JP2021131855A - Authentification system and information processing method - Google Patents

Abstract

To provide an authentication system and an information processing method capable of improving convenience by using data of a registered face image by an authentication engine for performing authentication other than face authentication.SOLUTION: An authentication system 10 for performing the user authentication using information received from a user terminal 20 includes: information acquisition means 17 for receiving the user face image data from the user terminal 20 at the time of user registration, extracting the feature quantity of a user face image based on the received user face image data and storing the information on the feature quantity of the extracted user face image as the user identification information in a memory 16; and linking means 19 which links the user identification information used in an authentication engine of a service organization performing authentication other than face authentication with the user identification information on the feature quantity of the user face image stored in the memory 16.SELECTED DRAWING: Figure 1

Description

The present invention relates to an authentication system and an information processing method.

Conventionally, as an authentication system that authenticates based on face data, an authentication system that collates input input face data with pre-registered registered face data to perform personal authentication is known (for example, Patent Documents). See 1 and 2).

In the authentication system described in Patent Document 1, the target person is authenticated using the image of the face portion in the captured image captured by the camera. Further, in the authentication system described in Patent Document 2, for example, when four face images are registered, two are used as a face pattern for guaranteeing accuracy, one is used as a face pattern for absorbing disturbance components, and one is used. It is a face pattern for the update target. Then, when newly registering the face pattern, among the four face patterns registered in advance, the face pattern for the update target having the second lowest degree of similarity to the newly registered face pattern is deleted. That is, by leaving the face pattern for absorbing disturbance components having the lowest degree of similarity to the newly registered face pattern, face recognition is performed in accordance with the variation in the environment.

JP-A-2019-197426 Japanese Unexamined Patent Publication No. 2006-72540

The authentication system disclosed in Patent Documents 1 and 2 has a problem that it is inconvenient because the registered face image data cannot be used in an authentication engine that performs authentication other than face authentication.

The present invention has been made in consideration of such a point, and authentication that can improve convenience by using the registered face image data in an authentication engine that performs authentication other than face authentication. The purpose is to provide a system and an information processing method.

The authentication system of the present invention is an authentication system that authenticates a user using information received from a user terminal. At the time of user registration, the user's face image data is received from the user terminal and used as the received user's face image data. Based on this, the feature amount of the user's face image is extracted, and the information acquisition means for storing the information related to the extracted feature amount of the user's face image in the memory, and the user received from the imaging unit of the service organization at the time of user authentication. Compare the feature amount of the user's face image extracted from the face image data of the user or the feature amount of the user's face image received from the image pickup unit of the service institution with the feature amount of the user's face image stored in the memory. The user related to the authentication means for authenticating the user, the user identification information used in the authentication engine of the service organization that performs authentication other than face authentication, and the feature amount of the user's face image stored in the memory. It is characterized in that it is provided with a linking means for linking the identification information of the above.

The authentication system of the present invention is an authentication system that authenticates a user using information received from a user terminal. At the time of user registration, the user's face image data is received from the user terminal and used as the received user's face image data. Based on the information acquisition means that extracts the feature amount of the user's face image and stores the information related to the extracted feature amount of the user's face image in the memory, and the image pickup unit of each service organization based on the user's face image. In order to perform authentication, a transmission means for transmitting information related to the feature amount of the user's face image stored in the memory to the imaging unit of each service institution, and authentication of a service institution that performs authentication other than face authentication. It is characterized in that it is provided with a linking means for linking the user identification information used in the engine and the user identification information related to the feature amount of the user's face image stored in the memory.

The authentication system of the present invention is an authentication system that authenticates a user using information received from a user terminal. At the time of user registration, the user's face image data is received from the user terminal and used as the received user's face image data. Based on this, the feature amount of the user's face image is extracted, and the information acquisition means for storing the information related to the extracted feature amount of the user's face image in the memory, and the user received from the imaging unit of the service organization at the time of user authentication. Compare the feature amount of the user's face image extracted from the face image data of the user or the feature amount of the user's face image received from the image pickup unit of the service institution with the feature amount of the user's face image stored in the memory. An authentication means for authenticating the user is provided, and when the user is authenticated by the authentication means, the feature amount of the user's face image and an element other than the feature amount of the user's face image are used. It is characterized by performing two-factor authentication by.

The authentication system of the present invention is an authentication system that authenticates a user using information received from a user terminal. At the time of user registration, the user's face image data is received from the user terminal, and the received user's face image data is received. User authentication is performed by comparing the information acquisition means stored in the memory with the user's face image data received from the imaging unit of the service organization at the time of user authentication and the user's face image data stored in the memory. Linking the authentication means to be performed, the user identification information used in the authentication engine of the service organization that performs authentication other than face authentication, and the user identification information related to the user's face image data stored in the memory. It is characterized by having means and.

The authentication system of the present invention is an authentication system that authenticates a user using information received from a user terminal. At the time of user registration, the user's face image data is received from the user terminal, and the received user's face image data is received. In order to perform authentication based on the user's face image in the information acquisition means stored in the memory and the image pickup unit of each service institution, the user's face image data stored in the memory is sent to the image pickup unit of each service institution. A string that links the transmission means to be transmitted, the user identification information used in the authentication engine of the service organization that performs authentication other than face authentication, and the user identification information related to the user's face image data stored in the memory. It is characterized by having a means of attaching.

The information processing method of the present invention is an information processing method by an authentication system that authenticates a user using information received from a user terminal, and is a user who receives and receives face image data of the user from the user terminal at the time of user registration. The process of extracting the feature amount of this user's face image based on the face image data of the user and storing the information related to the extracted feature amount of the user's face image in the memory, and at the time of user authentication, from the imaging unit of the service organization. The feature amount of the user's face image extracted from the received user's face image data or the feature amount of the user's face image received from the image pickup unit of the service institution, and the feature amount of the user's face image stored in the memory. The process of authenticating the user by comparing with, the identification information of the user used in the authentication engine of the service organization that performs authentication other than face authentication, and the feature amount of the user's face image stored in the memory. It is characterized by including a step of associating the identification information of the user.

