notified from the tracking unit 15. The biometric authentication control unit 14 determines whether or not the person to be authenticated whose ID notified from the server device 20 matches the ID of the person to be authenticated notified from the tracking unit 15 can pass through the gate device 10 . Specifically, if the authentication result of the person to be authenticated whose tracking has been completed is "successful authentication", the biometric authentication control unit 14 determines that the user can pass through the gate device 10, and notifies the gate device of that fact. Notify 10. More specifically, the biometric authentication control unit 14 transmits a “notice of permission to pass” to the gate device 10 .

On the other hand, the biometrics control unit 14 does not take any particular action if the authentication result of the person to be authenticated whose tracking has been completed is other than "authentication success" (authentication failure or no authentication result).

The user (person to be authenticated) proceeds further inside from the entrance of the gate device 10 . When the user advances to a predetermined position (position X4) of the gate device 10, the gate device 10 detects the person to be authenticated based on the detection signal from the detection sensor 12 installed in the middle of the device itself.

If the gate device 10 receives the "passage permission notification" at the timing when the user is detected, the gate device 10 keeps the gate 13 open and permits the user to pass through the gate.

On the other hand, the gate device 10 closes the gate 13 and restricts the passage of the user if the "passage permission notification" is not received at the timing when the user is detected.

In this way, when the tracking unit 15 detects that a person to be authenticated who is set as a tracking target has entered the gate device 10, the tracking unit 15 notifies the biometrics control unit 14 of the ID of the person to be authenticated who has entered. . In response to the notification (push notification), the biometric authentication control unit 14 confirms the authentication result of the corresponding person to be authenticated, and permits passage if the authentication is successful.

The user's biometric information includes, for example, data (feature amounts) calculated from physical features unique to an individual, such as a face or iris pattern (pattern). Alternatively, the user's biometric information may be image data such as a face image or an iris image. A user's biometric information should just contain a user's physical characteristic as information. In the first embodiment, a facial image of a person or a feature amount generated from the facial image is used as biometric information.

The configuration shown in FIG. 2, etc. is an example and is not intended to limit the configuration of the system. For example, the authentication system may include at least one or more gate devices 10 . Each gate device 10 may be installed in the same place (for example, the same station), or may be installed in different places.

Next, details of the biometric authentication control unit 14, tracking unit 15, gate device 10, and server device 20 included in the authentication system according to the first embodiment will be described.

[Biometric authentication control unit]
FIG. 4 is a diagram showing an example of a processing configuration (processing modules) of the biometric authentication control unit 14 according to the first embodiment. Referring to FIG. 4, the biometric authentication control unit 14 includes a communication control unit 201, a person-to-be-authenticated detection unit 202, an authentication request unit 203, a tracking control unit 204, a passage permission notification unit 205, and a table management unit 206. , a message output unit 207 and a storage unit 208 .

The communication control unit 201 is means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the server device 20 . Also, the communication control unit 201 transmits data to the server device 20 . The communication control unit 201 transfers data received from other devices to other processing modules. The communication control unit 201 transmits data acquired from other processing modules to other devices. In this manner, other processing modules transmit and receive data to and from other devices via the communication control unit 201 . The communication control unit 201 has a function as a receiving unit that receives data from another device and a function as a transmitting unit that transmits data to the other device.

The authenticated person detection unit 202 is means for detecting an authenticated person. The person-to-be-authenticated detection unit 202 detects a person within a predetermined range from the gate device 10 as a person to be authenticated. More specifically, the person-to-be-authenticated detection unit 202 determines whether a person exists within a predetermined range from the gate device 10 (for example, a position closer to the gate device 10 than the position X1; within the range from X1 to X3). to detect

In the following description, for ease of understanding, the range in which the person-to-be-authenticated detection unit 202 detects the person to be authenticated is defined in the X-axis direction. ~ Y2) are also considered.

The person-to-be-authenticated detection unit 202 acquires image data from the camera 11 periodically or at a predetermined timing. The person-to-be-authenticated detection unit 202 attempts to extract a face image from the acquired image data.

Since existing technology can be used for face image extraction processing by the person-to-be-authenticated detection unit 202, detailed description thereof will be omitted. For example, the person-to-be-authenticated detection unit 202 may extract a face image (face region) from image data using a learning model learned by a CNN (Convolutional Neural Network). Alternatively, the person-to-be-authenticated detection unit 202 may extract a face image using a technique such as template matching.

When the face image is extracted, the person-to-be-authenticated detection unit 202 calculates the inter-eye distance from the face image. Specifically, the person-to-be-authenticated detection unit 202 extracts left and right eyes from the face image, and calculates the length (the number of pixels) of the straight line connecting the extracted eyes.

The to-be-authenticated person detection unit 202 performs threshold processing on the calculated inter-eye distance, and determines whether or not the to-be-authenticated person exists within the predetermined range according to the result. Specifically, if the distance between the eyes is longer than the threshold, the person-to-be-authenticated detection unit 202 determines that the person-to-be-authenticated has been detected within the predetermined range. If the distance between the eyes is equal to or less than the threshold, the person-to-be-authenticated detection unit 202 determines that the person-to-be-authenticated does not exist within the predetermined range.

When an authenticated person is detected within a predetermined range, the authenticated person detection unit 202 adds an entry to the authenticated person information table. The to-be-authenticated person detection unit 202 numbers the to-be-authenticated person ID for identifying the to-be-authenticated person, and stores the ID of the to-be-authenticated person in a new entry. In addition, the authentication-subjected person detection unit 202 also stores the time when the authentication-subjected person is registered in the authentication-subjected person information table (the time when a new entry is added) in the authentication-subjected person information table.

FIG. 5 is a diagram showing an example of an authentication-subjected person information table according to the first embodiment. The authenticated person information table is constructed on the memory of the biometric authentication control unit 14 . As shown in the bottom part of FIG. 5, for example, when the person-to-be-authenticated detection unit 202 detects a person at the position X1, it adds an entry to the person-to-be-authenticated information table and sets the detected person as the person to be authenticated. do. Note that nothing is set in the authentication status field and the tracking status field when the entry is added.

The authentication status field is a field for managing the biometric authentication status of the authenticated person. The tracking status field is a field for managing the tracking status of the person to be authenticated.

Note that the authentication-subjected person information table shown in FIG. 5 is an example, and is not meant to limit the items to be stored. For example, the biometric information (face image, feature amount) of the person to be authenticated may be registered in the person-to-be-authenticated information table. The authentication-subject detection unit 202 may prevent a user who has already been registered as an authentication-subject from being registered again in the authentication-subject information table using the biometric information. If the face image (feature amount) extracted from the image data substantially matches the face image (feature amount) registered in the authentication-subjected person information table, the authentication-subjected person detection unit 202 detects the face image (feature amount) from the image data. The person corresponding to the extracted face image is not set as the person to be authenticated.

When the registration of the person to be authenticated is completed, the person-to-be-authenticated detection unit 202 passes the ID of the person-to-be-authenticated and the image data (image data and face image obtained from the camera 11) at the time of detection of the person-to-be-authenticated to the authentication requesting unit 203. .

Furthermore, when the registration of the person to be authenticated is completed, the person-to-be-authenticated detection unit 202 estimates the position (coordinates; X coordinate, Y coordinate) of the user whose face image is extracted. For example, the person-to-be-authenticated detection unit 202 estimates the position (X coordinate, Y coordinate) of the person corresponding to the face from the position and size of the face included in the image data.

Alternatively, the person-to-be-authenticated detection unit 202 may estimate the position using a learning model. Specifically, the person-to-be-authenticated detection unit 202 estimates a position using a learning model generated by machine learning using teacher data in which labels (X coordinates, Y coordinates) are assigned to images. good. Arbitrary algorithms, such as a support vector machine, a boosting, and a neural network, can be used for the production|generation of the said learning model. Since well-known techniques can be used for algorithms such as the support vector machine, the description thereof is omitted.

