JP2010020670A - Authentication device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication device with high security, in which the probability of the so-called "spoofing" is low even if a display screen of a display part is illicitly acquired. <P>SOLUTION: An iris information extraction part 103A extracts iris information for an input eye image, and deterioration processing part 102A and 102B deteriorate a part at least including an iris area of the eye image. An iris information extraction part 103B extracts iris information for the eye image from the deterioration processing part 102A; a collation part 104 comparatively collates this iris information with the iris information from the iris information extraction part 103A; and a deterioration parameter determination part 105 determines the degree of deterioration of the eye image by the deterioration processing part 102A, based on the collation result, and determines deterioration parameters to be set to the deterioration processing parts 102A and 102B. A display image which is visible in spite of deterioration is output from the deterioration processing part 102B. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an authentication device suitable for use in an entrance / exit management system for managing entrance / exit.

  In recent years, as a method of personal authentication at the time of access in devices that require high security such as entry / exit management devices and information devices storing important information such as personal information, human fingerprints, irises, fundus blood vessels, facial Various authentication methods using so-called biometric information unique to a subject, such as features, blood vessel patterns of arms and hands, have been put into practical use.

  As one of them, an authentication method using the difference in eyelid pattern of the iris portion of the eye (hereinafter, this authentication method is referred to as “iris authentication method”) has been proposed and put into practical use (for example, see Patent Document 1). ). This iris authentication method illuminates the subject's eyes and its surroundings with near-infrared illumination, etc., shoots a region including the subject's eyes using a camera, and includes an image including the eyes (hereinafter referred to as “eye image”). The iris information is extracted from the iris area and coded iris information is created so that the difference in the eyelid pattern of the iris part can be expressed as numerical information. , “Registered iris information”), and if it is determined that they match each other as a result of this comparison and collation, the subject is authenticated as a person registered in advance.

  Various forms of authentication devices using such an iris authentication method have been proposed. As an example, a handy type image input device equipped with a camera that captures an eye image of the person to be authenticated is externally connected to an information device such as a computer, and the eye image input from the image input device is connected to the information device side. There has been proposed an authentication apparatus configured to authenticate a person to be authenticated by performing coding processing and comparison / collation processing (see, for example, Patent Document 2). In such an authentication device, in order to obtain an eye image in which the iris portion of the eye is clearly captured, the eye image captured by the image input device is instructed to a predetermined position on the screen of the display unit of the information device. The person to be authenticated moves the image input device to a position where an appropriate eye is imaged while viewing the eye image, and takes an eye image.

Japanese Patent Publication No. 8-504979 (Patent No. 3307936) JP 2000-207536 A

  However, in the above-described conventional authentication device, since an eye image captured by the image input device is displayed on the screen of the information device, the eye image is reproduced by copying the displayed eye image by screen copy or the like. May be obtained illegally. When an eye image is illegally acquired, there is a problem that so-called “spoofing” may be performed in which a third party using the acquired eye image is authenticated as a registered person.

  The present invention has been made in view of such circumstances, and even if an image displayed on the screen of the display unit is obtained illegally, the authentication device with high security that is less likely to be so-called “spoofing” is provided. The purpose is to provide.

  The authentication apparatus of the present invention includes a first iris information extraction unit that extracts iris information from an input eye image, a degradation processing unit that degrades at least a portion including the iris region of the eye image based on a degradation parameter, Second iris information extraction means for extracting iris information from the eye image subjected to deterioration processing by the deterioration processing means, iris information extracted by the first iris information extraction means, and second iris information extraction means A comparison unit for comparing and comparing the iris information extracted in step (b), a degree of deterioration of the eye image by the deterioration processing unit based on a comparison result of the comparison unit, and a deterioration for determining the deterioration parameter from the determination result Parameter determination means.

  According to this configuration, since the information of the area including the iris of the image is deteriorated, it is possible to suppress the possibility that an unauthorized acquirer can pretend to be a pre-registered person, and to ensure high security. it can.