The information processing method of the present invention is an information processing method by an authentication system that authenticates a user using information received from a user terminal, and is a user who receives and receives face image data of the user from the user terminal at the time of user registration. The process of extracting the feature amount of the user's face image based on the face image data of the user and storing the information related to the extracted feature amount of the user's face image in the memory, and the user's face in the imaging unit of each service institution. In order to perform image-based authentication, a process of transmitting information related to the feature amount of the user's face image stored in the memory to the imaging unit of each service institution, and a service institution that performs authentication other than face authentication. It is characterized by including a step of associating the user identification information used in the authentication engine of the above with the user identification information related to the feature amount of the user's face image stored in the memory.

The information processing method of the present invention is an information processing method by an authentication system that authenticates a user using information received from a user terminal, and is a user who receives and receives face image data of the user from the user terminal at the time of user registration. The process of extracting the feature amount of this user's face image based on the face image data of the user and storing the information related to the extracted feature amount of the user's face image in the memory, and at the time of user authentication, from the imaging unit of the service organization. The feature amount of the user's face image extracted from the received user's face image data or the feature amount of the user's face image received from the image pickup unit of the service institution, and the feature amount of the user's face image stored in the memory. A step of authenticating the user by comparing with and is provided, and when the user is authenticated by the authentication means, the feature amount of the user's face image and an element other than the feature amount of the user's face image are obtained. It is characterized by performing two-factor authentication by using it.

The information processing method of the present invention is an information processing method by an authentication system that authenticates a user using information received from a user terminal, and is a user who receives and receives face image data of the user from the user terminal at the time of user registration. The user's face image data is stored in the memory, and the user's face image data received from the imaging unit of the service organization at the time of user authentication is compared with the user's face image data stored in the memory. The process of performing authentication, the user identification information used in the authentication engine of the service organization that performs authentication other than face authentication, and the user identification information related to the user's face image data stored in the memory are linked. It is characterized by having a process.

The information processing method of the present invention is an information processing method by an authentication system that authenticates a user using information received from a user terminal, and is a user who receives and receives face image data of the user from the user terminal at the time of user registration. In order to perform the process of storing the face image data of the user in the memory and the authentication based on the user's face image in the imaging unit of each service institution, the user's face image data stored in the memory is stored in the memory of each service institution. The process of transmitting to the imaging unit, the user identification information used in the authentication engine of the service organization that performs authentication other than face authentication, and the user identification information related to the user's face image data stored in the memory are linked. It is characterized by having a process of attaching.

According to the authentication system and the information processing method of the present invention, convenience can be improved by using the registered face image data in an authentication engine that performs authentication other than face authentication.

It is a figure which shows typically an example of the authentication system by embodiment of this invention, and the image pickup unit arranged in each service organization. It is a flowchart which shows the processing content which is executed when the face image of a user is registered by the authentication system shown in FIG. It is a flowchart which shows an example of the processing content which is executed when the user is authenticated by the authentication system and the image pickup unit shown in FIG. It is a figure which shows typically the other example of the authentication system by embodiment of this invention, and the image pickup unit arranged in each service organization. It is a flowchart which shows the processing content which is executed when the face image of a user is registered by the authentication system shown in FIG. It is a flowchart which shows an example of the processing content which is executed when the user is authenticated by the authentication system and the image pickup unit shown in FIG. It is a figure which shows the other example of the authentication system by embodiment of this invention and the image pickup unit arranged in each service organization schematicly. It is a flowchart which shows the processing content which is executed when the face image of a user is registered by the authentication system shown in FIG. 7. It is a flowchart which shows an example of the processing content which is executed when the user is authenticated by the authentication system and the image pickup unit shown in FIG. 7. It is a figure which shows the initial screen displayed on a user terminal. It is a figure which shows the registration screen displayed on the user terminal. It is a figure which shows the registration screen displayed on the user terminal. It is a figure which shows the service addition screen displayed on the user terminal. It is a figure which shows the screen of the authentication history displayed on the user terminal. It is a figure which shows the detailed screen of the authentication history displayed on a user terminal. It is a figure which shows the other example of the authentication system by embodiment of this invention and the image pickup unit arranged in each company schematicly. It is a figure which shows the other example of the authentication system by embodiment of this invention and the image pickup unit arranged in each company schematicly.

Hereinafter, embodiments of the present invention will be described with reference to the drawings. 1 to 15 are diagrams showing an authentication system according to the present embodiment and an imaging unit arranged in each service organization.

As shown in FIG. 1, image pickup units 30A, 30B, and 30C for authenticating users are arranged in each service organization such as a restaurant, a hotel, a transportation facility, an office building, a housing complex, and a convenience store. Although three imaging units 30A, 30B, and 30C are shown in FIG. 1, two or four or more imaging units may be used. Further, an authentication system 10 installed in a company different from each service organization is connected to each of the imaging units 30A, 30B, and 30C so as to be able to communicate with each other via a network such as an Internet line. Further, the user terminal 20 such as a smartphone owned by the user is communicably connected to the authentication system 10 and the imaging units 30A, 30B, and 30C via a network such as an Internet line. The details of the authentication system 10 and the imaging units 30A, 30B, and 30C will be described below.

The authentication system 10 is composed of, for example, a computer or the like, and the authentication system 10 includes a processor 12 such as a CPU, a memory 16, and a communication unit 18. The processor 12 is extracted by the feature amount extraction means 14 that extracts the feature amount of the user's face image corresponding to each of the imaging units 30A, 30B, and 30C as a hash value based on the face image data received from the user terminal 20. It has a registration means 13 for registering a feature amount of a user's face image. Then, the processor 12 extracts the feature amount of the user's face image corresponding to each of the imaging units 30A, 30B, and 30C as a hash value by the feature amount extracting means 14 by executing the program stored in the memory 16. It has become like. Specifically, the feature amount extracting means 14 extracts a hash value obtained by a predetermined hash function from the received user's face image data as a feature amount of the user's face image. Even if the user's face image data is the same, the feature amount of the user's face image may differ depending on the type of the imaging units 30A, 30B, and 30C. This is because different service organizations such as business companies have different specifications of the imaging units 30A, 30B, and 30C used in these service organizations. Therefore, the feature amount extracting means 14 extracts the feature amount of the user's face image for each of the imaging units 30A, 30B, and 30C. That is, the feature amounts of the face images of a plurality of users corresponding to the imaging units 30A, 30B, and 30C are extracted from one face image data. Further, the processor 12 executes a program stored in the memory 16 to execute a feature amount (specifically, specifically) of the user's face image for each of the imaging units 30A, 30B, and 30C extracted by the feature amount extracting means 14. , Hash value) is stored in the memory 16 in association with the user's identification information and the identification information of the imaging units 30A, 30B, and 30C by the registration means 13. The program executed by the processor 12 is not limited to the one stored in the memory 16. When the processor 12 executes a program transmitted from the external device to the authentication system 10 or a program stored in a recording medium detachably attached to the authentication system 10, the feature amount extraction means 14 and the registration means 13 Processing may be performed in each. Further, in the present embodiment, the information acquisition means 17 is configured by the feature amount extraction means 14 and the registration means 13. The information acquisition means 17 receives the user's face image data at the time of user registration, extracts the feature amount of the user's face image based on the received user's face image data, and extracts the feature amount of the user's face image. The information related to the above is stored in the memory 16 as user identification information.