The to-be-authenticated person detection unit 202 estimates the position of each user (user's to-be-authenticated person ID) whose face image is extracted, for example, "ID_A: X1, Y1". The to-be-authenticated person detection unit 202 passes the to-be-authenticated person ID and the user's position (X coordinate, Y coordinate) to the tracking control unit 204 .

The authentication request unit 203 is means for requesting the server device 20 to authenticate the person to be authenticated detected by the person-to-be-authenticated detection unit 202 . After acquiring the face image of the person to be authenticated, the authentication requesting unit 203 generates a feature amount (a feature vector composed of a plurality of feature amounts) from the acquired face image.

Existing technology can be used for the feature generation process, so a detailed description thereof will be omitted. For example, the authentication requesting unit 203 extracts the eyes, nose, mouth, etc. from the face image as feature points. After that, the authentication requesting unit 203 calculates the position of each feature point and the distance between each feature point as a feature amount, and generates a feature vector (vector information that characterizes the face image) composed of a plurality of feature amounts.

The authentication requesting unit 203 generates an authentication request including the generated feature amount (biometric information), the ID of the person to be authenticated, and the gate ID, and transmits it to the server device 20 (see FIG. 6). The gate ID is identification information for identifying the gate device 10 . The MAC (Media Access Control) address or IP (Internet Protocol) address of the gate device 10 can be used as the gate ID. Alternatively, the gate ID may be system-specific identification information (identification ID). By holding the identification ID as a master also on the server device 20 side, it can be determined that the transmitted authentication request is from the permitted gate device 10 .

When the authentication request is transmitted to the server device 20, the authentication requesting unit 203 sets "authenticating" in the authentication status field of the corresponding entry (entries with the same authentication-subject ID) in the authentication-subject information table (see FIG. 5). See the second entry from the bottom).

The authentication requesting unit 203 receives a response (including the authentication result) from the server device 20 to the authentication request. The authentication requesting unit 203 extracts the ID of the person to be authenticated from the received response. The authentication request unit 203 identifies the person to be authenticated based on the extracted person-to-be-authenticated ID, and registers the authentication result in the corresponding entry of the person-to-be-authenticated information table (the first and second entries from the top in FIG. 5). reference). In this way, upon receiving the biometric authentication result from the server device 20 , the authentication requesting unit 203 sets the received biometric authentication result in the authentication status field of the entry added by the authentication-subject detecting unit 202 .

The tracking control unit 204 is means for controlling tracking of the person-to-be-authenticated detected by the person-to-be-authenticated detection unit 202 . The tracking control unit 204 transmits a tracking start instruction including the position information of the person to be authenticated to the tracking unit 15 that tracks the person to be tracked using the distance measuring sensor 16 . The tracking control section 204 acquires tracking results from the tracking unit 15 .

Specifically, the tracking control unit 204 acquires the authenticated person ID and the authenticated person's location information (X coordinate, Y coordinate) from the authenticated person detection unit 202 . After that, the tracking control section 204 transmits a “tracking start instruction” including the location information of the person to be authenticated (estimated location of the person to be authenticated) and the ID of the person to be authenticated to the tracking unit 15 .

The tracking control unit 204 sets the tracking status of the authenticated person who sent the tracking start instruction to "tracking" and updates the authenticated person information table (see the third entry from the bottom in FIG. 5).

The tracking control unit 204 receives the "notification of entry of the person to be authenticated" from the tracking unit 15. Upon receiving the notification, the tracking control unit 204 determines that tracking of the person to be authenticated has been completed. The tracking control unit 204 updates the tracking status of the corresponding authenticated person using the authenticated person ID included in the notification. Specifically, the tracking control unit 204 sets "tracking completed" in the tracking status field of the corresponding entry in the authenticated person information table (see the topmost entry in FIG. 5).

In this way, the tracking control unit 204 receives from the tracking unit 15 an authentication-subjected person entry notification indicating that the tracked person has entered the gate device 10 . The tracking control unit 204 sets the tracking result (fact that tracking of the person to be authenticated has been completed) obtained from the tracking unit 15 in the tracking status field of the entry added by the person to be authenticated detection unit 202 .

When the tracking control unit 204 reflects the subject entry notification from the tracking unit 15 in the authentication subject information table, the tracking control unit 204 notifies the passage permission notification unit 205 to that effect.

The passage permission notification unit 205 is means for notifying the gate device 10 whether or not the person to be authenticated (user) is permitted to pass through the gate device 10 . The passage permission notification unit 205 determines whether or not the person to be authenticated can pass through the gate device 10 based on the result of biometric authentication of the person to be authenticated by the server device 20 and the tracking result of the person to be authenticated by the tracking unit 15. and notifies the gate device 10 of the determination result.

The pass permission notification unit 205 accesses the authenticated person information table at the timing when the tracking of the authenticated person is completed (when the tracking control unit 204 acquires the fact that the tracking has been completed).

The passage permission notification unit 205 checks the authentication status field and tracking status field of each entry included in the authentication subject information table. If there is an entry in which the set value of the authentication status field is "authentication successful" and the set value of the tracking status field is "tracking completed", the passage permission notification unit 205 allows the person to be authenticated to pass through the gate device 10. allow Specifically, if there is an entry that satisfies the above two conditions, the passage permission notification unit 205 notifies the gate device 10 that the user can pass through the gate device 10 . The passage permission notification unit 205 transmits a “passage permission notification” to the gate device 10 .

In the example of FIG. 5, the topmost entry satisfies the above two conditions, so the passage permission notification unit 205 transmits a "passage permission notice" to the gate device 10.

When the passage permission notification unit 205 permits the user (person to be authenticated) to pass through the gate, it deletes the entry that serves as the basis for the permission. In the example of FIG. 5, the passage permission notification unit 205 deletes the topmost entry.

In this way, the passage permission notification unit 205 determines whether or not the person to be authenticated can pass through the gate device 10 in response to the receipt of the entry notification of the person to be authenticated by the tracking control unit 204 . That is, the biometrics control unit 14 determines whether or not the person to be authenticated can pass through the gate device 10 based on the authentication result by the server device 20 when receiving the notification of the entry of the person to be authenticated.

Note that the passage permission notification unit 205 may receive a "gate closed notification" from the gate device 10. Upon receiving the notification, the passage permission notification unit 205 continues to access the authentication subject information table for a predetermined period of time, and checks whether an entry satisfying the above two conditions appears (exists). If an entry that satisfies the above two conditions appears during the predetermined period, the passage permission notification unit 205 permits the person to be authenticated (user) to pass through the gate. Specifically, when an entry that satisfies the above two conditions appears, the passage permission notifying unit 205 transmits a “passage permission notification” to the gate device 10 .

For example, when the authentication result (authentication success) from the server device 20 is delayed to be reflected in the authenticated person information table due to the network environment between the gate device 10 and the server device 20, the above phenomenon occurs. can happen. Alternatively, the above phenomenon may occur when the person to be authenticated tries to run through the gate device 10 .

If no entry that satisfies the above two conditions appears after a predetermined period of time, the passage permission notification unit 205 notifies the station staff (the terminal used by the station staff) that a problem has occurred. Alternatively, the pass permission notification unit 205 may prompt the person to be authenticated to go to the station staff via the message output unit 207 .

The table management unit 206 is means for managing the authenticated person information table. The table management unit 206 accesses the authentication-subjected person information table periodically or at a predetermined timing, and deletes unnecessary entries.

The table management unit 206 checks the registration time field of each entry, and deletes entries for which a predetermined period has passed since the entry was added to the authentication-subjected person information table. That is, the table management unit 206 deletes an entry that does not satisfy the above two conditions (authentication success, tracking completion) even after a predetermined period of time has passed since the entry was registered.

