WO2024161580A1 - Server device, server device control method, and recording medium - Google Patents
Server device, server device control method, and recording medium Download PDFInfo
- Publication number
- WO2024161580A1 WO2024161580A1 PCT/JP2023/003346 JP2023003346W WO2024161580A1 WO 2024161580 A1 WO2024161580 A1 WO 2024161580A1 JP 2023003346 W JP2023003346 W JP 2023003346W WO 2024161580 A1 WO2024161580 A1 WO 2024161580A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- biometric information
- authentication
- server device
- user
- period
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 37
- 238000009825 accumulation Methods 0.000 claims abstract description 152
- 238000012545 processing Methods 0.000 claims description 27
- 230000008569 process Effects 0.000 claims description 24
- 238000007726 management method Methods 0.000 description 76
- 230000001815 facial effect Effects 0.000 description 30
- 238000004891 communication Methods 0.000 description 27
- 238000010586 diagram Methods 0.000 description 23
- 230000010365 information processing Effects 0.000 description 16
- 230000004048 modification Effects 0.000 description 15
- 238000012986 modification Methods 0.000 description 15
- 230000008859 change Effects 0.000 description 8
- 239000000284 extract Substances 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 210000000887 face Anatomy 0.000 description 3
- 238000013527 convolutional neural network Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000003384 imaging method Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000012706 support-vector machine Methods 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000006866 deterioration Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 208000016339 iris pattern Diseases 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000001151 other effect Effects 0.000 description 1
- 210000001525 retina Anatomy 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 210000003462 vein Anatomy 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
Definitions
- the present invention relates to a server device, a control method for a server device, and a storage medium.
- Patent Document 1 describes a system that can update face data stored in a database in a simple manner.
- the control unit of the communication terminal in Patent Document 1 captures an image of the operator with an imaging unit to acquire face data, and judges whether the operator is legitimate or not by comparing this face data with face data pre-stored in an authentication data storage unit in a face authentication unit. If the face authentication unit judges the operator to be legitimate, the control unit of the communication terminal repeatedly performs a process of newly storing the face data acquired by the imaging unit in the authentication data storage unit as face data of a registrant, and a process of sending the face data judged to be legitimate to a management device as face data of a registrant. The face data sent to the management device is used to update the registrant face data stored in the registrant database of the management device.
- biometric information e.g., facial image
- a facial image registered when the service is first used and a facial image acquired a long time after the service is first used may give a different impression (different facial features) even if they are of the same person.
- biometric authentication is performed using such a facial image, there is a high possibility that the authentication will fail. For this reason, it is necessary to update the biometric information (facial image), but performing this update process constantly is not appropriate as it increases the load on the server.
- the main objective of the present invention is to provide a server device, a control method for a server device, and a storage medium that contribute to enabling biometric information to be updated while suppressing an increase in load.
- a server device includes a storage means for storing registered biometric information used for biometric authentication, an accumulation period control means for setting a biometric information accumulation period having a predetermined length at a predetermined frequency, which is a period for accumulating a user's biometric information, and an update control means for updating the registered biometric information using at least one piece of biometric information accumulated within the biometric information accumulation period.
- a method for controlling a server device which stores registered biometric information used for biometric authentication in the server device, sets a biometric information accumulation period having a predetermined length at a predetermined frequency, and updates the registered biometric information using at least one piece of biometric information accumulated within the biometric information accumulation period.
- a computer-readable storage medium stores a program for causing a computer mounted on a server device to execute the following processes: storing registered biometric information used for biometric authentication; setting a biometric information storage period having a predetermined length at a predetermined frequency, which is a period for storing a user's biometric information; and updating the registered biometric information using at least one piece of biometric information stored within the biometric information storage period.
- a server device a control method for a server device, and a storage medium are provided that contribute to enabling updating of biometric information while suppressing an increase in load.
- the effects of the present invention are not limited to the above.
- the present invention may achieve other effects instead of or in addition to the effects.
- FIG. 1 is a diagram for explaining an overview of an embodiment.
- FIG. 2 is a flow chart illustrating the operation of one embodiment.
- FIG. 3 is a diagram illustrating an example of a schematic configuration of an information processing system according to the first embodiment.
- FIG. 4 is a diagram for explaining the operation of the information processing system according to the first embodiment.
- FIG. 5 is a diagram for explaining a biological information accumulation period according to the first embodiment.
- FIG. 6 is a diagram illustrating an example of a processing configuration of a server device according to the first embodiment.
- FIG. 7 is a diagram illustrating an example of a display on the terminal according to the first embodiment.
- FIG. 8 is a diagram illustrating an example of a user management database according to the first embodiment.
- FIG. 1 is a diagram for explaining an overview of an embodiment.
- FIG. 2 is a flow chart illustrating the operation of one embodiment.
- FIG. 3 is a diagram illustrating an example of a schematic configuration of an information processing system according to the first embodiment.
- FIG. 9 is a diagram illustrating an example of the accumulation period management database according to the first embodiment.
- FIG. 10 is a flowchart illustrating an example of the operation of the authentication control unit according to the first embodiment.
- FIG. 11 is a diagram illustrating an example of the biological information management database according to the first embodiment.
- FIG. 12 is a diagram illustrating an example of a processing configuration of the authentication terminal according to the first embodiment.
- FIG. 13 is a sequence diagram illustrating an example of the operation of the information processing system according to the first embodiment.
- FIG. 14 is a diagram illustrating an example of a display on a terminal according to a modification of the first embodiment.
- FIG. 15 is a diagram illustrating an example of a display on a terminal according to a modification of the first embodiment.
- FIG. 10 is a flowchart illustrating an example of the operation of the authentication control unit according to the first embodiment.
- FIG. 11 is a diagram illustrating an example of the biological information management database according to the first embodiment.
- FIG. 12
- FIG. 16 is a diagram illustrating an example of a display on a terminal according to a modification of the first embodiment.
- FIG. 17 is a diagram illustrating an example of a display on a terminal according to a modification of the first embodiment.
- FIG. 18 is a diagram illustrating an example of a hardware configuration of a server device according to the present disclosure.
- the server device 100 includes a storage means 101, an accumulation period control means 102, and an update control means 103 (see FIG. 1).
- the storage means 101 stores registered biometric information used for biometric authentication (step S1 in FIG. 2).
- the accumulation period control means 102 sets a biometric information accumulation period of a predetermined length, which is a period for accumulating a user's biometric information, at a predetermined frequency (step S2).
- the update control means 103 updates the registered biometric information using at least one piece of biometric information accumulated during the biometric information accumulation period (step S3).
- the server device 100 sets a biometric information accumulation period for accumulating biometric information necessary to update the registered biometric information, and updates the registered biometric information using the biometric information obtained during the biometric information accumulation period.
- the biometric information accumulation period is set with a predetermined frequency and a predetermined length, and the server device 100 updates the registered biometric information, for example, after the end of the biometric information accumulation period.
- the server device 100 does not update the biometric information all the time (after each successful authentication), so the increase in load on the server device 10 is limited.
- a server device 100 is provided that enables updating of biometric information while suppressing an increase in load.
- the information processing system (authentication system) according to the first embodiment includes a server device 10 and at least one authentication terminal 20.
- the server device 10 and authentication terminal 20 are managed and operated by a service provider that provides services to users using biometric authentication.
- a service provider is any organization that provides a service using biometric authentication.
- service providers include businesses such as the user's employer, retail stores, hotels, airports, banks, hospitals, schools, and theme parks.
- a service provider may not be a private company, but may be a public institution such as a local government.
- the server device 10 stores information about users.
- the server device 10 stores the user's name, date of birth, biometric information, etc.
- the server device 10 provides services to users through biometric authentication using the biometric information.
- the server device 10 may be installed in the service provider's building or on a network (cloud).
- the authentication terminal 20 is a device that serves as an interface when providing services to users.
- the authentication terminal 20 is installed at the location where services are provided to users. As shown in FIG. 3, the first embodiment will be described using a gate-type authentication terminal 20 as an example.
- the authentication terminal 20 is not limited to a gate-type terminal, and may be a tablet-type or signage-type terminal. Alternatively, the authentication terminal 20 may be a kiosk terminal.
- the authentication terminal 20 may be any device or apparatus equipped with a camera.
- the service provider may be provided with a terminal or device that is suited to the type of business as the authentication terminal 20.
- the user operates the terminal 30 to input information to the server device 10 and to obtain information from the server device 10.
- the devices shown in FIG. 3 are interconnected. Specifically, the server device 10 and the authentication terminal 20 are connected by wired or wireless communication means and are configured to be able to communicate with each other.
- the configuration of the information processing system shown in FIG. 3 is an example and is not intended to be limiting.
- the information processing system may include multiple server devices 10.
- a user who wishes to receive a service using biometric authentication must register in advance.
- the user operates the terminal 30 to access the server device 10.
- the user inputs user information such as name, sex, date of birth, address, login information, email address, and biometric information on a website or the like provided by the server device 10.
- the user inputs information necessary for the service to be provided to the server device 10.
- a user who wishes to enter a workplace using biometric authentication inputs the department to which he or she belongs to the server device 10.
- a user who wishes to make a payment using biometric authentication inputs information such as credit card account or bank account information to the server device 10.
- the user's biometric information include data (features) calculated from physical characteristics unique to an individual, such as the face, fingerprint, voiceprint, veins, retina, and iris pattern.
- the user's biometric information may be image data such as a face image or fingerprint image.
- the user's biometric information may be anything that includes the user's physical characteristics as information.
- the biometric information is a person's face image or features generated from a face image.
- the server device 10 When the server device 10 acquires the name, biometric information, etc. from the user, it generates a user ID to identify the user. The server device 10 associates the generated user ID with the acquired user information and registers them in the user management database. Details of the user management database will be described later.
- Users can also register other people on their behalf. For example, a parent can enter their child's name, biometric information, etc. into the server device 10.
- a user who wishes to receive a service from a service provider visits a place where the service is provided (e.g., a workplace or a retail store).
- the authentication terminal 20 acquires biometric information (e.g., a face image) of the user in front of the user.
- the authentication terminal 20 transmits an authentication request including the acquired biometric information to the server device 10 (see FIG. 4).
- the server device 10 performs biometric authentication using the biometric information included in the authentication request and the biometric information registered in the user management database.
- the server device 10 identifies the person to be authenticated by a matching process (authentication process) using the biometric information.
- the server device 10 authenticates the identified person to be authenticated. For example, if the person to be authenticated has the authority to enter the workplace, the server device 10 determines that the authentication is successful. If the person to be authenticated does not have the authority to enter the workplace, the server device 10 determines that the authentication is unsuccessful.
- the server device 10 notifies the authentication terminal 20 of the authentication result (authentication successful, authentication failed).
- the authentication terminal 20 performs processing according to the authentication result. For example, if successful authentication is notified, the authentication terminal 20 opens the gate and allows the person to be authenticated to pass through the gate. If unsuccessful authentication is notified, the authentication terminal 20 closes the gate and denies the person to be authenticated from passing through the gate.
- biometric information e.g., facial features
- the server device 10 updates the user's biometric information (biometric information registered in the server device 10; hereinafter, referred to as registered biometric information).
- the server device 10 sets a period for storing registered biometric information for each user (hereinafter referred to as the "biometric information storage period” or “storage period”).
- the server device 10 sets a biometric information accumulation period of a predetermined length at a predetermined frequency.
- the server device 10 accumulates biometric information acquired during the biometric information accumulation period (biometric information acquired from the authentication terminal 20) that has been determined to have been successfully authenticated.
- the server device 10 selects (extracts) biometric information suitable for biometric authentication purposes from among the accumulated biometric information.
- the server device 10 sets a "biometric information accumulation period" for each user, once per year or once per three years, and a length (period) of "one week” or "one month.”
- the server device 10 automatically updates the registered biometric information using the biometric information acquired within the biometric information accumulation period. For example, if the frequency is once per year and the period is one week, the period indicated by the bold line in FIG. 5 corresponds to the biometric information accumulation period.
- the server device 10 stores biometric information (e.g., facial images) that is determined to be a successful authentication during the biometric information storage period. At a predetermined timing (e.g., when the biometric information storage period ends), the server device 10 extracts (selects) from the stored biometric information the biometric information that is most suitable for the registered biometric information.
- biometric information e.g., facial images
- the server device 10 selects one piece of biometric information that is most suitable for biometric authentication purposes from the 10 pieces of biometric information (e.g., 10 facial images).
- the server device 10 uses the selected biometric information to update the existing biometric information (registered biometric information).
- the server device 10 discards biometric information acquired outside the biometric information accumulation period and determined to have resulted in successful authentication. Since biometric information acquired outside the biometric information accumulation period is discarded, the resources (memory, storage media, etc.) of the server device 10 are not strained. Note that biometric information determined to have resulted in failed authentication is discarded regardless of whether it is acquired inside or outside the biometric information accumulation period.
- FIG. 6 is a diagram showing an example of a processing configuration (processing module) of the server device 10 according to the first embodiment.
- the server device 10 includes a communication control unit 201, a user management unit 202, a storage period control unit 203, an authentication control unit 204, an update control unit 205, and a storage unit 206.
- the communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the authentication terminal 20. The communication control unit 201 also transmits data to the authentication terminal 20. The communication control unit 201 passes data received from other devices to other processing modules. The communication control unit 201 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 201.
- the communication control unit 201 has a function as a receiving unit that receives data from other devices, and a function as a transmitting unit that transmits data to other devices.
- the user management unit 202 is a means for managing users who receive services. For example, the user management unit 202 registers user information such as the user's name, sex, date of birth, address, email address, login information, and biometric information.
- the user management unit 202 displays a GUI (Graphical User Interface) on the terminal 30 for user registration.
- GUI Graphic User Interface
- the user management unit 202 acquires user information such as name, sex, date of birth, email address, and biometric information (e.g., face image) using a GUI such as that shown in FIG. 7.
- user information such as name, sex, date of birth, email address, and biometric information (e.g., face image) using a GUI such as that shown in FIG. 7.
- the user management unit 202 When a face image is acquired as biometric information, the user management unit 202 generates features from the acquired face image. Existing technology can be used for the feature generation process by the user management unit 202, so a detailed description is omitted. For example, the user management unit 202 extracts the eyes, nose, mouth, etc. as feature points from the face image. The user management unit 202 then calculates the position of each feature point and the distance between each feature point as feature amounts (generating a feature vector consisting of multiple feature amounts).
- the user management unit 202 when the user information of the user (or another person related to the user; for example, a child) is acquired, the user management unit 202 generates a user ID for identifying the user.
- the user ID may be any information that can uniquely identify the user.
- the user management unit 202 may assign a unique value each time a user is registered as the user ID.
- the user management unit 202 When the user ID is generated, the user management unit 202 generates an account for the user. Specifically, the user management unit 202 associates the generated user ID with the name, sex, date of birth, address, biometric information (feature values), email address, login information, etc., and registers them in the user management database (see FIG. 8).
- the biometric information (e.g., feature amounts) registered in the user management database is biometric information used for biometric authentication, and corresponds to the registered biometric information described above.
- the user management database shown in FIG. 8 is an example, and is not intended to limit the items to be stored. For example, a "face image" may be registered in the user management database.
- the user management unit 202 When the user management unit 202 creates an account for a user (when it adds an entry to the user management database), it notifies the accumulation period control unit 203 of the user's user ID.
- the user management unit 202 also acquires information necessary for services provided to the user (information specific to each individual service). For example, the user management unit 202 acquires the "department" as information necessary for entering the workplace. Alternatively, the user management unit 202 acquires account information (credit card information, bank account information) for biometric authentication payment. Note that a description of individual services and information necessary for providing individual services is omitted as it is outside the scope of the present disclosure.
- the user management unit 202 also controls the suspension of service provision to users and the cancellation of services.
- a portal site a website to which the user logs in using login information
- the user management unit 202 deletes the entry for that user (the entry in the user management database).
- the accumulation period control unit 203 is a means for controlling the biometric information accumulation period set for each user. Specifically, the accumulation period control unit 203 is a period for accumulating the user's biometric information, and sets a biometric information accumulation period of a predetermined length at a predetermined frequency.
- the accumulation period control unit 203 determines the biometric information accumulation period for that user. For example, the accumulation period control unit 203 determines the biometric information accumulation period based on a predetermined rule (period setting rule) or a predetermined policy (period setting policy).
- the accumulation period control unit 203 determines the biometric information accumulation period based on rules regarding the "frequency” at which the biometric information accumulation period is set and the "length (period)" of the accumulation period. For example, the accumulation period control unit 203 determines the biometric information accumulation period for a user based on a rule (policy) such as "set the biometric information accumulation period to one week one year after the account creation date, and thereafter set the biometric information accumulation period in the same manner.”
- a rule such as "set the biometric information accumulation period to one week one year after the account creation date, and thereafter set the biometric information accumulation period in the same manner.
- the accumulation period control unit 203 sets the biometric information accumulation period to one week one year after the account creation date, from "January 20, 2024" to "January 27, 2024.”
- the accumulation period control unit 203 registers the determined biometric information accumulation period in an accumulation period management database (see FIG. 9).
- the accumulation period management database stores the user ID, the account creation date, the rules (frequency, length) used to determine the biometric information accumulation period, the status, and the biometric information accumulation period.
- the accumulation period management database shown in FIG. 9 is an example, and is not intended to limit the items to be stored.
- the accumulation period control unit 203 adds an entry to the accumulation period management database, sets the biometric information accumulation period, and sets the status field to "updated.”
- the accumulation period control unit 203 accesses the accumulation period management database periodically or at a specified timing, and extracts entries for which the biometric information accumulation period has elapsed.
- the accumulation period control unit 203 searches the user management database using the user ID of the extracted entry as a key, and determines whether or not a corresponding entry (user) exists.
- the accumulation period control unit 203 deletes the corresponding entry (user) from the accumulation period management database.
- the accumulation period control unit 203 determines a new biometric information accumulation period for that user and registers it in the accumulation period management database.
- the accumulation period control unit 203 determines a new biometric information accumulation period using the period setting rules (frequency and length of the biometric information accumulation period) stored in the accumulation period management database.
- period setting rules frequency and length of the biometric information accumulation period
- the accumulation period control unit 203 sets a new biometric information accumulation period in the accumulation period management database, it sets the status field of the corresponding entry to "not updated.”
- the authentication control unit 204 is a means for controlling the biometric authentication of the person to be authenticated.
- the authentication control unit 204 receives an authentication request including the biometric information of the person to be authenticated from the authentication terminal 20, and executes authentication processing using the biometric information included in the authentication request and the registered biometric information stored in the user management database.
- the authentication control unit 204 also accumulates biometric information that is determined to have been successfully authenticated within the biometric information accumulation period, and discards biometric information that is determined to have been successfully authenticated outside the biometric information accumulation period.
- FIG. 10 is a flowchart showing an example of the operation of the authentication control unit 204 according to the first embodiment. The operation of the authentication control unit 204 will be described with reference to FIG. 10.
- the authentication control unit 204 performs a matching process using the biometric information included in the authentication request and the biometric information stored in the user management database (step S101).
- the authentication control unit 204 generates features from the face image included in the authentication request.
- the authentication control unit 204 sets the generated features as a matching target and performs a matching process (1:N matching; N is a positive integer, same below) with the features stored in the user management database.
- the authentication control unit 204 calculates the similarity between the feature to be matched and each of the multiple feature values on the registration side.
- the similarity can be calculated using chi-square distance, Euclidean distance, or the like. Note that the greater the distance, the lower the similarity, and the closer the distance, the higher the similarity.
- the authentication control unit 204 determines that the matching process has failed if there is no feature among the multiple features stored in the user management database that has a similarity with the feature to be matched that is equal to or greater than a predetermined value.
- the authentication control unit 204 determines that the matching process is successful if, among the multiple features stored in the user management database, there is a feature whose similarity with the feature to be matched is equal to or greater than a predetermined value. In this case, the user of the entry with the highest similarity is identified as the person to be authenticated.
- step S102 If the matching process fails (step S102, No branch), the authentication control unit 204 sets the authentication result to authentication failure (step S103).
- step S102 If the matching process is successful (step S102, Yes branch), the authentication control unit 204 uses the user information identified by the matching process to determine whether or not to provide the service (step S104).
- the authentication control unit 204 determines whether the authenticated person has the authority to enter the installation location based on the department to which the authenticated person belongs and the installation location of the authentication terminal 20 (e.g., the office). If the authenticated person has the authority, the authentication control unit 204 determines that the service can be provided to the authenticated person (entry to the office is permitted). If the authenticated person does not have the authority, the authentication control unit 204 determines that the service cannot be provided to the authenticated person (entry to the office is prohibited).
- the authentication control unit 204 sets the authentication result to authentication failure (step S103).
- the authentication control unit 204 sets the authentication result to authentication success (step S106).
- the authentication control unit 204 determines whether the date on which the authentication request was processed is included in the biometric information accumulation period (accumulation period determination; step S107).
- the authentication control unit 204 searches the accumulation period management database using the user ID of the person to be authenticated identified by the matching process as a key, and identifies the corresponding entry.
- the authentication control unit 204 makes the above determination based on the setting value of the biometric information accumulation period field of the identified entry and the date of processing the authentication request.
- step S108 If the date of processing the authentication request falls outside the biometric information accumulation period (step S108, No branch), the authentication control unit 204 does not perform any special operation.
- the authentication control unit 204 stores the biometric information (face image) included in the authentication request (step S109).
- the authentication control unit 204 stores the user ID of the person to be authenticated, the authentication date and time, and the biometric information of the successfully authenticated person (e.g., a facial image) in the biometric information management database (see FIG. 11).
