WO2023187960A1 - 認証システム、認証方法およびコンピュータ可読媒体 - Google Patents

認証システム、認証方法およびコンピュータ可読媒体 Download PDF

Info

Publication number
WO2023187960A1
WO2023187960A1 PCT/JP2022/015325 JP2022015325W WO2023187960A1 WO 2023187960 A1 WO2023187960 A1 WO 2023187960A1 JP 2022015325 W JP2022015325 W JP 2022015325W WO 2023187960 A1 WO2023187960 A1 WO 2023187960A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
person
group
information
authentication system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2022/015325
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
邦生 筆本
伸明 川瀬
健史 小島
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Priority to PCT/JP2022/015325 priority Critical patent/WO2023187960A1/ja
Priority to JP2024510769A priority patent/JP7810255B2/ja
Priority to US18/845,538 priority patent/US20250190529A1/en
Publication of WO2023187960A1 publication Critical patent/WO2023187960A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • the present disclosure relates to an authentication system, an authentication method, and a computer-readable medium.
  • the image processing device described in Patent Document 1 holds registered images grouped by attribute, and matches the input image with the registered images included in the attribute group using the identification characteristic corresponding to this attribute. Then, the object in the input image is identified, and output is performed based on the identification result.
  • the monitoring system described in Patent Document 2 authenticates whether or not a passing person is a notification target based on the characteristics of the imaged passing person, and also issues a warning when the passing person is authenticated as a notification target. If unnecessary conditions are met, control is performed so that no warning is issued.
  • the room entry control system described in Patent Document 3 opens a door to be managed when a specific action is authenticated, and allows a person who is allowed to enter the room to enter the room with a person who is not allowed to enter the room with a person who is not allowed to enter the room. To give permission.
  • the room entry control system does not open the door to be managed and does not permit tailgating, in which a person who is allowed to enter the room brings a person who is not allowed to enter the room.
  • an object of the present disclosure is to provide an authentication system etc. that efficiently authenticates a predetermined group.
  • An authentication system includes an authentication means and a condition setting means.
  • the authentication means performs biometric authentication of a person based on predetermined personal authentication standards.
  • the condition setting means sets group authentication conditions for other members in the group to which the person belongs based on the attribute information of the authenticated person.
  • the authentication means also authenticates other members based on the set group authentication conditions.
  • a computer executes the following process.
  • the computer performs biometric authentication of a person based on predetermined personal authentication standards.
  • the computer sets group authentication conditions for other members in the group to which the person belongs based on attribute information of the authenticated person.
  • the computer also authenticates other members based on the set group authentication conditions.
  • a non-transitory computer-readable medium causes a computer to perform the following method.
  • the computer performs biometric authentication of a person based on predetermined personal authentication standards.
  • the computer sets group authentication conditions for other members in the group to which the person belongs based on attribute information of the authenticated person.
  • the computer also authenticates other members based on the set group authentication conditions.
  • FIG. 1 is a block diagram of an authentication system according to a first embodiment.
  • FIG. 3 is a flowchart showing an authentication method according to the first embodiment.
  • FIG. 3 is a diagram illustrating how an authentication system and related configurations are used according to a second embodiment.
  • FIG. 2 is a block diagram of an authentication system according to a second embodiment.
  • FIG. 2 is a block diagram of a person information management system according to a second embodiment.
  • 7 is a table showing personal information according to the second embodiment. 7 is a table showing group authentication conditions according to the second embodiment.
  • 7 is a first flowchart showing an authentication method according to a second embodiment.
  • 3 is a second flowchart showing an authentication method according to a second embodiment.
  • 7 is a flowchart showing an authentication method according to a third embodiment.
  • FIG. 7 is a flowchart showing an authentication method according to a fourth embodiment.
  • FIG. 3 is a block diagram of an authentication system according to a fifth embodiment.
  • 12 is a flowchart showing an authentication method according to a fifth embodiment.
  • 1 is a block diagram illustrating the hardware configuration of a computer.
  • FIG. 1 is a block diagram of an authentication system according to a first embodiment.
  • An authentication system 1 shown in FIG. 1 is a system for performing authentication at a predetermined passage gate or the like.
  • the predetermined passage gate is installed, for example, at an airport customs office, a theme park gate, an event hall for concerts, conferences, etc.
  • the authentication system 1 may be configured by, for example, a computer or a server having a communication function.
  • the term "computer” may include any one of a server device, a blade, and a cloud computing system.
  • the authentication system 1 acquires image data of an image taken by a camera installed at a predetermined passage gate, and authenticates a person attempting to pass through this passage gate based on the acquired image data.
  • the authentication system 1 has an authentication section 11 and a condition setting section 12 as main components.
  • the authentication unit 11 performs biometric authentication of a person from an image of the person included in the acquired image data.
  • the image data may be a still image or a moving image shot at predetermined intervals (for example, 1/30th of a second).
  • the image of the person may be any image that can be biometrically authenticated. If the authentication unit 11 performs biometric authentication using a face image, the person's image includes at least the person's face. If the authentication unit 11 performs biometric authentication using a fingerprint image, the image of the person includes at least the person's finger. Biometric authentication can use the above-mentioned facial image or fingerprint. Also, biometric authentication may use iris or gait. Biometric authentication may also be performed using a combination of these. Biometric authentication may utilize, for example, a person's voice in addition to images.
  • the authentication unit 11 When performing biometric authentication, the authentication unit 11, for example, extracts feature points from an image related to biometric authentication, and calculates feature amounts from the extracted feature points. Further, the authentication unit 11 determines whether the calculated feature amount is unique to a predetermined person. At this time, for example, the authentication unit 11 compares the above-described calculated feature amount with the unique feature amount of the person that can be searched by the authentication system 1.
  • the authentication unit 11 determines to authenticate the person corresponding to the extracted feature amount. Being similar with a corresponding degree of certainty means, for example, that the degree of similarity of the feature amounts to be matched is greater than a predetermined value (or a predetermined ratio). At this time, the degree of similarity may be calculated quantitatively or qualitatively.
  • the authentication unit 11 performs this biometric authentication according to predetermined personal authentication standards.
  • the predetermined personal authentication standard is a standard for performing biometric authentication of a person as an individual.