With this operation of the table management unit 206, even if the user detected as the person to be authenticated moves away from the gate device 10 without going to the gate device 10, the entry of such person to be authenticated is deleted.

When the entry is deleted, the table management unit 206 may notify the server device 20 and the tracking unit 15 to that effect. The table management unit 206 may transmit the ID of the person to be authenticated to the server device 20 and cancel the authentication of the corresponding person to be authenticated. The table management section 206 may also transmit the ID of the person to be authenticated to the tracking unit 15 and instruct it to exclude the person to be tracked corresponding to the ID of the person to be authenticated from being tracked.

The message output unit 207 is means for outputting a message or the like to be notified to the user. The message output unit 207 notifies the user of necessary messages using a display (not shown), a speaker (not shown), or the like. For example, when the gate control unit 403 of the gate device 10 refuses the user to pass, the message output unit 207 outputs a message to that effect and a countermeasure (for example, contact the station staff).

The storage unit 208 is means for storing information necessary for the operation of the biometrics control unit 14 .

[Tracking unit]
FIG. 7 is a diagram showing an example of a processing configuration (processing modules) of the tracking unit 15 according to the first embodiment. Referring to FIG. 7 , tracking unit 15 includes communication control section 301 , tracking section 302 , and storage section 303 .

The communication control unit 301 is means for controlling communication with other apparatuses (devices). For example, the communication control section 301 receives data (packets) from the biometric authentication control unit 14 . The communication control section 301 also transmits data to the biometric authentication control unit 14 . The communication control unit 301 passes data received from other devices to other processing modules. The communication control unit 301 transmits data acquired from other processing modules to other devices. In this way, other processing modules transmit and receive data to and from other devices via the communication control unit 301 . The communication control unit 301 has a function as a receiving unit that receives data from another device and a function as a transmitting unit that transmits data to the other device.

The tracking unit 302 is means for tracking the person to be authenticated. The tracking unit 302 receives a “tracking start instruction” from the biometric control unit 14 . The tracking unit 302 controls the distance measuring sensor 16 and scans all around the gate device 10 (especially in front of the gate device 10). The tracking unit 302 detects objects existing around the gate device 10 through the scanning.

Through the scanning of the ranging sensor 16, the tracking unit 302 acquires a countless set of points (point group). The tracking unit 302 obtains a cluster (a set of points forming an object) by clustering the points included in the obtained point group for each object. The tracking unit 302 detects objects by assigning meanings (for example, floors, walls, people) to the obtained clusters. For example, the tracking unit 302 detects an object (person, etc.) by image recognition based on machine learning (image recognition of a laser image obtained by reflecting a laser off an object).

For object detection using the distance measuring sensor 16, a human detection technique used in controlling automobiles and robots can be used, so a more detailed description will be omitted. For example, the tracking unit 302 performs object detection using the technique disclosed in Reference 1 below.
<Reference 1>
JP 2021-099698 A

When the tracking unit 302 detects at least one person, it calculates the position (coordinates) of the detected person. For example, as shown in FIG. 3, when scanning is performed in a situation where user A1 stands at position (X1, Y1) and user A2 stands at position (X0, Y0), as shown in FIG. 8A Two persons are detected in the positional relationship. When two persons are detected, the tracking unit 302 calculates the center position of each person as the position (X coordinate, Y coordinate) of the person.

For ease of understanding, the disclosure of the present application will be described with the coordinate system of the biometric authentication control unit 14 and the coordinate system of the tracking unit 15 being the same. Any necessary coordinate transformation can be performed.

The tracking unit 302 sets a person who exists substantially at the same location as the position information included in the tracking start instruction as a tracking target. In the examples of FIGS. 3 and 8A, the tracking unit 302 sets user A1 as a tracking target.

When a tracked target is set, the tracking unit 302 associates and manages the position of the tracked target and the ID of the person to be authenticated. For example, in the example of FIG. 8A, the user A1 is set as a tracking target, so the tracking unit 302 makes a correspondence such as (ID_A1; X1, Y1).

The tracking unit 302 controls the distance measuring sensor 16 periodically or at a predetermined timing to detect an object. For example, when object detection is performed at the timing when user A1 moves to position (X2, Y1) in FIG. 3, tracking unit 302 detects two persons in a positional relationship as shown in FIG. 8B.

The tracking unit 302 identifies the tracking target from among the people detected by the current scan by comparing the shape of the person obtained by the previous scan with the shape of the person obtained by the current scan. The tracking unit 302 updates the identified position (X coordinate, Y coordinate) of the tracked object. In the above example, the position of the tracked user A1 is updated to (X2, Y1).

The tracking unit 302 confirms the updated position of the tracked object and determines whether the tracked object has entered the inside of the gate device 10 . For example, in the example of FIG. 3, the tracking unit 302 determines that the user A1 has entered the gate device 10 if the X coordinate of the user A1 is closer to the gate device 10 than the position X3. The tracking unit 302 determines that the user A1 has not entered the gate device 10 if the X coordinate of the user A1 is farther from the gate device 10 than the position X3.

When the tracking unit 302 determines that the tracked person has entered the inside of the gate device 10, the tracking unit 302 transmits to the biometrics control unit 14 a "person to be authenticated entrance notification" including the ID of the person to be tracked. In other words, the tracking unit 302 transmits to the biometric authentication control unit 14 a notification of entry of the person to be authenticated indicating that the person to be tracked has entered the gate device 10 .

In this way, the tracking unit 15 (tracking unit 302) manages the position of the tracked person in association with the ID of the person to be authenticated, and completes tracking when the tracked person enters the gate device 10. The tracking unit 302 notifies the biometric authentication control unit 14 of the subject ID of the person to be tracked who has completed the tracking.

It should be noted that the tracking unit 302 may delete the information (authenticated person ID and location) of the person to be tracked who has not completed tracking even after a predetermined time has elapsed since the start of tracking. Alternatively, the tracking unit 302 also deletes the information of the tracked person when the tracked person leaves the predetermined range (for example, when the tracked person does not go to the gate device 10 but heads to another place). may

The storage unit 303 is means for storing information necessary for the operation of the tracking unit 15.

[Gate device]
FIG. 9 is a diagram showing an example of a processing configuration (processing modules) of the gate device 10 according to the first embodiment. Referring to FIG. 9 , the gate device 10 includes a communication control section 401 , an intruder detection section 402 , a gate control section 403 and a storage section 404 .

The communication control unit 401 is means for controlling communication with other devices. For example, the communication control unit 401 receives data (packets) from the biometric authentication control unit 14 . Also, the communication control unit 401 transmits data to the biometric authentication control unit 14 . The communication control unit 401 transfers data received from other devices to other processing modules. The communication control unit 401 transmits data acquired from other processing modules to other devices. In this manner, other processing modules transmit and receive data to and from other devices via the communication control unit 401 . The communication control unit 401 has a function as a receiving unit that receives data from another device and a function as a transmitting unit that transmits data to the other device.

The intruder detection unit 402 is a means for detecting an intruder into its own device (gate device 10). More specifically, the intruder detection unit 402 uses the detection signal from the detection sensor 12 to detect the user who has reached the intermediate point of the gate device 10 (position X4 in FIG. 3). When the intruder detection unit 402 detects the user at the position X4, the intruder detection unit 402 notifies the gate control unit 403 to that effect.

The gate control unit 403 is means for controlling the gate 13 provided in the gate device 10 . The gate control unit 403 performs opening/closing control of the gate 13 at the timing when the user reaches a predetermined position (position X4 in FIG. 3) of the gate device 10 .

The gate control unit 403 keeps the gate 13 open if it has already received the "passage permission notification" from the biometric authentication control unit 14 when the user reaches the position X4. On the other hand, the gate control unit 403 closes the gate 13 when the "passage permission notification" is not received from the biometrics control unit 14 at the timing.