  In the above configuration, the deterioration parameter determination unit determines that the result of collation between the iris information extracted by the first iris information extraction unit and the iris information extracted by the second iris information extraction unit is another person. Determine the smallest degradation parameter in the range to be applied.

  According to this configuration, since the information is not deteriorated more than necessary, the visibility when confirming the display image can be increased.

  In the above configuration, the deterioration parameter determination unit determines that the result of matching between the iris information extracted by the first iris information extraction unit and the iris information extracted by the second iris information extraction unit is the person himself / herself. The deterioration parameter having the largest change amount of the matching result within the range to be determined is determined.

  According to this configuration, it is possible to reduce the data size of an image used for iris authentication while maintaining an amount of information that enables discrimination between the person and another person by collation.

  According to the present invention, information is deteriorated so that an area including an iris of an image cannot be used for authentication. Therefore, even if a display image is acquired illegally, the unauthorized acquirer can impersonate a pre-registered person. Can be kept low, and high security can be ensured.

  DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, preferred embodiments for carrying out the invention will be described in detail with reference to the drawings.

  FIG. 1 is a diagram showing an overall configuration of an authentication system according to an embodiment of the present invention. As shown in the figure, the authentication system 30 according to the present embodiment is used as an entrance / exit management system for managing the entrance / exit of the person to be authenticated 21, and an image in which an eye image of the person to be authenticated 21 is input. An input unit 2 and a registration management device 4 connected to the image input unit 2 via an information transmission unit (for example, “cable”) 3 are provided. The registration management device 4 includes an authentication device 1, a display unit 12, and an input unit 13.

  The image input unit 2 includes a mirror guiding unit 5, two movement instruction units 6, and a camera 7. The mirror guiding unit 5 is a mirror, and is used when the person to be authenticated 21 takes his / her iris or pupil to the center position of the camera 7. The movement instruction unit 6 is used for guidance when the person to be authenticated 21 brings his / her iris or pupil to the center position of the camera 7.

  The authentication system 30 according to the present embodiment captures an eye image of the person to be authenticated 21 in advance and performs processing for registering the encoded iris information as registration iris information, and the person to be authenticated 21 enters or leaves the room. Occasionally, an eye image of the person to be authenticated 21 is taken, and the iris information created from the eye image of the person to be authenticated 21 is compared and registered with the registered iris information so that the person 21 to be authenticated is registered in advance. Performs processing to permit entry or exit when authenticated.

  In the case where the person to be authenticated 21 is registered as a person who can be authenticated thereafter, the authenticator 21 takes his / her own eye image with the image input unit 2 and the administrator 22 in the registration management device 4 placed remotely is the eye image of the person to be authenticated 21. Is visually confirmed, and the eye image is registered as a registered image when it is determined that the image can be registered. That is, the administrator 22 looks at the eye image displayed on the display unit 12 and sees whether the eye is sufficiently wide open (a sufficient iris area is secured) or an area including the iris of the eye enters the screen. If there is no problem, registration is permitted.

  In a conventional authentication system, an administrator can perform an impersonation by copying an eye image displayed on the display unit of the registration management device by performing screen copy or the like for an unauthorized purpose. Although the possibility has been pointed out, in the authentication system 30 according to the present embodiment, the display image 10 displayed on the display unit 12 is image-processed by a method described later, so it is impossible to perform impersonation even if it is duplicated. It is.

  FIG. 2 is a block diagram illustrating a schematic configuration of the authentication device 1. In the figure, the authentication apparatus 1 includes an image quality determination unit 101, deterioration processing units 102A and 102B, iris information extraction units 103A and 103B, a matching unit 104, a deterioration parameter determination unit 105, and an iris information registration unit 106. And a storage unit 107. The image quality determination unit 101 determines the quality of the image input from the image input unit 2. That is, the image quality determination unit 101 determines whether an image quality evaluation item such as contrast of the input image is within a predetermined range, whether an eye is captured in the image, or the like. Then, the determined result is input to the iris information extraction unit 103A and the deterioration processing units 102A and 102B together with the input image. The degradation parameter determination unit 105 determines a degradation parameter that represents the degree of degradation of the image, and sets the determined degradation parameter in the degradation processing units 102A and 102B. Deterioration processing units 102A and 102B perform image quality that is extremely difficult to use for authentication by degrading at least the portion of the eye image that includes the iris, and has performed minimum deterioration processing to improve visibility. A display image is created, and the deterioration process is performed on the input image based on the deterioration parameter set by the deterioration parameter determination unit 105. Details of each of the degradation processing units 102A and 102B and the degradation parameter determination unit 105 will be described later.