- the biometric information management database shown in FIG. 11 is an example, and is not intended to limit the items to be stored.
- the authentication control unit 204 sends the authentication result (authentication successful, authentication failed) to the authentication terminal 20 (step S110).
- the update control unit 205 is a means for controlling the updating of the biometric information (registered biometric information) of a user registered for biometric authentication.
- the update control unit 205 updates the registered biometric information using at least one piece of biometric information accumulated during the biometric information accumulation period.
- the update control unit 205 periodically or at a specified timing accesses the accumulation period management database and identifies entries whose status is set to "not updated.”
- the update control unit 205 searches the biometric information management database using the user ID of the identified entry as a key, and obtains the biometric information (e.g., face images) accumulated during the biometric information accumulation period.
- the update control unit 205 calculates an index (referred to as an "appropriateness score” or simply “score”) indicating the appropriateness of each piece of biometric information stored during the biometric information storage period as registered biometric information. In other words, the update control unit 205 calculates an appropriateness score indicating the appropriateness of each piece of biometric information stored during the biometric information storage period as biometric information for biometric authentication purposes.
- an index referred to as an "appropriateness score” or simply “score”
- the update control unit 205 inputs biometric information (face image) into a learning model obtained by machine learning and obtains an appropriateness score.
- the learning model is obtained by machine learning using a large amount of training data in which labels (suitability scores) are assigned to image data (face images).
- Any algorithm such as a support vector machine, boosting, or neural network, can be used to generate the learning model. Note that the algorithms, such as the support vector machine, can use publicly known technologies, so a description of them will be omitted.
- Teacher data is obtained by having experts with knowledge of biometric authentication assign scores to image data (face images).
- the experts assign a score to each image data piece, taking into account the orientation and state of the face shown in the image data (for example, eyes closed or open), the influence of the external environment (image is too bright or too dark), etc.
- the update control unit 205 selects biometric information (e.g., a facial image) to be used to update already registered biometric information (registered biometric information) based on the calculated score. For example, the update control unit 205 selects the facial image with the highest score as the biometric information to be updated.
- biometric information e.g., a facial image
- registered biometric information registered biometric information
- the update control unit 205 generates features from the selected biometric information (face image).
- the update control unit 205 accesses the user management database and updates the features set in the registered biometric information field of the corresponding user with the features generated above (replaces the features, overwrites the features).
- the update control unit 205 sets "updated” to the status field of the corresponding entry in the accumulation period management database (the entry corresponding to the user whose biometric information has been updated).
- the storage unit 206 is a means for storing information necessary for the operation of the server device 10.
- the storage unit 206 stores registered biometric information used for biometric authentication.
- FIG. 12 is a diagram showing an example of a processing configuration (processing module) of the authentication terminal 20 according to the first embodiment.
- the authentication terminal 20 includes a communication control unit 301, a biometric information acquisition unit 302, an authentication request unit 303, and a storage unit 304.
- the communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packets) from the server device 10. The communication control unit 301 also transmits data to the server device 10. The communication control unit 301 passes data received from other devices to other processing modules. The communication control unit 301 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 301.
- the communication control unit 301 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
- the biometric information acquisition unit 302 is a means for controlling the camera and acquiring the biometric information (e.g., a facial image) of the user.
- the biometric information acquisition unit 302 captures an image in front of the device periodically or at a specified timing.
- the biometric information acquisition unit 302 determines whether or not the acquired image contains a human facial image, and if a facial image is included, extracts the facial image from the acquired image data.
- the biometric information acquisition unit 302 may extract a facial image (face area) from image data using a learning model trained by a CNN (Convolutional Neural Network).
- the biometric information acquisition unit 302 may extract a facial image using a method such as template matching.
- the biometric information acquisition unit 302 passes the extracted facial image to the authentication request unit 303.
- the authentication request unit 303 is a means for requesting authentication of the person to be authenticated from the server device 10.
- the authentication request unit 303 transmits an authentication request including biometric information of the person to be authenticated (the user in front of the authentication terminal 20) to the server device 10.
- the authentication request unit 303 receives the authentication result (authentication successful, authentication failed) from the server device 10.
- the authentication request unit 303 performs an operation according to the received authentication result.
- the authentication request unit 303 closes the gate and denies the person to be authenticated from entering the office. At that time, the authentication request unit 303 may notify the person to be authenticated that he or she cannot pass through the gate.
- the authentication request unit 303 opens the gate and allows the person to be authenticated to enter the office.
- the memory unit 304 is a means for storing information necessary for the operation of the authentication terminal 20.
- Examples of the terminal 30 include a smartphone, a mobile phone, a game machine, a mobile terminal device such as a tablet, a computer (personal computer, notebook computer), etc.
- the terminal 30 can be any equipment or device that can accept user operations and communicate with the server device 10, etc.
- the configuration of the terminal 30 is clear to those skilled in the art, detailed explanations will be omitted.
- FIG. 13 is a sequence diagram showing an example of the operation of the information processing system according to the first embodiment. The operation of the information processing system according to the first embodiment will be described with reference to FIG. 13.
- the authentication terminal 20 sends an authentication request including the biometric information of the person to be authenticated to the server device 10 (step S01).
- the server device 10 performs biometric authentication using the acquired biometric information and the biometric information stored in the user management database (step S02).
- the server device 10 stores the biometric information (e.g., a facial image) acquired from the authentication terminal 20.
- the server device 10 stores the biometric information that is determined to be a successful authentication within the biometric information storage period.
- the server device 10 sends a notification of successful authentication to the authentication terminal 20 (step S04).
- the authentication terminal 20 provides the service assigned to the device itself (step S05). For example, the authentication terminal 20 opens the gate and allows the person to be authenticated to pass through the gate.
- the authentication terminal 20 and server device 10 repeat the operations of steps S01 to S05 described above.
- the server device 10 selects the most suitable biometric information for registration from the stored biometric information (face image) and updates the registered biometric information using the selected biometric information (step S06).
- the server device 10 may notify the user that the service provision date for the user is within the biometric information storage period. For example, when the authentication control unit 204 of the server device 10 succeeds in authenticating the authenticatee during the biometric information storage period, the authentication control unit 204 notifies the user that the biometric information storage period is in progress via the authentication terminal 20. In this case, the authentication control unit 204 may notify the authentication terminal 20 that the authentication is successful and that the biometric information storage period is in progress. Alternatively, the authentication control unit 204 may notify the email address of the user (terminal 30 owned by the user) identified by the matching process that the service provision date is in the biometric information storage period. In this case, the terminal 30 may display a pop-up as shown in FIG.
- the server device 10 may notify the user that the biometric information storage period is scheduled to be set before the biometric information storage period is set.
- the server device 10 may notify the user that the biometric information storage period is scheduled to be set a predetermined period before the biometric information storage period to be set (for example, one week before, one month before).
- the display shown in FIG. 14 is an example and is not intended to limit the manner in which the user is notified that the service provision date falls within the biometric information storage period.
- the terminal 30 may notify the user that the service provision date falls within the biometric information storage period by changing the background color or layout.
- the terminal 30 may notify the user that the service provision date falls within the biometric information storage period by changing a white background to a yellow background, or by other methods. In this way, the terminal 30 may notify the user that the service provision date falls within the biometric information storage period by not only using text (message) but also by using the color scheme, layout, etc. of the screen.
- the server device 10 may obtain the consent of the user when updating the biometric information.
- the update control unit 205 of the server device 10 selects biometric information (e.g., a face image) to be used for updating the registered biometric information
- the update control unit 205 transmits an "update inquiry" including the selected face image to the user's terminal 30.
- the terminal 30 displays a GUI as shown in FIG. 15 and obtains whether or not the registered face image (registered biometric information) can be updated with the face image selected by the server device 10.
- the terminal 30 notifies the server device 10 of the user's intention (agree to update, reject update).
- the update control unit 205 updates the registered biometric information using the face image.
- the server device 10 may obtain consent from the user to start storing biometric information for updating.
- the server device 10 transmits an "accumulation period start inquiry" including the registered biometric information to the user's terminal 30 immediately before the start of the biometric information storage period.
- the terminal 30 displays a GUI such as that shown in FIG. 16 and obtains consent to start storing biometric information to update the registered biometric information.
- the terminal 30 notifies the server device 10 of the user's intention (agree to storage, reject storage). If the user consents to the storage of biometric information (face image), the server device 10 starts storing the biometric information during the biometric information storage period. In this manner, the server device 10 obtains from the user consent to setting a biometric information storage period during which the initially captured face image is deleted (updated).
- the storage period control unit 203 of the server device 10 may set the biometric information storage period based on the attribute information (e.g., age, sex) of the user. For example, the storage period control unit 203 may determine the frequency of setting the biometric information storage period according to the age of the user. For example, the biometric information storage period may be set at a frequency such as "under 5 years old: once every 3 months", “5 to 10 years old: once every 6 months”, "10 to 15 years old: once a year”, “15 to 20 years old: once every 2 years”, and "20 years old or older: once every 5 years”.
- the storage period control unit 203 may determine the biometric information storage period of each user based on the above-mentioned period setting rule (period setting policy).
- period setting rule there may be a rule such as "no update required" when the user is over a certain age.
- the storage period control unit 203 may determine the biometric information storage period based on a rule such as "60 years old or older: no update required". In this case, the storage period control unit 203 may set the biometric information storage period to a period far exceeding the lifespan of a person. In this way, the server device 10 may determine the frequency of the biometric information storage period according to age, taking into consideration that children's faces are prone to change.
- the server device 10 may set the biometric information storage period based on the age of the user. Alternatively, the server device 10 may determine the length of the biometric information storage period based on the attribute information of the user (e.g., age, sex). For example, taking into consideration that the younger the user is, the more likely the face (physiognomy) is to change, the server device 10 sets a longer biometric information storage period for younger users and a shorter biometric information storage period for older users.
- the attribute information of the user e.g., age, sex
- the server device 10 may determine the frequency and length of the biometric information storage period based on the number of times authentication is successful but considered to be unsuccessful. For example, the server device 10 stores the number of times authentication is determined to be successful (number of pseudo errors) for each user near the lower limit of the threshold for determining authentication success. When the number of pseudo errors increases, the server device 10 shortens the setting frequency of the biometric information storage period. For example, the server device 10 changes the period setting frequency from once a year to an update frequency once every six months. Alternatively, when the number of pseudo errors increases, the server device 10 lengthens the biometric information storage period. For example, the server device 10 changes the period from one week to three weeks.
- the server device 10 may increase the number of times required to determine authentication success within the biometric information storage period (for example, change the required number from 10 times to 15 times).
- the server device 10 may lengthen the setting frequency of the storage period for updating biometric information. For example, the server device 10 may change the update frequency from once a year to once every three years.
- the server device 10 may shorten the biometric information storage period (e.g., from one week to three days) or reduce the number of required authentications (e.g., from 10 to five).
- the storage period control unit 203 of the server device 10 may determine the length of the biometric information storage period based on the authentication history of the user. In this case, the server device 10 generates and stores an authentication history including the date, time, and location of successful authentication for each user. The storage period control unit 203 calculates the authentication frequency of the user (the number of successful authentications in a predetermined period). The storage period control unit 203 sets a shorter biometric information storage period for a user with a high authentication frequency. In contrast, the storage period control unit 203 sets a longer biometric information storage period for a user with a low authentication frequency. For example, the storage period control unit 203 calculates the authentication frequency of the user in the most recent month.
- the length of the standard biometric information storage period (default value of the storage period) is set to "1 week".
- the storage period control unit 203 sets the length of the biometric information storage period to "3 days", which is shorter than the default value.
- the storage period control unit 203 sets the length of the biometric information storage period to "2 weeks", which is longer than the default value.
- a high authentication frequency indicates that a large amount of biometric information is acquired during the biometric information storage period. Therefore, even if the biometric information storage period is set to be short, a sufficient number of facial images are accumulated to select a facial image for updating.
- a low authentication frequency indicates that a small amount of biometric information is acquired during the biometric information storage period. Therefore, unless the biometric information storage period is set to be long, a sufficient number of facial images are not accumulated to select a facial image for updating. Taking these circumstances into consideration, the server device 10 determines the length of the biometric information storage period according to the authentication frequency (frequency of service use) of each user, and makes it possible to acquire biometric information suitable for updating (biometric information with a sufficiently high appropriateness score).
- the server device 10 may extend the biometric information accumulation period if the number of times authentication is determined to be successful during the biometric information accumulation period does not reach a predetermined value. For example, if a rule such as "10 successful authentications are required" is set, the server device 10 extends the biometric information accumulation period until 10 successful authentications are confirmed during the biometric information accumulation period (until 10 pieces of biometric information are accumulated).
- the accumulation period control unit 203 refers to the biometric information accumulation period field of the accumulation period management database and extracts an entry whose end date of the biometric information accumulation period has arrived.
- the accumulation period control unit 203 refers to the biometric information management database and acquires the number of pieces of biometric information of the user corresponding to the user ID of the extracted entry. If the number of pieces of biometric information acquired (the number of pieces of biometric information accumulated during the biometric information accumulation period) does not reach a predetermined value (10 in the above example), the accumulation period control unit 203 extends the end date of the biometric information accumulation period in the accumulation period management database.
- the server device 10 may notify the user of the accumulation status of biometric information during the biometric information accumulation period (the number of successful authentications). That is, the server device 10 may notify the user of the progress status regarding the accumulation of biometric information required to complete the biometric information accumulation period.
- the number of successful authentications required for the expiration of the biometric information accumulation period is "10"
- the number of successful authentications at the time of successful authentication e.g., seven successful biometric authentications
- the authentication control unit 204 may notify the terminal 30 of the user identified by the matching process of the accumulation status of biometric information (e.g., the number of required authentications, the current number of authentications). In this case, the terminal 30 may display a pop-up as shown in FIG. 17 to notify the user of the accumulation status of biometric information.
- the server device 10 may generate biometric information for update from a plurality of pieces of biometric information accumulated during the biometric information accumulation period.
- the update control unit 205 may synthesize a plurality of face images obtained during the biometric information accumulation period to generate one face image.
- the update control unit 205 may generate features from the generated face image and register the generated features as biometric information for update in the user management database.
- the update control unit 205 may generate features from each face image obtained during the biometric information accumulation period and calculate an average value of the generated features.
- the update control unit 205 may register the calculated average value of the features as biometric information for update in the user management database.
- the server device 10 sets a biometric information accumulation period for accumulating biometric information necessary to update the registered biometric information.
- the server device 10 selects biometric information suitable for updating the registered biometric information from the biometric information obtained during the biometric information accumulation period, and updates the registered biometric information using the selected biometric information.
- the biometric information accumulation period is set with a predetermined frequency and a predetermined length, and the server device 10 updates the registered biometric information after the end of the biometric information accumulation period, for example. With this configuration, the server device 10 does not need to update the biometric information every time authentication of a user is successful, thereby suppressing an increase in the load on the server device 10.
- the server device 10 takes these circumstances into consideration and sets an appropriate biometric information accumulation period according to the attributes of the user (e.g., age). For example, the server device 10 sets the biometric information accumulation period for children so that biometric information is updated frequently. Conversely, the server device 10 sets the biometric information accumulation period for adults so that biometric information is not updated frequently. As a result, it is possible to improve (maintain) the authentication accuracy while suppressing an increase in the load on the server device 10.
- the server device 10 can reliably acquire the biometric information used to update the registered biometric information by appropriately selecting the length of the biometric information accumulation period. Also, the server device 10 verifies the quality of the biometric information used for updating, thereby preventing a deterioration in the accuracy of biometric authentication using the updated biometric information.
- Figure 18 is a diagram showing an example of the hardware configuration of the server device 10.
- the server device 10 can be configured by an information processing device (so-called a computer), and has the configuration shown in FIG. 18.
- the server device 10 has a processor 311, a memory 312, an input/output interface 313, a communication interface 314, etc.
- the components such as the processor 311 are connected by an internal bus or the like, and are configured to be able to communicate with each other.
- the server device 10 may include hardware not shown, and may not include an input/output interface 313 as necessary.
- the number of processors 311 and the like included in the server device 10 is not intended to be limited to the example shown in FIG. 18, and for example, the server device 10 may include multiple processors 311.
- the processor 311 is, for example, a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), or a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
- OS operating system
- Memory 312 may be a RAM (Random Access Memory), a ROM (Read Only Memory), a HDD (Hard Disk Drive), a SSD (Solid State Drive), etc. Memory 312 stores the OS program, application programs, and various data.
- RAM Random Access Memory
- ROM Read Only Memory
- HDD Hard Disk Drive
- SSD Solid State Drive
- the input/output interface 313 is an interface for a display device and an input device (not shown).
- the display device is, for example, a liquid crystal display.
- the input device is, for example, a device that accepts user operations such as a keyboard or a mouse.
- the communication interface 314 is a circuit, module, etc. that communicates with other devices.
- the communication interface 314 includes a NIC (Network Interface Card), etc.
- the functions of the server device 10 are realized by various processing modules.
- the processing modules are realized, for example, by the processor 311 executing a program stored in the memory 312.
- the program can be recorded on a computer-readable storage medium.
- the storage medium can be a non-transitory medium such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium.
- the present invention can also be embodied as a computer program product.
- the program can be downloaded via a network, or updated using a storage medium that stores the program.
- the processing modules may also be realized by a semiconductor chip.
- the authentication terminal 20 can also be configured with an information processing device, just like the server device 10, and its basic hardware configuration is no different from that of the server device 10, so a description of it will be omitted.
- the authentication terminal 20 may be equipped with a camera device for photographing the person to be authenticated.
- the server device 10 which is an information processing device, is equipped with a computer, and the functions of the server device 10 can be realized by having the computer execute a program.
- the server device 10 also executes a control method for the server device 10 by means of the program.
- the authentication terminal 20 is equipped with a computer, and the functions of the authentication terminal 20 can be realized by having the computer execute a program.
- the authentication terminal 20 also executes a control method for the authentication terminal 20 by means of the program.
- the user management unit 202 of the server device 10 may calculate an appropriateness score for the biometric information acquired from the user during the initial registration of the biometric information. If the calculated appropriateness score is lower than a threshold, the user management unit 202 may request the user to re-register different biometric information (e.g., a face image).
- biometric information e.g., a face image
- the server device 10 may select biometric information to be used to update the registered biometric information based on the degree of similarity between the registered biometric information and the accumulated biometric information. For example, the server device 10 may select, as the biometric information for update, the biometric information that has the greatest degree of similarity with the registered biometric information among the biometric information acquired during the biometric information accumulation period.
- the user management unit 202 of the server device 10 acquires the user's name, biometric information, etc., as well as an identification document (e.g., a passport, driver's license, etc.) containing the biometric information.
- the user management unit 202 performs a one-to-one match using the biometric information on the identification document and the biometric information acquired from the user. If the match is successful, the user management unit 202 may register the user (create an account).
- the accumulation period control unit 203 may set the biometric information accumulation period using attribute information obtained from an identification document instead of attribute information (age, gender) acquired from the user. Alternatively, the accumulation period control unit 203 may infer the user's attribute information from the user's registered biometric information (e.g., a face image).
- the update control unit 205 may perform statistical processing on the appropriateness scores of the biometric information obtained during the biometric information accumulation period, and select the biometric information to update the registered biometric information according to the results of the statistical processing. For example, the update control unit 205 may calculate a representative value representing the accumulated biometric information, such as the average, median, or mode of the appropriateness scores. The update control unit 205 may select the biometric information having an appropriateness score that matches the representative value (closest to the representative value) as the biometric information to be updated.
- the update control unit 205 may select biometric information to update the registered biometric information from the biometric information remaining after excluding the biometric information with the best and worst appropriateness scores.
- the update control unit 205 may calculate the representative value by excluding the biometric information with the best and worst appropriateness scores.
- biometric information accumulation period a case has been described in which user information, biometric information accumulation period, and biometric information determined to be successfully authenticated are managed using three databases (user management database, accumulation period management database, and biometric information management database).
- user information, biometric information accumulation period, etc. may be managed by one database.
- the above three databases may be integrated and user information, etc. may be managed by one database.
- the user management database has been described as storing the user's features as registered biometric information.
- the user management database may also store the user's facial image as registered biometric information.
- the authentication control unit 204 may generate features from the registered biometric information (facial image) each time authentication processing is performed.
- a user management database and the like are configured inside the server device 10, but these databases may also be constructed in an external database server or the like. That is, some of the functions of the server device 10 may be implemented in another server. More specifically, the above-described "accumulation period control unit (accumulation period control means)", “update control unit (update control means)”, etc. may be implemented in any of the devices included in the system.
- each device server device 10, authentication terminal 20
- data transmitted and received between these devices may be encrypted.
- Biometric information and the like is transmitted and received between these devices, and in order to appropriately protect this information, it is desirable to transmit and receive encrypted data.
- each embodiment may be used alone or in combination. For example, it is possible to replace part of the configuration of an embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of an embodiment. Furthermore, it is possible to add, delete, or replace part of the configuration of an embodiment with other configurations.
- a server device comprising: [Appendix 2] an authentication control means for receiving an authentication request including biometric information of a person to be authenticated from an authentication terminal, and performing authentication processing using the biometric information included in the authentication request and the stored registered biometric information; The server device according to claim 1, wherein the authentication control means accumulates biometric information determined to be successful in authentication within the biometric information accumulation period, and discards biometric information determined to be successful in authentication outside the biometric information accumulation period.
- the update control means calculates a score indicating the suitability of the biometric information for biometric authentication purposes for each of at least one or more pieces of biometric information accumulated during the biometric information accumulation period, and selects the biometric information to be used for updating the registered biometric information based on the calculated score.