As described above, in the memory 16, the feature amount (specifically, the hash value) of the user's face image extracted by the feature amount extracting means 14 is the user's identification information and the image pickup units 30A, 30B, 30C. It is designed to be associated with and stored in the identification information. As described above, the feature amount of the user's face image extracted by the feature amount extracting means 14 may differ depending on the types of the imaging units 30A, 30B, and 30C. Therefore, the feature amount extracting means 14 extracts the feature amount of the user's face image for each of the imaging units 30A, 30B, and 30C. As a result, it is necessary to store the feature amount of the user's face image extracted by the feature amount extracting means 14 in the memory 16 in association with each of the imaging units 30A, 30B, and 30C. Further, the memory 16 stores the user's identification information in association with the service institution selected by the user. Further, as described above, the memory 16 stores a program for causing the processor 12 to perform various processes. Further, the processor 12 transmits and receives signals to and from the imaging units 30A, 30B, 30C or the user terminal 20 arranged in each service organization via a network such as an Internet line by the communication unit 18.

Each of the image pickup units 30A, 30B, 30C arranged in each service organization is composed of, for example, a computer or the like, and each of the image pickup units 30A, 30B, 30C includes processors 32A, 32B, 32C such as a CPU and memory 36A, respectively. It has 36B, 36C, imaging units 38A, 38B, 38C, processing units 40A, 40B, 40C, and communication units 42A, 42B, 42C. The processors 32A, 32B, 32C and the feature amount extraction means 34A, 34B, 34C that extract the feature amount of the user's face image as a hash value based on the user's face image data imaged by the imaging units 38A, 38B, 38C. , 35A, 35B, 35C and the authentication means. Then, the processors 32A, 32B, 32C extract the feature amount of the user's face image as a hash value by the feature amount extracting means 34A, 34B, 34C by executing the program stored in the memories 36A, 36B, 36C. It is designed to do. Specifically, the feature amount extraction means 34A, 34B, 34C extracts a hash value obtained from the received user's face image data by a predetermined hash function as a feature amount of the user's face image. Further, the processors 32A, 32B, 32C authenticate the user in the authentication means 35A, 35B, 35C by executing the program stored in the memories 36A, 36B, 36C. Details of such processing contents will be described later. The programs executed by the processors 32A, 32B, 32C are not limited to those stored in the memories 36A, 36B, 36C. The processors 32A, 32B, 32C execute a program transmitted from an external device to the imaging units 30A, 30B, 30C and a program stored in a recording medium detachably attached to the imaging units 30A, 30B, 30C. Therefore, various processes may be performed in each of the feature amount extraction means 34A, 34B, 34C and the authentication means 35A, 35B, 35C. Further, the imaging units 30A, 30B, and 30C are not limited to those corresponding to one service organization, respectively. For example, the image pickup unit 30A may correspond to a plurality of service institutions.

Further, the memories 36A, 36B, and 36C are adapted to store the user's identification information registered in advance in association with the feature amount of the face image of the user. Further, as described above, the memories 36A, 36B, 36C are adapted to store programs for performing various processes in the processors 32A, 32B, 32C. Further, the imaging units 38A, 38B, and 38C have, for example, a camera, and acquire the face image data of the user by imaging the user.

In addition, the processing units 40A, 40B, and 40C are adapted to perform various processes on the authenticated user. For example, when the imaging units 30A, 30B, and 30C are arranged in an office building, an apartment building, or the like, the processing units 40A, 40B, 40C may use these office buildings or the processing units 40B, 40C when the user is authenticated. Doors placed at the entrances and exits of apartment buildings will be unlocked. Further, when the imaging units 30A, 30B, and 30C are arranged in restaurants, hotels, transportation facilities, convenience stores, etc., cashless payment is possible when paying charges at these service institutions. .. In this case, the payment information is transmitted from the imaging units 30A, 30B, and 30C to the server of the financial institution or credit card company, so that the payment amount is automatically deducted from the user's bank account or the credit card usage statement. Will be added to. Further, the processors 32A, 32B, and 32C are configured to transmit and receive signals to and from the authentication system 10 or the user terminal 20 via a network such as an Internet line by the communication units 42A, 42B, and 42C.

Further, in each of the imaging units 30A, 30B, 30C, the user's face image is imaged by the imaging units 38A, 38B, 38C, and the feature amount of the user's face image is registered in each of the imaging units 30A, 30B, 30C. You can do it. Specifically, when the feature amount of the user's face image is registered in each of the imaging units 30A, 30B, 30C, when the user's face image is imaged by the imaging units 38A, 38B, 38C, the processors 32A, 32B, The 32C extracts the feature amount of the user's face image as a hash value by the feature amount extracting means 34A, 34B, 34C based on the user's face image data captured by the imaging units 38A, 38B, 38C. Then, the feature amount (specifically, the hash value) of the extracted user's face image is stored in the memories 36A, 36B, and 36C. In this way, the feature amount of the user's face image is registered in each of the imaging units 30A, 30B, and 30C.

The face recognition application can be installed on the user terminal 20 from an online store or the like. When such a face recognition application is installed, the user can register face image data, register a service institution that uses the service, and the like on the user terminal 20. The processing content of such a face recognition application will be described later. In addition, such a face recognition application may be provided by the authentication system 10, or may be provided by a system different from the authentication system 10.