  The iris information extraction unit 103A detects the center position, outline, and eyelid of the iris and pupil taken from the input image determined to have good image quality by the image quality determination unit 101, and performs a predetermined method from the specified iris region. To extract iris information. The iris information extraction unit 103B detects the center position, contour, and eyelid of the iris and pupil taken from the input image subjected to the deterioration processing by the deterioration processing unit 102A, and iris information is determined from the specified iris region by a predetermined method. To extract.

  When the iris information extracted by the iris information extraction unit 103A is input, the iris information registration unit 106 asks the administrator 22 whether or not the iris information may be registered. When the registration is permitted using the input unit 13, the input iris information is stored in the storage unit 107 as the registered iris information. At this time, the iris information registration unit 106 sends the eye images corresponding to the extracted iris information to the deterioration processing units 102A and 102B. The storage unit 107 stores registered iris information. As the storage unit 107, a known storage device such as a semiconductor memory or a magnetic disk is used.

  When the person to be authenticated 21 enters the verification unit 104, the collation unit 104 receives the iris information extracted by the iris information extraction unit 103A and the iris information extracted by the iris information extraction unit 103A after being deteriorated by the deterioration processing unit 102A. The comparison is performed by the method, and the result is input to the deterioration parameter determination unit 105. Further, when the person to be authenticated 21 leaves the room, the registered iris information stored in the storage unit 107 and the iris information extracted by the iris information extraction unit 103A are compared and collated by a predetermined method. Is stored in the storage unit 107. The degradation parameter determination unit 105 determines a degradation parameter that represents the degree to which the degradation processing units 102A and 102B degrade the input image based on the comparison result from the matching unit 104.

  Here, the display image 10 created by the deterioration processing unit 102 will be described in detail. In the unlikely event that the display image 10 displayed on the display unit 12 is copied, an illegal act such as a third party impersonating the person to be authenticated 21 and receiving authentication using the image is performed. It is necessary to create a display image that cannot be easily performed. The degradation processing unit 102 creates a display image 10 that cannot be easily cheated by degrading a sharp eye image. Note that the deterioration of the eye image means that the iris information cannot be created from the iris area of the eye image with high sharpness such as contrast, brightness, focus, etc. This means that the image quality is reduced to the extent that it does not match the iris information created from a high eye image.

  As an example for realizing such processing, the degradation processing unit 102 compresses the input image according to a method of compressing the input image according to its frequency domain, for example, the JPEG (Joint Photographic Experts Group) method. Can be created. By performing the JPEG compression process, it is possible to significantly reduce the possibility of being spoofed using the display image 10.

  Here, JPEG compression processing can be realized by performing, for example, downsampling, DCT (Discrete Cosine Transform) processing, quantization processing, and Huffman conversion. Various known methods such as replacing the DCT process with a DWT process (Discrete Wavelet Transform) can be used.

  According to the study, it is desirable to make the compression rate within a certain range in order to make it difficult to feel unnaturalness in appearance and to prevent impersonation due to screen copy. That is, if the compression rate is too high, it will feel unnatural to the eye, and if the compression rate is too low, there is a possibility that the image will be spoofed when it is copied. As another method, it is possible to reduce the possibility of impersonation by performing a thinning process (hereinafter referred to as resizing) of pixels constituting an image in the degradation processing unit 102. Although the resizing method is not limited, for example, it is possible to perform a method such as thinning out pixels every other line in the vertical and horizontal directions, or it is possible to perform a thinning process only in the vertical direction or the horizontal direction. is there. As yet another method, the display image 10 may be created by performing a process of adding noise information to the image in the degradation processing unit 102. In the present invention, this noise addition method is not limited. As a method for adding noise, in addition to adding randomly generated noise as described above, for example, noise according to a Gaussian distribution with a predetermined amplitude can be generated and added. . Furthermore, the display image 10 may be created by combining two or more processes among the above-described compression, resizing, and noise addition.