- the server device according to any one of claims 1 to 3, wherein the accumulation period control means sets the biometric information accumulation period based on attribute information of the user.
- the accumulation period control means determines a frequency for setting the biometric information accumulation period in accordance with an age of the user.
- [Appendix 6] The server device according to claim 5, wherein the storage period control means determines the length of the biometric information storage period based on an authentication history of the user.
- the biometric information is a face image or a feature generated from the face image.
- Appendix 8] In the server device, Store registered biometric information used for biometric authentication; Setting a biometric information storage period having a predetermined length at a predetermined frequency, the biometric information storage period being a period for storing the biometric information of the user; A method for controlling a server device, the method comprising: updating the registered biometric information by using at least one piece of biometric information stored during the biometric information storage period.
- a computer installed in the server device A process of storing registered biometric information used for biometric authentication; A process of setting a biometric information storage period having a predetermined length at a predetermined frequency, the biometric information storage period being a period for storing biometric information of a user; updating the registered biometric information using at least one piece of biometric information accumulated during the biometric information accumulation period; A computer-readable storage medium that stores a program for executing the above.
- Server device 10
- Authentication terminal 30
- Terminal 100
- Storage means 102
- Accumulation period control means 103
- Update control means 201
- Communication control unit 202
- User management unit 203
- Accumulation period control unit 204
- Authentication control unit 205
- Update control unit 206
- Communication control unit 302
- Biometric information acquisition unit 303
- Authentication request unit 304
- Storage unit 311 Processor 312 Memory 313 Input/output interface 314 Communication interface
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Collating Specific Patterns (AREA)
Abstract
The present invention provides a server device with which biometric information can be updated while moderating increases in load. The server device comprises a storage means, an accumulation period control means, and an update control means. The storage means stores registered biometric information to be used for biometric authentication. The accumulation period control means sets, at a predetermined frequency, a biometric information accumulation period of predetermined length, which is a period for accumulating biometric information about a user. The update control means updates the registered biometric information using at least one piece of biometric information accumulated during the biometric information accumulation period.
Description
本発明は、サーバ装置、サーバ装置の制御方法及び記憶媒体に関する。
The present invention relates to a server device, a control method for a server device, and a storage medium.
生体認証に用いられる顔データの更新に関する技術が存在する。
Technology exists for updating facial data used for biometric authentication.
例えば、特許文献1には、簡単な方法で、データベースに格納された顔データを更新することができるシステムを提供する、と記載されている。特許文献1の通信端末の制御部は、操作者を撮像部で撮像して顔データを取得し、この顔データと認証データ保存部に予め保存された顔データと顔認証部で比較することによって操作者の正規/不正を判断する。通信端末の制御部は、顔認証部が正規と判断した場合に、撮像部が取得した顔データを、登録者の顔データとして認証データ保存部に新たに保存する処理と、正規と判断された顔データを登録者の顔データとして管理装置に送信する処理とを、繰り返し行う。管理装置に送られた顔データは、その管理装置の登録者データベースに格納された登録者顔データの更新に使用される。
For example, Patent Document 1 describes a system that can update face data stored in a database in a simple manner. The control unit of the communication terminal in Patent Document 1 captures an image of the operator with an imaging unit to acquire face data, and judges whether the operator is legitimate or not by comparing this face data with face data pre-stored in an authentication data storage unit in a face authentication unit. If the face authentication unit judges the operator to be legitimate, the control unit of the communication terminal repeatedly performs a process of newly storing the face data acquired by the imaging unit in the authentication data storage unit as face data of a registrant, and a process of sending the face data judged to be legitimate to a management device as face data of a registrant. The face data sent to the management device is used to update the registrant face data stored in the registrant database of the management device.
特許文献1に示されるように、生体認証に用いられる生体情報(例えば、顔画像)は更新される必要がある。例えば、サービスの利用開始時に登録された顔画像と、サービスの利用開始時から長い時間経過した際に取得された顔画像では、同一人物であっても印象が異なる(人相が異なる)場合がある。このような顔画像を用いて生体認証が行われると、認証に失敗する可能性が高くなる。そのため、生体情報(顔画像)の更新が必要になるが、当該更新処理を常時行うことはサーバの負荷が上昇するため適切ではない。
As described in Patent Document 1, biometric information (e.g., facial image) used in biometric authentication needs to be updated. For example, a facial image registered when the service is first used and a facial image acquired a long time after the service is first used may give a different impression (different facial features) even if they are of the same person. If biometric authentication is performed using such a facial image, there is a high possibility that the authentication will fail. For this reason, it is necessary to update the biometric information (facial image), but performing this update process constantly is not appropriate as it increases the load on the server.
本発明は、負荷の上昇を抑制しつつ生体情報の更新を可能とすることに寄与する、サーバ装置、サーバ装置の制御方法及び記憶媒体を提供することを主たる目的とする。
The main objective of the present invention is to provide a server device, a control method for a server device, and a storage medium that contribute to enabling biometric information to be updated while suppressing an increase in load.
本発明の第1の視点によれば、生体認証に用いられる、登録生体情報を記憶する、記憶手段と、利用者の生体情報を蓄積するための期間であって、所定の長さを有する生体情報蓄積期間を所定の頻度で設定する、蓄積期間制御手段と、前記生体情報蓄積期間内に蓄積された、少なくとも1以上の生体情報を用いて前記登録生体情報を更新する、更新制御手段と、を備える、サーバ装置が提供される。
According to a first aspect of the present invention, a server device is provided that includes a storage means for storing registered biometric information used for biometric authentication, an accumulation period control means for setting a biometric information accumulation period having a predetermined length at a predetermined frequency, which is a period for accumulating a user's biometric information, and an update control means for updating the registered biometric information using at least one piece of biometric information accumulated within the biometric information accumulation period.
本発明の第2の視点によれば、サーバ装置において、生体認証に用いられる、登録生体情報を記憶し、利用者の生体情報を蓄積するための期間であって、所定の長さを有する生体情報蓄積期間を所定の頻度で設定し、前記生体情報蓄積期間内に蓄積された、少なくとも1以上の生体情報を用いて前記登録生体情報を更新する、サーバ装置の制御方法が提供される。
According to a second aspect of the present invention, a method for controlling a server device is provided, which stores registered biometric information used for biometric authentication in the server device, sets a biometric information accumulation period having a predetermined length at a predetermined frequency, and updates the registered biometric information using at least one piece of biometric information accumulated within the biometric information accumulation period.
本発明の第3の視点によれば、サーバ装置に搭載されたコンピュータに、生体認証に用いられる、登録生体情報を記憶する処理と、利用者の生体情報を蓄積するための期間であって、所定の長さを有する生体情報蓄積期間を所定の頻度で設定する処理と、前記生体情報蓄積期間内に蓄積された、少なくとも1以上の生体情報を用いて前記登録生体情報を更新する処理と、を実行させるためのプログラムを記憶する、コンピュータ読取可能な記憶媒体が提供される。
According to a third aspect of the present invention, a computer-readable storage medium is provided that stores a program for causing a computer mounted on a server device to execute the following processes: storing registered biometric information used for biometric authentication; setting a biometric information storage period having a predetermined length at a predetermined frequency, which is a period for storing a user's biometric information; and updating the registered biometric information using at least one piece of biometric information stored within the biometric information storage period.
本発明の各視点によれば、負荷の上昇を抑制しつつ生体情報の更新を可能とすることに寄与する、サーバ装置、サーバ装置の制御方法及び記憶媒体が提供される。なお、本発明の効果は上記に限定されない。本発明により、当該効果の代わりに、又は当該効果と共に、他の効果が奏されてもよい。
In accordance with each aspect of the present invention, a server device, a control method for a server device, and a storage medium are provided that contribute to enabling updating of biometric information while suppressing an increase in load. Note that the effects of the present invention are not limited to the above. The present invention may achieve other effects instead of or in addition to the effects.
はじめに、一実施形態の概要について説明する。なお、この概要に付記した図面参照符号は、理解を助けるための一例として各要素に便宜上付記したものであり、この概要の記載はなんらの限定を意図するものではない。また、特段の釈明がない場合には、各図面に記載されたブロックはハードウェア単位の構成ではなく、機能単位の構成を表す。各図におけるブロック間の接続線は、双方向及び単方向の双方を含む。一方向矢印については、主たる信号(データ)の流れを模式的に示すものであり、双方向性を排除するものではない。なお、本明細書及び図面において、同様に説明されることが可能な要素については、同一の符号を付することにより重複説明が省略され得る。
First, an overview of one embodiment will be described. Note that the reference numerals in the drawings attached to this overview are added to each element for convenience as an example to aid understanding, and the description of this overview is not intended to be limiting in any way. Furthermore, unless otherwise specified, the blocks illustrated in each drawing represent a functional configuration, not a hardware configuration. The connection lines between blocks in each drawing include both bidirectional and unidirectional. Unidirectional arrows are used to diagrammatically indicate the flow of the main signal (data), and do not exclude bidirectionality. Note that in this specification and drawings, elements that can be described in the same way may be labeled with the same numerals to avoid duplicated explanations.
一実施形態に係るサーバ装置100は、記憶手段101と、蓄積期間制御手段102と、更新制御手段103と、を備える(図1参照)。記憶手段101は、生体認証に用いられる、登録生体情報を記憶する(図2のステップS1)。蓄積期間制御手段102は、利用者の生体情報を蓄積するための期間であって、所定の長さを有する生体情報蓄積期間を所定の頻度で設定する(ステップS2)。更新制御手段103は、生体情報蓄積期間内に蓄積された、少なくとも1以上の生体情報を用いて登録生体情報を更新する(ステップS3)。
The server device 100 according to one embodiment includes a storage means 101, an accumulation period control means 102, and an update control means 103 (see FIG. 1). The storage means 101 stores registered biometric information used for biometric authentication (step S1 in FIG. 2). The accumulation period control means 102 sets a biometric information accumulation period of a predetermined length, which is a period for accumulating a user's biometric information, at a predetermined frequency (step S2). The update control means 103 updates the registered biometric information using at least one piece of biometric information accumulated during the biometric information accumulation period (step S3).
サーバ装置100は、登録生体情報を更新するために必要な生体情報を蓄積するための生体情報蓄積期間を設定し、当該生体情報蓄積期間に得られた生体情報を用いて登録生体情報を更新する。生体情報蓄積期間は、所定の頻度及び所定の長さで設定され、サーバ装置100は、例えば、生体情報蓄積期間の終了後に登録生体情報を更新する。換言すれば、サーバ装置100は、常時(認証成功のたびに)、生体情報の更新を行うことはないので、サーバ装置10の負荷上昇は限定的となる。即ち、負荷の上昇を抑制しつつ生体情報の更新を可能とするサーバ装置100が提供される。
The server device 100 sets a biometric information accumulation period for accumulating biometric information necessary to update the registered biometric information, and updates the registered biometric information using the biometric information obtained during the biometric information accumulation period. The biometric information accumulation period is set with a predetermined frequency and a predetermined length, and the server device 100 updates the registered biometric information, for example, after the end of the biometric information accumulation period. In other words, the server device 100 does not update the biometric information all the time (after each successful authentication), so the increase in load on the server device 10 is limited. In other words, a server device 100 is provided that enables updating of biometric information while suppressing an increase in load.
以下に具体的な実施形態について、図面を参照してさらに詳しく説明する。
Specific embodiments are described in more detail below with reference to the drawings.
[第1の実施形態]
第1の実施形態について、図面を用いてより詳細に説明する。 [First embodiment]
The first embodiment will be described in more detail with reference to the drawings.
第1の実施形態について、図面を用いてより詳細に説明する。 [First embodiment]
The first embodiment will be described in more detail with reference to the drawings.
[システムの構成]
図3に示すように、第1の実施形態に係る情報処理システム(認証システム)には、サーバ装置10と、少なくとも1以上の認証端末20と、が含まれる。 [System Configuration]
As shown in FIG. 3, the information processing system (authentication system) according to the first embodiment includes aserver device 10 and at least one authentication terminal 20.
図3に示すように、第1の実施形態に係る情報処理システム(認証システム)には、サーバ装置10と、少なくとも1以上の認証端末20と、が含まれる。 [System Configuration]
As shown in FIG. 3, the information processing system (authentication system) according to the first embodiment includes a
サーバ装置10及び認証端末20は、利用者に生体認証を用いてサービスを提供するサービス提供者により管理、運営される。
The server device 10 and authentication terminal 20 are managed and operated by a service provider that provides services to users using biometric authentication.
サービス提供者は、生体認証を用いてサービスを提供する任意の団体等である。例えば、利用者の勤務先企業、小売店、ホテル、空港、銀行、病院、学校、テーマパーク等の事業者がサービス提供者として例示される。また、サービス提供者は、民間企業ではなく、自治体等の公的機関であってもよい。
A service provider is any organization that provides a service using biometric authentication. Examples of service providers include businesses such as the user's employer, retail stores, hotels, airports, banks, hospitals, schools, and theme parks. In addition, a service provider may not be a private company, but may be a public institution such as a local government.
サーバ装置10は、利用者の情報を記憶する。サーバ装置10は、利用者の氏名、生年月日、生体情報等を記憶する。サーバ装置10は、生体情報を用いた生体認証により利用者にサービスを提供する。サーバ装置10は、サービス提供者の建物内に設置されていてもよいし、ネットワーク上(クラウド上)に設置されていてもよい。
The server device 10 stores information about users. The server device 10 stores the user's name, date of birth, biometric information, etc. The server device 10 provides services to users through biometric authentication using the biometric information. The server device 10 may be installed in the service provider's building or on a network (cloud).
認証端末20は、利用者にサービスを提供する際のインターフェイスとなる装置である。認証端末20は、利用者にサービスが提供される場所に設置される。図3に示すように、第1の実施形態では、ゲート型の認証端末20を例にとり説明を行う。
The authentication terminal 20 is a device that serves as an interface when providing services to users. The authentication terminal 20 is installed at the location where services are provided to users. As shown in FIG. 3, the first embodiment will be described using a gate-type authentication terminal 20 as an example.
ただし、認証端末20は、ゲート型の端末に限定されず、タブレット型やサイネージ型の端末であってもよい。あるいは、認証端末20は、キオスク端末であってもよい。認証端末20は、カメラを備える任意の装置、デバイスとすることができる。サービス提供者には、その業態に合わせた端末、デバイスが認証端末20として設置されていればよい。
However, the authentication terminal 20 is not limited to a gate-type terminal, and may be a tablet-type or signage-type terminal. Alternatively, the authentication terminal 20 may be a kiosk terminal. The authentication terminal 20 may be any device or apparatus equipped with a camera. The service provider may be provided with a terminal or device that is suited to the type of business as the authentication terminal 20.
利用者は、端末30を操作して、サーバ装置10に情報を入力したり、サーバ装置10から情報を取得したりする。
The user operates the terminal 30 to input information to the server device 10 and to obtain information from the server device 10.
図3に示す各装置は相互に接続されている。具体的には、サーバ装置10及び認証端末20は、有線又は無線の通信手段により接続され、相互に通信が可能となるように構成されている。
The devices shown in FIG. 3 are interconnected. Specifically, the server device 10 and the authentication terminal 20 are connected by wired or wireless communication means and are configured to be able to communicate with each other.
図3に示す情報処理システムの構成は例示であって、その構成を限定する趣旨ではない。例えば、情報処理システムには複数のサーバ装置10が含まれていてもよい。
The configuration of the information processing system shown in FIG. 3 is an example and is not intended to be limiting. For example, the information processing system may include multiple server devices 10.
[概略動作]
続いて、第1の実施形態に係る情報処理システムの概略動作について説明する。 [Outline of operation]
Next, an outline of the operation of the information processing system according to the first embodiment will be described.
続いて、第1の実施形態に係る情報処理システムの概略動作について説明する。 [Outline of operation]
Next, an outline of the operation of the information processing system according to the first embodiment will be described.
<利用者登録>
生体認証を用いたサービスの提供を受ける利用者は、事前に利用者登録を行う必要がある。利用者は、端末30を操作し、サーバ装置10にアクセスする。利用者は、サーバ装置10が提供するウェブサイト等において、氏名、性別、生年月日、住所、ログイン情報、メールアドレス、生体情報等の利用者情報を入力する。 <User registration>
A user who wishes to receive a service using biometric authentication must register in advance. The user operates the terminal 30 to access theserver device 10. The user inputs user information such as name, sex, date of birth, address, login information, email address, and biometric information on a website or the like provided by the server device 10.
生体認証を用いたサービスの提供を受ける利用者は、事前に利用者登録を行う必要がある。利用者は、端末30を操作し、サーバ装置10にアクセスする。利用者は、サーバ装置10が提供するウェブサイト等において、氏名、性別、生年月日、住所、ログイン情報、メールアドレス、生体情報等の利用者情報を入力する。 <User registration>
A user who wishes to receive a service using biometric authentication must register in advance. The user operates the terminal 30 to access the
さらに、利用者は、提供を受けるサービスに必要な情報をサーバ装置10に入力する。例えば、生体認証によって職場に入場することを希望する利用者は、所属部署をサーバ装置10に入力する。あるいは、生体認証を用いた決済(顔決済)を希望する利用者は、クレジットカード口座や銀行口座等の情報をサーバ装置10に入力する。
Furthermore, the user inputs information necessary for the service to be provided to the server device 10. For example, a user who wishes to enter a workplace using biometric authentication inputs the department to which he or she belongs to the server device 10. Alternatively, a user who wishes to make a payment using biometric authentication (face payment) inputs information such as credit card account or bank account information to the server device 10.
なお、利用者の生体情報には、例えば、顔、指紋、声紋、静脈、網膜、瞳の虹彩の模様(パターン)といった個人に固有の身体的特徴から計算されるデータ(特徴量)が例示される。あるいは、利用者の生体情報は、顔画像、指紋画像等の画像データであってもよい。利用者の生体情報は、利用者の身体的特徴を情報として含むものであればよい。第1の実施形態では、生体情報は、人の顔画像又は顔画像から生成された特徴量とする。
Note that examples of the user's biometric information include data (features) calculated from physical characteristics unique to an individual, such as the face, fingerprint, voiceprint, veins, retina, and iris pattern. Alternatively, the user's biometric information may be image data such as a face image or fingerprint image. The user's biometric information may be anything that includes the user's physical characteristics as information. In the first embodiment, the biometric information is a person's face image or features generated from a face image.
サーバ装置10は、利用者から氏名、生体情報等を取得すると、当該利用者を識別するためのユーザIDを生成する。サーバ装置10は、生成したユーザIDと取得した利用者情報を対応付けて利用者管理データベースに登録する。利用者管理データベースの詳細は後述する。
When the server device 10 acquires the name, biometric information, etc. from the user, it generates a user ID to identify the user. The server device 10 associates the generated user ID with the acquired user information and registers them in the user management database. Details of the user management database will be described later.
利用者は、他人の利用者登録を代理で行うこともできる。例えば、親が子供の氏名、生体情報等をサーバ装置10に入力してもよい。
Users can also register other people on their behalf. For example, a parent can enter their child's name, biometric information, etc. into the server device 10.
<サービスの提供>
サービス提供者からサービスの享受を希望する利用者は、サービスの提供場所(例えば、職場や小売店)を訪れる。認証端末20は、面前の利用者の生体情報(例えば、顔画像)を取得する。認証端末20は、取得した生体情報を含む認証要求をサーバ装置10に送信する(図4参照)。 <Provision of services>
A user who wishes to receive a service from a service provider visits a place where the service is provided (e.g., a workplace or a retail store). Theauthentication terminal 20 acquires biometric information (e.g., a face image) of the user in front of the user. The authentication terminal 20 transmits an authentication request including the acquired biometric information to the server device 10 (see FIG. 4).
サービス提供者からサービスの享受を希望する利用者は、サービスの提供場所(例えば、職場や小売店)を訪れる。認証端末20は、面前の利用者の生体情報(例えば、顔画像)を取得する。認証端末20は、取得した生体情報を含む認証要求をサーバ装置10に送信する(図4参照)。 <Provision of services>
A user who wishes to receive a service from a service provider visits a place where the service is provided (e.g., a workplace or a retail store). The
サーバ装置10は、認証要求に含まれる生体情報と利用者管理データベースに登録された生体情報を用いて生体認証を行う。サーバ装置10は、生体情報を用いた照合処理(認証処理)により被認証者を特定する。サーバ装置10は、特定された被認証者を認証する。例えば、被認証者が職場に入場する権限を有していれば、サーバ装置10は、認証成功と判定する。被認証者が職場に入場する権限を有していなければ、サーバ装置10は、認証失敗と判定する。
The server device 10 performs biometric authentication using the biometric information included in the authentication request and the biometric information registered in the user management database. The server device 10 identifies the person to be authenticated by a matching process (authentication process) using the biometric information. The server device 10 authenticates the identified person to be authenticated. For example, if the person to be authenticated has the authority to enter the workplace, the server device 10 determines that the authentication is successful. If the person to be authenticated does not have the authority to enter the workplace, the server device 10 determines that the authentication is unsuccessful.
サーバ装置10は、認証結果(認証成功、認証失敗)を認証端末20に通知する。
The server device 10 notifies the authentication terminal 20 of the authentication result (authentication successful, authentication failed).
認証端末20は、認証結果に応じた処理を行う。例えば、認証成功が通知された場合、認証端末20は、ゲートを開き被認証者のゲート通過を許可する。認証失敗が通知された場合、認証端末20は、ゲートを閉じ被認証者のゲート通過を拒否する。
The authentication terminal 20 performs processing according to the authentication result. For example, if successful authentication is notified, the authentication terminal 20 opens the gate and allows the person to be authenticated to pass through the gate. If unsuccessful authentication is notified, the authentication terminal 20 closes the gate and denies the person to be authenticated from passing through the gate.