  • the personal authentication standard includes, for example, a threshold value of the degree of similarity between the feature amount calculated by the authentication unit 11 and the unique feature amount of the searched person.
  • the condition setting unit 12 acquires information regarding the group to which the authenticated person belongs from the attribute information of the authenticated person.
  • the attribute information of the authenticated person may include the person's name, address, age, gender, nationality, etc. This attribute information may also include information about the group to which the person belongs.
  • Information about the group to which the person belongs includes, for example, information such as whether the group is a family, a travel group, or a predetermined group such as a school or company.
  • the condition setting unit 12 When the condition setting unit 12 acquires information regarding a group, it sets group authentication conditions for other members of the group to which the person belongs.
  • the group authentication conditions are authentication conditions when the authentication unit 11 performs biometric authentication of other members.
  • the group authentication conditions may include, for example, a similarity threshold when comparing feature amounts.
  • the group authentication conditions set by the condition setting unit 12 do not need to be constant. That is, the condition setting unit 12 may set group authentication conditions for each member of a group related to a person authenticated based on the personal authentication standard.
  • the authentication unit 11 authenticates other members using the set group authentication conditions. That is, in this case, the authentication system 1 assumes that after the person authenticated by the authentication unit 11 based on the personal authentication standard, members of the group to which this person belongs will undergo biometric authentication, and sets the group authentication conditions to authenticate the person in this group. Perform biometric authentication of members. By performing group authentication in this manner, the authentication system 1 can perform authentication smoothly. Note that the authentication system 1 may have means for notifying the person to be authenticated, the administrator of the authentication system 1, etc. of the authentication result.
  • the feature amount searched by the authentication unit 11 is not limited to the unique feature amount of a person as described above.
  • the feature amount searched by the authentication unit 11 may be a feature amount for estimating age or gender. In this case, when authenticating a person or a member of a group, the authentication unit 11 may require that the age and gender meet predetermined criteria.
  • FIG. 2 is a flowchart showing the authentication method according to the first embodiment.
  • the flowchart shown in FIG. 2 is started, for example, when the authentication system 1 acquires image data.
  • the authentication unit 11 performs biometric authentication of a person based on predetermined personal authentication standards (step S11).
  • the authentication section 11 authenticates this person, it supplies a signal indicating that the authentication has been performed to the condition setting section 12.
  • the condition setting unit 12 sets group authentication conditions for other members in the group to which the person belongs based on the attribute information of the authenticated person (step S12).
  • the condition setting unit 12 sets the group authentication condition, it supplies the authentication unit 11 with a signal indicating that the group authentication condition has been set and information regarding the group authentication condition.
  • the authentication unit 11 upon receiving the group authentication conditions from the condition setting unit 12, the authentication unit 11 authenticates other members based on the set group authentication conditions (step S13). When the authentication unit 11 completes authentication of other members, the authentication system 1 ends the series of processing.
  • the authentication method executed by the authentication system 1 has been described above.
  • the authentication system 1 also executes a process for notifying the person to be authenticated, the administrator of the authentication system 1, etc. of the authentication result. By performing the above-described processing, the authentication system 1 can smoothly perform group authentication.
  • the authentication system 1 may include a processor and a storage device as components not shown.
  • the storage device included in the authentication system 1 includes, for example, a storage device including a nonvolatile memory such as a flash memory or a solid state drive (SSD).
  • the storage device included in the authentication system 1 stores a computer program (hereinafter also simply referred to as a program) for executing the above-described image processing method.
  • the processor also reads a computer program from the storage device into a buffer memory such as a DRAM (Dynamic Random Access Memory) and executes the program.
  • a buffer memory such as a DRAM (Dynamic Random Access Memory)
  • Each configuration included in the authentication system 1 may be realized by dedicated hardware. Moreover, a part or all of each component may be realized by a general-purpose or dedicated circuit, a processor, etc., or a combination thereof. These may be configured by a single chip or multiple chips connected via a bus. A part or all of each component of each device may be realized by a combination of the circuits and the like described above and a program. Further, as the processor, a CPU (Central Processing Unit), a GPU (Graphics Processing Unit), an FPGA (Field-programmable Gate Array), etc. can be used. Note that the description regarding the configuration described here may also be applied to other devices or systems described below in this disclosure.
  • a CPU Central Processing Unit
  • GPU Graphics Processing Unit
  • FPGA Field-programmable Gate Array
  • the multiple authentication systems, circuits, etc. may be centrally located or distributed. It's okay.
  • the authentication system, circuit, etc. may be realized as a client server system, a cloud computing system, etc., in which each is connected via a communication network.
  • the functions of the management device 10 may be provided in a SaaS (Software as a Service) format.
  • SaaS Software as a Service
  • the methods described above may also be stored on a computer readable medium to cause a computer to perform the methods described above.
  • FIG. 3 is a diagram showing how the authentication system and related configurations according to the second embodiment are used.
  • FIG. 3 shows the authentication system 2, the personal information management system 30, and the entrance/exit control terminal 40. Further, the authentication system 2, the personal information management system 30, and the entrance/exit control terminal 40 are each communicably connected to the network N1.
  • FIG. 3 shows a situation in which a family group G01 is about to pass through the entrance/exit control terminal 40 installed at the airport A10.
  • Group G01 is composed of members P11, P12, P13, and P14. Further, FIG. 3 shows a situation where the person P11 is being authenticated. After the situation shown in FIG. 3, persons P12, P13, and P14 will also be authenticated following person P11.
  • the authentication system 2 can incorporate this into the authentication conditions. More specifically, the authentication system 2 can efficiently authenticate P11's family by setting group authentication conditions after authenticating the person P11 based on the individual authentication standard. For example, person P13 and person P14 are infants. Generally, when authenticating an infant using biometric authentication, it may take more time or the accuracy may be lower than when authenticating an adult. Therefore, the authentication system 2 can individually set authentication conditions for persons P13 and P14 who are included in the family members of person P11.
  • the authentication system 2 is communicably connected to the entrance/exit control terminal 40.
  • the authentication system 2 receives image data acquired by the entrance/exit control terminal 40 and performs biometric authentication of the person included in the received image data.