When the gate 13 is closed, the gate control section 403 notifies the biometric authentication control unit 14 to that effect. Specifically, the gate control unit 403 transmits a “gate closed notification” to the biometric authentication control unit 14 . The gate control unit 403 opens the gate 13 when receiving the “passage permission for the user” within a predetermined period of time after transmitting the gate closing notification.

The gate control unit 403 notifies the server device 20 via the biometric authentication control unit 14 of the fact that the person to be authenticated has passed through the gate 13 . Specifically, when the gate control unit 403 permits the user to pass through the gate because the user is detected at the position X4 and the pass permission notice is received from the biometric authentication control unit 14, The biometric authentication control unit 14 is notified to that effect. The pass permission notification unit 205 of the biometric authentication control unit 14 receives the authenticated person ID described in the entry (the entry of the authenticated person information table) that is the basis for transmitting the pass permission notification and the gate ID of the gate device 10. to the server device 20. That is, the gate device 10 (biometric authentication control unit 14 ) transmits to the server device 20 a “gate passage notification” including the subject ID of the person to be authenticated who has passed through the gate 13 and the gate ID.

The storage unit 404 is means for storing information necessary for the operation of the gate device 10 .

FIG. 10 is a sequence diagram showing an example of operations of the biometric authentication control unit 14 and the gate device 10 according to the first embodiment.

The biometric authentication control unit 14 attempts to detect the person to be authenticated within a predetermined range in front of the gate device 10 (step S101). If the person to be authenticated is not detected (step S101, No branch), the biometric authentication control unit 14 repeats the process of step S101.

When the person to be authenticated is detected (step S101, Yes branch), the biometrics control unit 14 requests the server device 20 to request authentication of the person to be authenticated (step S102).

Also, the biometrics control unit 14 starts tracking the person to be authenticated substantially at the same time as sending the authentication request. The biometrics control unit 14 sends a tracking start instruction including the location of the person to be authenticated and the ID of the person to be authenticated to the tracking unit 15 (step S103).

The biometric authentication control unit 14 receives the authentication result from the server device 20 (step S104). The biometric authentication control unit 14 reflects the authentication result in the authenticated person information table.

The tracking unit 15 tracks the person-to-be-authenticated, and when the person-to-be-authenticated arrives at the entrance of the gate device 10, it sends a notification of entry of the person-to-be-authenticated to the biometrics control unit 14. In other words, the biometric control unit 14 receives the entry notification of the person to be authenticated from the tracking unit 15 (step S105). The biometric authentication control unit 14 reflects the tracking result by the tracking unit 15 in the authentication subject information table.

If the person to be authenticated has been successfully authenticated at the timing when the person to be authenticated reaches the entrance of the gate device 10, the biometrics control unit 14 transmits a notice of permission to pass to the gate device 10 (step S106).

The gate device 10 determines whether or not the person to be authenticated has reached a predetermined position on the gate device 10 (step S201). If the person to be authenticated has not reached the predetermined position (step S201, No branch), the gate device 10 repeats the process of step S201.

When the person to be authenticated has reached the predetermined position (step S201, Yes branch), the gate device 10 performs opening/closing control of the gate 13 (step S202). The gate device 10 permits the person-to-be-authenticated to pass if the notification of passage permission is received. In other words, the gate device 10 closes the gate 13 to let the user Block traffic.

When the gate device 10 permits the person to be authenticated to pass, the gate device 10 notifies the server device 20 of this fact.

In this way, the biometric authentication control unit 14 detects a person to be authenticated and transmits an authentication request including the detected biometric information of the person to be authenticated to the server device 20 . Also, the biometrics control unit 14 transmits a tracking start instruction including the location information of the person to be authenticated to the tracking unit 15 . The biometric authentication control unit 14 notifies the tracking unit 15 of the location information of the person to be authenticated, thereby setting the person to be tracked in the tracking unit 15 . The tracking unit 15 sets a person existing at a location corresponding to the position information included in the tracking start instruction as a person to be tracked, and uses the distance measurement sensor 16 to track the person to be tracked. When the person to be tracked enters the gate device 10 , the tracking unit 15 notifies that the person to be authenticated has arrived at the gate device 10 by transmitting a notification of entry of the person to be authenticated to the biometric authentication control unit 14 . Upon receiving the notification of the entrance of the person to be authenticated, the biometrics control unit 14 determines whether or not the person to be authenticated can pass through the gate device 10 based on the authentication result by the server device 20 . The biometric authentication control unit 14 determines that the person to be authenticated can pass through the gate device 10 if the person to be authenticated is qualified to pass through the gate device 10 (if the authentication is successful).

[Server device]
FIG. 11 is a diagram showing an example of a processing configuration (processing modules) of the server device 20 according to the first embodiment. Referring to FIG. 11 , server device 20 includes communication control section 501 , user registration section 502 , authentication section 503 , gate passage notification processing section 504 , and storage section 505 .

The communication control unit 501 is means for controlling communication with other devices. For example, the communication control section 501 receives data (packets) from the biometrics control unit 14 . Also, the communication control unit 501 transmits data to the biometric authentication control unit 14 . The communication control unit 501 passes data received from other devices to other processing modules. The communication control unit 501 transmits data acquired from other processing modules to other devices. In this manner, other processing modules transmit and receive data to and from other devices via the communication control unit 501 . The communication control unit 501 has a function as a receiving unit that receives data from another device and a function as a transmitting unit that transmits data to the other device.

The user registration unit 502 is means for system registration of users who can pass through the gate device 10 . The user registration unit 502 acquires biometric information (for example, facial images) of users who can pass through the gate device 10 using arbitrary means.

For example, a system user inputs biometric information and personal information (name, address, etc.) into the server device 20 using a web page of a railway company or a kiosk terminal installed at a station.

When the user registration unit 502 acquires a face image, it calculates a feature amount from the face image. A user registration unit 502 stores a user ID that identifies a system user (biometric information registrant) and a user's biometric information (for example, a feature amount calculated from a face image) in a "user information database". Register (see FIG. 12).

The user registration unit 502 registers information (business information) required for user authentication processing in the user information database as necessary. For example, when the server device 20 processes an authentication request from a ticket gate (gate device 10) installed at a station, the user registration unit 502 associates information such as the charge amount with biometric information to identify the user. Store in an information database.

The user information database shown in FIG. 12 is an example, and other items may be stored in association with biometric information (feature amounts). For example, the user's name and face image may be registered in the user information database.

The authentication unit 503 is means for processing an authentication request received from the biometric authentication control unit 14 (gate device 10). Upon receiving the authentication request, the authentication unit 503 extracts the gate ID and the person-to-be-authenticated ID from the authentication request. The authentication unit 503 adds a new entry to the authentication status database and stores the extracted gate ID and authenticated person ID (see FIG. 13). Also, the authentication unit 503 sets the processing status of the added entry to “processing”. In FIG. 13, for ease of understanding, the gate device 10 is used as the gate ID.

When information is registered in the authentication status database, the authentication unit 503 sets the biometric information (feature amount) included in the authentication request as a matching target, and performs matching processing with the biometric information registered in the user information database. conduct.

More specifically, the authentication unit 503 sets the feature amount extracted from the authentication request as a matching object, and performs one-to-N (N is a positive (integer, same below) perform matching.

The authentication unit 503 calculates the degree of similarity between the feature amount (feature vector) to be matched and each of the plurality of feature amounts on the registration side. Chi-square distance, Euclidean distance, or the like can be used for the degree of similarity. Note that the greater the distance, the lower the similarity, and the closer the distance, the higher the similarity.

If a feature amount with a degree of similarity equal to or greater than a predetermined value is not registered in the user information database, the authentication unit 503 sets "authentication failure" as the authentication result.

If a feature amount with a degree of similarity equal to or greater than a predetermined value is registered in the user information database, the authentication unit 503 determines whether or not the user specified by the collation process is qualified to pass through the gate device 10. .