<生体情報の蓄積及び更新>
ここで、被認証者の身体的特徴(例えば、人相)が時間の経過と共に変化すると、認証精度が低下する可能性がある。即ち、生体認証用途の生体情報は、適切な状態に維持されている必要がある。当該事実を考慮して、サーバ装置10は、利用者の生体情報(サーバ装置10に登録されている生体情報;以下、登録生体情報と表記する)を更新する。 <Storage and updating of biometric information>
Here, if the physical characteristics (e.g., facial features) of the person to be authenticated change over time, the authentication accuracy may decrease. In other words, biometric information for biometric authentication needs to be maintained in an appropriate state. Taking this fact into consideration, theserver device 10 updates the user's biometric information (biometric information registered in the server device 10; hereinafter, referred to as registered biometric information).
ここで、被認証者の身体的特徴(例えば、人相)が時間の経過と共に変化すると、認証精度が低下する可能性がある。即ち、生体認証用途の生体情報は、適切な状態に維持されている必要がある。当該事実を考慮して、サーバ装置10は、利用者の生体情報(サーバ装置10に登録されている生体情報;以下、登録生体情報と表記する)を更新する。 <Storage and updating of biometric information>
Here, if the physical characteristics (e.g., facial features) of the person to be authenticated change over time, the authentication accuracy may decrease. In other words, biometric information for biometric authentication needs to be maintained in an appropriate state. Taking this fact into consideration, the
具体的には、サーバ装置10は、各利用者について登録生体情報を蓄積するための期間(以下、「生体情報蓄積期間」又は「蓄積期間」と表記する)を設定する。
Specifically, the server device 10 sets a period for storing registered biometric information for each user (hereinafter referred to as the "biometric information storage period" or "storage period").
サーバ装置10は、所定の長さを有する生体情報蓄積期間を所定の頻度で設定する。サーバ装置10は、当該生体情報蓄積期間内に取得された生体情報(認証端末20から取得した生体情報)であって認証成功と判定された生体情報を蓄積する。サーバ装置10は、当該蓄積された複数の生体情報のなかから生体認証用途に適した生体情報を選択(抽出)する。
The server device 10 sets a biometric information accumulation period of a predetermined length at a predetermined frequency. The server device 10 accumulates biometric information acquired during the biometric information accumulation period (biometric information acquired from the authentication terminal 20) that has been determined to have been successfully authenticated. The server device 10 selects (extracts) biometric information suitable for biometric authentication purposes from among the accumulated biometric information.
例えば、サーバ装置10は、各利用者について、1年ごとに1回、3年ごとに1回といった頻度で「1週間」又は「1ヶ月」といった長さ(期間)の「生体情報蓄積期間」を設定する。サーバ装置10は、当該生体情報蓄積期間内に取得された生体情報を用いて登録生体情報を自動的に更新する。例えば、頻度が1年に1回、期間が1週間の場合、図5に示す太線の期間が生体情報蓄積期間に該当する。
For example, the server device 10 sets a "biometric information accumulation period" for each user, once per year or once per three years, and a length (period) of "one week" or "one month." The server device 10 automatically updates the registered biometric information using the biometric information acquired within the biometric information accumulation period. For example, if the frequency is once per year and the period is one week, the period indicated by the bold line in FIG. 5 corresponds to the biometric information accumulation period.
サーバ装置10は、生体情報蓄積期間内に認証成功と判定された生体情報(例えば、顔画像)を蓄積する。サーバ装置10は、所定のタイミング(例えば、生体情報蓄積期間が終了したタイミング)において、当該蓄積された生体情報のなかから登録生体情報に最も適した生体情報を抽出(選択)する。
The server device 10 stores biometric information (e.g., facial images) that is determined to be a successful authentication during the biometric information storage period. At a predetermined timing (e.g., when the biometric information storage period ends), the server device 10 extracts (selects) from the stored biometric information the biometric information that is most suitable for the registered biometric information.
例えば、サーバ装置10は、生体情報蓄積期間内に10回の生体認証に成功した場合、10回分の生体情報(例えば、10枚の顔画像)のなかから最も生体認証用途に適する1つの生体情報を選択する。
For example, if 10 biometric authentication attempts are successful within the biometric information accumulation period, the server device 10 selects one piece of biometric information that is most suitable for biometric authentication purposes from the 10 pieces of biometric information (e.g., 10 facial images).
サーバ装置10は、当該選択した生体情報を使って既存の生体情報(登録生体情報)を更新する。
The server device 10 uses the selected biometric information to update the existing biometric information (registered biometric information).
サーバ装置10は、生体情報蓄積期間外に取得された生体情報であって認証成功と判定された生体情報を破棄する。生体情報蓄積期間外に取得された生体情報は破棄されるので、サーバ装置10のリソース(メモリ、記憶媒体等)が圧迫されることもない。なお、生体情報蓄積期間の内外を問わず、認証失敗と判定された生体情報は破棄される。
The server device 10 discards biometric information acquired outside the biometric information accumulation period and determined to have resulted in successful authentication. Since biometric information acquired outside the biometric information accumulation period is discarded, the resources (memory, storage media, etc.) of the server device 10 are not strained. Note that biometric information determined to have resulted in failed authentication is discarded regardless of whether it is acquired inside or outside the biometric information accumulation period.
続いて、第1の実施形態に係る情報処理システムに含まれる各装置の詳細について説明する。
Next, we will explain the details of each device included in the information processing system according to the first embodiment.
[サーバ装置]
図6は、第1の実施形態に係るサーバ装置10の処理構成(処理モジュール)の一例を示す図である。図6を参照すると、サーバ装置10は、通信制御部201と、利用者管理部202と、蓄積期間制御部203と、認証制御部204と、更新制御部205と、記憶部206と、を備える。 [Server device]
Fig. 6 is a diagram showing an example of a processing configuration (processing module) of theserver device 10 according to the first embodiment. Referring to Fig. 6, the server device 10 includes a communication control unit 201, a user management unit 202, a storage period control unit 203, an authentication control unit 204, an update control unit 205, and a storage unit 206.
図6は、第1の実施形態に係るサーバ装置10の処理構成(処理モジュール)の一例を示す図である。図6を参照すると、サーバ装置10は、通信制御部201と、利用者管理部202と、蓄積期間制御部203と、認証制御部204と、更新制御部205と、記憶部206と、を備える。 [Server device]
Fig. 6 is a diagram showing an example of a processing configuration (processing module) of the
通信制御部201は、他の装置との間の通信を制御する手段である。例えば、通信制御部201は、認証端末20からデータ(パケット)を受信する。また、通信制御部201は、認証端末20に向けてデータを送信する。通信制御部201は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部201は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部201を介して他の装置とデータの送受信を行う。通信制御部201は、他の装置からデータを受信する受信部としての機能と、他の装置に向けてデータを送信する送信部としての機能と、を備える。
The communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the authentication terminal 20. The communication control unit 201 also transmits data to the authentication terminal 20. The communication control unit 201 passes data received from other devices to other processing modules. The communication control unit 201 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 201. The communication control unit 201 has a function as a receiving unit that receives data from other devices, and a function as a transmitting unit that transmits data to other devices.
利用者管理部202は、サービスの提供を受ける利用者に関する管理を行う手段である。例えば、利用者管理部202は、利用者の氏名、性別、生年月日、住所、メールアドレス、ログイン情報、生体情報等の利用者情報の登録を行う。
The user management unit 202 is a means for managing users who receive services. For example, the user management unit 202 registers user information such as the user's name, sex, date of birth, address, email address, login information, and biometric information.
利用者が端末30を操作して、サーバ装置10が提供する所定のウェブサイト等にアクセスすると、利用者管理部202は、利用者登録を行うためのGUI(Graphical User Interface)を端末30に表示する。
When a user operates the terminal 30 to access a specific website or the like provided by the server device 10, the user management unit 202 displays a GUI (Graphical User Interface) on the terminal 30 for user registration.
例えば、利用者管理部202は、図7に示すようなGUIを用いて氏名、性別、生年月日、メールアドレス、生体情報(例えば、顔画像)等の利用者情報を取得する。
For example, the user management unit 202 acquires user information such as name, sex, date of birth, email address, and biometric information (e.g., face image) using a GUI such as that shown in FIG. 7.
生体情報として顔画像を取得した場合には、利用者管理部202は、当該取得した顔画像から特徴量を生成する。利用者管理部202による特徴量の生成処理に関しては既存の技術を用いることができるので、その詳細な説明を省略する。例えば、利用者管理部202は、顔画像から目、鼻、口等を特徴点として抽出する。その後、利用者管理部202は、特徴点それぞれの位置や各特徴点間の距離を特徴量として計算する(複数の特徴量からなる特徴ベクトルを生成する)。
When a face image is acquired as biometric information, the user management unit 202 generates features from the acquired face image. Existing technology can be used for the feature generation process by the user management unit 202, so a detailed description is omitted. For example, the user management unit 202 extracts the eyes, nose, mouth, etc. as feature points from the face image. The user management unit 202 then calculates the position of each feature point and the distance between each feature point as feature amounts (generating a feature vector consisting of multiple feature amounts).
さらに、利用者(あるいは、利用者と関係のある他人;例えば、子供)の利用者情報を取得すると、利用者管理部202は、当該利用者を識別するためのユーザIDを生成する。なお、ユーザIDは、利用者を一意に識別できる情報であればどのような情報であってもよい。例えば、利用者管理部202は、利用者登録のたびに一意な値を採番しユーザIDとしてもよい。
Furthermore, when the user information of the user (or another person related to the user; for example, a child) is acquired, the user management unit 202 generates a user ID for identifying the user. The user ID may be any information that can uniquely identify the user. For example, the user management unit 202 may assign a unique value each time a user is registered as the user ID.
ユーザIDを生成すると、利用者管理部202は、利用者のアカウントを生成する。具体的には、利用者管理部202は、生成したユーザID、氏名、性別、生年月日、住所、生体情報(特徴量)、メールアドレス、ログイン情報等を対応付けて利用者管理データベースに登録する(図8参照)。
When the user ID is generated, the user management unit 202 generates an account for the user. Specifically, the user management unit 202 associates the generated user ID with the name, sex, date of birth, address, biometric information (feature values), email address, login information, etc., and registers them in the user management database (see FIG. 8).
利用者管理データベースに登録された生体情報(例えば、特徴量)は、生体認証に用いられる生体情報であって、上述の登録生体情報に相当する。なお、図8に示す利用者管理データベースは例示であって、記憶する項目等を限定する趣旨ではない。例えば、「顔画像」が利用者管理データベースに登録されていてもよい。
The biometric information (e.g., feature amounts) registered in the user management database is biometric information used for biometric authentication, and corresponds to the registered biometric information described above. Note that the user management database shown in FIG. 8 is an example, and is not intended to limit the items to be stored. For example, a "face image" may be registered in the user management database.
利用者管理部202は、利用者のアカウントを生成すると(利用者管理データベースにエントリを追加すると)、当該利用者のユーザIDを蓄積期間制御部203に通知する。
When the user management unit 202 creates an account for a user (when it adds an entry to the user management database), it notifies the accumulation period control unit 203 of the user's user ID.
なお、利用者管理部202は、利用者に提供されるサービスに必要な情報(個別サービスに特有な情報)も取得する。例えば、利用者管理部202は、職場に入場するために必要な情報として「所属部署」を取得する。あるいは、利用者管理部202は、生体認証決済のための口座情報(クレジットカード情報、銀行口座情報)を取得する。なお、個別のサービスや個別のサービスの提供に必要な情報に関する説明は本願開示の趣旨とは異なるので、説明を省略する。
The user management unit 202 also acquires information necessary for services provided to the user (information specific to each individual service). For example, the user management unit 202 acquires the "department" as information necessary for entering the workplace. Alternatively, the user management unit 202 acquires account information (credit card information, bank account information) for biometric authentication payment. Note that a description of individual services and information necessary for providing individual services is omitted as it is outside the scope of the present disclosure.
また、利用者管理部202は、利用者に対するサービスの提供中止、サービスの解約に関する制御を行う。利用者がポータルサイト(ログイン情報を用いてログインするウェブサイト)においてサービスの解約等を希望すると、利用者管理部202は、当該利用者のエントリ(利用者管理データベースのエントリ)を削除する。
The user management unit 202 also controls the suspension of service provision to users and the cancellation of services. When a user requests the cancellation of a service on a portal site (a website to which the user logs in using login information), the user management unit 202 deletes the entry for that user (the entry in the user management database).
蓄積期間制御部203は、各利用者に設定する生体情報蓄積期間に関する制御を行う手段である。具体的には、蓄積期間制御部203は、利用者の生体情報を蓄積するための期間であって、所定の長さを有する生体情報蓄積期間を所定の頻度で設定する。
The accumulation period control unit 203 is a means for controlling the biometric information accumulation period set for each user. Specifically, the accumulation period control unit 203 is a period for accumulating the user's biometric information, and sets a biometric information accumulation period of a predetermined length at a predetermined frequency.
利用者管理部202からアカウントの生成が完了した利用者のユーザIDを取得すると、蓄積期間制御部203は、当該利用者の生体情報蓄積期間を決定する。例えば、蓄積期間制御部203は、所定のルール(期間設定ルール)や所定のポリシー(期間設定ポリシ)に基づいて生体情報蓄積期間を決定する。
When the user ID of a user who has completed account creation is obtained from the user management unit 202, the accumulation period control unit 203 determines the biometric information accumulation period for that user. For example, the accumulation period control unit 203 determines the biometric information accumulation period based on a predetermined rule (period setting rule) or a predetermined policy (period setting policy).
例えば、蓄積期間制御部203は、生体情報蓄積期間の設定が行われる「頻度」と当該蓄積期間の「長さ(期間)」に関するルールに基づき、生体情報蓄積期間を決定する。例えば、「アカウント生成日から1年後の1週間を生体情報蓄積期間として設定し、以後、同様に生体情報蓄積期間を設定する」といったルール(ポリシー)に基づき、蓄積期間制御部203は、利用者の生体情報蓄積期間を決定する。
For example, the accumulation period control unit 203 determines the biometric information accumulation period based on rules regarding the "frequency" at which the biometric information accumulation period is set and the "length (period)" of the accumulation period. For example, the accumulation period control unit 203 determines the biometric information accumulation period for a user based on a rule (policy) such as "set the biometric information accumulation period to one week one year after the account creation date, and thereafter set the biometric information accumulation period in the same manner."
例えば、アカウント生成日が「2023年1月20日」であって上記ルールが採用されている場合、蓄積期間制御部203は、アカウント生成日から1年後の1週間「2024年1月20日」~「2024年1月27日」を生体情報蓄積期間に定める。
For example, if the account creation date is "January 20, 2023" and the above rule is adopted, the accumulation period control unit 203 sets the biometric information accumulation period to one week one year after the account creation date, from "January 20, 2024" to "January 27, 2024."
蓄積期間制御部203は、決定した生体情報蓄積期間を蓄積期間管理データベースに登録する(図9参照)。図9に示すように、蓄積期間管理データベースには、ユーザID、アカウント生成日、生体情報蓄積期間の決定に用いられたルール(頻度、長さ)、ステータス、生体情報蓄積期間が記載されている。なお、図9に示す蓄積期間管理データベースは例示であって、記憶する項目等を限定する趣旨ではない。
The accumulation period control unit 203 registers the determined biometric information accumulation period in an accumulation period management database (see FIG. 9). As shown in FIG. 9, the accumulation period management database stores the user ID, the account creation date, the rules (frequency, length) used to determine the biometric information accumulation period, the status, and the biometric information accumulation period. Note that the accumulation period management database shown in FIG. 9 is an example, and is not intended to limit the items to be stored.
蓄積期間制御部203は、蓄積期間管理データベースにエントリを追加し、生体情報蓄積期間を設定すると、ステータスフィールドに「更新済」を設定する。
The accumulation period control unit 203 adds an entry to the accumulation period management database, sets the biometric information accumulation period, and sets the status field to "updated."
蓄積期間制御部203は、定期的又は所定のタイミングで蓄積期間管理データベースにアクセスし、生体情報蓄積期間が経過しているエントリを抽出する。蓄積期間制御部203は、抽出したエントリのユーザIDをキーとして利用者管理データベースを検索し、対応するエントリ(利用者)の有無を判定する。
The accumulation period control unit 203 accesses the accumulation period management database periodically or at a specified timing, and extracts entries for which the biometric information accumulation period has elapsed. The accumulation period control unit 203 searches the user management database using the user ID of the extracted entry as a key, and determines whether or not a corresponding entry (user) exists.
対応するエントリがなければ(利用者がサービスを停止、解約していれば)、蓄積期間制御部203は、蓄積期間管理データベースの対応するエントリ(利用者)を削除する。
If there is no corresponding entry (if the user has stopped or cancelled the service), the accumulation period control unit 203 deletes the corresponding entry (user) from the accumulation period management database.
対応するエントリが存在すれば(利用者に継続してサービスが提供されていれば)、蓄積期間制御部203は、当該利用者に関する新たな生体情報蓄積期間を決定し、蓄積期間管理データベースに登録する。
If a corresponding entry exists (if the service is being provided to the user continuously), the accumulation period control unit 203 determines a new biometric information accumulation period for that user and registers it in the accumulation period management database.
例えば、蓄積期間制御部203は、蓄積期間管理データベースに記憶されている期間設定ルール(生体情報蓄積期間の頻度、長さ)を用いて新たな生体情報蓄積期間を決定する。上記の例では、「2025年1月20日」~「2025年1月27日」が新たな生体情報蓄積期間として蓄積期間管理データベースに登録される。
For example, the accumulation period control unit 203 determines a new biometric information accumulation period using the period setting rules (frequency and length of the biometric information accumulation period) stored in the accumulation period management database. In the above example, "January 20, 2025" to "January 27, 2025" is registered in the accumulation period management database as the new biometric information accumulation period.
また、蓄積期間制御部203は、新たな生体情報蓄積期間を蓄積期間管理データベースに設定すると、対応するエントリのステータスフィールドに「更新未」を設定する。
In addition, when the accumulation period control unit 203 sets a new biometric information accumulation period in the accumulation period management database, it sets the status field of the corresponding entry to "not updated."
認証制御部204は、被認証者の生体認証に関する制御を行う手段である。認証制御部204は、認証端末20から被認証者の生体情報を含む認証要求を受信し、認証要求に含まれる生体情報と利用者管理データベースに記憶された登録生体情報を用いた認証処理を実行する。また、認証制御部204は、生体情報蓄積期間内に認証成功と判定された生体情報を蓄積し、生体情報蓄積期間外に認証成功と判定された生体情報を破棄する。
The authentication control unit 204 is a means for controlling the biometric authentication of the person to be authenticated. The authentication control unit 204 receives an authentication request including the biometric information of the person to be authenticated from the authentication terminal 20, and executes authentication processing using the biometric information included in the authentication request and the registered biometric information stored in the user management database. The authentication control unit 204 also accumulates biometric information that is determined to have been successfully authenticated within the biometric information accumulation period, and discards biometric information that is determined to have been successfully authenticated outside the biometric information accumulation period.
図10は、第1の実施形態に係る認証制御部204の動作の一例を示すフローチャートである。図10を参照し、認証制御部204の動作を説明する。
FIG. 10 is a flowchart showing an example of the operation of the authentication control unit 204 according to the first embodiment. The operation of the authentication control unit 204 will be described with reference to FIG. 10.
認証制御部204は、認証要求に含まれる生体情報と利用者管理データベースに記憶された生体情報を用いた照合処理を実行する(ステップS101)。
The authentication control unit 204 performs a matching process using the biometric information included in the authentication request and the biometric information stored in the user management database (step S101).
より具体的には、認証制御部204は、認証要求に含まれる顔画像から特徴量を生成する。認証制御部204は、当該生成された特徴量を照合対象に設定し、利用者管理データベースに記憶された特徴量との間で照合処理(1対N照合;Nは正の整数、以下同じ)を行う。
More specifically, the authentication control unit 204 generates features from the face image included in the authentication request. The authentication control unit 204 sets the generated features as a matching target and performs a matching process (1:N matching; N is a positive integer, same below) with the features stored in the user management database.
認証制御部204は、照合対象の特徴量と登録側の複数の特徴量それぞれとの間の類似度を計算する。当該類似度には、カイ二乗距離やユークリッド距離等を用いることができる。なお、距離が離れているほど類似度は低く、距離が近いほど類似度が高い。
The authentication control unit 204 calculates the similarity between the feature to be matched and each of the multiple feature values on the registration side. The similarity can be calculated using chi-square distance, Euclidean distance, or the like. Note that the greater the distance, the lower the similarity, and the closer the distance, the higher the similarity.
認証制御部204は、利用者管理データベースに記憶された複数の特徴量のうち、照合対象の特徴量との間の類似度が所定の値以上の特徴量が存在しなければ、照合処理に失敗したと判定する。
The authentication control unit 204 determines that the matching process has failed if there is no feature among the multiple features stored in the user management database that has a similarity with the feature to be matched that is equal to or greater than a predetermined value.
認証制御部204は、利用者管理データベースに記憶された複数の特徴量のうち、照合対象の特徴量との間の類似度が所定の値以上の特徴量が存在すれば、照合処理に成功したと判定する。この場合、類似度が最も高いエントリの利用者が被認証者として特定される。
The authentication control unit 204 determines that the matching process is successful if, among the multiple features stored in the user management database, there is a feature whose similarity with the feature to be matched is equal to or greater than a predetermined value. In this case, the user of the entry with the highest similarity is identified as the person to be authenticated.