In the present embodiment, the authentication system 10 and the imaging units 30A, 30B, and 30C arranged in each service organization are API-linked (application programming interface). As a result, the systems of the imaging units 30A, 30B, and 30C can be easily configured as compared with the systems of the imaging units 30A, 30B, and 30C that are independently configured.

Next, the processing contents when the user is authenticated by the authentication system 10 and the imaging units 30A, 30B, and 30C will be described with reference to FIGS. 2, 3, and 10 to 12.

First, a process in which the user registers the face image data in the authentication system 10 using the user terminal 20 will be described. First, the user installs the face recognition application on the user terminal 20. On the initial screen of such a face recognition application, the screen shown in FIG. 10 is displayed. The user first registers the user on the user terminal 20 with such a face recognition application. Specifically, when the account button is pressed on the screen shown in FIG. 10, the user registration screen as shown in FIG. 11 is displayed. On such a user registration screen, enter registration information such as name, date of birth, telephone number, e-mail address, password, etc., check the box to agree to the terms of use, and then press the registration button, as shown in FIG. It becomes an imaging screen of such a face image. When the user captures a face image with the user terminal 20 on such an imaging screen, various information input on the user registration screen and the user's face image data are transmitted from the user terminal 20 to the authentication system 10. In this way, the processor 12 of the authentication system 10 receives the face image data from the user terminal 20 (STEP 1). Further, the processor 12 of the authentication system 10 also receives the identification information of the user terminal 20 and the registration information such as the user's name, date of birth, telephone number, e-mail address, and password input to the user terminal 20 from the user terminal 20. .. Further, the processor 12 issues a user ID as user identification information, and stores the issued user ID in the memory 16.

Next, the processor 12 of the authentication system 10 uses the feature amount extracting means 14 as a hash value of the feature amount of the face image corresponding to each of the imaging units 30A, 30B, and 30C based on the face image data received from the user terminal 20. Extract (STEP2). At this time, the feature amount of the user's face image extracted by the feature amount extracting means 14 may differ depending on the types of the imaging units 30A, 30B, and 30C. Therefore, the feature amount extracting means 14 extracts the feature amount of the user's face image for each of the imaging units 30A, 30B, and 30C. Further, the feature amount extracting means 14 extracts only the feature amount of the user's face image corresponding to the imaging units 30A, 30B, and 30C of the service institution selected in advance by the user. For example, the service institution where the imaging unit 30A is installed allows the user to use the face image data, but the service institution where the imaging unit 30B is installed does not allow the user to use the face image data. In this case, the feature amount extracting means 14 extracts only the feature amount of the user's face image corresponding to the imaging unit 30A. As described above, the memory 16 stores the user's identification information in association with the service institution selected by the user. Then, the processor 12 displays the feature amounts of the facial images corresponding to the imaging units 30A, 30B, and 30C extracted by the feature amount extracting means 14 in the memory 16 of the authentication system 10 by the registration means 13 (user identification). Information) and the identification information of the imaging units 30A, 30B, and 30C are stored in association with the identification information (STEP3). In this way, the registration of the user's face image captured by the user terminal 20 is completed. Further, the information related to the feature amount of the user's face image stored in the memory 16 is transmitted from the authentication system 10 to the imaging units 30A, 30B, and 30C of the service organization selected by the user (STEP 4). At this time, the feature amount of the user's face image corresponding to the imaging units 30A, 30B, 30C is transmitted to the imaging units 30A, 30B, 30C. The imaging units 30A, 30B, and 30C store information related to the feature amount of the user's face image transmitted from the authentication system 10 in the memories 36A, 36B, and 36C in association with the user's identification information.

Next, the process of authenticating the user in each of the imaging units 30A, 30B, and 30C will be described. When user authentication is required at the service institution where each image pickup unit 30A, 30B, 30C is installed, first, the user is imaged by the image pickup units 38A, 38B, 38C of the image pickup units 30A, 30B, 30C. Acquires the user's face image data by (STEP 11). Further, in the imaging units 30A, 30B, 30C, the processors 32A, 32B, 32C extract the feature amount of the user's face image as a hash value by the feature amount extracting means 34A, 34B, 34C based on the acquired face image data. (STEP12). Then, the processors 32A, 32B, 32C are stored in the feature amounts (specifically, hash values) of the user's face image extracted by the feature amount extraction means 34A, 34B, 34C and the memories 36A, 36B, 36C. The user is authenticated by comparing the feature amount (specifically, the hash value) of the face image of the user. More specifically, the matching rate between the feature amount of the user's face image extracted by the feature amount extraction means 34A, 34B, 34C and the feature amount of the user's face image stored in the memories 36A, 36B, 36C When exceeds a predetermined threshold value (for example, 80%), the authentication means 35A, 35B, and 35C authenticate the user. As described above, the memories 36A, 36B, and 36C store the user's identification information registered in advance and the feature amount of the user's face image in association with each other.

Then, when the user is authenticated by the authentication means 35A, 35B, 35C (“YES” in STEP 14), the processors 32A, 32B, 32C are connected to the imaging units 30A, 30B, 30C by the processing units 40A, 40B, 40C. The corresponding service can be implemented (STEP 15). Specifically, as described above, when the imaging units 30A, 30B, 30C are arranged in an office building, an apartment building, or the like, the processing units 40A, 40B, 40C are authenticated by the user. In some cases, unlock the doors located at the entrances and exits of these office buildings and housing complexes. Further, when the imaging units 30A, 30B, and 30C are arranged in restaurants, hotels, transportation facilities, convenience stores, etc., cashless payment is possible when paying charges at these service institutions. .. When cashless payment is performed, two-factor authentication may be performed. After that, the processors 32A, 32B, 32C of the imaging units 30A, 30B, and 30C transmit information related to the service usage status to the authentication system 10 (STEP 17). As a result, in the authentication system 10, information relating to the service usage status of each service institution is stored in the memory 16 for each user.