  • the authentication system 2 also supplies a signal indicating the biometric authentication result to the entrance/exit control terminal 40.
  • the authentication system 2 is also communicably connected to the person information management system 30 and receives attribute information regarding the authenticated person from the person information management system 30.
  • the personal information management system 30 is a system that manages airline tickets at the airport A10, and stores predetermined information regarding the group G01.
  • the person information management system 30 is communicably connected to the authentication system 2 and provides attribute information regarding the authenticated person to the authentication system 2 as appropriate.
  • the entry/exit control terminal 40 is a terminal device for performing authentication when passing through customs and the like.
  • the entrance/exit control terminal 40 has a camera 41, a display section 42, a gate section 43, and an entrance/exit control section 44 as main components.
  • the camera 41 photographs a person passing through the gate section 43 in order to perform biometric authentication of the person.
  • the display section 42 displays information such as the authentication result to a person passing through the gate section 43.
  • the gate section 43 is a door-shaped or rod-shaped member that is set to be openable and closable in a passage through which a person passes, and is driven according to instructions from the entry/exit control section 44.
  • the entry/exit control unit 44 includes a calculation device that controls each component of the entry/exit control terminal 40, and a communication device for communicating with the authentication system 2 via the network N1.
  • the entry/exit control section 44 causes the camera 41 to take an image of a person who is about to pass through the gate section 43, and supplies the image taken by the camera 41 to the authentication system 2. Further, when the entrance/exit control section 44 receives a signal indicating that the person has been authenticated from the authentication system 2, it drives the gate section 43 to a state where the person can pass through.
  • FIG. 4 is a block diagram of the authentication system according to the second embodiment.
  • the authentication system 2 mainly includes an authentication section 11, a condition setting section 12, an image data acquisition section 13, a communication section 14, a message output section 15, and a storage section 16.
  • the authentication unit 11 includes a feature image extraction unit 111 and a feature point extraction unit 112 as functional components for authentication.
  • the characteristic image extraction unit 111 receives the image data received from the entrance/exit control terminal 40, and extracts a characteristic image related to biometric authentication of a person from the image of the received image data.
  • the authentication system 2 authenticates a person using a facial image. Therefore, the feature image extraction unit 111 extracts the face image of the person included in the image as a feature image.
  • the feature point extraction unit 112 extracts feature points from the face image, which is the feature image extracted by the feature image extraction unit 111. More specifically, the feature point extraction unit 112 extracts the positions of points that are facial features according to a predetermined algorithm. Note that the extraction of the feature points described above and the subsequent biometric authentication performed by the authentication unit 11 are techniques already known to those skilled in the art. Therefore, detailed description here will be omitted.
  • the authentication unit 11 can also estimate, for example, whether the age of a person is less than a predetermined threshold age.
  • the authentication system 2 estimates the age of an infant who is a member of a group and whose authentication is relatively difficult, and uses the estimated age and the infant who is a member of the group. Authentication can be performed by comparing with attribute information.
  • the authentication unit 11 may perform biometric authentication based on the member's image or the member's voice.
  • the authentication system 2 may perform voice authentication when authenticating members of a group related to a person who has been authenticated according to personal authentication standards.
  • the authentication unit 11 may extract any one of a face image, an iris image, or a fingerprint image from the member's image as biometric information, and perform biometric authentication based on the extracted biometric information.
  • the condition setting unit 12 makes an inquiry to the person information management system 30 regarding the attribute information of the person authenticated by the authentication unit 11. More specifically, the condition setting unit 12 supplies the person ID (Identifier) of the person authenticated by the authentication unit 11 to the person information management system 30. The person information management system 30 supplies attribute information corresponding to the person ID received from the condition setting section 12 to the condition setting section 12. Thereby, the condition setting unit 12 acquires the attribute information of the person authenticated according to the personal authentication standard.
  • the condition setting unit 12 sets group authentication conditions, which are authentication conditions for other members of the group, according to this attribute information.
  • group authentication conditions which are authentication conditions for other members of the group.
  • the authentication system 2 can lower the predetermined threshold for authentication of other members. With such a configuration, the authentication system 2 can easily authenticate other members of the group to which the person authenticated based on the personal authentication standard belongs, and can process the authentication of the entire group in a shorter time.
  • the condition setting unit 12 can specify that the person authenticated by the authentication unit 11 based on the personal authentication standard is the representative of the group. More specifically, the condition setting unit 12 reads from information included in the attribute information received from the person information management system 30 that the person authenticated by the authentication unit 11 is the representative of the group. Similarly, the condition setting unit 12 can specify that the person authenticated by the authentication unit 11 is not the representative of the group. The condition setting unit 12 may determine whether to set group authentication conditions depending on whether the authenticated person is a representative of the group.
  • the authentication unit 11 authenticates other members according to the group authentication conditions.
  • the authentication unit 11 authenticates the other members based on the individual authentication criteria rather than the group authentication conditions.
  • the condition setting unit 12 may set the group authentication condition according to the age of the group member included in the attribute information. With such a configuration, the authentication system 2 can lower the authentication level of the infant based on the group authentication conditions set after the representative of the group has been authenticated. This allows the authentication system 2 to efficiently authenticate the entire group.
  • the image data acquisition unit 13 acquires image data from the entrance/exit control terminal 40.
  • the image data acquisition unit 13 supplies the received image data to the authentication unit 11.
  • the image data acquisition unit 13 may perform predetermined processing such as trimming and tone adjustment on the received image data and then supply the image data to the authentication unit 11 .
  • the communication unit 14 is an interface for the authentication system 2 to communicate with the personal information management system 30 or the entrance/exit control terminal 40 via the network N1.
  • the communication unit 14 supplies the person ID of the authenticated person to the person information management system 30, and receives the person's attribute information from the person information management system 30 in response.