照合処理に失敗すると(ステップS102、No分岐)、認証制御部204は、認証結果に認証失敗を設定する(ステップS103)。
If the matching process fails (step S102, No branch), the authentication control unit 204 sets the authentication result to authentication failure (step S103).
照合処理に成功すると(ステップS102、Yes分岐)、認証制御部204は、照合処理により特定された利用者の情報を用いてサービスの提供可否を判定する(ステップS104)。
If the matching process is successful (step S102, Yes branch), the authentication control unit 204 uses the user information identified by the matching process to determine whether or not to provide the service (step S104).
例えば、認証制御部204は、被認証者の所属部署と認証端末20の設置場所(例えば、オフィス)に基づいて、当該被認証者が設置場所に入場する権限を有しているか否か判定する。被認証者が権限を有している場合、認証制御部204は、当該被認証者に対してサービス提供可(オフィスに入場可)と判定する。被認証者が権限を有していない場合、認証制御部204は、当該被認証者に対してサービス提供不可(オフィスに入場不可)と判定する。
For example, the authentication control unit 204 determines whether the authenticated person has the authority to enter the installation location based on the department to which the authenticated person belongs and the installation location of the authentication terminal 20 (e.g., the office). If the authenticated person has the authority, the authentication control unit 204 determines that the service can be provided to the authenticated person (entry to the office is permitted). If the authenticated person does not have the authority, the authentication control unit 204 determines that the service cannot be provided to the authenticated person (entry to the office is prohibited).
被認証者にサービスを提供できない場合(ステップS105、No分岐)、認証制御部204は、認証結果に認証失敗を設定する(ステップS103)。
If the service cannot be provided to the authenticated person (step S105, No branch), the authentication control unit 204 sets the authentication result to authentication failure (step S103).
被認証者にサービスの提供が可能な場合(ステップS105、Yes分岐)、認証制御部204は、認証結果に認証成功を設定する(ステップS106)。
If the service can be provided to the authenticated person (step S105, Yes branch), the authentication control unit 204 sets the authentication result to authentication success (step S106).
また、認証成功の場合、認証制御部204は、認証要求の処理日が生体情報蓄積期間に含まれるか否か判定する(蓄積期間の判定;ステップS107)。
If the authentication is successful, the authentication control unit 204 determines whether the date on which the authentication request was processed is included in the biometric information accumulation period (accumulation period determination; step S107).
認証制御部204は、照合処理により特定された被認証者のユーザIDをキーとして蓄積期間管理データベースを検索し、対応するエントリを特定する。認証制御部204は、特定したエントリの生体情報蓄積期間フィールドの設定値と認証要求の処理日に基づいて、上記判定を行う。
The authentication control unit 204 searches the accumulation period management database using the user ID of the person to be authenticated identified by the matching process as a key, and identifies the corresponding entry. The authentication control unit 204 makes the above determination based on the setting value of the biometric information accumulation period field of the identified entry and the date of processing the authentication request.
認証要求の処理日が生体情報蓄積期間外の場合(ステップS108、No分岐)、認証制御部204は、特段の動作を行わない。
If the date of processing the authentication request falls outside the biometric information accumulation period (step S108, No branch), the authentication control unit 204 does not perform any special operation.
認証要求の処理日が生体情報蓄積期間内の場合(ステップS108、Yes分岐)、認証制御部204は、認証要求に含まれる生体情報(顔画像)を蓄積する(ステップS109)。
If the date of processing the authentication request is within the biometric information storage period (step S108, Yes branch), the authentication control unit 204 stores the biometric information (face image) included in the authentication request (step S109).
具体的には、認証制御部204は、被認証者のユーザID、認証日時、認証に成功した生体情報(例えば、顔画像)を生体情報管理データベースに記憶する(図11参照)。なお、図11に示す生体情報管理データベースは例示であって、記憶する項目等を限定する趣旨ではない。
Specifically, the authentication control unit 204 stores the user ID of the person to be authenticated, the authentication date and time, and the biometric information of the successfully authenticated person (e.g., a facial image) in the biometric information management database (see FIG. 11). Note that the biometric information management database shown in FIG. 11 is an example, and is not intended to limit the items to be stored.
認証制御部204は、認証結果(認証成功、認証失敗)を認証端末20に送信する(ステップS110)。
The authentication control unit 204 sends the authentication result (authentication successful, authentication failed) to the authentication terminal 20 (step S110).
更新制御部205は、生体認証用に登録された利用者の生体情報(登録生体情報)の更新に関する制御を行う手段である。更新制御部205は、生体情報蓄積期間内に蓄積された、少なくとも1以上の生体情報を用いて登録生体情報を更新する。
The update control unit 205 is a means for controlling the updating of the biometric information (registered biometric information) of a user registered for biometric authentication. The update control unit 205 updates the registered biometric information using at least one piece of biometric information accumulated during the biometric information accumulation period.
更新制御部205は、定期的又は所定のタイミングで、蓄積期間管理データベースにアクセスし、ステータスに更新未が設定されているエントリを特定する。更新制御部205は、当該特定されたエントリのユーザIDをキーとして生体情報管理データベースを検索し、生体情報蓄積期間内に蓄積された生体情報(例えば、顔画像)を取得する。
The update control unit 205 periodically or at a specified timing accesses the accumulation period management database and identifies entries whose status is set to "not updated." The update control unit 205 searches the biometric information management database using the user ID of the identified entry as a key, and obtains the biometric information (e.g., face images) accumulated during the biometric information accumulation period.
更新制御部205は、生体情報蓄積期間内に蓄積された少なくとも1以上の生体情報それぞれについて、登録生体情報としての適切度を示す指標(「適切度スコア」又は単に「スコア」と表記する)を算出する。換言すれば、更新制御部205は、生体情報蓄積期間内に蓄積された各生体情報について、生体認証用途の生体情報としての適切度を示す適切度スコアを算出する。
The update control unit 205 calculates an index (referred to as an "appropriateness score" or simply "score") indicating the appropriateness of each piece of biometric information stored during the biometric information storage period as registered biometric information. In other words, the update control unit 205 calculates an appropriateness score indicating the appropriateness of each piece of biometric information stored during the biometric information storage period as biometric information for biometric authentication purposes.
例えば、更新制御部205は、機械学習により得られる学習モデルに生体情報(顔画像)を入力し、適切度スコアを取得する。
For example, the update control unit 205 inputs biometric information (face image) into a learning model obtained by machine learning and obtains an appropriateness score.
なお、当該学習モデルは、画像データ(顔画像)にラベル(適切度スコア)が付与された数多くの教師データを用いた機械学習により得られる。学習モデルの生成には、サポートベクタマシン、ブースティングやニューラルネットワーク等の任意のアルゴリズムを用いることができる。なお、上記サポートベクタマシン等のアルゴリズムは公知の技術を使用することができるので、その説明を省略する。
The learning model is obtained by machine learning using a large amount of training data in which labels (suitability scores) are assigned to image data (face images). Any algorithm, such as a support vector machine, boosting, or neural network, can be used to generate the learning model. Note that the algorithms, such as the support vector machine, can use publicly known technologies, so a description of them will be omitted.
生体認証に対する知見をもった専門家が、画像データ(顔画像)に対しスコアを付与することで教師データが得られる。専門家は、画像データに写る顔の向きや顔の状態(例えば、目を閉じている開いている)、外部環境による影響(画像が明るすぎ、暗すぎ)等を考慮して各画像データにスコアを付与する。
Teacher data is obtained by having experts with knowledge of biometric authentication assign scores to image data (face images). The experts assign a score to each image data piece, taking into account the orientation and state of the face shown in the image data (for example, eyes closed or open), the influence of the external environment (image is too bright or too dark), etc.
更新制御部205は、算出したスコアに基づいて既に登録されている生体情報(登録生体情報)の更新に使用する生体情報(例えば、顔画像)を選択する。例えば、更新制御部205は、最もスコアの高い顔画像を更新用の生体情報として選択する。
The update control unit 205 selects biometric information (e.g., a facial image) to be used to update already registered biometric information (registered biometric information) based on the calculated score. For example, the update control unit 205 selects the facial image with the highest score as the biometric information to be updated.
更新制御部205は、選択した生体情報(顔画像)から特徴量を生成する。更新制御部205は、利用者管理データベースにアクセスし、対応する利用者の登録生体情報フィールドに設定された特徴量を上記生成された特徴量により更新する(特徴量を入れ替える、特徴量を上書きする)。
The update control unit 205 generates features from the selected biometric information (face image). The update control unit 205 accesses the user management database and updates the features set in the registered biometric information field of the corresponding user with the features generated above (replaces the features, overwrites the features).
更新制御部205は、蓄積期間管理データベースの対応するエントリ(生体情報が更新された利用者に対応するエントリ)のステータスフィールドに「更新済」を設定する。
The update control unit 205 sets "updated" to the status field of the corresponding entry in the accumulation period management database (the entry corresponding to the user whose biometric information has been updated).
記憶部206は、サーバ装置10の動作に必要な情報を記憶する手段である。記憶部206は、生体認証に用いられる、登録生体情報を記憶する。
The storage unit 206 is a means for storing information necessary for the operation of the server device 10. The storage unit 206 stores registered biometric information used for biometric authentication.
[認証端末]
図12は、第1の実施形態に係る認証端末20の処理構成(処理モジュール)の一例を示す図である。図12を参照すると、認証端末20は、通信制御部301と、生体情報取得部302と、認証要求部303と、記憶部304と、を備える。 [Authentication device]
Fig. 12 is a diagram showing an example of a processing configuration (processing module) of theauthentication terminal 20 according to the first embodiment. Referring to Fig. 12, the authentication terminal 20 includes a communication control unit 301, a biometric information acquisition unit 302, an authentication request unit 303, and a storage unit 304.
図12は、第1の実施形態に係る認証端末20の処理構成(処理モジュール)の一例を示す図である。図12を参照すると、認証端末20は、通信制御部301と、生体情報取得部302と、認証要求部303と、記憶部304と、を備える。 [Authentication device]
Fig. 12 is a diagram showing an example of a processing configuration (processing module) of the
通信制御部301は、他の装置との間の通信を制御する手段である。例えば、通信制御部301は、サーバ装置10からデータ(パケット)を受信する。また、通信制御部301は、サーバ装置10に向けてデータを送信する。通信制御部301は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部301は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部301を介して他の装置とデータの送受信を行う。通信制御部301は、他の装置からデータを受信する受信部としての機能と、他の装置に向けてデータを送信する送信部としての機能と、を備える。
The communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packets) from the server device 10. The communication control unit 301 also transmits data to the server device 10. The communication control unit 301 passes data received from other devices to other processing modules. The communication control unit 301 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 301. The communication control unit 301 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
生体情報取得部302は、カメラを制御し、利用者の生体情報(例えば、顔画像)を取得する手段である。生体情報取得部302は、定期的又は所定のタイミングにおいて自装置の前方を撮像する。生体情報取得部302は、取得した画像に人の顔画像が含まれるか否かを判定し、顔画像が含まれる場合には取得した画像データから顔画像を抽出する。
The biometric information acquisition unit 302 is a means for controlling the camera and acquiring the biometric information (e.g., a facial image) of the user. The biometric information acquisition unit 302 captures an image in front of the device periodically or at a specified timing. The biometric information acquisition unit 302 determines whether or not the acquired image contains a human facial image, and if a facial image is included, extracts the facial image from the acquired image data.
なお、生体情報取得部302による顔画像の検出処理や顔画像の抽出処理には既存の技術を用いることができるので詳細な説明を省略する。例えば、生体情報取得部302は、CNN(Convolutional Neural Network)により学習された学習モデルを用いて、画像データの中から顔画像(顔領域)を抽出してもよい。あるいは、生体情報取得部302は、テンプレートマッチング等の手法を用いて顔画像を抽出してもよい。
Note that the facial image detection process and facial image extraction process performed by the biometric information acquisition unit 302 can use existing technology, so a detailed description will be omitted. For example, the biometric information acquisition unit 302 may extract a facial image (face area) from image data using a learning model trained by a CNN (Convolutional Neural Network). Alternatively, the biometric information acquisition unit 302 may extract a facial image using a method such as template matching.
生体情報取得部302は、抽出した顔画像を認証要求部303に引き渡す。
The biometric information acquisition unit 302 passes the extracted facial image to the authentication request unit 303.
認証要求部303は、サーバ装置10に対して被認証者の認証を要求する手段である。認証要求部303は、被認証者の認証が必要になると、被認証者(認証端末20の面前の利用者)の生体情報を含む認証要求をサーバ装置10に送信する。
The authentication request unit 303 is a means for requesting authentication of the person to be authenticated from the server device 10. When authentication of the person to be authenticated becomes necessary, the authentication request unit 303 transmits an authentication request including biometric information of the person to be authenticated (the user in front of the authentication terminal 20) to the server device 10.
認証要求部303は、サーバ装置10から認証結果(認証成功、認証失敗)を受信する。認証要求部303は、受信した認証結果に応じた動作を行う。
The authentication request unit 303 receives the authentication result (authentication successful, authentication failed) from the server device 10. The authentication request unit 303 performs an operation according to the received authentication result.
例えば、サーバ装置10からの応答が「否定応答」の場合(認証失敗の場合)には、認証要求部303は、ゲートを閉じて被認証者がオフィスに入場することを拒否する。その際、認証要求部303は、ゲートを通行できない旨を被認証者に通知してもよい。
For example, if the response from the server device 10 is a "negative response" (if authentication has failed), the authentication request unit 303 closes the gate and denies the person to be authenticated from entering the office. At that time, the authentication request unit 303 may notify the person to be authenticated that he or she cannot pass through the gate.
サーバ装置10からの応答が「肯定応答」の場合(認証成功の場合)には、認証要求部303は、ゲートを開け被認証者がオフィスに入場することを許可する。
If the response from the server device 10 is a "positive response" (authentication is successful), the authentication request unit 303 opens the gate and allows the person to be authenticated to enter the office.
記憶部304は、認証端末20の動作に必要な情報を記憶する手段である。
The memory unit 304 is a means for storing information necessary for the operation of the authentication terminal 20.
[端末]
端末30には、スマートフォン、携帯電話機、ゲーム機、タブレット等の携帯端末装置やコンピュータ(パーソナルコンピュータ、ノートパソコン)等が例示される。端末30は、利用者の操作を受け付け、サーバ装置10等と通信可能であれば任意の機器、デバイスとすることができる。また、端末30の構成等は当業者にとって明らかであるので、詳細な説明を省略する。 [Device]
Examples of the terminal 30 include a smartphone, a mobile phone, a game machine, a mobile terminal device such as a tablet, a computer (personal computer, notebook computer), etc. The terminal 30 can be any equipment or device that can accept user operations and communicate with theserver device 10, etc. In addition, since the configuration of the terminal 30 is clear to those skilled in the art, detailed explanations will be omitted.
端末30には、スマートフォン、携帯電話機、ゲーム機、タブレット等の携帯端末装置やコンピュータ(パーソナルコンピュータ、ノートパソコン)等が例示される。端末30は、利用者の操作を受け付け、サーバ装置10等と通信可能であれば任意の機器、デバイスとすることができる。また、端末30の構成等は当業者にとって明らかであるので、詳細な説明を省略する。 [Device]
Examples of the terminal 30 include a smartphone, a mobile phone, a game machine, a mobile terminal device such as a tablet, a computer (personal computer, notebook computer), etc. The terminal 30 can be any equipment or device that can accept user operations and communicate with the
[システムの動作]
続いて、第1の実施形態に係る認証システムの動作について説明する。 [System Operation]
Next, the operation of the authentication system according to the first embodiment will be described.
続いて、第1の実施形態に係る認証システムの動作について説明する。 [System Operation]
Next, the operation of the authentication system according to the first embodiment will be described.
図13は、第1の実施形態に係る情報処理システムの動作の一例を示すシーケンス図である。図13を参照し、第1の実施形態に係る情報処理システムの動作について説明する。
FIG. 13 is a sequence diagram showing an example of the operation of the information processing system according to the first embodiment. The operation of the information processing system according to the first embodiment will be described with reference to FIG. 13.
認証端末20は、被認証者の生体情報を含む認証要求をサーバ装置10に送信する(ステップS01)。
The authentication terminal 20 sends an authentication request including the biometric information of the person to be authenticated to the server device 10 (step S01).
サーバ装置10は、取得した生体情報と利用者管理データベースに記憶された生体情報を用いた生体認証を実行する(ステップS02)。
The server device 10 performs biometric authentication using the acquired biometric information and the biometric information stored in the user management database (step S02).
生体認証に成功し、認証日(認証日時)が生体情報蓄積期間内であれば、サーバ装置10は、認証端末20から取得した生体情報(例えば、顔画像)を記憶する。サーバ装置10は、生体情報蓄積期間内に認証成功と判定された生体情報を蓄積する。
If the biometric authentication is successful and the authentication date (authentication date and time) is within the biometric information storage period, the server device 10 stores the biometric information (e.g., a facial image) acquired from the authentication terminal 20. The server device 10 stores the biometric information that is determined to be a successful authentication within the biometric information storage period.
サーバ装置10は、認証成功を認証端末20に送信する(ステップS04)。
The server device 10 sends a notification of successful authentication to the authentication terminal 20 (step S04).
認証端末20は、自装置に割り当てられたサービスを提供する(ステップS05)。例えば、認証端末20は、ゲートを開き被認証者のゲート通過を許可する。
The authentication terminal 20 provides the service assigned to the device itself (step S05). For example, the authentication terminal 20 opens the gate and allows the person to be authenticated to pass through the gate.
生体情報蓄積期間において認証端末20及びサーバ装置10は、上記ステップS01~S05の動作を繰り返す。
During the biometric information accumulation period, the authentication terminal 20 and server device 10 repeat the operations of steps S01 to S05 described above.
生体情報蓄積期間が経過すると、サーバ装置10は、蓄積された生体情報(顔画像)のなかから登録用の生体情報に最適な生体情報を選択し、当該選択された生体情報を用いて登録生体情報を更新する(ステップS06)。
When the biometric information storage period has elapsed, the server device 10 selects the most suitable biometric information for registration from the stored biometric information (face image) and updates the registered biometric information using the selected biometric information (step S06).
続いて、第1の実施形態に係る変形例について説明する。
Next, we will explain a modified example of the first embodiment.
<変形例1>
サーバ装置10は、利用者に対するサービス提供日が生体情報蓄積期間内であることを当該利用者に通知してもよい。例えば、サーバ装置10の認証制御部204は、生体情報蓄積期間中に被認証者の認証に成功すると、認証端末20を介して生体情報の蓄積期間中である旨を利用者に通知する。この場合、認証制御部204は、認証成功と共に生体情報蓄積期間中である旨を認証端末20に通知すればよい。あるいは、認証制御部204は、照合処理により特定された利用者のメールアドレス(利用者が所持する端末30)にサービス提供日が生体情報蓄積期間中であることを通知してもよい。この場合、端末30は、図14に示すようなポップアップ表示を行い、生体情報蓄積期間中を利用者に通知してもよい。あるいは、サーバ装置10は、生体情報蓄積期間が設定される前に生体情報蓄積期間が設定される予定であることを利用者に通知してもよい。例えば、サーバ装置10は、設定される生体情報蓄積期間の所定期間前(例えば、1週間前、1ヶ月前)に生体情報蓄積期間が設定される予定であることを利用者に通知してもよい。 <Modification 1>
Theserver device 10 may notify the user that the service provision date for the user is within the biometric information storage period. For example, when the authentication control unit 204 of the server device 10 succeeds in authenticating the authenticatee during the biometric information storage period, the authentication control unit 204 notifies the user that the biometric information storage period is in progress via the authentication terminal 20. In this case, the authentication control unit 204 may notify the authentication terminal 20 that the authentication is successful and that the biometric information storage period is in progress. Alternatively, the authentication control unit 204 may notify the email address of the user (terminal 30 owned by the user) identified by the matching process that the service provision date is in the biometric information storage period. In this case, the terminal 30 may display a pop-up as shown in FIG. 14 to notify the user of the biometric information storage period. Alternatively, the server device 10 may notify the user that the biometric information storage period is scheduled to be set before the biometric information storage period is set. For example, the server device 10 may notify the user that the biometric information storage period is scheduled to be set a predetermined period before the biometric information storage period to be set (for example, one week before, one month before).
サーバ装置10は、利用者に対するサービス提供日が生体情報蓄積期間内であることを当該利用者に通知してもよい。例えば、サーバ装置10の認証制御部204は、生体情報蓄積期間中に被認証者の認証に成功すると、認証端末20を介して生体情報の蓄積期間中である旨を利用者に通知する。この場合、認証制御部204は、認証成功と共に生体情報蓄積期間中である旨を認証端末20に通知すればよい。あるいは、認証制御部204は、照合処理により特定された利用者のメールアドレス(利用者が所持する端末30)にサービス提供日が生体情報蓄積期間中であることを通知してもよい。この場合、端末30は、図14に示すようなポップアップ表示を行い、生体情報蓄積期間中を利用者に通知してもよい。あるいは、サーバ装置10は、生体情報蓄積期間が設定される前に生体情報蓄積期間が設定される予定であることを利用者に通知してもよい。例えば、サーバ装置10は、設定される生体情報蓄積期間の所定期間前(例えば、1週間前、1ヶ月前)に生体情報蓄積期間が設定される予定であることを利用者に通知してもよい。 <Modification 1>
The
なお、図14に示す表示は例示であって、サービス提供日が生体情報蓄積期間中であることを利用者に通知する際の態様を限定する趣旨ではない。例えば、端末30は、背景の色彩やレイアウトを変えることで、サービス提供日が生体情報蓄積期間であることを利用者に通知してもよい。例えば、端末30は、白色の背景を黄色の背景に替える等の方法でサービス提供日が生体情報蓄積期間であることを利用者に通知してもよい。このように、端末30は、テキスト(メッセージ)によりサービス提供日が生体情報蓄積期間であることを利用者に通知するだけでなく、画面の色合いやレイアウト等を用いてサービス提供日が生体情報蓄積期間中であることを利用者に通知してもよい。
Note that the display shown in FIG. 14 is an example and is not intended to limit the manner in which the user is notified that the service provision date falls within the biometric information storage period. For example, the terminal 30 may notify the user that the service provision date falls within the biometric information storage period by changing the background color or layout. For example, the terminal 30 may notify the user that the service provision date falls within the biometric information storage period by changing a white background to a yellow background, or by other methods. In this way, the terminal 30 may notify the user that the service provision date falls within the biometric information storage period by not only using text (message) but also by using the color scheme, layout, etc. of the screen.