On the other hand, the feature amount of the user's face image extracted by the feature amount extraction means 34A, 34B, 34C does not substantially match the feature amount of the user's face image stored in the memories 36A, 36B, 36C, and the authentication means. If the user cannot be authenticated by 35A, 35B, 35C (“NO” in STEP 14), the processors 32A, 32B, 32C are subjected to the image pickup units 30A, 30B, by the processing units 40A, 40B, 40C, respectively. The service corresponding to 30C cannot be implemented (STEP 16). Also in this case, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C are used to authenticate the information related to the service usage status (specifically, the user tries to authenticate with the imaging units 30A, 30B, and 30C. Information that the service could not be used without being used) is transmitted to the authentication system 10 (STEP 17).

According to such an authentication method, the feature amount of the user's face image is registered in the image pickup engine (for example, the image pickup unit 30A) of the service institution, but the image pickup engine of another service institution (for example, the image pickup unit 30B). ), The feature amount of this user's face image is identified in the memory 16 of the authentication system 10 and the memories 36A, 36B, 36C of the imaging units 30A, 30B, 30C. By storing the information in association with the information, even a service institution in which the feature amount of the user's face image is not registered can authenticate the user by capturing the user's face image by the imaging unit. In this case, since it is not necessary for the user to register the face image data in all of the plurality of imaging units, the user's trouble can be saved.

The authentication system 10 and the authentication method according to the present embodiment are not limited to those shown in FIGS. 1 to 3. Other examples of the authentication system 10 and the authentication method according to the present embodiment will be described with reference to FIGS. 4 to 6. The authentication system 10 and the imaging units 30A, 30B, and 30C shown in FIG. 4 will be described with the same reference numerals for the same components as the authentication system 10 and the imaging units 30A, 30B, and 30C shown in FIG. Is omitted.

As shown in FIG. 4, the processor 12 of the authentication system 10 uses the feature amount of the user's face image corresponding to each of the imaging units 30A, 30B, and 30C as a hash value based on the face image data received from the user terminal 20. The feature amount extraction means 14 to be extracted, the registration means 13 for registering the feature amount of the extracted user's face image, and the user's face image captured by the imaging units 38A to 38C of the imaging units 30A, 30B, and 30C. It has an authentication means 15 that authenticates a user based on a feature amount (specifically, a hash value). By executing the program stored in the memory 16, the processor 12 obtains the feature amount (specifically, the hash value) of the user's face image extracted by the feature amount extracting means 14 in the registration means 13 from the user. Is stored in the memory 16 in association with the identification information of the image pickup unit 30A, 30B, and 30C. Further, the processor 12 executes a program stored in the memory 16 to perform a feature amount of the user's face image captured by the imaging units 38A to 38C of the imaging units 30A, 30B, and 30C in the authentication means 15. (Specifically, the hash value) is compared with the feature amount (specifically, the hash value) of the user's face image corresponding to each of the imaging units 30A, 30B, and 30C stored in the memory 16. Therefore, the user is authenticated. The program executed by the processor 12 is not limited to the one stored in the memory 16. By executing the program transmitted from the external device to the authentication system 10 and the program stored in the recording medium detachably attached to the authentication system 10, the feature amount extraction means 14, the registration means 13, and the feature amount extraction means 14 and the registration means 13 are executed. Processing may be performed in each of the authentication means 15. Further, also in the present embodiment, the information acquisition means 17 is configured by the feature amount extraction means 14 and the registration means 13. The information acquisition means 17 receives the user's face image data at the time of user registration, extracts the feature amount of the user's face image based on the received user's face image data, and extracts the feature amount of the user's face image. The information related to the above is stored in the memory 16 as user identification information.

Each of the image pickup units 30A, 30B, 30C arranged in each service organization is composed of, for example, a computer or the like, and each of the image pickup units 30A, 30B, 30C includes processors 32A, 32B, 32C such as a CPU and memory 36A, respectively. It has 36B, 36C, imaging units 38A, 38B, 38C, processing units 40A, 40B, 40C, and communication units 42A, 42B, 42C. The processors 32A, 32B, 32C use feature amount extraction means 34A, 34B, 34C for extracting the feature amount of the user's face image as a hash value based on the user's face image data imaged by the imaging units 38A, 38B, 38C. Have. In the example shown in FIG. 4, the processors 32A, 32B, 32C do not have the authentication means 35A, 35B, 35C as shown in FIG. The processors 32A, 32B, 32C execute the program stored in the memories 36A, 36B, 36C so that the feature amount extracting means 34A, 34B, 34C extracts the feature amount of the user's face image as a hash value. It has become. Specifically, the feature amount extraction means 34A, 34B, 34C extracts a hash value obtained from the received user's face image data by a predetermined hash function as a feature amount of the user's face image. The programs executed by the processors 32A, 32B, 32C are not limited to those stored in the memories 36A, 36B, 36C. The processors 32A, 32B, 32C execute a program transmitted from an external device to the imaging units 30A, 30B, 30C and a program stored in a recording medium detachably attached to the imaging units 30A, 30B, 30C. Therefore, various treatments may be performed in the feature amount extraction means 34A, 34B, 34C. Further, in the example shown in FIG. 4, the features of the user's face image are not stored in the memories 36A, 36B, and 36C.

In the example shown in FIG. 4, the authentication system 10 and the imaging units 30A, 30B, and 30C arranged in each service organization are API-linked (application programming interface). As a result, the systems of the imaging units 30A, 30B, and 30C can be easily configured as compared with the systems of the imaging units 30A, 30B, and 30C that are independently configured.

Next, the processing contents when the user is authenticated by the authentication system 10 and the imaging units 30A, 30B, and 30C as shown in FIG. 4 will be described with reference to FIGS. 5 and 6.

First, a process in which the user registers the face image data in the authentication system 10 using the user terminal 20 will be described. Since the specific method for the user to capture the face image by the user terminal 20 has already been described, the specific method will be omitted here. When the user first registers the user with such a face authentication application on the user terminal 20, various information input on the user registration screen and the user's face image data are transmitted from the user terminal 20 to the authentication system 10. In this way, the processor 12 of the authentication system 10 receives the face image data from the user terminal 20 (STEP 21). Further, the processor 12 of the authentication system 10 also receives the identification information of the user terminal 20 and the registration information such as the user's name, date of birth, telephone number, e-mail address, and password input to the user terminal 20 from the user terminal 20. .. Further, the processor 12 issues a user ID as user identification information, and stores the issued user ID in the memory 16.