  • the communication unit 14 receives image data from the entrance/exit control terminal 40, for example.
  • the communication unit 14 supplies the predetermined message output by the message output unit 15 to the entry/exit control terminal 40.
  • the message output unit 15 generates a predetermined message related to authentication, and outputs the generated message to the access control terminal 40.
  • the predetermined message may include, for example, content indicating that authentication has been successful. Further, the predetermined message may include content indicating that authentication has failed. The predetermined message may include various other contents.
  • the message output unit 15 may output a message prompting the representative to authenticate.
  • the authentication system 2 can suitably appeal to users of the authentication system for efficient authentication procedures.
  • the message output unit 15 outputs the message of the representative.
  • a message prompting for authentication can be output.
  • the authentication system 2 can prompt the person to be authenticated to authenticate an adult before an infant, for example.
  • the storage unit 16 is a storage device including nonvolatile memory such as flash memory, SSD, or HDD (Hard Disk Drive).
  • Storage unit 16 includes at least authentication information 161.
  • Authentication information 161 is information for authenticating a person, and is stored in a state where biometric feature data and a person ID are linked.
  • the biometric feature data includes data regarding feature points of a face image.
  • the person ID is unique identification information of the person involved in authentication.
  • the storage unit 16 supplies biometric feature data to the authentication unit 11.
  • the storage unit 16 also supplies the communication unit 14 with the person ID of the person who has been successfully authenticated.
  • the communication unit 14 supplies the person ID received from the storage unit 16 to the person information management system 30.
  • FIG. 5 is a block diagram of the personal information management system 30 according to the second embodiment.
  • the person information management system 30 in this embodiment manages a person ID, information regarding the airline ticket reserved by the person, and attribute information of the person in a linked manner.
  • the personal information management system 30 is, for example, a computer installed at an arbitrary location.
  • the personal information management system 30 has a communication section 31, a control section 32, and a personal information storage section 34 as main components.
  • the communication unit 31 is an interface for connecting the personal information management system 30 to the network N1.
  • the communication unit 31 receives a person ID for authentication as an inquiry from the authentication system 2.
  • the communication unit 31 can supply the authentication system 2 with the attribute information of the person associated with the received person ID as a response to the inquiry.
  • the control unit 32 is a calculation device (calculation circuit) for controlling the personal information management system 30, and includes a personal information management unit 33.
  • the person information management section 33 generates and updates the person information 341 stored in the person information storage section 34.
  • the personal information storage unit 34 is a storage device including a nonvolatile memory, and stores at least personal information 341.
  • FIG. 6 is a table showing person information according to the second embodiment.
  • the table shown in FIG. 6 shows part of the personal information 341.
  • the person information 341 shown in FIG. 6 is information regarding the group G01 shown in FIG. 3.
  • the person information 341 is stored with a "person ID,” a "group ID,” a "group representative flag,” a "group attribute,” an "age,” and a "gender” linked to each other.
  • person ID0011 corresponds to person P11 in FIG. 3.
  • the attribute information of the person P11 shows that the group ID is G01, the group representative flag is 1, the group attribute is family, the age is 36, and the gender is male.
  • the person ID corresponding to person P12 in FIG. 3 is 0012, and the attribute information in the person information 341 is group ID G01, group representative flag 1, group attribute family, age 34, and gender. is shown as female.
  • the person ID corresponding to person P13 is 0013, and the attribute information in the person information 341 shows that the group ID is G01, the group representative flag is 0, the group attribute is family, the age is 5, and the gender is male. has been done.
  • the person ID corresponding to person P14 in FIG. 3 is 0014, and the attribute information in the person information 341 is that the group ID is G01, the group representative flag is 0, the group attribute is family, the age is 3, and the gender is female. It is shown.
  • the person information 341 includes information regarding a group of people as attribute information.
  • the authentication system 2 can obtain information such as, for example, that the person P11 who has been successfully authenticated is the representative of the group G01, or the ages of other members of the group G01.
  • FIG. 7 is a table showing group authentication conditions according to the second embodiment.
  • FIG. 7 shows a "representative member authentication score X1" and a corresponding "other member authentication threshold X2.”
  • the representative member authentication score is the authentication score of the representative of the authenticated group.
  • the authentication score is an index indicating the degree of similarity between the feature amount extracted by the authentication unit 11 from the image of the person photographed by the entrance/exit control terminal 40 and the biometric feature data included in the authentication information 161.
  • the authentication score in this example has a minimum value of 0 (zero) and a maximum value of 1.0. In other words, the higher the authentication score, the higher the certainty of authentication.
  • the authentication threshold for other members is the degree of similarity with biometric feature data that indicates the conditions for successful authentication when authenticating other members.
  • the authentication threshold in this example has a minimum value of 0 (zero) and a maximum value of 1.0, similar to the authentication score. Further, the higher the authentication threshold value, the higher the degree of similarity with biometric feature data, and the higher the accuracy of authentication.
  • the group authentication conditions according to the table of FIG. 7 are such that when the "representative member authentication score X1" is 0.7 or more and 1.0 or less, the corresponding "other member authentication threshold X2" is 0.7. It is set to 4 or more.
  • the group authentication condition is that when the "representative member authentication score X1" is 0.6 or more but less than 0.7, the corresponding "other member authentication threshold X2" is set to 0.6 or more. ing.
  • the authentication system 2 lowers the accuracy of authentication of other members as the reliability of authentication of the representative increases, and smoothes the authentication of the entire group.
  • the authentication system 2 can adjust the balance between authentication efficiency and authentication accuracy.
  • group authentication conditions set by the authentication system 2 are not limited to the above.
  • Authentication system 2 may employ various group authentication conditions.
  • the authentication system 2 may have one or more types of group authentication conditions instead of the two types of group authentication conditions as shown in FIG.