  Next, the degradation parameter determination unit 105 will be described in detail. The degradation parameter determination unit 105 determines a degradation parameter for degrading the image so as to further improve the visibility without significantly degrading the possibility of being impersonated and degrading more than necessary. An example for realizing this process will be described with reference to the graph of FIG. 3 showing an example of how the matching result changes when the deterioration parameter is changed. In the figure, the degradation parameter determination unit 105 degrades the input eye image while changing the degradation parameter from P1 to P2. The degradation parameter at the time when the collation result from the collation unit 104 is the smallest in the range determined as another person immediately after exceeding the collation threshold is determined as the final degradation parameter Pe. By determining the degradation parameter in this way, even if the displayed image is used, the information is degraded, so that the possibility of impersonation can be significantly reduced. Further, since the deterioration is limited to the minimum, the visibility of the display image can be improved.

  As shown in FIG. 4, the deterioration parameter determination unit 105 changes the deterioration parameter from P1 to P2, and determines the deterioration parameter when the matching result changes most within the range in which the matching result is determined to be the person as the final deterioration parameter. It is also possible to determine as Pe. As a result, as an image used for iris authentication, it is possible to reduce the data size while maintaining the amount of information that can be distinguished from the person at the time of collation, reducing the capacity of the storage unit 107 for registering iris information and the network It is possible to reduce the amount of data transfer in iris information transfer via the network. In this case, among the above-described degradation methods, JPEG compression and resizing that can reduce the data size of the image are used, but this is not specific.

  The functions of the iris information extraction units 103A and 103B and the collation unit 104 can be realized by using the method proposed in the above-mentioned Patent Document 1. The functions of the image quality determination unit 101, iris information extraction units 103A and 103B, collation unit 104, iris information registration unit 106, deterioration processing units 102A and 102B, and deterioration parameter determination unit 105 are each realized by hardware. Alternatively, each function may be described so as to be realized by software and executed by an arithmetic device or the like. When each function is realized by software, the authentication device 1 can be configured by using a computer loaded with a program for realizing each functional block described above on an arithmetic device.

  The image input unit 2 corresponds to an image input unit, the iris information extraction unit 103A corresponds to a first iris information extraction unit, and the deterioration processing unit 102A corresponds to a deterioration processing unit. The iris information extraction unit 103B corresponds to the second iris information extraction unit, and the matching unit 104 corresponds to the matching unit. The deterioration parameter determination unit 105 corresponds to a deterioration parameter determination unit, and the display unit 12 corresponds to a display unit.

  Next, operation | movement of the authentication system 30 of this Embodiment is demonstrated. FIG. 5 is a flowchart showing processing steps of the authentication system 30 of the present embodiment. First, the captured eye image of the person to be authenticated 21 is captured (step S101). Next, the image quality of the captured eye image is determined (step S102), and the quality of the image is determined (step S103). If it is determined that the image quality is good, the eye image is processed based on the method described in Patent Document 1 described above, and iris information is extracted (step S104). On the other hand, if it is determined in step S103 that the image quality of the eye image is poor, the fact is notified to the subject 21 and the eye image is input again (step S101).

  Next, degradation processing is performed on the input eye image (step S105). Then, iris information is extracted from the deteriorated image (step S106), and the iris information extracted from the eye image and the iris information extracted from the deteriorated eye image are compared and collated by a predetermined method (step S107). Then, it is determined whether or not the result of the comparison and collation is a condition described later (step S108). If the condition is met, the deterioration process is terminated, the display image 10 is sent to the display unit 12, and the display image is displayed on the display unit 12. 10 is displayed (step S110). On the other hand, if it is determined in step S108 that the deterioration does not end, the deterioration parameter is changed (step S109), and the deterioration process is performed again (step S105).