For example, when processing an authentication request received from the gate device 10 for entering a station, the authentication unit 503 determines whether the specified user's charge amount is equal to or greater than the initial fare. If the balance of the charge amount is equal to or less than the initial fare, the authentication unit 503 determines that the specified user is not qualified to pass through the gate device 10 . If the balance of the charged amount is greater than the initial fare, the authentication unit 503 determines that the identified user is qualified to pass through the gate device 10 .

For example, when processing an authentication request received from the gate device 10 for exiting from a station, the authentication unit 503 determines whether the boarding station is set for the specified user. If the boarding station is not set, the authentication unit 503 determines that the specified user is not qualified to pass through the gate device 10 . If the boarding station is set, the authentication unit 503 calculates the fare according to the route of the user (the route between the boarding station and the alighting station). If the calculated fare exceeds the charged amount, the authentication unit 503 determines that the user is not qualified to pass through the gate device 10 . If the calculated fare is equal to or less than the charged amount, the authentication unit 503 determines that the specified user is qualified to pass through the gate device 10 .

If the identified user is not qualified to pass through the gate device 10, the authentication unit 503 sets "authentication failure" to the authentication result.

If the identified user is qualified to pass through the gate device 10, the authentication unit 503 sets "authentication success" to the authentication result.

The authentication unit 503 notifies the biometric authentication control unit 14 (gate device 10) of the person-to-be-authenticated ID of the person to be authenticated (person to be authenticated) and the authentication result (authentication success, authentication failure). In the case of successful authentication, the authentication section 503 transmits an affirmative response indicating successful authentication to the biometrics control unit 14 . At that time, the authentication unit 503 transmits to the biometric authentication control unit 14 an affirmative response including the user ID of the user to be authenticated.

In the case of authentication failure, the authentication unit 503 sends a negative response indicating authentication failure to the biometric authentication control unit 14. When sending a negative response, the authentication section 503 may also notify the biometric authentication control unit 14 of the cause of authentication failure. For example, the authentication unit 503 may transmit to the biometric authentication control unit 14 factors related to authentication failure, such as biometric information not being registered in the system, insufficient charging amount, and boarding station not being set. . Also, when the authentication fails, the authentication unit 503 transmits a negative response including the authenticated person ID of the user to be authenticated to the biometric authentication control unit 14 .

After sending a response to the authentication request to the gate device 10, the authentication unit 503 sets "responded" to the corresponding entry in the authentication status database. Also, when notifying the gate device 10 of successful authentication, the authentication unit 503 sets the user ID of the successful authentication person (the user determined to have been successfully authenticated) to the user ID of the corresponding entry.

The gate passage notification processing unit 504 is means for processing gate passage notifications received from the gate device 10 (biometric authentication control unit 14). The gate passage notification processing unit 504 extracts the gate ID and the person-to-be-authenticated ID from the received notification. The gate-passing notification processing unit 504 searches the authentication status database using the gate ID and the person-to-be-authenticated ID as keys to identify the corresponding entry.

The gate passage notification processing unit 504 reads the user ID from the user ID field of the identified entry. The gate passage notification processing unit 504 searches the user information database using the read user ID as a key to identify the corresponding entry.

The gate passage notification processing unit 504 executes processing associated with the user passing through the gate for the specified entry.

For example, when processing a gate passage notification received from the gate device 10 for entering a station, the gate passage notification processing unit 504 sets the station where the gate device 10 is installed as the boarding station of the specified entry. .

For example, when processing a gate passage notification received from the gate device 10 for exiting the station, the gate passage notification processing unit 504 calculates the user's fare and subtracts the fare from the charge amount. In addition, the gate passage notification processing unit 504 clears the setting value of the boarding station field.

The storage unit 505 stores various information necessary for the operation of the server device 20 . A user information database and an authentication status database are constructed in the storage unit 505 .

FIG. 14 is a flow chart showing an example of the operation of the server device 20 according to the first embodiment.

The server device 20 receives an authentication request from the biometric authentication control unit 14 (step S301).

The server device 20 executes matching processing using the biometric information included in the authentication request and the biometric information registered in the user information database (step S302).

The server device 20 determines whether or not there is an entry with a degree of similarity between biometric information equal to or greater than a predetermined value (step S303).

If such an entry does not exist (step S303, No branch), the server device 20 sets the authentication result to authentication failure (step S304).

If such an entry exists (step S303, Yes branch), the server device 20 determines whether the person to be authenticated is qualified to pass through the gate device 10 (step S305).

If the person to be authenticated is not qualified to pass through the gate device 10 (step S305, No branch), the server device 20 sets the authentication result to authentication failure (step S304).

If the person to be authenticated is qualified to pass through the gate device 10 (step S305, Yes branch), the server device 20 sets the authentication result to authentication success (step S306).

The server device 20 transmits the authentication result (authentication success, authentication failure) to the biometric authentication control unit 14 (step S307).

A description of the operation of the server device 20 when receiving the gate passage notification will be omitted.

Next, the operation of the authentication system according to the first embodiment will be described with reference to the drawings. 15 is a sequence diagram illustrating an example of the operation of the authentication system according to the first embodiment; FIG. It is assumed that system users have already been registered prior to the operation of FIG. Also, in FIG. 15, the biometric authentication control unit 14 and the tracking unit 15 are assumed to be integrated with the gate device 10, and the operation of the system will be described.

The gate device 10 detects a person to be authenticated within a predetermined range set in front of itself (step S01).

The gate device 10 acquires the biometric information of the person to be authenticated, and transmits an authentication request including the biometric information to the server device 20 (step S02).

Also, at substantially the same timing as the transmission of the authentication request, the gate device 10 starts tracking the person to be authenticated (step S03).

The server device 20 executes authentication processing and transmits the result to the gate device 10 (steps S11 and S12).

The gate device 10 receives the authentication result and reflects the authentication result in the authentication subject information table (reflection of the authentication result; step S04).

When the person to be authenticated reaches the entrance of the gate device 10, the gate device 10 completes tracking of the person to be authenticated (step S05).

When the person to be authenticated reaches the predetermined position of the gate device 10, the gate device 10 performs gate control (step S06). Specifically, the gate device 10 permits passage of the person to be authenticated for whom authentication is successful and tracking is completed.

After permitting the person to be authenticated to pass through, the gate device 10 transmits a gate passage notification to the server device 20 (step S07).

Upon receiving the gate passage notification, the server device 20 updates the information of the person who passed through the gate (authenticated person; person to be authenticated who was determined to be authenticated successfully) (step S13). Specifically, the server device 20 updates the entry in the user information database corresponding to the gate passer.

Next, specific operations of the gate device 10 assuming various movements of users (users to be authenticated, users who are not to be authenticated) will be described with reference to the drawings.

As shown in the upper part of FIG. 16, user 30 is set as a person to be authenticated, and user 31 is a user who is not to be authenticated. In the drawings including FIG. 16, the person to be authenticated is shown in gray, and the user who is not to be authenticated is shown in white. User 31 is not a person to be authenticated because it is not detected as a person to be authenticated at position X1. Therefore, there is no entry for user 31 in the authenticated person information table.

The user 30 walks toward the gate device 10. The user 31 moves so as to enter the inside of the gate device 10 from the side of the user 30 . In this case, the positional relationship between the two becomes as shown in the lower part of FIG. 16 as time elapses.

Since the entry for user 31 is not registered in the authentication subject information table, gate 13 closes when user 31 reaches position X4. Further, even if a predetermined period of time has passed since the gate 13 was closed, the authentication result of the user 31 is not registered in the authenticated person information table, so the gate 13 is not opened.

Alternatively, it is conceivable that the person to be authenticated passes another person to be authenticated walking in front. For example, consider a case where

users

32 and 33 walk toward the gate device 10 as shown in the upper part of FIG. In this case, both the user 32 and the user 33 are set as the person to be authenticated (the person in gray) because the biometric information is acquired at the position X1 and the tracking is started.