  • the group authentication conditions may be set according to the attributes of the person to be authenticated. For example, if it can be read from the attribute information that the non-representative of the group is an infant, the authentication system 2 may set the threshold low. Further, the group authentication conditions may be such that the authentication means performed by a group representative and the authentication means performed by a non-representative are different. For example, in this case, the authentication system 2 may perform biometric authentication for the representative using a facial image, and may perform biometric authentication for other members who are non-representatives using their iris. With such a configuration, the authentication system 2 can suitably perform parent-child authentication in cases such as infant vaccination or authentication for the purpose of vaccine certification.
  • the authentication system 2 may use the "representative member authentication score X1" as a statistical value for all representatives.
  • the representatives are persons P11 and P12.
  • the "representative member authentication score X1" may be the average value of the authentication score of the person P11 and the authentication score of the person P12.
  • the authentication system 2 may set the "representative member authentication score X1" to the maximum value or minimum value of the authentication scores of all the representatives.
  • condition setting unit 12 may lower the value of the "other member authentication threshold X2" accordingly. With such settings, the authentication system 2 can improve the efficiency of authentication for the entire group.
  • FIG. 8 is a first flowchart showing the authentication method according to the second embodiment.
  • the flowchart shown in FIG. 8 shows the processing executed by the authentication system 2.
  • the flowchart in FIG. 8 is started, for example, when the authentication system 2 receives image data from the entrance/exit control terminal 40.
  • the authentication unit 11 performs biometric authentication of a person based on predetermined personal authentication standards (step S21).
  • the authentication unit 11 determines whether the authentication of this person was OK (successful) (step S22). If it is not determined that the authentication was successful (step S22: NO), the authentication system 2 proceeds to the authentication NG processing routine. Note that a well-known technique can be used for the processing when the authentication is NG, so a detailed description thereof will be omitted here. On the other hand, if it is determined that the authentication is OK (step S22: YES), the authentication system 2 proceeds to step S23.
  • step S23 the condition setting unit 12 inquires of the person information management system 30 about the person ID of the person whose authentication was OK (step S23). In response to this inquiry, the authentication system 2 receives attribute information corresponding to the person ID from the person information management system 30.
  • the condition setting unit 12 determines whether a group authentication condition exists based on the attribute information of the authenticated person (step S24).
  • a case where there is a group authentication condition is a case where the person to be authenticated belongs to a group and the attribute information includes information regarding the group.
  • a case where there is no group authentication condition is a case where the person to be authenticated does not belong to a group. In other words, if the attribute information of the person involved in authentication does not include information regarding a group, the authentication system 2 does not set group authentication conditions.
  • step S24: NO If it is not determined that the group authentication condition for the authenticated person exists (step S24: NO), the authentication system 2 ends the process. If it is determined that there is a group authentication condition for the authenticated person (step S24: YES), the authentication system 2 proceeds to step S25.
  • step S25 the authentication unit 11 authenticates other members according to the group authentication conditions set by the condition setting unit 12 (step S25).
  • the authentication system 2 ends the series of processing.
  • FIG. 9 is a second flowchart showing the authentication method according to the second embodiment.
  • the flowchart shown in FIG. 9 shows details of step S25 in FIG.
  • condition setting unit 12 sets authentication conditions for other members (step S251).
  • image data acquisition unit 13 acquires image data of images of other members (step S252).
  • step S253 the authentication unit 11 performs biometric authentication of the other members according to the set group authentication conditions.
  • step S254 determines whether the authentication of this person was OK (successful) (step S254). If it is not determined that the authentication was successful (step S254: NO), the authentication system 2 proceeds to the authentication NG processing routine. On the other hand, if it is determined that the authentication is OK (step S254: YES), the authentication system 2 proceeds to step S255.
  • step S255 the authentication system 2 determines whether the authentication of all members of the group has been completed (step S255). If it is not determined that the authentication of all members of the group has been completed (step S255: NO), the authentication system 2 returns to step S252 and repeats the authentication of other members whose authentication has not been completed. When determining that the authentication of all members of the group has been completed (step S255: YES), the authentication system 2 ends the series of authentication processing.
  • Embodiment 2 has been described above.
  • the authentication system 2 when the authentication is OK or NG, the authentication system 2 can output a message regarding the authentication OK or authentication NG to the access control terminal 40.
  • the authentication system 2 described above may include at least a portion of the personal information management system 30 and the entrance/exit control terminal 40.
  • the authentication system 2 can shorten the processing time for group authentication. Thereby, for example, the authentication system 2 can complete authentication while the group passes through the gate section 43 while walking. In other words, the authentication system 2 can authenticate more people in a predetermined period. Therefore, according to the present embodiment, it is possible to provide an authentication system and the like that efficiently authenticate a predetermined group.
  • FIG. 10 is a flowchart showing the authentication method according to the third embodiment.
  • the authentication system 2 according to the third embodiment has a different authentication method from the flowchart shown in FIG. 8 . More specifically, the flowchart shown in FIG. 10 differs from the flowchart shown in FIG. 8 in that steps S211 to S2131 are performed instead of step S21.
  • the authentication unit 11 includes a function for estimating the age of the person to be authenticated.
  • step S21 the authentication unit 11 performs biometric authentication of the person based on personal authentication standards and estimates the age of the person to be authenticated (step S211).
  • the authentication unit 11 determines whether the estimated age of the person is less than a predetermined threshold (step S212).
  • a predetermined threshold is, for example, about 0 to 10 years old.
  • the authentication system 2 according to this embodiment specifies that the person to be authenticated is an infant or child.
  • step S212: NO If it is not determined that the estimated age of the person is less than the predetermined threshold (step S212: NO), the authentication system 2 proceeds to step S22, and thereafter performs the same processing as shown in FIG. 8.
  • step S212: YES the authentication system 2 proceeds to step S213.
  • step S213 the message output unit 15 of the authentication system 2 outputs a message prompting the representative to authenticate to the entry/exit control terminal 40 (step S213).
  • the authentication system 2 proceeds to step S22, and thereafter performs the same processing as shown in FIG. 8.
  • Embodiment 3 has been described above. According to this embodiment, the authentication system 2 can prompt the representative to authenticate and perform group authentication more efficiently. Therefore, according to the present embodiment, it is possible to provide an authentication system and the like that efficiently authenticate a predetermined group.
  • FIG. 11 is a flowchart showing the authentication method according to the fourth embodiment.