<変形例2>
サーバ装置10は、生体情報を更新する際、利用者の同意を取得してもよい。例えば、サーバ装置10の更新制御部205は、登録生体情報の更新に使用する生体情報(例えば、顔画像)を選択すると、当該選択した顔画像を含む「更新問合せ」を利用者の端末30に送信する。当該更新問合せを受信すると、端末30は、図15に示すようなGUIを表示し、サーバ装置10が選択した顔画像による登録顔画像(登録生体情報)の更新可否を取得する。端末30は、利用者の意思(更新に同意、更新を拒否)をサーバ装置10に通知する。更新制御部205は、利用者が生体情報(顔画像)の更新に同意した場合に、当該顔画像を使って登録生体情報を更新する。 <Modification 2>
Theserver device 10 may obtain the consent of the user when updating the biometric information. For example, when the update control unit 205 of the server device 10 selects biometric information (e.g., a face image) to be used for updating the registered biometric information, the update control unit 205 transmits an "update inquiry" including the selected face image to the user's terminal 30. Upon receiving the update inquiry, the terminal 30 displays a GUI as shown in FIG. 15 and obtains whether or not the registered face image (registered biometric information) can be updated with the face image selected by the server device 10. The terminal 30 notifies the server device 10 of the user's intention (agree to update, reject update). When the user agrees to update the biometric information (face image), the update control unit 205 updates the registered biometric information using the face image.
サーバ装置10は、生体情報を更新する際、利用者の同意を取得してもよい。例えば、サーバ装置10の更新制御部205は、登録生体情報の更新に使用する生体情報(例えば、顔画像)を選択すると、当該選択した顔画像を含む「更新問合せ」を利用者の端末30に送信する。当該更新問合せを受信すると、端末30は、図15に示すようなGUIを表示し、サーバ装置10が選択した顔画像による登録顔画像(登録生体情報)の更新可否を取得する。端末30は、利用者の意思(更新に同意、更新を拒否)をサーバ装置10に通知する。更新制御部205は、利用者が生体情報(顔画像)の更新に同意した場合に、当該顔画像を使って登録生体情報を更新する。 <Modification 2>
The
あるいは、サーバ装置10は、更新用の生体情報の蓄積を開始することについての同意を利用者から取得してもよい。例えば、サーバ装置10は、生体情報蓄積期間の開始直前に、登録生体情報を含む「蓄積期間開始問合せ」を利用者の端末30に送信する。当該問合せを受信すると、端末30は、図16に示すようなGUIを表示し、登録生体情報を更新するために生体情報の蓄積を開始することの可否を取得する。端末30は、利用者の意思(蓄積に同意、蓄積を拒否)をサーバ装置10に通知する。サーバ装置10は、利用者が生体情報(顔画像)の蓄積に同意した場合に、生体情報蓄積期間における生体情報の蓄積を開始する。このような対応により、サーバ装置10は、当初撮影した顔画像が削除される(更新される)生体情報蓄積期間の設定可否を利用者から取得する。
Alternatively, the server device 10 may obtain consent from the user to start storing biometric information for updating. For example, the server device 10 transmits an "accumulation period start inquiry" including the registered biometric information to the user's terminal 30 immediately before the start of the biometric information storage period. Upon receiving the inquiry, the terminal 30 displays a GUI such as that shown in FIG. 16 and obtains consent to start storing biometric information to update the registered biometric information. The terminal 30 notifies the server device 10 of the user's intention (agree to storage, reject storage). If the user consents to the storage of biometric information (face image), the server device 10 starts storing the biometric information during the biometric information storage period. In this manner, the server device 10 obtains from the user consent to setting a biometric information storage period during which the initially captured face image is deleted (updated).
<変形例3>
サーバ装置10の蓄積期間制御部203は、利用者の属性情報(例えば、年齢、性別)に基づいて、生体情報蓄積期間を設定してもよい。例えば、蓄積期間制御部203は、利用者の年齢に応じて、生体情報蓄積期間を設定する頻度を決定してもよい。例えば、「5歳児未満:3ヶ月に1回」、「5~10歳:半年に1回」、「10~15歳:1年に1回」、「15~20歳:2年に1回」、「20歳以上:5年に1回」といった頻度で生体情報蓄積期間が設定されてもよい。即ち、蓄積期間制御部203は、上記のような期間設定ルール(期間設定ポリシ)に基づいて、各利用者の生体情報蓄積期間を決定してもよい。なお、利用者が所定の年齢以上の場合、「更新不要」といった内容のルールが存在してもよい。例えば、蓄積期間制御部203は、「60歳以上:更新不要」といったルールに基づき、生体情報蓄積期間を決定してもよい。この場合、蓄積期間制御部203は、人の寿命を遙かに超える期間を生体情報蓄積期間に設定すればよい。このように、サーバ装置10は、子供の顔が変わりやすいことを考慮して、年齢に応じた生体情報蓄積期間の頻度を決定してもよい。サーバ装置10は、新たな生体情報蓄積期間を設定する場合にも、上記利用者の年齢に基づいた生体情報蓄積期間を設定すればよい。あるいは、サーバ装置10は、利用者の属性情報(例えば、年齢、性別)に基づいて生体情報蓄積期間の長さを決定してもよい。例えば、年齢が若いほど顔(人相)が変わり易いことを考慮し、サーバ装置10は、年齢の若い利用者の生体情報蓄積期間を長くし、年をとった利用者の生体情報蓄積期間を短く設定する。 <Modification 3>
The storageperiod control unit 203 of the server device 10 may set the biometric information storage period based on the attribute information (e.g., age, sex) of the user. For example, the storage period control unit 203 may determine the frequency of setting the biometric information storage period according to the age of the user. For example, the biometric information storage period may be set at a frequency such as "under 5 years old: once every 3 months", "5 to 10 years old: once every 6 months", "10 to 15 years old: once a year", "15 to 20 years old: once every 2 years", and "20 years old or older: once every 5 years". That is, the storage period control unit 203 may determine the biometric information storage period of each user based on the above-mentioned period setting rule (period setting policy). Note that there may be a rule such as "no update required" when the user is over a certain age. For example, the storage period control unit 203 may determine the biometric information storage period based on a rule such as "60 years old or older: no update required". In this case, the storage period control unit 203 may set the biometric information storage period to a period far exceeding the lifespan of a person. In this way, the server device 10 may determine the frequency of the biometric information storage period according to age, taking into consideration that children's faces are prone to change. When setting a new biometric information storage period, the server device 10 may set the biometric information storage period based on the age of the user. Alternatively, the server device 10 may determine the length of the biometric information storage period based on the attribute information of the user (e.g., age, sex). For example, taking into consideration that the younger the user is, the more likely the face (physiognomy) is to change, the server device 10 sets a longer biometric information storage period for younger users and a shorter biometric information storage period for older users.
サーバ装置10の蓄積期間制御部203は、利用者の属性情報(例えば、年齢、性別)に基づいて、生体情報蓄積期間を設定してもよい。例えば、蓄積期間制御部203は、利用者の年齢に応じて、生体情報蓄積期間を設定する頻度を決定してもよい。例えば、「5歳児未満:3ヶ月に1回」、「5~10歳:半年に1回」、「10~15歳:1年に1回」、「15~20歳:2年に1回」、「20歳以上:5年に1回」といった頻度で生体情報蓄積期間が設定されてもよい。即ち、蓄積期間制御部203は、上記のような期間設定ルール(期間設定ポリシ)に基づいて、各利用者の生体情報蓄積期間を決定してもよい。なお、利用者が所定の年齢以上の場合、「更新不要」といった内容のルールが存在してもよい。例えば、蓄積期間制御部203は、「60歳以上:更新不要」といったルールに基づき、生体情報蓄積期間を決定してもよい。この場合、蓄積期間制御部203は、人の寿命を遙かに超える期間を生体情報蓄積期間に設定すればよい。このように、サーバ装置10は、子供の顔が変わりやすいことを考慮して、年齢に応じた生体情報蓄積期間の頻度を決定してもよい。サーバ装置10は、新たな生体情報蓄積期間を設定する場合にも、上記利用者の年齢に基づいた生体情報蓄積期間を設定すればよい。あるいは、サーバ装置10は、利用者の属性情報(例えば、年齢、性別)に基づいて生体情報蓄積期間の長さを決定してもよい。例えば、年齢が若いほど顔(人相)が変わり易いことを考慮し、サーバ装置10は、年齢の若い利用者の生体情報蓄積期間を長くし、年をとった利用者の生体情報蓄積期間を短く設定する。 <Modification 3>
The storage
<変形例4>
サーバ装置10は、認証に成功したが認証に失敗したと捉えられる認証の回数に基づいて生体情報蓄積期間の頻度や長さを決定してもよい。例えば、サーバ装置10は、各利用者に関し、認証成功と判定する閾値の下限近辺で認証成功と判定された回数(疑似エラー回数)を記憶する。サーバ装置10は、疑似エラー回数が増えると、生体情報蓄積期間の設定頻度を短くする。例えば、サーバ装置10は、1年に1回の期間設定頻度を半年に1回の更新頻度とする。あるいは、サーバ装置10は、疑似エラー回数が増えると、生体情報蓄積期間を長くする。例えば、サーバ装置10は、1週間の期間を3週間の期間に変更する。あるいは、疑似エラー回数が増えると、サーバ装置10は、生体情報蓄積期間内に認証成功と判定される必要回数を増やしてもよい(例えば、10回の必要回数を15回に変更)。一方、サーバ装置10は、疑似エラー回数が少ない場合には、生体情報更新のための蓄積期間の設定頻度を長くしてもよい。例えば、サーバ装置10は、1年に1回の更新頻度を3年に1回の更新頻度にしてもよい。あるいは、サーバ装置10は、疑似エラー回数が少ない場合、生体情報蓄積期間を短くしたり(例えば、1週間を3日に変更)、必要な認証回数を少なくしたりしてもよい(例えば、10回の必要回数を5回に変更)。 <Modification 4>
Theserver device 10 may determine the frequency and length of the biometric information storage period based on the number of times authentication is successful but considered to be unsuccessful. For example, the server device 10 stores the number of times authentication is determined to be successful (number of pseudo errors) for each user near the lower limit of the threshold for determining authentication success. When the number of pseudo errors increases, the server device 10 shortens the setting frequency of the biometric information storage period. For example, the server device 10 changes the period setting frequency from once a year to an update frequency once every six months. Alternatively, when the number of pseudo errors increases, the server device 10 lengthens the biometric information storage period. For example, the server device 10 changes the period from one week to three weeks. Alternatively, when the number of pseudo errors increases, the server device 10 may increase the number of times required to determine authentication success within the biometric information storage period (for example, change the required number from 10 times to 15 times). On the other hand, when the number of pseudo errors is small, the server device 10 may lengthen the setting frequency of the storage period for updating biometric information. For example, the server device 10 may change the update frequency from once a year to once every three years. Alternatively, when the number of pseudo errors is small, the server device 10 may shorten the biometric information storage period (e.g., from one week to three days) or reduce the number of required authentications (e.g., from 10 to five).
サーバ装置10は、認証に成功したが認証に失敗したと捉えられる認証の回数に基づいて生体情報蓄積期間の頻度や長さを決定してもよい。例えば、サーバ装置10は、各利用者に関し、認証成功と判定する閾値の下限近辺で認証成功と判定された回数(疑似エラー回数)を記憶する。サーバ装置10は、疑似エラー回数が増えると、生体情報蓄積期間の設定頻度を短くする。例えば、サーバ装置10は、1年に1回の期間設定頻度を半年に1回の更新頻度とする。あるいは、サーバ装置10は、疑似エラー回数が増えると、生体情報蓄積期間を長くする。例えば、サーバ装置10は、1週間の期間を3週間の期間に変更する。あるいは、疑似エラー回数が増えると、サーバ装置10は、生体情報蓄積期間内に認証成功と判定される必要回数を増やしてもよい(例えば、10回の必要回数を15回に変更)。一方、サーバ装置10は、疑似エラー回数が少ない場合には、生体情報更新のための蓄積期間の設定頻度を長くしてもよい。例えば、サーバ装置10は、1年に1回の更新頻度を3年に1回の更新頻度にしてもよい。あるいは、サーバ装置10は、疑似エラー回数が少ない場合、生体情報蓄積期間を短くしたり(例えば、1週間を3日に変更)、必要な認証回数を少なくしたりしてもよい(例えば、10回の必要回数を5回に変更)。 <Modification 4>
The
<変形例5>
サーバ装置10の蓄積期間制御部203は、利用者の認証履歴に基づいて、生体情報蓄積期間の長さを決定してもよい。この場合、サーバ装置10は、各利用者について、認証に成功した日時及び場所を含む認証履歴を生成し、記憶する。蓄積期間制御部203は、利用者の認証頻度(所定期間における認証成功の回数)を計算する。蓄積期間制御部203は、認証頻度が高い利用者に関しては短めの生体情報蓄積期間を設定する。対して、蓄積期間制御部203は、認証頻度が低い利用者に関しては長めの生体情報蓄積期間を設定する。例えば、蓄積期間制御部203は、直近の1ヶ月間における利用者の認証頻度を計算する。また、標準的な生体情報蓄積期間の長さ(蓄積期間のデフォルト値)を「1週間」とする。この場合、認証頻度が高い利用者に関しては、蓄積期間制御部203は、デフォルト値よりも短い「3日」を生体情報蓄積期間の長さに設定する。対して、認証頻度が低い利用者に関しては、蓄積期間制御部203は、デフォルト値よりも長い「2週間」を生体情報蓄積期間の長さに設定する。認証頻度が高いという事実は、生体情報蓄積期間に数多くの生体情報が取得されることを示す。従って、生体情報蓄積期間を短く設定しても更新用の顔画像を選択するために十分な数の顔画像が蓄積される。一方、認証頻度が低いという事実は、生体情報蓄積期間の間に少数の生体情報が取得されることを示す。従って、生体情報蓄積期間を長く設定しなければ、更新用の顔画像を選択するために十分な数の顔画像が蓄積されない。これらの事情を考慮し、サーバ装置10は、各利用者の認証頻度(サービスの利用頻度)に応じた生体情報蓄積期間の長さを決定し、更新に適した生体情報(適切度スコアが十分に高い生体情報)を取得可能にする。 <Modification 5>
The storageperiod control unit 203 of the server device 10 may determine the length of the biometric information storage period based on the authentication history of the user. In this case, the server device 10 generates and stores an authentication history including the date, time, and location of successful authentication for each user. The storage period control unit 203 calculates the authentication frequency of the user (the number of successful authentications in a predetermined period). The storage period control unit 203 sets a shorter biometric information storage period for a user with a high authentication frequency. In contrast, the storage period control unit 203 sets a longer biometric information storage period for a user with a low authentication frequency. For example, the storage period control unit 203 calculates the authentication frequency of the user in the most recent month. In addition, the length of the standard biometric information storage period (default value of the storage period) is set to "1 week". In this case, for a user with a high authentication frequency, the storage period control unit 203 sets the length of the biometric information storage period to "3 days", which is shorter than the default value. In contrast, for a user with a low authentication frequency, the storage period control unit 203 sets the length of the biometric information storage period to "2 weeks", which is longer than the default value. A high authentication frequency indicates that a large amount of biometric information is acquired during the biometric information storage period. Therefore, even if the biometric information storage period is set to be short, a sufficient number of facial images are accumulated to select a facial image for updating. On the other hand, a low authentication frequency indicates that a small amount of biometric information is acquired during the biometric information storage period. Therefore, unless the biometric information storage period is set to be long, a sufficient number of facial images are not accumulated to select a facial image for updating. Taking these circumstances into consideration, the server device 10 determines the length of the biometric information storage period according to the authentication frequency (frequency of service use) of each user, and makes it possible to acquire biometric information suitable for updating (biometric information with a sufficiently high appropriateness score).
サーバ装置10の蓄積期間制御部203は、利用者の認証履歴に基づいて、生体情報蓄積期間の長さを決定してもよい。この場合、サーバ装置10は、各利用者について、認証に成功した日時及び場所を含む認証履歴を生成し、記憶する。蓄積期間制御部203は、利用者の認証頻度(所定期間における認証成功の回数)を計算する。蓄積期間制御部203は、認証頻度が高い利用者に関しては短めの生体情報蓄積期間を設定する。対して、蓄積期間制御部203は、認証頻度が低い利用者に関しては長めの生体情報蓄積期間を設定する。例えば、蓄積期間制御部203は、直近の1ヶ月間における利用者の認証頻度を計算する。また、標準的な生体情報蓄積期間の長さ(蓄積期間のデフォルト値)を「1週間」とする。この場合、認証頻度が高い利用者に関しては、蓄積期間制御部203は、デフォルト値よりも短い「3日」を生体情報蓄積期間の長さに設定する。対して、認証頻度が低い利用者に関しては、蓄積期間制御部203は、デフォルト値よりも長い「2週間」を生体情報蓄積期間の長さに設定する。認証頻度が高いという事実は、生体情報蓄積期間に数多くの生体情報が取得されることを示す。従って、生体情報蓄積期間を短く設定しても更新用の顔画像を選択するために十分な数の顔画像が蓄積される。一方、認証頻度が低いという事実は、生体情報蓄積期間の間に少数の生体情報が取得されることを示す。従って、生体情報蓄積期間を長く設定しなければ、更新用の顔画像を選択するために十分な数の顔画像が蓄積されない。これらの事情を考慮し、サーバ装置10は、各利用者の認証頻度(サービスの利用頻度)に応じた生体情報蓄積期間の長さを決定し、更新に適した生体情報(適切度スコアが十分に高い生体情報)を取得可能にする。 <Modification 5>
The storage
<変形例6>
あるいは、サーバ装置10(蓄積期間制御部203)は、生体情報蓄積期間に認証成功と判定された回数が所定値に満たない場合、当該生体情報蓄積期間を延長してもよい。例えば、「10回の認証成功が必要」といったルールが定められていれば、サーバ装置10は、生体情報蓄積期間中に10回の認証成功が確認されるまで(10の生体情報が蓄積されるまで)、生体情報蓄積期間を延長する。この場合、蓄積期間制御部203は、蓄積期間管理データベースの生体情報蓄積期間フィールドを参照し、生体情報蓄積期間の終了日が到来しているエントリを抽出する。蓄積期間制御部203は、生体情報管理データベースを参照し、抽出したエントリのユーザIDに対応する利用者の生体情報数を取得する。蓄積期間制御部203は、取得した生体情報数(生体情報蓄積期間中に蓄積された生体情報数)が予め定められた所定値(上記の例では10個)に到達していなければ、蓄積期間管理データベースの生体情報蓄積期間の終了日を延長する。 <Modification 6>
Alternatively, the server device 10 (accumulation period control unit 203) may extend the biometric information accumulation period if the number of times authentication is determined to be successful during the biometric information accumulation period does not reach a predetermined value. For example, if a rule such as "10 successful authentications are required" is set, theserver device 10 extends the biometric information accumulation period until 10 successful authentications are confirmed during the biometric information accumulation period (until 10 pieces of biometric information are accumulated). In this case, the accumulation period control unit 203 refers to the biometric information accumulation period field of the accumulation period management database and extracts an entry whose end date of the biometric information accumulation period has arrived. The accumulation period control unit 203 refers to the biometric information management database and acquires the number of pieces of biometric information of the user corresponding to the user ID of the extracted entry. If the number of pieces of biometric information acquired (the number of pieces of biometric information accumulated during the biometric information accumulation period) does not reach a predetermined value (10 in the above example), the accumulation period control unit 203 extends the end date of the biometric information accumulation period in the accumulation period management database.