The user 33 walking behind moves as shown in the dashed line in the upper part of FIG. 17 and overtakes the user 32 in front. In this case, the positional relationship between the two becomes as shown in the lower part of FIG. 17 as time elapses.

Entries for the user 32 and the user 33 are registered in the authenticated person information table. , the gate 13 remains open. Further, even if the user 32 arrives at the position X4 following the user 33, the gate 13 is not closed.

In this way, the user whose biometric information is acquired at the position X1 and who is set as the person to be authenticated can be processed normally even if they do not reach (enter) the gate device 10 in the set order. That is, the user can pass through the gate device 10 even if the user does not reach the gate device 10 in the order in which the person to be authenticated was registered due to a difference in the walking speed of the person to be authenticated. In this way, the authentication system according to the first embodiment also allows irregular situations, so the throughput of the system is improved.

<Modified example according to the first embodiment>
In the above embodiment, the tracking unit 15 sends to the biometrics control unit 14 the subject entry notification including the subject ID of the tracked person when tracking is completed. However, the biometrics control unit 14 may periodically inquire of the tracking unit 15 whether or not tracking of the person to be authenticated (tracked person) has ended.

Specifically, after transmitting a tracking start instruction to the tracking unit 15, the tracking control unit 204 of the biometric authentication control unit 14 periodically transmits a "location inquiry" including the ID of the person to be authenticated to the tracking unit 15. .

The tracking unit 302 of the tracking unit 15 transmits the position information (X coordinate, Y coordinate) of the ID of the person to be authenticated included in the inquiry to the biometrics control unit 14 . The tracking control unit 204 determines whether or not the person to be authenticated (person to be tracked) has entered the gate device 10 using the acquired position information. When the tracking control unit 204 determines that the person to be authenticated has entered the gate device 10 from the acquired position information, the tracking control unit 204 sets the tracking status of the corresponding entry in the information table of the person to be authenticated to "tracking completed". When tracking completion is set in the entry, the tracking control unit 204 notifies the passage permission notification unit 205 to that effect.

The passage permission notification unit 205 determines whether or not the person to be authenticated can pass through the gate device 10 according to the notification. That is, when the tracked person's position information acquired by the tracking control unit 204 indicates that the tracked person has entered the gate device 10 , the passage permission notification unit 205 determines whether the person to be authenticated can pass through the gate device 10 . Determine whether or not.

As described above, the gate device 10 (the gate device 10 equipped with the biometric authentication control unit 14 and the tracking unit 15) in the first embodiment detects the person to be authenticated. When the gate device 10 detects the person to be authenticated, the gate device 10 starts authentication and tracking of the person to be authenticated at substantially the same timing. Since the server device 20 can start the authentication process from a place away from the gate device 10, it is possible to secure the execution time of the biometric authentication. Also, the gate device 10 starts tracking the person to be authenticated from the remote location. At that time, the gate device 10 performs tracking using the ranging sensor 16 . Since the gate device 10 can grasp the accurate current position of the person to be authenticated by tracking the person to be authenticated using the distance measuring sensor 16, the entry into the gate device 10 by the person to be authenticated can be reliably recognized. In other words, even if a user who is not the person to be authenticated interrupts the gate device 10, the gate device 10 can block the passage of the interrupting user.

Next, the hardware of each device that makes up the authentication system will be explained. FIG. 18 is a diagram showing an example of the hardware configuration of the biometrics control unit 14. As shown in FIG.

The biometric authentication control unit 14 includes a processor 311, a memory 312, a communication interface 313, and the like. Components such as the processor 311 are connected by an internal bus or the like and configured to be able to communicate with each other.

However, the configuration shown in FIG. 18 is not intended to limit the hardware configuration of the biometric authentication control unit 14. The biometrics control unit 14 may include hardware (not shown). Also, the number of processors 311 and the like included in the biometrics control unit 14 is not limited to the example shown in FIG.

The processor 311 is, for example, a programmable device such as a CPU (Central Processing Unit), MPU (Micro Processing Unit), DSP (Digital Signal Processor). Alternatively, processor 311 may be a device such as FPGA (Field Programmable Gate Array), ASIC (Application Specific Integrated Circuit), or the like. The processor 311 executes various programs including an operating system (OS).

The memory 312 is RAM (Random Access Memory), ROM (Read Only Memory), HDD (Hard Disk Drive), SSD (Solid State Drive), or the like. The memory 312 stores an OS program, application programs, and various data.

The communication interface 313 is a circuit, module, etc. that communicates with other devices. For example, the communication interface 313 includes a NIC (Network Interface Card) or the like.

The functions of the biometric authentication control unit 14 are realized by various processing modules. The processing module is implemented by the processor 311 executing a program stored in the memory 312, for example. Also, the program can be recorded in a computer-readable storage medium. The storage medium can be non-transitory such as semiconductor memory, hard disk, magnetic recording medium, optical recording medium, and the like. That is, the present invention can also be embodied as a computer program product. Also, the program can be downloaded via a network or updated using a storage medium storing the program. Furthermore, the processing module may be realized by a semiconductor chip.

The biometric authentication control unit 14 is equipped with a computer, and the functions of the biometric authentication control unit 14 can be realized by causing the computer to execute a program. Moreover, the biometrics control unit 14 performs the control method of the biometrics control unit 14 by the said program.

The hardware configuration of the tracking unit 15 can be the same as the hardware configuration of the biometrics control unit 14, so the description is omitted.

The gate device 10 includes the camera 11, the detection sensor 12 and the gate 13 as described above (see FIG. 19). The gate device 10 has hardware such as a processor, a memory, and a communication interface in the same manner as the biometric authentication control unit 14, but illustrations and descriptions of these configurations are omitted.

The camera 11 is a camera device capable of acquiring visible light images. In FIG. 3, the gate device 10 has been described as having one camera 11, but this is not intended to limit the number or installation of the cameras 11. FIG. For example, multiple cameras 11 may be installed in the gate device 10 .

Alternatively, the person to be authenticated may be detected by other means instead of the camera 11 for detecting the person to be authenticated. For example, a human sensor or the like may be used to detect a person at a predetermined distance from the gate device 10 . Alternatively, the camera 11 may acquire image data when a human sensor detects a person, and the person to be authenticated may be detected.

The detection sensor 12 is a sensor that detects people. As the detection sensor 12, for example, a sensor composed of a light transmitting device and a light receiving device (so-called light passing sensor) can be used. For example, an optical transmission device and an optical reception device are installed so as to face each other (two devices are installed on the inner wall of the main body). A transmitting device constantly transmits light and a receiving device receives the transmitted light. The gate device 10 determines that a person is detected when the receiving device fails to receive the light. Note that FIG. 3 shows one of the two devices that constitute the detection sensor 12 .

The gate 13 is a device that controls the passage of users. The method of the gate 13 is not particularly limited, and may be, for example, a flapper gate that opens and closes with flappers provided from one or both sides of the passage, a turnstile gate that rotates three bars, or the like.

The functions of the biometric authentication control unit 14 and the tracking unit 15 may be implemented by a CPU or the like that controls the gate device 10 as a whole. Conversely, the functions of the gate device 10 may be realized by the processor 311 included in the biometrics control unit 14. FIG.

Alternatively, the functions of the tracking unit 15 may be realized by the biometric control unit 14. Alternatively, the functionality of tracking unit 15 may be incorporated in ranging sensor 16 . That is, the distance measurement sensor 16 having the function of the tracking unit 15 and the biometric control unit 14 may be connected.

Note that the server device 20 can be configured by an information processing device. As with the biometric authentication control unit 14, the server device 20 only needs to include a processor, a memory, a communication interface, and the like.

[Modification]
The configuration, operation, and the like of the authentication system described in the above embodiment are examples, and are not intended to limit the configuration and the like of the system.