  • the flowchart according to the fourth embodiment differs from the flowchart shown in FIG. 8 in the processing after step S23.
  • step S23 the condition setting unit 12 inquires of the person information management system 30 about the person ID of the person whose authentication was OK (step S23). In response to this inquiry, the authentication system 2 receives attribute information corresponding to the person ID from the person information management system 30.
  • the authentication system 2 which has received the attribute information corresponding to the person ID from the person information management system 30, reads the attribute information and determines whether the authenticated person, that is, the person to be authenticated, is a member of a predetermined group. It is determined whether or not (step S231).
  • step S231: NO If it is not determined that the person to be authenticated is a member of the predetermined group (step S231: NO), the authentication system 2 ends the series of processes. On the other hand, if it is determined that the person to be authenticated is a member of the predetermined group (step S231: YES), the authentication system 2 proceeds to step S232.
  • step S232 the authentication system 2 determines whether the person to be authenticated is a representative of the group (step S232). If it is determined that the person to be authenticated is the representative of the group (step S232: YES), the authentication system 2 proceeds to step S25 and authenticates other members by the same process as in FIG. 8. On the other hand, if it is not determined that the person to be authenticated is the representative of the group (step S232: NO), the authentication system 2 proceeds to step S233.
  • step S233 the message output unit 15 outputs a message prompting the representative to authenticate (step S233).
  • the authentication system 2 ends the series of processing.
  • Embodiment 4 has been described above. Even when the authentication system 2 according to the present embodiment authenticates members belonging to a group, if the person to be authenticated is not the representative of the group, the authentication system 2 prompts the authentication of a substitute and authenticates the individual. Continue certification based on standards. With such a configuration, the authentication system 2 can authenticate the representative with priority. Therefore, according to the present embodiment, it is possible to provide an authentication system and the like that efficiently authenticate a predetermined group.
  • FIG. 12 is a block diagram of the authentication system according to the fifth embodiment.
  • the authentication system 3 shown in FIG. 12 differs from the authentication system 2 shown in FIG. 3 in that it includes personal information.
  • the authentication system 3 further includes a person information management section 17 and an update information reception section 18.
  • the authentication system 3 shown in FIG. 12 is communicably connected to the entrance/exit control terminal 40 via the network N1.
  • the storage unit 16 has person information 162.
  • the person information 162 is information that links the person's authentication information and attribute information regarding the group to which the person belongs. Further, the condition setting unit 12 according to the present embodiment reads the attribute information stored in the storage unit 16, and sets group authentication conditions for the person to be authenticated from the read attribute information.
  • the storage unit 16 includes history information 163.
  • History information 163 includes information for updating group authentication conditions.
  • the personal information management unit 17 included in the authentication system 3 generates or updates the personal information 162 stored in the storage unit 16.
  • the update information receiving unit 18 included in the authentication system 3 receives predetermined information for updating group authentication conditions. That is, the authentication system 3 can set group authentication conditions by taking into account the update information received by the update information reception unit 18 in addition to the attribute information included in the person information 162.
  • the update information receiving unit 18 receives a selection operation for authenticating a group based on one group authentication condition. Thereby, the authentication system 3 can efficiently authenticate people belonging to multiple groups.
  • the means by which the update information receiving unit 18 receives update information may be any means. That is, for example, the update information reception unit 18 may include information entry means for a person involved in authentication to perform a predetermined operation.
  • the information input means for the person involved in authentication to perform a predetermined operation may be, for example, an information input device such as a keyboard or a touch panel, or may be a device that detects the voice or gesture of the person involved in authentication. .
  • the update information reception unit 18 may accept registration of a group to which a person belongs. Thereby, the update information reception unit 18 can flexibly handle group authentication. For example, when a person who requires predetermined assistance passes through the gate section 43, the facility staff who manages the entrance/exit control terminal 40 can register a new group as a representative of the group. Thereby, the authentication system 3 can flexibly and efficiently authenticate a person.
  • the update information reception unit 18 may also receive history information of a history of authentication of a person. Further, at this time, the condition setting section 12 may set the group authentication condition according to the history information received by the update information receiving section 18. As a result, the authentication system 3 can, for example, match the authentication conditions of a person to be authenticated who has been repeatedly authenticated to the most recent feature amount. Therefore, the authentication system 3 can efficiently authenticate the person based on the history information.
  • the update information receiving unit 18 may also receive the first authentication level, which is the authentication level for the group's predetermined outward route, as history information.
  • the condition setting unit 12 sets the second authentication level of the group on the return trip corresponding to the outbound trip to a level lower than the first authentication level.
  • the update information receiving unit 18 receives update information for updating group authentication conditions.
  • the update information reception unit 18 causes the storage unit 16 to store the received update information as history information 163.
  • the condition setting unit 12 reads update information and updates group authentication conditions according to the read update information.
  • FIG. 13 is a flowchart showing the authentication method according to the fifth embodiment.
  • the flowchart shown in FIG. 13 differs from the flowchart shown in FIG. 8 in that step S241 and step S242 are included between step S24 and step S25.
  • the condition setting unit 12 determines whether a group authentication condition exists based on the attribute information of the authenticated person (step S24). If it is not determined that the group authentication condition for the authenticated person exists (step S24: NO), the authentication system 3 ends the process. If it is determined that there is a group authentication condition for the authenticated person (step S24: YES), the authentication system 3 proceeds to step S241.
  • step S241 the authentication system 3 reads the history information 163 and determines whether or not there is an update to the authentication condition regarding the group authentication condition (step S241). If it is not determined that the group authentication conditions need to be updated (step S241: NO), the authentication system 3 proceeds to step S25 and authenticates other members in the same manner as the process shown in FIG. 8. On the other hand, if it is determined that the group authentication conditions need to be updated (step S241: YES), the authentication system 3 updates the group authentication conditions according to the history information 163 before authenticating other members (step S242). . After updating the group authentication conditions, the authentication system 3 proceeds to step S25.