あるいは、サーバ装置10(蓄積期間制御部203)は、生体情報蓄積期間に認証成功と判定された回数が所定値に満たない場合、当該生体情報蓄積期間を延長してもよい。例えば、「10回の認証成功が必要」といったルールが定められていれば、サーバ装置10は、生体情報蓄積期間中に10回の認証成功が確認されるまで(10の生体情報が蓄積されるまで)、生体情報蓄積期間を延長する。この場合、蓄積期間制御部203は、蓄積期間管理データベースの生体情報蓄積期間フィールドを参照し、生体情報蓄積期間の終了日が到来しているエントリを抽出する。蓄積期間制御部203は、生体情報管理データベースを参照し、抽出したエントリのユーザIDに対応する利用者の生体情報数を取得する。蓄積期間制御部203は、取得した生体情報数(生体情報蓄積期間中に蓄積された生体情報数)が予め定められた所定値(上記の例では10個)に到達していなければ、蓄積期間管理データベースの生体情報蓄積期間の終了日を延長する。 <Modification 6>
Alternatively, the server device 10 (accumulation period control unit 203) may extend the biometric information accumulation period if the number of times authentication is determined to be successful during the biometric information accumulation period does not reach a predetermined value. For example, if a rule such as "10 successful authentications are required" is set, the
<変形例7>
あるいは、サーバ装置10(認証制御部204)は、生体情報蓄積期間における生体情報の蓄積状況(認証成功の回数)を利用者に通知してもよい。即ち、サーバ装置10は、生体情報蓄積期間を終了するために必要な生体情報の蓄積に関する進捗状況を利用者に通知してもよい。上記の例では、生体情報蓄積期間が満了するために必要な認証成功の数は「10」であり、認証成功時の認証成功数(例えば、7回の生体認証に成功)が利用者に通知されてもよい。例えば、認証制御部204は、照合処理により特定された利用者の端末30に、生体情報の蓄積状況(例えば、必要な認証回数、現在の認証回数)を通知してもよい。この場合、端末30は、図17に示すようなポップアップ表示を行い、生体情報の蓄積状況を利用者に通知してもよい。 <Modification 7>
Alternatively, the server device 10 (authentication control unit 204) may notify the user of the accumulation status of biometric information during the biometric information accumulation period (the number of successful authentications). That is, theserver device 10 may notify the user of the progress status regarding the accumulation of biometric information required to complete the biometric information accumulation period. In the above example, the number of successful authentications required for the expiration of the biometric information accumulation period is "10", and the number of successful authentications at the time of successful authentication (e.g., seven successful biometric authentications) may be notified to the user. For example, the authentication control unit 204 may notify the terminal 30 of the user identified by the matching process of the accumulation status of biometric information (e.g., the number of required authentications, the current number of authentications). In this case, the terminal 30 may display a pop-up as shown in FIG. 17 to notify the user of the accumulation status of biometric information.
あるいは、サーバ装置10(認証制御部204)は、生体情報蓄積期間における生体情報の蓄積状況(認証成功の回数)を利用者に通知してもよい。即ち、サーバ装置10は、生体情報蓄積期間を終了するために必要な生体情報の蓄積に関する進捗状況を利用者に通知してもよい。上記の例では、生体情報蓄積期間が満了するために必要な認証成功の数は「10」であり、認証成功時の認証成功数(例えば、7回の生体認証に成功)が利用者に通知されてもよい。例えば、認証制御部204は、照合処理により特定された利用者の端末30に、生体情報の蓄積状況(例えば、必要な認証回数、現在の認証回数)を通知してもよい。この場合、端末30は、図17に示すようなポップアップ表示を行い、生体情報の蓄積状況を利用者に通知してもよい。 <Modification 7>
Alternatively, the server device 10 (authentication control unit 204) may notify the user of the accumulation status of biometric information during the biometric information accumulation period (the number of successful authentications). That is, the
<変形例8>
サーバ装置10は、更新用の生体情報を生体情報蓄積期間中に蓄積された複数の生体情報から生成してもよい。例えば、更新制御部205は、生体情報蓄積期間中に得られた複数の顔画像を合成し、1枚の顔画像を生成する。更新制御部205は、当該生成された顔画像から特徴量を生成し、当該生成された特徴量を更新用の生体情報として利用者管理データベースに登録してもよい。あるいは、更新制御部205は、生体情報蓄積期間中に得られた各顔画像から特徴量を生成し、当該生成された特徴量の平均値を計算する。更新制御部205は、当該計算された特徴量の平均値を更新用の生体情報として利用者管理データベースに登録してもよい。 <Modification 8>
Theserver device 10 may generate biometric information for update from a plurality of pieces of biometric information accumulated during the biometric information accumulation period. For example, the update control unit 205 may synthesize a plurality of face images obtained during the biometric information accumulation period to generate one face image. The update control unit 205 may generate features from the generated face image and register the generated features as biometric information for update in the user management database. Alternatively, the update control unit 205 may generate features from each face image obtained during the biometric information accumulation period and calculate an average value of the generated features. The update control unit 205 may register the calculated average value of the features as biometric information for update in the user management database.
サーバ装置10は、更新用の生体情報を生体情報蓄積期間中に蓄積された複数の生体情報から生成してもよい。例えば、更新制御部205は、生体情報蓄積期間中に得られた複数の顔画像を合成し、1枚の顔画像を生成する。更新制御部205は、当該生成された顔画像から特徴量を生成し、当該生成された特徴量を更新用の生体情報として利用者管理データベースに登録してもよい。あるいは、更新制御部205は、生体情報蓄積期間中に得られた各顔画像から特徴量を生成し、当該生成された特徴量の平均値を計算する。更新制御部205は、当該計算された特徴量の平均値を更新用の生体情報として利用者管理データベースに登録してもよい。 <Modification 8>
The
以上のように、第1の実施形態に係るサーバ装置10は、登録生体情報を更新するために必要な生体情報を蓄積するための生体情報蓄積期間を設定する。サーバ装置10は、当該生体情報蓄積期間に得られた生体情報のなかから登録生体情報の更新に適した生体情報を選択し、当該選択された生体情報を用いて登録生体情報を更新する。生体情報蓄積期間は、所定の頻度及び所定の長さで設定され、サーバ装置10は、例えば、生体情報蓄積期間の終了後に登録生体情報を更新する。このような構成により、サーバ装置10は、利用者の認証成功のたびに生体情報の更新を行う必要がないので、サーバ装置10の負荷上昇が抑制される。
As described above, the server device 10 according to the first embodiment sets a biometric information accumulation period for accumulating biometric information necessary to update the registered biometric information. The server device 10 selects biometric information suitable for updating the registered biometric information from the biometric information obtained during the biometric information accumulation period, and updates the registered biometric information using the selected biometric information. The biometric information accumulation period is set with a predetermined frequency and a predetermined length, and the server device 10 updates the registered biometric information after the end of the biometric information accumulation period, for example. With this configuration, the server device 10 does not need to update the biometric information every time authentication of a user is successful, thereby suppressing an increase in the load on the server device 10.
ここで、被認証者の人相が変化すると、認証精度が悪化する。とりわけ、子供は成長が早く顔の変化が早い。そのため、子供に関しては頻繁な生体情報の更新が求められる。一方、大人に関しては顔の変化が緩やかであり、頻繁な生体情報の更新は不要であることが多い。サーバ装置10は、これらの事情を勘案し、利用者の属性(例えば、年齢)に応じた適切な生体情報蓄積期間を設定する。例えば、サーバ装置10は、子供については高い頻度で生体情報の更新が行われるように生体情報蓄積期間を設定する。対して、サーバ装置10は、大人に関しては生体情報の更新が頻繁に行われないように生体情報蓄積期間を設定する。その結果、認証精度の向上(維持)とサーバ装置10の負荷上昇の抑制が両立できる。
Here, if the facial features of the person to be authenticated change, the authentication accuracy will deteriorate. Children, in particular, grow quickly and their faces change quickly. For this reason, frequent updates of biometric information are required for children. On the other hand, the faces of adults change more slowly, and frequent updates of biometric information are often unnecessary. The server device 10 takes these circumstances into consideration and sets an appropriate biometric information accumulation period according to the attributes of the user (e.g., age). For example, the server device 10 sets the biometric information accumulation period for children so that biometric information is updated frequently. Conversely, the server device 10 sets the biometric information accumulation period for adults so that biometric information is not updated frequently. As a result, it is possible to improve (maintain) the authentication accuracy while suppressing an increase in the load on the server device 10.
さらに、サーバ装置10は、生体情報蓄積期間の長さを適切に選択することで、登録生体情報の更新に使用する生体情報を確実に取得できるようにする。また、サーバ装置10は、更新に使用する生体情報の品質を検証することで、更新後の生体情報を用いた生体認証の精度が悪化することを防止する。
Furthermore, the server device 10 can reliably acquire the biometric information used to update the registered biometric information by appropriately selecting the length of the biometric information accumulation period. Also, the server device 10 verifies the quality of the biometric information used for updating, thereby preventing a deterioration in the accuracy of biometric authentication using the updated biometric information.
続いて、情報処理システムを構成する各装置のハードウェアについて説明する。図18は、サーバ装置10のハードウェア構成の一例を示す図である。
Next, we will explain the hardware of each device that makes up the information processing system. Figure 18 is a diagram showing an example of the hardware configuration of the server device 10.
サーバ装置10は、情報処理装置(所謂、コンピュータ)により構成可能であり、図18に例示する構成を備える。例えば、サーバ装置10は、プロセッサ311、メモリ312、入出力インターフェイス313及び通信インターフェイス314等を備える。上記プロセッサ311等の構成要素は内部バス等により接続され、相互に通信可能に構成されている。
The server device 10 can be configured by an information processing device (so-called a computer), and has the configuration shown in FIG. 18. For example, the server device 10 has a processor 311, a memory 312, an input/output interface 313, a communication interface 314, etc. The components such as the processor 311 are connected by an internal bus or the like, and are configured to be able to communicate with each other.
但し、図18に示す構成は、サーバ装置10のハードウェア構成を限定する趣旨ではない。サーバ装置10は、図示しないハードウェアを含んでもよいし、必要に応じて入出力インターフェイス313を備えていなくともよい。また、サーバ装置10に含まれるプロセッサ311等の数も図18の例示に限定する趣旨ではなく、例えば、複数のプロセッサ311がサーバ装置10に含まれていてもよい。
However, the configuration shown in FIG. 18 is not intended to limit the hardware configuration of the server device 10. The server device 10 may include hardware not shown, and may not include an input/output interface 313 as necessary. Furthermore, the number of processors 311 and the like included in the server device 10 is not intended to be limited to the example shown in FIG. 18, and for example, the server device 10 may include multiple processors 311.
プロセッサ311は、例えば、CPU(Central Processing Unit)、MPU(Micro Processing Unit)、DSP(Digital Signal Processor)等のプログラマブルなデバイスである。あるいは、プロセッサ311は、FPGA(Field Programmable Gate Array)、ASIC(Application Specific Integrated Circuit)等のデバイスであってもよい。プロセッサ311は、オペレーティングシステム(OS;Operating System)を含む各種プログラムを実行する。
The processor 311 is, for example, a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), or a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
メモリ312は、RAM(Random Access Memory)、ROM(Read Only Memory)、HDD(Hard Disk Drive)、SSD(Solid State Drive)等である。メモリ312は、OSプログラム、アプリケーションプログラム、各種データを格納する。
Memory 312 may be a RAM (Random Access Memory), a ROM (Read Only Memory), a HDD (Hard Disk Drive), a SSD (Solid State Drive), etc. Memory 312 stores the OS program, application programs, and various data.
入出力インターフェイス313は、図示しない表示装置や入力装置のインターフェイスである。表示装置は、例えば、液晶ディスプレイ等である。入力装置は、例えば、キーボードやマウス等のユーザ操作を受け付ける装置である。
The input/output interface 313 is an interface for a display device and an input device (not shown). The display device is, for example, a liquid crystal display. The input device is, for example, a device that accepts user operations such as a keyboard or a mouse.
通信インターフェイス314は、他の装置と通信を行う回路、モジュール等である。例えば、通信インターフェイス314は、NIC(Network Interface Card)等を備える。
The communication interface 314 is a circuit, module, etc. that communicates with other devices. For example, the communication interface 314 includes a NIC (Network Interface Card), etc.
サーバ装置10の機能は、各種処理モジュールにより実現される。当該処理モジュールは、例えば、メモリ312に格納されたプログラムをプロセッサ311が実行することで実現される。また、当該プログラムは、コンピュータが読み取り可能な記憶媒体に記録することができる。記憶媒体は、半導体メモリ、ハードディスク、磁気記録媒体、光記録媒体等の非トランジェント(non-transitory)なものとすることができる。即ち、本発明は、コンピュータプログラム製品として具現することも可能である。また、上記プログラムは、ネットワークを介してダウンロードするか、あるいは、プログラムを記憶した記憶媒体を用いて、更新することができる。さらに、上記処理モジュールは、半導体チップにより実現されてもよい。
The functions of the server device 10 are realized by various processing modules. The processing modules are realized, for example, by the processor 311 executing a program stored in the memory 312. The program can be recorded on a computer-readable storage medium. The storage medium can be a non-transitory medium such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium. In other words, the present invention can also be embodied as a computer program product. The program can be downloaded via a network, or updated using a storage medium that stores the program. The processing modules may also be realized by a semiconductor chip.
なお、認証端末20もサーバ装置10と同様に情報処理装置により構成可能であり、その基本的なハードウェア構成はサーバ装置10と相違する点はないので説明を省略する。例えば、認証端末20は、被認証者を撮影するためのカメラ装置を備えていればよい。
The authentication terminal 20 can also be configured with an information processing device, just like the server device 10, and its basic hardware configuration is no different from that of the server device 10, so a description of it will be omitted. For example, the authentication terminal 20 may be equipped with a camera device for photographing the person to be authenticated.
情報処理装置であるサーバ装置10は、コンピュータを搭載し、当該コンピュータにプログラムを実行させることでサーバ装置10の機能が実現できる。また、サーバ装置10は、当該プログラムによりサーバ装置10の制御方法を実行する。同様に、認証端末20は、コンピュータを搭載し、当該コンピュータにプログラムを実行させることで認証端末20の機能が実現できる。また、認証端末20は、当該プログラムにより認証端末20の制御方法を実行する。
The server device 10, which is an information processing device, is equipped with a computer, and the functions of the server device 10 can be realized by having the computer execute a program. The server device 10 also executes a control method for the server device 10 by means of the program. Similarly, the authentication terminal 20 is equipped with a computer, and the functions of the authentication terminal 20 can be realized by having the computer execute a program. The authentication terminal 20 also executes a control method for the authentication terminal 20 by means of the program.
[変形例]
なお、上記実施形態にて説明した情報処理システムの構成、動作等は例示であって、システムの構成等を限定する趣旨ではない。 [Modification]
The configuration, operation, etc. of the information processing system described in the above embodiment are merely examples, and are not intended to limit the system configuration, etc.
なお、上記実施形態にて説明した情報処理システムの構成、動作等は例示であって、システムの構成等を限定する趣旨ではない。 [Modification]
The configuration, operation, etc. of the information processing system described in the above embodiment are merely examples, and are not intended to limit the system configuration, etc.
サーバ装置10の利用者管理部202は、生体情報の初期登録の際に利用者から取得した生体情報の適切度スコアを算出してもよい。利用者管理部202は、算出した適切度スコアが閾値よりも低い場合、異なる生体情報(例えば、顔画像)の再登録を利用者に要求してもよい。
The user management unit 202 of the server device 10 may calculate an appropriateness score for the biometric information acquired from the user during the initial registration of the biometric information. If the calculated appropriateness score is lower than a threshold, the user management unit 202 may request the user to re-register different biometric information (e.g., a face image).
サーバ装置10は、登録生体情報の更新に用いる生体情報を、登録生体情報と蓄積された生体情報の間の類似度に基づいて選択してもよい。例えば、サーバ装置10は、生体情報蓄積期間の間に取得された生体情報のうち登録生体情報との間の類似度が最も大きい生体情報を更新用の生体情報に選択してもよい。
The server device 10 may select biometric information to be used to update the registered biometric information based on the degree of similarity between the registered biometric information and the accumulated biometric information. For example, the server device 10 may select, as the biometric information for update, the biometric information that has the greatest degree of similarity with the registered biometric information among the biometric information acquired during the biometric information accumulation period.
利用者登録の際に、当該利用者の本人確認が行われてもよい。サーバ装置10の利用者管理部202は、利用者の氏名、生体情報等と共に、生体情報が記載された身元確認書類(例えば、パスポート、運転免許証等)を取得する。利用者管理部202は、身元確認書類の生体情報と利用者から取得した生体情報を用いた1対1照合を実行する。利用者管理部202は、当該照合に成功した場合に、利用者登録(アカウント生成)を行ってもよい。
When registering a user, the user's identity may be verified. The user management unit 202 of the server device 10 acquires the user's name, biometric information, etc., as well as an identification document (e.g., a passport, driver's license, etc.) containing the biometric information. The user management unit 202 performs a one-to-one match using the biometric information on the identification document and the biometric information acquired from the user. If the match is successful, the user management unit 202 may register the user (create an account).
蓄積期間制御部203は、利用者から取得した属性情報(年齢、性別)に変えて、身元確認書類から得られる属性情報を用いて生体情報蓄積期間を設定してもよい。あるいは、蓄積期間制御部203は、利用者の登録生体情報(例えば、顔画像)から利用者の属性情報を推測してもよい。
The accumulation period control unit 203 may set the biometric information accumulation period using attribute information obtained from an identification document instead of attribute information (age, gender) acquired from the user. Alternatively, the accumulation period control unit 203 may infer the user's attribute information from the user's registered biometric information (e.g., a face image).
更新制御部205は、生体情報蓄積期間に得られた生体情報の適切度スコアに対して統計処理を施し、当該統計処理の結果に応じて登録生体情報を更新する生体情報を選択してもよい。例えば、更新制御部205は、適切度スコアの平均値、中央値、最頻値といった蓄積された生体情報を代表する代表値を計算する。更新制御部205は、当該代表値に一致する(代表値に最も近い)適切度スコアを有する生体情報を更新用の生体情報として選択してもよい。
The update control unit 205 may perform statistical processing on the appropriateness scores of the biometric information obtained during the biometric information accumulation period, and select the biometric information to update the registered biometric information according to the results of the statistical processing. For example, the update control unit 205 may calculate a representative value representing the accumulated biometric information, such as the average, median, or mode of the appropriateness scores. The update control unit 205 may select the biometric information having an appropriateness score that matches the representative value (closest to the representative value) as the biometric information to be updated.
あるいは、更新制御部205は、最も良い適切度スコアの生体情報と最も悪い適切度スコアの生体情報を除外して残る生体情報のなかから、登録生体情報を更新する生体情報を選択してもよい。あるいは、更新制御部205は、最も良い適切度スコアの生体情報と最も悪い適切度スコアの生体情報を除外して上記代表値を計算してもよい。
Alternatively, the update control unit 205 may select biometric information to update the registered biometric information from the biometric information remaining after excluding the biometric information with the best and worst appropriateness scores. Alternatively, the update control unit 205 may calculate the representative value by excluding the biometric information with the best and worst appropriateness scores.
上記実施形態では、3つのデータベース(利用者管理データベース、蓄積期間管理データベース、生体情報管理データベース)を用いて利用者情報、生体情報蓄積期間、認証成功と判定された生体情報が管理される場合について説明した。しかし、利用者情報、生体情報蓄積期間等は1つのデータベースにより管理されてもよい。即ち、上記3つのデータベースは統合され1つのデータベースにより利用者情報等が管理されてもよい。
In the above embodiment, a case has been described in which user information, biometric information accumulation period, and biometric information determined to be successfully authenticated are managed using three databases (user management database, accumulation period management database, and biometric information management database). However, user information, biometric information accumulation period, etc. may be managed by one database. In other words, the above three databases may be integrated and user information, etc. may be managed by one database.
上記実施形態では、利用者管理データベースは、利用者の特徴量を登録生体情報として記憶する場合について説明した。しかし、利用者管理データベースは、利用者の顔画像を登録生体情報として記憶してもよい。この場合、認証制御部204は、認証処理のたびに登録生体情報(顔画像)から特徴量を生成すればよい。
In the above embodiment, the user management database has been described as storing the user's features as registered biometric information. However, the user management database may also store the user's facial image as registered biometric information. In this case, the authentication control unit 204 may generate features from the registered biometric information (facial image) each time authentication processing is performed.
上記実施形態では、サーバ装置10の内部に利用者管理データベース等が構成される場合について説明したが、これらのデータベースは外部のデータベースサーバ等に構築されてもよい。即ち、サーバ装置10の一部の機能は別のサーバに実装されていてもよい。より具体的には、上記説明した「蓄積期間制御部(蓄積期間制御手段)」、「更新制御部(更新制御手段)」等がシステムに含まれるいずれかの装置に実装されていればよい。
In the above embodiment, a case has been described in which a user management database and the like are configured inside the server device 10, but these databases may also be constructed in an external database server or the like. That is, some of the functions of the server device 10 may be implemented in another server. More specifically, the above-described "accumulation period control unit (accumulation period control means)", "update control unit (update control means)", etc. may be implemented in any of the devices included in the system.
各装置(サーバ装置10、認証端末20)間のデータ送受信の形態は特に限定されないが、これら装置間で送受信されるデータは暗号化されていてもよい。これらの装置間では、生体情報等が送受信され、これらの情報を適切に保護するためには、暗号化されたデータが送受信されることが望ましい。
The form of data transmission and reception between each device (server device 10, authentication terminal 20) is not particularly limited, but data transmitted and received between these devices may be encrypted. Biometric information and the like is transmitted and received between these devices, and in order to appropriately protect this information, it is desirable to transmit and receive encrypted data.
上記説明で用いた流れ図(フローチャート、シーケンス図)では、複数の工程(処理)が順番に記載されているが、実施形態で実行される工程の実行順序は、その記載の順番に制限されない。実施形態では、例えば各処理を並行して実行する等、図示される工程の順番を内容的に支障のない範囲で変更することができる。
In the flow diagrams (flowcharts, sequence diagrams) used in the above explanation, multiple steps (processes) are listed in order, but the order in which the steps are executed in the embodiments is not limited to the order listed. In the embodiments, the order of the steps shown in the diagrams can be changed to the extent that does not interfere with the content, for example by executing each process in parallel.