In the above embodiment, the gate device 10 is explained as a ticket gate installed at the station. However, it is of course not intended to limit the gate device 10 to a ticket gate. The gate device 10 may be a device that is installed in an airport, an event site, an office, or the like, and controls the passage of users.

In the above embodiment, the case where the server device 20 has a user information database has been described. However, the database may be constructed in a database server different from the server device 20 . Also, the authentication system may include various means (authentication request unit 203, tracking control unit 204, etc.) described in the above embodiment. For example, the authentication process performed by the server device 20 may be performed by the gate device 10 (biometric authentication control unit 14). A part or all of the functions of the server device 20 may be realized by the gate device 10 .

In the above embodiment, a case has been described in which the biometric information related to the feature amount generated from the face image is transmitted from the biometric authentication control unit 14 to the server device 20 . However, the “face image” itself may be transmitted from the biometric authentication control unit 14 to the server device 20 as the biometric information. The server device 20 may generate a feature amount from the acquired face image and perform authentication processing (one-to-N matching).

In the above embodiment, the case where the authenticated person detection unit 202 estimates the position (X coordinate, Y coordinate) of the authenticated person has been described. However, the estimation of the location of the person to be authenticated may be performed by the tracking control unit 204 . In this case, the person-to-be-authenticated detection unit 202 may pass the person-to-be-authenticated ID and the image data to the tracking control unit 204 . The tracking control unit 204 may estimate the position (X coordinate, Y coordinate) of the person to be authenticated using the acquired image data.

In the above embodiment, the camera 11 is assumed to be a monocular camera, but the camera 11 may be a depth camera (stereo camera) capable of measuring the depth direction. In this case, the biometric authentication control unit 14 may detect the person to be authenticated at a predetermined distance from the gate device 10 using an image obtained from a stereo camera instead of thresholding the distance between the eyes. Specifically, the biometrics control unit 14 analyzes two images obtained from the stereo camera (analysis using parallax), and calculates the user's position with respect to the gate device 10 . If the calculated position is included in the predetermined location, the biometric authentication control unit 14 sets the user as a person to be authenticated.

The form of data transmission/reception between the biometric authentication control unit 14 and the server device 20 is not particularly limited, but the data transmitted/received between these devices may be encrypted. A face image and a feature amount calculated from the face image are personal information, and in order to appropriately protect the personal information, it is desirable to transmit and receive encrypted data.

In addition, in the above embodiment, the case where the gate device 10, the biometrics control unit 14, and the tracking unit 15 are separated has been described. However, these devices may be integrated. That is, the biometrics control unit 14 and the tracking unit 15 may be integrated with the gate device 10 . In this case, the gate device 10 includes, in addition to the configuration shown in FIG. It is sufficient if the tracking section 302 of the unit 15 is provided.

In the above embodiment, a case has been described in which the information about the person to be authenticated is stored and managed using the information table for the person to be authenticated. However, the information about the person to be authenticated may be stored and managed using a database (person to be authenticated information database).

In the flowcharts (flowcharts, sequence diagrams) used in the above explanation, multiple steps (processes) are described in order, but the execution order of the steps executed in the embodiment is not limited to the described order. In the embodiment, the order of the illustrated steps can be changed within a range that does not interfere with the content, such as executing each process in parallel.

The above embodiments have been described in detail to facilitate understanding of the disclosure of the present application, and are not intended to require all the configurations described above. Also, when a plurality of embodiments are described, each embodiment may be used alone or in combination. For example, it is possible to replace part of the configuration of the embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of the embodiment. Furthermore, additions, deletions, and replacements of other configurations are possible for some of the configurations of the embodiments.

From the above description, the industrial applicability of the present invention is clear, and the present invention can be suitably applied to authentication systems installed at airports, stations, and the like.

Some or all of the above embodiments may also be described in the following additional remarks, but are not limited to the following.
[Appendix 1]
an authenticated person detection unit for detecting an authenticated person;
a request unit that transmits an authentication request including the biometric information of the person to be authenticated to a server device;
a tracking control unit that transmits a tracking start instruction including position information of the person to be authenticated to a tracking unit that tracks the person to be tracked using a range sensor, and obtains a tracking result from the tracking unit;
determining whether or not the person to be authenticated can pass through the gate device based on the biometric authentication result of the person to be authenticated by the server device and the tracking result by the tracking unit, and sending the determination result to the gate device notifying, a notification unit;
A biometric control unit.
[Appendix 2]
The tracking control unit receives from the tracking unit an authentication-subjected person entry notification indicating that the tracked person has entered the gate device,
The biometric authentication control unit according to supplementary note 1, wherein the notification unit determines whether or not the person to be authenticated can pass through a gate device in response to receiving the notification of entry of the person to be authenticated.
[Appendix 3]
The tracking control unit
after transmitting the tracking start instruction, transmitting a location inquiry including the subject ID to the tracking unit, obtaining location information of the tracked person corresponding to the subject ID from the tracking unit;
Supplementary Note 1: The notification unit determines whether the person-to-be-authenticated can pass through the gate device when the acquired position information of the tracked person indicates that the tracked person has entered the gate device. The biometric authentication control unit according to .
[Appendix 4]
When the authentication-subject detection unit detects the authentication-subject, the authentication-subject detection unit adds an entry to an authentication-subject information table,
When the request unit receives the biometric authentication result from the server device, the request unit sets the received biometric authentication result in an authentication status field of the added entry,
The tracking control unit sets the tracking result in a tracking status field of the added entry;
4. The notification unit according to any one of appendices 1 to 3, wherein the notification unit determines whether or not the person to be authenticated can pass through the gate device based on the set value of the authentication status field and the set value of the tracking status field. A biometric control unit as described.
[Appendix 5]
5. The biometric authentication control unit according to appendix 4, further comprising a table management unit that deletes an entry that has passed a predetermined period of time after being added to the authentication-subjected person information table.
[Appendix 6]
6. The biometric authentication control unit according to any one of appendices 1 to 5, wherein the biometric information is a facial image or a feature amount generated from the facial image.
[Appendix 7]
a server device that stores biometric information of each of a plurality of users and performs biometric authentication;
a gate device equipped with a biometric control unit and a tracking unit;
including
The biometric control unit,
A person to be authenticated is detected, an authentication request including biometric information of the detected person to be authenticated is transmitted to the server device, and a tracking start instruction including location information of the person to be authenticated is transmitted to the tracking unit. death,
The tracking unit is
A person existing at a location corresponding to the position information included in the tracking start instruction is set as a person to be tracked, the person to be tracked is tracked using a range sensor, and the person to be tracked enters the gate device. Then, a notification of entry of the person to be authenticated is transmitted to the biometric authentication control unit,
The biometric control unit,
A system for determining whether or not the person-to-be-authenticated can pass through the gate device based on the result of authentication by the server device upon receiving the notification of entry of the person-to-be-authenticated, and notifying the gate device of the determination result.
[Appendix 8]
The biometric control unit,
transmitting the tracking start instruction including the location information of the subject and the subject ID of the subject to the tracking unit;
The tracking unit is
When the position of the tracked person and the ID of the person to be authenticated are associated and managed, and when the tracking is completed in response to the entry of the tracked person into the gate device, the target of the tracked person who has completed the tracking is managed. 8. The system of claim 7, wherein an authenticator ID is communicated to the biometric control unit.
[Appendix 9]
The biometric control unit,
transmitting an authentication request including the detected biometric information of the person to be authenticated and the ID of the person to be authenticated to the server device;
The system according to appendix 8, wherein the server device notifies the biometric authentication control unit of the authenticated person ID of the person to be authenticated.
[Appendix 10]
The biometric authentication control unit determines whether or not a person to be authenticated whose ID of the person to be authenticated notified from the server device matches the ID of the person to be authenticated notified from the tracking unit can pass through the gate device. , Supplement 9.
[Appendix 11]
11. The system according to any one of appendices 7 to 10, wherein the server device performs matching processing using biometric information of each of the plurality of users and biometric information included in the authentication request.
[Appendix 12]
12. The system according to supplementary note 11, wherein the server device determines whether or not the user identified by the verification process is qualified to pass through the gate device.
[Appendix 13]
13. The system of any one of clauses 7-12, wherein the ranging sensor is a three-dimensional range sensor.
[Appendix 14]
In the biometric control unit,
detect the subject,
transmitting an authentication request including the biometric information of the person to be authenticated to a server device;
sending a tracking start instruction including the location information of the person to be authenticated to a tracking unit that tracks the person to be tracked using a range sensor, and obtaining a tracking result from the tracking unit;
determining whether or not the person to be authenticated can pass through the gate device based on the biometric authentication result of the person to be authenticated by the server device and the tracking result by the tracking unit, and sending the determination result to the gate device A method of controlling a biometrics control unit to notify.
[Appendix 15]
In the computer installed in the biometric control unit,
a process of detecting an authenticated person;
a process of transmitting an authentication request including the biometric information of the person to be authenticated to a server device;
A process of transmitting a tracking start instruction including the location information of the person to be authenticated to a tracking unit that tracks the person to be tracked using a range sensor, and obtaining a tracking result from the tracking unit;
determining whether or not the person to be authenticated can pass through the gate device based on the biometric authentication result of the person to be authenticated by the server device and the tracking result by the tracking unit, and sending the determination result to the gate device a notification process;
A computer-readable storage medium that stores a program for executing