  After displaying the display image 10 on the display unit 12, it is determined whether or not registration is permitted (step S112). In this case, the administrator 22 looks at the display image 10 displayed on the display unit 12 and can determine whether the image is suitable for registration (whether or not the image can be registered). If the image quality is necessary and the image is of an image quality that is difficult to impersonate even if it is copied by screen copy etc.), if it is determined that the eye image is suitable for registration, input registration permission This is performed from the unit 13 (step S111).

  If registration permission is input, the extracted iris information is stored in the storage unit 107 as registered iris information, and the registration process is terminated (step S113). On the other hand, in the determination in step S112, if there is no input from the input unit 13 or if there is an input indicating that the image is inappropriate for registration, the process returns to step S101. In this case, an eye image may be input again, an error signal may be generated for an external device, or an error message may be displayed on the display unit 12.

  As described above, according to the authentication system 30 of the present embodiment, the image of the eye image input to the image input unit 2 is deteriorated at least in the image including the iris, and the image quality is extremely difficult to use for authentication. Since a display image that has been subjected to a minimum degradation process to improve visibility is created and the created display image is displayed on the display unit 12, management is possible even if the image displayed on the display unit 12 is illegally acquired. The possibility of impersonating an unauthorized acquirer such as the person 22 can be kept low, and high security can be ensured.

  In the present embodiment, the image input unit 2, the authentication device 1, and the display unit 12 are configured as separate devices, but the present invention is not limited to this. For example, the image input unit 2 is incorporated into the authentication device 1, the display unit 12 is incorporated into the authentication device 1, the image input unit 2 and the display unit 12 are integrally configured, and the image input unit 2 and the authentication device 1 are further configured. Needless to say, the display unit 12 may be integrated.

  Further, when the apparatus is integrally configured as described above, if the iris information registration unit 106 intends to register the iris information, it is determined whether or not the person to be authenticated 21 should register by viewing the display image 10 himself / herself. The structure which determines may be sufficient.

  The present invention has an effect that even if an image displayed on the screen of the display unit is illegally acquired, so-called “spoofing” is less likely to be performed, and security can be enhanced. It can be applied to an entrance / exit management system that manages

The figure which shows schematic structure of the authentication system which concerns on one embodiment of this invention The block diagram which shows schematic structure of the authentication apparatus of FIG. The figure which shows the process example of the deterioration parameter determination part of the authentication apparatus of FIG. The figure which shows the other process example of the degradation parameter determination part of the authentication apparatus of FIG. The flowchart which shows the processing step of the authentication apparatus of FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Authentication apparatus 2 Image input part 3 Information transmission part 4 Registration management apparatus 5 Mirror guidance part 6 Movement instruction part 7 Camera 10 Display image 12 Display part 13 Input part 21 Person to be authenticated 22 Administrator 30 Authentication system 101 Image quality determination part 102A, 102B Deterioration processing unit 103A, 103B Iris information extraction unit 104 Collation unit 105 Deterioration parameter determination unit 106 Iris information registration unit 107 Storage unit

Claims (3)

First iris information extracting means for extracting iris information from the input eye image;
A degradation processing means for degrading a portion including at least an iris region of the eye image based on a degradation parameter;
Second iris information extracting means for extracting iris information from the eye image subjected to deterioration processing by the deterioration processing means;
Collating means for comparing and collating the iris information extracted by the first iris information extracting means and the iris information extracted by the second iris information extracting means;
A deterioration parameter determining unit that determines a degree of deterioration of the eye image by the deterioration processing unit based on a collation result of the collating unit, and determines the deterioration parameter from the determination result;
An authentication device comprising:   The deterioration parameter determination means is the smallest in a range in which the result of matching between the iris information extracted by the first iris information extraction means and the iris information extracted by the second iris information extraction means is determined as another person. The authentication apparatus according to claim 1, wherein the deterioration parameter is determined.   The deterioration parameter determination means is the most collated in a range where the result of matching between the iris information extracted by the first iris information extraction means and the iris information extracted by the second iris information extraction means is determined to be the person. The authentication apparatus according to claim 1, wherein a deterioration parameter having a large change amount of the result is determined.

Images