Next, the processor 12 of the authentication system 10 uses the feature amount extracting means 14 as a hash value of the feature amount of the face image corresponding to each of the imaging units 30A, 30B, and 30C based on the face image data received from the user terminal 20. Extract (STEP22). At this time, the feature amount of the user's face image extracted by the feature amount extracting means 14 may differ depending on the type of the imaging units 30A, 30B, 30C, and the feature amount extracting means 14 uses the imaging units 30A, 30B, 30B. The feature amount of the user's face image is extracted every 30C. Further, the feature amount extracting means 14 extracts only the feature amount of the user's face image corresponding to the imaging units 30A, 30B, and 30C of the service institution selected in advance by the user. Then, the processor 12 displays the feature amounts of the facial images corresponding to the imaging units 30A, 30B, and 30C extracted by the feature amount extracting means 14 in the memory 16 of the authentication system 10 by the registration means 13 (user identification). Information) and the identification information of the imaging units 30A, 30B, and 30C are stored in association with the identification information (STEP23). In this way, the registration of the user's face image captured by the user terminal 20 is completed. In the example shown in FIG. 4, the information related to the feature amount of the user's face image stored in the memory 16 is not transmitted from the authentication system 10 to the imaging units 30A, 30B, and 30C of the service organization selected by the user. ..

Next, the process of authenticating the user in each of the imaging units 30A, 30B, and 30C will be described. When user authentication is required at the service institution where each image pickup unit 30A, 30B, 30C is installed, first, the user is imaged by the image pickup units 38A, 38B, 38C of the image pickup units 30A, 30B, 30C. Acquires the user's face image data by (STEP31). Further, in the imaging units 30A, 30B, 30C, the processors 32A, 32B, 32C extract the feature amount of the user's face image as a hash value by the feature amount extracting means 34A, 34B, 34C based on the acquired face image data. (STEP32). Then, the processors 32A, 32B, 32C authenticate the feature amount (specifically, the hash value) of the user's face image extracted by the feature amount extraction means 34A, 34B, 34C by the communication units 42A, 42B, 42C. It is transmitted to the processor 12 of 10 (STEP 33). When the processor 12 of the authentication system 10 receives information related to the feature amount of the user's face image from the image pickup units 30A, 30B, and 30C, the image pickup unit of the service organization selected by the user is stored in the memory 16. It accepts information related to the feature amount of the user's face image transmitted only from 30A, 30B, and 30C. Then, in the authentication system 10, the processor 12 receives the feature amount (specifically, the hash value) of the user's face image received from the imaging units 30A, 30B, and 30C, and the user's face image stored in the memory 16. The user is authenticated by comparing the feature amount (specifically, the hash value) of the above with the authentication means 15 (STEP34). More specifically, the matching rate between the feature amount of the user's face image received from the imaging units 30A, 30B, and 30C and the feature amount of the user's face image stored in the memory 16 is a predetermined threshold value (for example, If it exceeds 80%), the authentication means 15 authenticates the user. As described above, the memory 16 stores the user's identification information and the identification information of the imaging units 30A, 30B, and 30C registered in advance in association with the feature amount of the user's face image.

Then, when the user is authenticated by the authentication means 15 (“YES” in STEP 35), the information related to the authentication result is transmitted from the processor 12 of the authentication system 10 to the imaging units 30A, 30B, and 30C by the communication unit 18 (“YES” in STEP35). STEP36). Then, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C that have received the information related to the authentication result can provide the services corresponding to the imaging units 30A, 30B, and 30C by the processing units 40A, 40B, and 40C. (STEP37). After that, the processors 32A, 32B, 32C of the imaging units 30A, 30B, 30C transmit the information related to the usage status of the service to the authentication system 10. As a result, in the authentication system 10, information relating to the service usage status of each service institution is stored in the memory 16 for each user.

On the other hand, the feature amount of the user's face image received from the imaging units 30A, 30B, and 30C does not substantially match the feature amount of the user's face image stored in the memory 16, and the user is authenticated by the authentication means 15. Even if this is not possible (“NO” in STEP 35), the information related to the authentication result is transmitted from the processor 12 of the authentication system 10 to the imaging units 30A, 30B, and 30C by the communication unit 18 (STEP 38). Then, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C that have received the information related to the authentication result cannot provide the services corresponding to the imaging units 30A, 30B, and 30C by the processing units 40A, 40B, and 40C. (STEP39). Also in this case, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C are used to authenticate the information related to the service usage status (specifically, the user tries to authenticate with the imaging units 30A, 30B, and 30C. Information that the service could not be used without being used) is transmitted to the authentication system 10.

According to such an authentication method, the feature amount of the user's face image is registered in the image pickup engine (for example, the image pickup unit 30A) of the service institution, but the image pickup engine of another service institution (for example, the image pickup unit 30B). ), The feature amount of the user's face image is stored in the memory 16 of the authentication system 10 in association with the identification information of the imaging units 30A, 30B, and 30C, so that the user's face image can be stored. Even a service institution in which the feature amount is not registered can authenticate the user by capturing the user's face image with the imaging unit. In this case, since it is not necessary for the user to register the face image data in all of the plurality of imaging units, the user's trouble can be saved.

Also. Further examples of the authentication system 10 and the authentication method according to the present embodiment will be described with reference to FIGS. 7 to 9. The authentication system 10 and the imaging units 30A, 30B, and 30C shown in FIG. 7 are designated by the same reference numerals for the same components as the authentication system 10 and the imaging units 30A, 30B, and 30C shown in FIGS. 1 and 4. The explanation is omitted.