上記の実施形態は本願開示の理解を容易にするために詳細に説明したものであり、上記説明したすべての構成が必要であることを意図したものではない。また、複数の実施形態について説明した場合には、各実施形態は単独で用いてもよいし、組み合わせて用いてもよい。例えば、実施形態の構成の一部を他の実施形態の構成に置き換えることや、実施形態の構成に他の実施形態の構成を加えることも可能である。さらに、実施形態の構成の一部について他の構成の追加、削除、置換が可能である。
The above embodiments have been described in detail to facilitate understanding of the present disclosure, and it is not intended that all of the configurations described above are necessary. Furthermore, when multiple embodiments are described, each embodiment may be used alone or in combination. For example, it is possible to replace part of the configuration of an embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of an embodiment. Furthermore, it is possible to add, delete, or replace part of the configuration of an embodiment with other configurations.
上記の説明により、本発明の産業上の利用可能性は明らかであるが、本発明は、利用者に生体認証を用いたサービスを提供する情報処理システムなどに好適に適用可能である。
The above explanation makes it clear that the present invention has industrial applicability, and the present invention can be suitably applied to information processing systems that provide users with services using biometric authentication.
上記の実施形態の一部又は全部は、以下の付記のようにも記載され得るが、以下には限られない。
[付記1]
生体認証に用いられる、登録生体情報を記憶する、記憶手段と、
利用者の生体情報を蓄積するための期間であって、所定の長さを有する生体情報蓄積期間を所定の頻度で設定する、蓄積期間制御手段と、
前記生体情報蓄積期間内に蓄積された、少なくとも1以上の生体情報を用いて前記登録生体情報を更新する、更新制御手段と、
を備える、サーバ装置。
[付記2]
認証端末から被認証者の生体情報を含む認証要求を受信し、前記認証要求に含まれる生体情報と前記記憶された登録生体情報を用いた認証処理を実行する、認証制御手段をさらに備え、
前記認証制御手段は、前記生体情報蓄積期間内に認証成功と判定された生体情報を蓄積し、前記生体情報蓄積期間外に認証成功と判定された生体情報を破棄する、付記1に記載のサーバ装置。
[付記3]
前記更新制御手段は、前記生体情報蓄積期間内に蓄積された少なくとも1以上の生体情報それぞれについて、生体認証用途の生体情報としての適切度を示すスコアを算出し、前記算出されたスコアに基づいて前記登録生体情報の更新に使用する生体情報を選択する、付記2に記載のサーバ装置。
[付記4]
前記蓄積期間制御手段は、前記利用者の属性情報に基づいて、前記生体情報蓄積期間を設定する、付記1乃至3のいずれか一項に記載のサーバ装置。
[付記5]
前記蓄積期間制御手段は、前記利用者の年齢に応じて、前記生体情報蓄積期間を設定する頻度を決定する、付記4に記載のサーバ装置。
[付記6]
前記蓄積期間制御手段は、前記利用者の認証履歴に基づいて、前記生体情報蓄積期間の長さを決定する、付記5に記載のサーバ装置。
[付記7]
前記生体情報は、顔画像又は前記顔画像から生成された特徴量である、付記6に記載のサーバ装置。
[付記8]
サーバ装置において、
生体認証に用いられる、登録生体情報を記憶し、
利用者の生体情報を蓄積するための期間であって、所定の長さを有する生体情報蓄積期間を所定の頻度で設定し、
前記生体情報蓄積期間内に蓄積された、少なくとも1以上の生体情報を用いて前記登録生体情報を更新する、サーバ装置の制御方法。
[付記9]
サーバ装置に搭載されたコンピュータに、
生体認証に用いられる、登録生体情報を記憶する処理と、
利用者の生体情報を蓄積するための期間であって、所定の長さを有する生体情報蓄積期間を所定の頻度で設定する処理と、
前記生体情報蓄積期間内に蓄積された、少なくとも1以上の生体情報を用いて前記登録生体情報を更新する処理と、
を実行させるためのプログラムを記憶する、コンピュータ読取可能な記憶媒体。 A part or all of the above-described embodiments can be described as, but is not limited to, the following supplementary notes.
[Appendix 1]
A storage means for storing registered biometric information used for biometric authentication;
an accumulation period control means for setting a biometric information accumulation period having a predetermined length at a predetermined frequency, the biometric information being a period for accumulating biometric information of a user;
an update control means for updating the registered biometric information by using at least one piece of biometric information stored during the biometric information storage period;
A server device comprising:
[Appendix 2]
an authentication control means for receiving an authentication request including biometric information of a person to be authenticated from an authentication terminal, and performing authentication processing using the biometric information included in the authentication request and the stored registered biometric information;
The server device according to claim 1, wherein the authentication control means accumulates biometric information determined to be successful in authentication within the biometric information accumulation period, and discards biometric information determined to be successful in authentication outside the biometric information accumulation period.
[Appendix 3]
The update control means calculates a score indicating the suitability of the biometric information for biometric authentication purposes for each of at least one or more pieces of biometric information accumulated during the biometric information accumulation period, and selects the biometric information to be used for updating the registered biometric information based on the calculated score.
[Appendix 4]
The server device according to any one of claims 1 to 3, wherein the accumulation period control means sets the biometric information accumulation period based on attribute information of the user.
[Appendix 5]
The server device according to claim 4, wherein the accumulation period control means determines a frequency for setting the biometric information accumulation period in accordance with an age of the user.
[Appendix 6]
The server device according to claim 5, wherein the storage period control means determines the length of the biometric information storage period based on an authentication history of the user.
[Appendix 7]
The server device according to claim 6, wherein the biometric information is a face image or a feature generated from the face image.
[Appendix 8]
In the server device,
Store registered biometric information used for biometric authentication;
Setting a biometric information storage period having a predetermined length at a predetermined frequency, the biometric information storage period being a period for storing the biometric information of the user;
A method for controlling a server device, the method comprising: updating the registered biometric information by using at least one piece of biometric information stored during the biometric information storage period.
[Appendix 9]
A computer installed in the server device
A process of storing registered biometric information used for biometric authentication;
A process of setting a biometric information storage period having a predetermined length at a predetermined frequency, the biometric information storage period being a period for storing biometric information of a user;
updating the registered biometric information using at least one piece of biometric information accumulated during the biometric information accumulation period;
A computer-readable storage medium that stores a program for executing the above.
[付記1]
生体認証に用いられる、登録生体情報を記憶する、記憶手段と、
利用者の生体情報を蓄積するための期間であって、所定の長さを有する生体情報蓄積期間を所定の頻度で設定する、蓄積期間制御手段と、
前記生体情報蓄積期間内に蓄積された、少なくとも1以上の生体情報を用いて前記登録生体情報を更新する、更新制御手段と、
を備える、サーバ装置。
[付記2]
認証端末から被認証者の生体情報を含む認証要求を受信し、前記認証要求に含まれる生体情報と前記記憶された登録生体情報を用いた認証処理を実行する、認証制御手段をさらに備え、
前記認証制御手段は、前記生体情報蓄積期間内に認証成功と判定された生体情報を蓄積し、前記生体情報蓄積期間外に認証成功と判定された生体情報を破棄する、付記1に記載のサーバ装置。
[付記3]
前記更新制御手段は、前記生体情報蓄積期間内に蓄積された少なくとも1以上の生体情報それぞれについて、生体認証用途の生体情報としての適切度を示すスコアを算出し、前記算出されたスコアに基づいて前記登録生体情報の更新に使用する生体情報を選択する、付記2に記載のサーバ装置。
[付記4]
前記蓄積期間制御手段は、前記利用者の属性情報に基づいて、前記生体情報蓄積期間を設定する、付記1乃至3のいずれか一項に記載のサーバ装置。
[付記5]
前記蓄積期間制御手段は、前記利用者の年齢に応じて、前記生体情報蓄積期間を設定する頻度を決定する、付記4に記載のサーバ装置。
[付記6]
前記蓄積期間制御手段は、前記利用者の認証履歴に基づいて、前記生体情報蓄積期間の長さを決定する、付記5に記載のサーバ装置。
[付記7]
前記生体情報は、顔画像又は前記顔画像から生成された特徴量である、付記6に記載のサーバ装置。
[付記8]
サーバ装置において、
生体認証に用いられる、登録生体情報を記憶し、
利用者の生体情報を蓄積するための期間であって、所定の長さを有する生体情報蓄積期間を所定の頻度で設定し、
前記生体情報蓄積期間内に蓄積された、少なくとも1以上の生体情報を用いて前記登録生体情報を更新する、サーバ装置の制御方法。
[付記9]
サーバ装置に搭載されたコンピュータに、
生体認証に用いられる、登録生体情報を記憶する処理と、
利用者の生体情報を蓄積するための期間であって、所定の長さを有する生体情報蓄積期間を所定の頻度で設定する処理と、
前記生体情報蓄積期間内に蓄積された、少なくとも1以上の生体情報を用いて前記登録生体情報を更新する処理と、
を実行させるためのプログラムを記憶する、コンピュータ読取可能な記憶媒体。 A part or all of the above-described embodiments can be described as, but is not limited to, the following supplementary notes.
[Appendix 1]
A storage means for storing registered biometric information used for biometric authentication;
an accumulation period control means for setting a biometric information accumulation period having a predetermined length at a predetermined frequency, the biometric information being a period for accumulating biometric information of a user;
an update control means for updating the registered biometric information by using at least one piece of biometric information stored during the biometric information storage period;
A server device comprising:
[Appendix 2]
an authentication control means for receiving an authentication request including biometric information of a person to be authenticated from an authentication terminal, and performing authentication processing using the biometric information included in the authentication request and the stored registered biometric information;
The server device according to claim 1, wherein the authentication control means accumulates biometric information determined to be successful in authentication within the biometric information accumulation period, and discards biometric information determined to be successful in authentication outside the biometric information accumulation period.
[Appendix 3]
The update control means calculates a score indicating the suitability of the biometric information for biometric authentication purposes for each of at least one or more pieces of biometric information accumulated during the biometric information accumulation period, and selects the biometric information to be used for updating the registered biometric information based on the calculated score.
[Appendix 4]
The server device according to any one of claims 1 to 3, wherein the accumulation period control means sets the biometric information accumulation period based on attribute information of the user.
[Appendix 5]
The server device according to claim 4, wherein the accumulation period control means determines a frequency for setting the biometric information accumulation period in accordance with an age of the user.
[Appendix 6]
The server device according to claim 5, wherein the storage period control means determines the length of the biometric information storage period based on an authentication history of the user.
[Appendix 7]
The server device according to claim 6, wherein the biometric information is a face image or a feature generated from the face image.
[Appendix 8]
In the server device,
Store registered biometric information used for biometric authentication;
Setting a biometric information storage period having a predetermined length at a predetermined frequency, the biometric information storage period being a period for storing the biometric information of the user;
A method for controlling a server device, the method comprising: updating the registered biometric information by using at least one piece of biometric information stored during the biometric information storage period.
[Appendix 9]
A computer installed in the server device
A process of storing registered biometric information used for biometric authentication;
A process of setting a biometric information storage period having a predetermined length at a predetermined frequency, the biometric information storage period being a period for storing biometric information of a user;
updating the registered biometric information using at least one piece of biometric information accumulated during the biometric information accumulation period;
A computer-readable storage medium that stores a program for executing the above.
なお、引用した上記の先行技術文献の各開示は、本書に引用をもって繰り込むものとする。以上、本発明の実施形態を説明したが、本発明はこれらの実施形態に限定されるものではない。これらの実施形態は例示にすぎないということ、及び、本発明のスコープ及び精神から逸脱することなく様々な変形が可能であるということは、当業者に理解されるであろう。即ち、本発明は、請求の範囲を含む全開示、技術的思想にしたがって当業者であればなし得る各種変形、修正を含むことは勿論である。
The disclosures of the above cited prior art documents are incorporated herein by reference. Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments. Those skilled in the art will understand that these embodiments are merely illustrative and that various modifications are possible without departing from the scope and spirit of the present invention. In other words, the present invention naturally includes various modifications and amendments that a person skilled in the art can make in accordance with the entire disclosure, including the scope of the claims, and the technical ideas.
10 サーバ装置
20 認証端末
30 端末
100 サーバ装置
101 記憶手段
102 蓄積期間制御手段
103 更新制御手段
201 通信制御部
202 利用者管理部
203 蓄積期間制御部
204 認証制御部
205 更新制御部
206 記憶部
301 通信制御部
302 生体情報取得部
303 認証要求部
304 記憶部
311 プロセッサ
312 メモリ
313 入出力インターフェイス
314 通信インターフェイス 10Server device 20 Authentication terminal 30 Terminal 100 Server device 101 Storage means 102 Accumulation period control means 103 Update control means 201 Communication control unit 202 User management unit 203 Accumulation period control unit 204 Authentication control unit 205 Update control unit 206 Storage unit 301 Communication control unit 302 Biometric information acquisition unit 303 Authentication request unit 304 Storage unit 311 Processor 312 Memory 313 Input/output interface 314 Communication interface
20 認証端末
30 端末
100 サーバ装置
101 記憶手段
102 蓄積期間制御手段
103 更新制御手段
201 通信制御部
202 利用者管理部
203 蓄積期間制御部
204 認証制御部
205 更新制御部
206 記憶部
301 通信制御部
302 生体情報取得部
303 認証要求部
304 記憶部
311 プロセッサ
312 メモリ
313 入出力インターフェイス
314 通信インターフェイス 10
Claims (9)
- 生体認証に用いられる、登録生体情報を記憶する、記憶手段と、
利用者の生体情報を蓄積するための期間であって、所定の長さを有する生体情報蓄積期間を所定の頻度で設定する、蓄積期間制御手段と、
前記生体情報蓄積期間内に蓄積された、少なくとも1以上の生体情報を用いて前記登録生体情報を更新する、更新制御手段と、
を備える、サーバ装置。 A storage means for storing registered biometric information used for biometric authentication;
an accumulation period control means for setting a biometric information accumulation period having a predetermined length at a predetermined frequency, the biometric information being a period for accumulating biometric information of a user;
an update control means for updating the registered biometric information by using at least one piece of biometric information stored during the biometric information storage period;
A server device comprising: - 認証端末から被認証者の生体情報を含む認証要求を受信し、前記認証要求に含まれる生体情報と前記記憶された登録生体情報を用いた認証処理を実行する、認証制御手段をさらに備え、
前記認証制御手段は、前記生体情報蓄積期間内に認証成功と判定された生体情報を蓄積し、前記生体情報蓄積期間外に認証成功と判定された生体情報を破棄する、請求項1に記載のサーバ装置。 an authentication control means for receiving an authentication request including biometric information of a person to be authenticated from an authentication terminal, and performing authentication processing using the biometric information included in the authentication request and the stored registered biometric information;
2. The server device according to claim 1, wherein the authentication control means accumulates biometric information determined to be successfully authenticated within the biometric information accumulation period, and discards biometric information determined to be successfully authenticated outside the biometric information accumulation period. - 前記更新制御手段は、前記生体情報蓄積期間内に蓄積された少なくとも1以上の生体情報それぞれについて、生体認証用途の生体情報としての適切度を示すスコアを算出し、前記算出されたスコアに基づいて前記登録生体情報の更新に使用する生体情報を選択する、請求項2に記載のサーバ装置。 The server device according to claim 2, wherein the update control means calculates a score indicating the suitability of each piece of biometric information for biometric authentication purposes for at least one piece of biometric information accumulated during the biometric information accumulation period, and selects the biometric information to be used to update the registered biometric information based on the calculated score.
- 前記蓄積期間制御手段は、前記利用者の属性情報に基づいて、前記生体情報蓄積期間を設定する、請求項1乃至3のいずれか一項に記載のサーバ装置。 The server device according to any one of claims 1 to 3, wherein the accumulation period control means sets the biometric information accumulation period based on attribute information of the user.
- 前記蓄積期間制御手段は、前記利用者の年齢に応じて、前記生体情報蓄積期間を設定する頻度を決定する、請求項4に記載のサーバ装置。 The server device according to claim 4, wherein the accumulation period control means determines the frequency at which the biometric information accumulation period is set according to the age of the user.
- 前記蓄積期間制御手段は、前記利用者の認証履歴に基づいて、前記生体情報蓄積期間の長さを決定する、請求項5に記載のサーバ装置。 The server device according to claim 5, wherein the storage period control means determines the length of the biometric information storage period based on the authentication history of the user.
- 前記生体情報は、顔画像又は前記顔画像から生成された特徴量である、請求項6に記載のサーバ装置。 The server device according to claim 6, wherein the biometric information is a face image or a feature amount generated from the face image.
- サーバ装置において、
生体認証に用いられる、登録生体情報を記憶し、
利用者の生体情報を蓄積するための期間であって、所定の長さを有する生体情報蓄積期間を所定の頻度で設定し、
前記生体情報蓄積期間内に蓄積された、少なくとも1以上の生体情報を用いて前記登録生体情報を更新する、サーバ装置の制御方法。 In the server device,
Store registered biometric information used for biometric authentication;
Setting a biometric information storage period having a predetermined length at a predetermined frequency, the biometric information storage period being a period for storing the biometric information of the user;
A method for controlling a server device, the method comprising: updating the registered biometric information by using at least one piece of biometric information stored during the biometric information storage period. - サーバ装置に搭載されたコンピュータに、
生体認証に用いられる、登録生体情報を記憶する処理と、
利用者の生体情報を蓄積するための期間であって、所定の長さを有する生体情報蓄積期間を所定の頻度で設定する処理と、
前記生体情報蓄積期間内に蓄積された、少なくとも1以上の生体情報を用いて前記登録生体情報を更新する処理と、
を実行させるためのプログラムを記憶する、コンピュータ読取可能な記憶媒体。 A computer installed in the server device
A process of storing registered biometric information used for biometric authentication;
A process of setting a biometric information storage period having a predetermined length at a predetermined frequency, the biometric information storage period being a period for storing biometric information of a user;
updating the registered biometric information using at least one piece of biometric information accumulated during the biometric information accumulation period;
A computer-readable storage medium that stores a program for executing the above.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/JP2023/003346 WO2024161580A1 (en) | 2023-02-02 | 2023-02-02 | Server device, server device control method, and recording medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/JP2023/003346 WO2024161580A1 (en) | 2023-02-02 | 2023-02-02 | Server device, server device control method, and recording medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2024161580A1 true WO2024161580A1 (en) | 2024-08-08 |
Family
ID=92145943
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/JP2023/003346 WO2024161580A1 (en) | 2023-02-02 | 2023-02-02 | Server device, server device control method, and recording medium |
Country Status (1)
| Country | Link |
|---|---|
| WO (1) | WO2024161580A1 (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008083921A (en) * | 2006-09-27 | 2008-04-10 | Secom Co Ltd | Personal verification device |
| JP2014526094A (en) * | 2011-07-15 | 2014-10-02 | イリテック インコーポレイテッド | Authentication method and apparatus mounting apparatus using disposable password containing biometric image information |
| JP7188660B1 (en) * | 2022-06-23 | 2022-12-13 | 日本電気株式会社 | System, Control Server, Control Server Control Method, Method, and Program |
-
2023
- 2023-02-02 WO PCT/JP2023/003346 patent/WO2024161580A1/en unknown
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008083921A (en) * | 2006-09-27 | 2008-04-10 | Secom Co Ltd | Personal verification device |
| JP2014526094A (en) * | 2011-07-15 | 2014-10-02 | イリテック インコーポレイテッド | Authentication method and apparatus mounting apparatus using disposable password containing biometric image information |
| JP7188660B1 (en) * | 2022-06-23 | 2022-12-13 | 日本電気株式会社 | System, Control Server, Control Server Control Method, Method, and Program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12073482B2 (en) | Selective biometric access control | |
| US8769286B2 (en) | Methods and systems for increasing the security of electronic messages | |
| US11113510B1 (en) | Virtual templates for facial recognition | |
| US10037419B2 (en) | System, method, and apparatus for personal identification | |
| JP7364057B2 (en) | Information processing device, system, face image update method and program | |
| US11935327B1 (en) | On the fly enrollment for facial recognition | |
| US11551121B2 (en) | Methods and systems for privacy preserving inference generation in a distributed computing environment | |
| JP2019159985A (en) | Biometric authentication system, biometric authentication device, automatic ticket examination device, biometric authentication method, and program | |
| US11531737B1 (en) | Biometric identity disambiguation | |
| JP7188660B1 (en) | System, Control Server, Control Server Control Method, Method, and Program | |
| WO2024161580A1 (en) | Server device, server device control method, and recording medium | |
| WO2022024281A1 (en) | Authentication server, authentication system, authentication request processing method, and storage medium | |
| US20210105263A1 (en) | Information processing system, information processing apparatus, and non-transitory computer readable medium | |
| JP5901824B1 (en) | Face authentication system and face authentication program | |
| JP2024028612A (en) | Management server, information provision method and computer program | |
| WO2021255821A1 (en) | Authentication server, facial image update recommendation method and storage medium | |
| US20230316160A1 (en) | Server, system, server control method, and non-transitory computer readable medium | |
| JP7589829B2 (en) | System, authentication terminal, and method and program for controlling authentication terminal | |
| US11776303B2 (en) | Biometric gallery management using wireless identifiers | |
| US11093592B2 (en) | Information processing system, information processing device, authentication method and recording medium | |
| WO2024157450A1 (en) | System, server device, method for controlling server device, and storage medium | |
| US20240338431A1 (en) | Biometric gallery management at crowded venues | |
| JP2020013288A (en) | Authentication program, authentication method and authentication device | |
| JP7243951B1 (en) | SYSTEM, SERVER DEVICE, CONTROL METHOD AND PROGRAM FOR SERVER DEVICE | |
| WO2024079826A1 (en) | Server device, system, method for controlling server device, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 23919718 Country of ref document: EP Kind code of ref document: A1 |