It should be noted that each disclosure of the above cited prior art documents shall be incorporated into this document by citation. Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments. Those skilled in the art will appreciate that these embodiments are illustrative only and that various modifications can be made without departing from the scope and spirit of the invention. That is, the present invention naturally includes various variations and modifications that can be made by those skilled in the art according to the entire disclosure including claims and technical ideas.

10 gate device 10-1 gate device 10-2 gate device 10-3 gate device 11 camera 12 detection sensor 13 gate 14 biometric authentication control unit 15 tracking unit 16 ranging sensor 20 server device 30 user 31 user 32 user 33 User 100 Biometric authentication control unit 101 Subject detection unit 102 Request unit 103 Tracking control unit 104 Notification unit 201 Communication control unit 202 Authentication subject detection unit 203 Authentication request unit 204 Tracking control unit 205 Pass permission notification unit 206 Table management unit 207 message output unit 208 storage unit 301 communication control unit 302 tracking unit 303 storage unit 311 processor 312 memory 313 communication interface 401 communication control unit 402 intruder detection unit 403 gate control unit 404 storage unit 501 communication control unit 502 user registration unit 503 Authentication unit 504 Gate passage notification processing unit 505 Storage unit

Claims

an authenticated person detection unit for detecting an authenticated person;
a request unit that transmits an authentication request including the biometric information of the person to be authenticated to a server device;
a tracking control unit that transmits a tracking start instruction including position information of the person to be authenticated to a tracking unit that tracks the person to be tracked using a range sensor, and obtains a tracking result from the tracking unit;
determining whether or not the person to be authenticated can pass through the gate device based on the biometric authentication result of the person to be authenticated by the server device and the tracking result by the tracking unit, and sending the determination result to the gate device notifying, a notification unit;
A biometric control unit.
The tracking control unit receives from the tracking unit an authentication-subjected person entry notification indicating that the tracked person has entered the gate device,
2. The biometric authentication control unit according to claim 1, wherein said notification unit determines whether said person to be authenticated can pass through a gate device in response to said person to be authenticated entry notification being received.
The tracking control unit
after transmitting the tracking start instruction, transmitting a location inquiry including the subject ID to the tracking unit, obtaining location information of the tracked person corresponding to the subject ID from the tracking unit;
The notification unit determines whether or not the person-to-be-authenticated can pass through the gate device when the acquired position information of the tracked person indicates that the tracked person has entered the gate device. 2. The biometric authentication control unit according to 1.
When the authentication-subject detection unit detects the authentication-subject, the authentication-subject detection unit adds an entry to an authentication-subject information table,
When the request unit receives the biometric authentication result from the server device, the request unit sets the received biometric authentication result in an authentication status field of the added entry,
The tracking control unit sets the tracking result in a tracking status field of the added entry;
4. The notification unit determines whether or not the person to be authenticated can pass through the gate device based on the set value of the authentication status field and the set value of the tracking status field. The biometric authentication control unit according to .
The biometric authentication control unit according to claim 4, further comprising a table management unit that deletes an entry that has passed a predetermined period of time after being added to the authentication-subjected person information table.
The biometric authentication control unit according to any one of claims 1 to 5, wherein the biometric information is a facial image or a feature amount generated from the facial image.
a server device that stores biometric information of each of a plurality of users and performs biometric authentication;
a gate device equipped with a biometric control unit and a tracking unit;
including
The biometric control unit,
A person to be authenticated is detected, an authentication request including biometric information of the detected person to be authenticated is transmitted to the server device, and a tracking start instruction including location information of the person to be authenticated is transmitted to the tracking unit. death,
The tracking unit is
A person existing at a location corresponding to the position information included in the tracking start instruction is set as a person to be tracked, the person to be tracked is tracked using a range sensor, and the person to be tracked enters the gate device. Then, a notification of entry of the person to be authenticated is transmitted to the biometric authentication control unit,
The biometric control unit,
A system for determining whether or not the person-to-be-authenticated can pass through the gate device based on the result of authentication by the server device upon receiving the notification of entry of the person-to-be-authenticated, and notifying the gate device of the determination result.
The biometric control unit,
transmitting the tracking start instruction including the location information of the subject and the subject ID of the subject to the tracking unit;
The tracking unit is
When the position of the tracked person and the ID of the person to be authenticated are associated and managed, and when the tracking is completed in response to the entry of the tracked person into the gate device, the target of the tracked person who has completed the tracking is managed. 8. The system of claim 7, wherein an authenticator ID is communicated to the biometric control unit.
The biometric control unit,
transmitting an authentication request including the detected biometric information of the person to be authenticated and the ID of the person to be authenticated to the server device;
9. The system according to claim 8, wherein said server device notifies said biometric authentication control unit of said person-to-be-authenticated ID of a person to be authenticated.
The biometric authentication control unit determines whether or not a person to be authenticated whose ID of the person to be authenticated notified from the server device matches the ID of the person to be authenticated notified from the tracking unit can pass through the gate device. 10. The system of claim 9.
11. The system according to any one of claims 7 to 10, wherein said server device performs matching processing using biometric information of each of said plurality of users and biometric information included in said authentication request.
The system according to claim 11, wherein the server device determines whether or not the user specified by the verification process is qualified to pass through the gate device.
The system according to any one of claims 7 to 12, wherein said ranging sensor is a three-dimensional distance sensor.
In the biometric control unit,
detect the subject,
transmitting an authentication request including the biometric information of the person to be authenticated to a server device;
sending a tracking start instruction including the location information of the person to be authenticated to a tracking unit that tracks the person to be tracked using a range sensor, and obtaining a tracking result from the tracking unit;
determining whether or not the person to be authenticated can pass through the gate device based on the biometric authentication result of the person to be authenticated by the server device and the tracking result by the tracking unit, and sending the determination result to the gate device A method of controlling a biometrics control unit to notify.
In the computer installed in the biometric control unit,
a process of detecting an authenticated person;
a process of transmitting an authentication request including the biometric information of the person to be authenticated to a server device;
A process of transmitting a tracking start instruction including the location information of the person to be authenticated to a tracking unit that tracks the person to be tracked using a range sensor, and obtaining a tracking result from the tracking unit;
determining whether or not the person to be authenticated can pass through the gate device based on the biometric authentication result of the person to be authenticated by the server device and the tracking result by the tracking unit, and sending the determination result to the gate device a notification process;
A computer-readable storage medium that stores a program for executing