As shown in FIG. 7, the processor 12 of the authentication system 10 uses the feature amount of the user's face image corresponding to each of the imaging units 30A, 30B, and 30C as a hash value based on the face image data received from the user terminal 20. The feature amount extraction means 14 to be extracted, the registration means 13 for registering the feature amount of the extracted user's face image, and the user's face image captured by the imaging units 38A to 38C of the imaging units 30A, 30B, and 30C. It has an authentication means 15 that authenticates a user based on a feature amount (specifically, a hash value). By executing the program stored in the memory 16, the processor 12 obtains the feature amount (specifically, the hash value) of the user's face image extracted by the feature amount extracting means 14 in the registration means 13 from the user. Is stored in the memory 16 in association with the identification information of the image pickup unit 30A, 30B, and 30C. Further, the processor 12 executes a program stored in the memory 16 to perform a feature amount of the user's face image captured by the imaging units 38A to 38C of the imaging units 30A, 30B, and 30C in the authentication means 15. (Specifically, the hash value) is compared with the feature amount (specifically, the hash value) of the user's face image corresponding to each of the imaging units 30A, 30B, and 30C stored in the memory 16. Therefore, the user is authenticated. The program executed by the processor 12 is not limited to the one stored in the memory 16. By executing the program transmitted from the external device to the authentication system 10 and the program stored in the recording medium detachably attached to the authentication system 10, the feature amount extraction means 14, the registration means 13, and the feature amount extraction means 14 and the registration means 13 are executed. Processing may be performed in each of the authentication means 15. Further, also in the present embodiment, the information acquisition means 17 is configured by the feature amount extraction means 14 and the registration means 13. The information acquisition means 17 receives the user's face image data at the time of user registration, extracts the feature amount of the user's face image based on the received user's face image data, and extracts the feature amount of the user's face image. The information related to the above is stored in the memory 16 as user identification information.

Each of the image pickup units 30A, 30B, 30C arranged in each service organization is composed of, for example, a computer or the like, and each of the image pickup units 30A, 30B, 30C includes processors 32A, 32B, 32C such as a CPU and memory 36A, respectively. It has 36B, 36C, imaging units 38A, 38B, 38C, processing units 40A, 40B, 40C, and communication units 42A, 42B, 42C. In the example shown in FIG. 7, the processors 32A, 32B, 32C do not have the feature amount extraction means 34A, 34B, 34C and the authentication means 35A, 35B, 35C as shown in FIG. Further, in the example shown in FIG. 7, the features of the user's face image are not stored in the memories 36A, 36B, and 36C.

In the example shown in FIG. 7, the authentication system 10 and the imaging units 30A, 30B, and 30C arranged in each service organization are API-linked (application programming interface). As a result, the systems of the imaging units 30A, 30B, and 30C can be easily configured as compared with the systems of the imaging units 30A, 30B, and 30C that are independently configured.

Next, the processing contents when the user is authenticated by the authentication system 10 and the imaging units 30A, 30B, and 30C as shown in FIG. 7 will be described with reference to FIGS. 8 and 9.

First, a process in which the user registers the face image data in the authentication system 10 using the user terminal 20 will be described. Since the specific method for the user to capture the face image by the user terminal 20 has already been described, the specific method will be omitted here. When the user first registers the user with such a face authentication application on the user terminal 20, various information input on the user registration screen and the user's face image data are transmitted from the user terminal 20 to the authentication system 10. In this way, the processor 12 of the authentication system 10 receives the face image data from the user terminal 20 (STEP 41). Further, the processor 12 of the authentication system 10 also receives the identification information of the user terminal 20 and the registration information such as the user's name, date of birth, telephone number, e-mail address, and password input to the user terminal 20 from the user terminal 20. .. Further, the processor 12 issues a user ID as user identification information, and stores the issued user ID in the memory 16.

Next, the processor 12 of the authentication system 10 uses the feature amount extracting means 14 as a hash value of the feature amount of the face image corresponding to each of the imaging units 30A, 30B, and 30C based on the face image data received from the user terminal 20. Extract (STEP 42). At this time, the feature amount of the user's face image extracted by the feature amount extracting means 14 may differ depending on the type of the imaging units 30A, 30B, 30C, and the feature amount extracting means 14 uses the imaging units 30A, 30B, 30B. The feature amount of the user's face image is extracted every 30C. Further, the feature amount extracting means 14 extracts only the feature amount of the user's face image corresponding to the imaging units 30A, 30B, and 30C of the service institution selected in advance by the user. Then, the processor 12 displays the feature amounts of the facial images corresponding to the imaging units 30A, 30B, and 30C extracted by the feature amount extracting means 14 in the memory 16 of the authentication system 10 by the registration means 13 (user identification). Information) and the identification information of the imaging units 30A, 30B, and 30C are stored in association with the identification information (STEP43). In this way, the registration of the user's face image captured by the user terminal 20 is completed. In the example shown in FIG. 7, the information related to the feature amount of the user's face image stored in the memory 16 is not transmitted from the authentication system 10 to the imaging units 30A, 30B, and 30C of the service organization selected by the user. ..

Next, the process of authenticating the user in each of the imaging units 30A, 30B, and 30C will be described. When user authentication is required at the service institution where each image pickup unit 30A, 30B, 30C is installed, first, the user is imaged by the image pickup units 38A, 38B, 38C of the image pickup units 30A, 30B, 30C. Acquires the user's face image data by (STEP 51). The processors 32A, 32B, 32C of the imaging units 30A, 30B, 30C transmit the user's face image data captured by the imaging units 38A, 38B, 38C to the processor 12 of the authentication system 10 by the communication units 42A, 42B, 42C. (STEP52). When the processor 12 of the authentication system 10 receives the user's face image data from the image pickup units 30A, 30B, 30C, the image pickup units 30A, 30B, 30C of the service organization selected by the user are stored in the memory 16. Accepts the user's face image data sent only from. Then, in the authentication system 10, the processor 12 extracts the feature amount of the user's face image as a hash value by the feature amount extracting means 14 based on the face image data received from the image pickup units 30A, 30B, and 30C (STEP53). Then, the processor 12 has a feature amount (specifically, a hash value) of the user's face image extracted by the feature amount extracting means 14, and a feature amount (specifically, a hash value) of the user's face image stored in the memory 16. The user is authenticated by comparing the hash value) with the authentication means 15 (STEP 54). More specifically, the matching rate between the feature amount of the user's face image extracted by the feature amount extracting means 14 and the feature amount of the user's face image stored in the memory 16 is a predetermined threshold value (for example, 80). %), The authentication means 15 authenticates the user. As described above, the memory 16 stores the user's identification information and the identification information of the imaging units 30A, 30B, and 30C registered in advance in association with the feature amount of the user's face image.