  • Embodiment 5 has been described above.
  • the authentication system 3 according to this embodiment is not limited to the above-described configuration.
  • the authentication system 3 may include at least a part of the entrance/exit control terminal 40.
  • the authentication system 3 may be communicably connected to a plurality of devices 40. According to this embodiment, it is possible to provide an authentication system and the like that efficiently authenticate a predetermined group.
  • FIG. 14 is a block diagram illustrating the hardware configuration of the computer.
  • the management device can realize the above-described functions using a computer 500 including the hardware configuration shown in the figure.
  • the computer 500 may be a portable computer such as a smartphone or a tablet terminal, or may be a stationary computer such as a PC.
  • Computer 500 may be a dedicated computer designed to implement each device, or may be a general-purpose computer.
  • Computer 500 can implement desired functions by installing a predetermined program.
  • the computer 500 has a bus 502, a processor 504, a memory 506, a storage device 508, an input/output interface 510 (the interface is also referred to as an I/F), and a network interface 512.
  • Bus 502 is a data transmission path through which processor 504, memory 506, storage device 508, input/output interface 510, and network interface 512 exchange data with each other.
  • the method for connecting the processors 504 and the like to each other is not limited to bus connection.
  • the processor 504 is a variety of processors such as a CPU, GPU, or FPGA.
  • the memory 506 is a main storage device implemented using RAM (Random Access Memory) or the like.
  • the storage device 508 is an auxiliary storage device realized using a hard disk, SSD, memory card, ROM (Read Only Memory), or the like.
  • the storage device 508 stores programs for implementing desired functions.
  • the processor 504 implements each functional component of each device by reading this program into the memory 506 and executing it.
  • the input/output interface 510 is an interface for connecting the computer 500 and an input/output device.
  • an input device such as a keyboard and an output device such as a display device are connected to the input/output interface 510.
  • the network interface 512 is an interface for connecting the computer 500 to a network.
  • the program includes instructions (or software code) that, when loaded into a computer, cause the computer to perform one or more of the functions described in the embodiments.
  • the program may be stored on a non-transitory computer-readable medium or a tangible storage medium.
  • computer readable or tangible storage media may include random-access memory (RAM), read-only memory (ROM), flash memory, solid-state drive (SSD) or other memory technology, CD -Including ROM, digital versatile disc (DVD), Blu-ray disc or other optical disc storage, magnetic cassette, magnetic tape, magnetic disc storage or other magnetic storage device.
  • the program may be transmitted on a transitory computer-readable medium or a communication medium.
  • transitory computer-readable or communication media includes electrical, optical, acoustic, or other forms of propagating signals.
  • an authentication means for performing biometric authentication of a person based on predetermined personal authentication standards;
  • Condition setting means for setting group authentication conditions for other members in the group to which the person belongs based on attribute information of the authenticated person, The authentication system is such that the authentication means authenticates the other members based on the set group authentication conditions.
  • the condition setting means specifies whether the authenticated person is a representative of the group based on the attribute information, The authentication means authenticates the other members based on the group authentication conditions when the person is the representative, and authenticates the other members based on the personal authentication criteria when the person is not the representative.
  • Authentication system described in Appendix 1. further comprising message output means for outputting a message prompting authentication of the representative when the authenticated person is not the representative; Authentication system described in Appendix 2.
  • the authentication means estimates whether the age of the person is less than a predetermined threshold age, When the age of the person estimated by the authentication means is less than the threshold age, and when the authentication means performs the biometric authentication based on the personal authentication standard, the message output means , outputting a message prompting the representative to authenticate; Authentication system described in Appendix 3. (Appendix 5)
  • the condition setting means sets the group authentication condition according to the age of the member of the group included in the attribute information.
  • the authentication system described in any one of Supplementary Notes 1 to 4. The authentication means performs the biometric authentication based on the member's image or the member's voice.
  • the authentication system described in any one of Supplementary Notes 1 to 5. The authentication means extracts any one of a face image, an iris image, or a fingerprint image from the member's image as biometric information, and performs the biometric authentication based on the extracted biometric information.
  • Authentication system described in Appendix 6. (Appendix 8) further comprising a storage means for storing person information in which authentication information of the person is linked with the attribute information regarding the group to which the person belongs, The condition setting means sets the group authentication condition based on the attribute information stored in the storage means.
  • the authentication system described in any one of Supplementary Notes 1 to 7. (Appendix 9) further comprising update information receiving means for receiving predetermined information for updating the group authentication conditions; The authentication system described in any one of Supplementary Notes 1 to 8. (Appendix 10)
  • the update information receiving means receives a selection operation for performing authentication based on one group authentication condition.
  • the update information receiving means receives registration of the group to which the person belongs.
  • the update information receiving means receives history information of a history of authentication of the person, The condition setting means sets the group authentication condition according to the history information.
  • the update information receiving means receives a first authentication level that is an authentication level for a predetermined outward route of the group as the history information,
  • the condition setting means sets a second authentication level of the group on a return trip corresponding to the outbound trip to a level lower than the first authentication level.
  • the computer is Performs biometric authentication of a person based on predetermined personal authentication standards, setting group authentication conditions for other members in a group to which the person belongs based on attribute information of the authenticated person; authenticating other members based on the set group authentication conditions; Authentication method.
  • Appendix 15 Performs biometric authentication of a person based on predetermined personal authentication standards, setting group authentication conditions for other members in a group to which the person belongs based on attribute information of the authenticated person; authenticating other members based on the set group authentication conditions;
  • a non-transitory computer-readable medium storing a program for causing a computer to execute an authentication method.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)
PCT/JP2022/015325 2022-03-29 2022-03-29 認証システム、認証方法およびコンピュータ可読媒体 Ceased WO2023187960A1 (ja)

Priority Applications (3)

Application Number Priority Date Filing Date Title
PCT/JP2022/015325 WO2023187960A1 (ja) 2022-03-29 2022-03-29 認証システム、認証方法およびコンピュータ可読媒体
JP2024510769A JP7810255B2 (ja) 2022-03-29 2022-03-29 認証システム、認証方法およびプログラム
US18/845,538 US20250190529A1 (en) 2022-03-29 2022-03-29 Authentication system, authentication method, and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/015325 WO2023187960A1 (ja) 2022-03-29 2022-03-29 認証システム、認証方法およびコンピュータ可読媒体

Publications (1)

Publication Number Publication Date
WO2023187960A1 true WO2023187960A1 (ja) 2023-10-05

Family

ID=88200071

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/015325 Ceased WO2023187960A1 (ja) 2022-03-29 2022-03-29 認証システム、認証方法およびコンピュータ可読媒体

Country Status (3)

Country Link
US (1) US20250190529A1 (https=)
JP (1) JP7810255B2 (https=)
WO (1) WO2023187960A1 (https=)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100262572A1 (en) * 2009-04-08 2010-10-14 International Business Machines Corporation Incorporating representational authenticity into virtual world interactions
JP2019057004A (ja) * 2017-09-20 2019-04-11 富士通フロンテック株式会社 認証システム、認証方法および情報処理装置
JP2020088462A (ja) * 2018-11-19 2020-06-04 株式会社日立ビルシステム 入室管理システム
JP2020154737A (ja) * 2019-03-20 2020-09-24 株式会社デンソーウェーブ 認証システム
WO2021256099A1 (ja) * 2020-06-17 2021-12-23 日本電気株式会社 顔認証方法
WO2022003888A1 (ja) * 2020-07-02 2022-01-06 日本電気株式会社 警告装置、システム、方法及びプログラムが格納された非一時的なコンピュータ可読媒体

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4544363B1 (ja) * 2009-03-13 2010-09-15 オムロン株式会社 顔認証装置、人物画像検索システム、顔認証装置制御プログラム、コンピュータ読み取り可能な記録媒体、および顔認証装置の制御方法
JP5747116B1 (ja) * 2013-12-02 2015-07-08 Lykaon株式会社 防犯システム
JP6395635B2 (ja) * 2015-02-12 2018-09-26 三菱電機株式会社 状況通知制御装置および状況通知システム
JP7409483B2 (ja) * 2020-03-30 2024-01-09 日本電気株式会社 推薦装置、システム、方法及びプログラム

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100262572A1 (en) * 2009-04-08 2010-10-14 International Business Machines Corporation Incorporating representational authenticity into virtual world interactions
JP2019057004A (ja) * 2017-09-20 2019-04-11 富士通フロンテック株式会社 認証システム、認証方法および情報処理装置
JP2020088462A (ja) * 2018-11-19 2020-06-04 株式会社日立ビルシステム 入室管理システム
JP2020154737A (ja) * 2019-03-20 2020-09-24 株式会社デンソーウェーブ 認証システム
WO2021256099A1 (ja) * 2020-06-17 2021-12-23 日本電気株式会社 顔認証方法
WO2022003888A1 (ja) * 2020-07-02 2022-01-06 日本電気株式会社 警告装置、システム、方法及びプログラムが格納された非一時的なコンピュータ可読媒体

Also Published As

Publication number Publication date
JP7810255B2 (ja) 2026-02-03
US20250190529A1 (en) 2025-06-12
JPWO2023187960A1 (https=) 2023-10-05

Similar Documents

Publication Publication Date Title
US8242881B2 (en) Method of adjusting reference information for biometric authentication and apparatus
US20230410582A1 (en) Information processing apparatus, information processing system, and information processing method
US12511361B2 (en) Intelligent gallery management for biometrics
US12094275B2 (en) Information processing apparatus, information processing system, and information processing method
US11531737B1 (en) Biometric identity disambiguation
JP6838689B1 (ja) 通行許可装置、システム、方法及びプログラム
GB2541679A (en) System and method for dynamic identity authentication
JP7248348B2 (ja) 顔認証装置、顔認証方法、及びプログラム
WO2023187960A1 (ja) 認証システム、認証方法およびコンピュータ可読媒体
US20230169280A1 (en) Information processing apparatus and information processing method
WO2022014026A1 (ja) 温度管理装置、システム、方法及びプログラムが格納された非一時的なコンピュータ可読媒体
WO2021255821A1 (ja) 認証サーバ、顔画像更新勧告方法及び記憶媒体
JP7468771B2 (ja) 情報処理装置、情報処理システム、情報処理方法及びプログラム
KR102686545B1 (ko) eKYC 자동화를 위한 사용자 인증 방법
US20250190530A1 (en) Authentication device, authentication method, and program
CN113409051B (zh) 针对目标业务的风险识别方法及装置
US20250200151A1 (en) Authentication system, authentication method, and computer readable medium
WO2025191814A1 (ja) 情報処理装置、情報処理方法、及び記録媒体
US20240354386A1 (en) Information processing system, information processing method, and recording medium
WO2023181272A1 (ja) 情報処理装置、情報処理方法、及び記録媒体
JP2024076236A (ja) 認証装置
WO2023181090A1 (ja) エレベータ制御装置、システム及び方法、並びに、コンピュータ可読媒体
WO2022097278A1 (ja) 情報処理装置、情報処理システム、情報処理方法及び非一時的なコンピュータ可読媒体

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22935113

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 18845538

Country of ref document: US

ENP Entry into the national phase

Ref document number: 2024510769

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22935113

Country of ref document: EP

Kind code of ref document: A1

WWP Wipo information: published in national office

Ref document number: 18845538

Country of ref document: US