Then, when the user is authenticated by the authentication means 15 (“YES” in STEP55), the information related to the authentication result is transmitted from the processor 12 of the authentication system 10 to the imaging units 30A, 30B, and 30C by the communication unit 18 (“YES” in STEP55). STEP56). Then, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C that have received the information related to the authentication result can provide the services corresponding to the imaging units 30A, 30B, and 30C by the processing units 40A, 40B, and 40C. (STEP57). After that, the processors 32A, 32B, 32C of the imaging units 30A, 30B, 30C transmit the information related to the usage status of the service to the authentication system 10. As a result, in the authentication system 10, information relating to the service usage status of each service institution is stored in the memory 16 for each user.

On the other hand, the feature amount of the user's face image received from the imaging units 30A, 30B, and 30C does not substantially match the feature amount of the user's face image stored in the memory 16, and the user is authenticated by the authentication means 15. Even if this is not possible (“NO” in STEP55), the information related to the authentication result is transmitted from the processor 12 of the authentication system 10 to the imaging units 30A, 30B, and 30C by the communication unit 18 (STEP58). Then, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C that have received the information related to the authentication result cannot provide the services corresponding to the imaging units 30A, 30B, and 30C by the processing units 40A, 40B, and 40C. (STEP 59). Also in this case, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C are used to authenticate the information related to the service usage status (specifically, the user tries to authenticate with the imaging units 30A, 30B, and 30C. Information that the service could not be used without being used) is transmitted to the authentication system 10.

According to such an authentication method, the feature amount of the user's face image is registered in the image pickup engine (for example, the image pickup unit 30A) of the service institution, but the image pickup engine of another service institution (for example, the image pickup unit 30B). ), The feature amount of the user's face image is stored in the memory 16 of the authentication system 10 in association with the identification information of the imaging units 30A, 30B, and 30C, so that the user's face image can be stored. Even a service institution in which the feature amount is not registered can authenticate the user by capturing the user's face image with the imaging unit. In this case, since it is not necessary for the user to register the face image data in all of the plurality of imaging units, the user's trouble can be saved.

Next, in the authentication system 10 as shown in FIGS. 1 to 9, a process when the user wants to increase the number of service institutions to which the above-mentioned face recognition service is applied will be described. After the user has performed the above-mentioned user registration, when the user presses the "Add Service" button on the initial screen of the user terminal 20 as shown in FIG. 10, a list of service institutions as shown in FIG. 13 is displayed. Will be done. The list of such service organizations is registered in the authentication system 10 in advance. On the screen as shown in FIG. 13, the icon of the unregistered service and the icon of the registered service are displayed in different colors, the icon of the unregistered service is displayed lightly, and the icon of the unregistered service is displayed. It is displayed separately from the registered service icon. Then, when the user presses the icon of the unregistered service with a finger, the terms of the service to be added are displayed. When the user inputs an instruction to agree to the terms of service, the unregistered service becomes a registered service. At this time, in the authentication system 10, the service organization related to this registered service is associated with the user ID (user identification information) and stored in the memory 16. After that, the user terminal 20 displays an imaging screen of a face image as shown in FIG. When the user captures a face image with the user terminal 20 on such an imaging screen, the user's face image data is transmitted from the user terminal 20 to the authentication system 10. In this way, the processor 12 of the authentication system 10 receives the face image data from the user terminal 20. Then, the processor 12 of the authentication system 10 extracts the feature amount of the face image corresponding to the imaging unit of the new service organization as a hash value by the feature amount extracting means 14 based on the face image data received from the user terminal 20. .. The processor 12 displays the feature amount of the face image corresponding to the new imaging unit extracted by the feature amount extracting means 14 in the memory 16 of the authentication system 10 by the registration means 13 as a user ID (user identification information) and a new service. It is stored in association with the identification information of the imaging unit of the engine. In this way, the registration of the new service institution is completed. When the user's face image data is stored in the memory 16 as described later, when the user registers a new service institution on the user terminal 20, the user terminal 20 captures the user's face image. Even if it is not, the feature amount of the face image corresponding to the imaging unit of the new service organization may be extracted by the feature amount extracting means 14 as a hash value based on the face image data of the user stored in the memory 16. .. Further, the user may be able to delete the registered service on the screen as shown in FIG. In this case, the registered service becomes an unregistered service. In addition, the information related to the feature amount of the user's face image corresponding to the imaging unit of the service organization related to the deleted registered service stored in the memory 16 is deleted.

Further, after the user performs the above-mentioned user registration, when the user presses the "authentication history" button on the initial screen of the user terminal 20 as shown in FIG. 10 with a finger, the past authentication history as shown in FIG. 14 A list of information (in other words, a list of information related to the usage status of the service organization by the user) is displayed on the user terminal 20. More specifically, the memory 16 of the authentication system 10 stores the user's past authentication history information in association with the user's identification information. Then, when the "authentication history" button is pressed by the user on the initial screen of the user terminal 20 as shown in FIG. 10, the user terminal 20 obtains the user's past authentication history information from the processor 12 of the authentication system 10. A signal is transmitted. When the processor 12 of the authentication system 10 receives a signal for requesting the user's past authentication history information from the user terminal 20, the processor 12 receives the past authentication history information corresponding to the user's identification information stored in the memory 16 in the communication unit 18. Is transmitted to the user terminal 20. As a result, the user terminal 20 will display a list of past authentication history information of this user. Further, in the list of past authentication history information as shown in FIG. 14, when the user presses the display of a certain authentication history with a finger, the details of the authentication history are displayed on the user terminal 20 as shown in FIG. Will be.

Further, in the present embodiment, instead of the user registering the feature amount of the user's face authentication in the authentication system 10 using the user terminal 20, the authentication system 10 uses the imaging units 30A, 30B, and 30C in which the user is present. The feature amount of the user's face authentication in the above may be registered. Specifically, when the user inputs registration information in a certain imaging unit 30A, 30B, 30C and images the user's face image by the imaging units 38A, 38B, 38C, the input registration information and the user's face image data are obtained. It is transmitted from the imaging units 30A, 30B, and 30C to the authentication system 10. In this way, the processor 12 of the authentication system 10 receives the face image data from the imaging units 30A, 30B, and 30C. Further, the processor 12 issues a user ID as user identification information based on the registration information received from the image pickup units 30A, 30B, and 30C, and stores the issued user ID in the memory 16.

Next, the processor 12 of the authentication system 10 uses the feature amount of the face image corresponding to each image pickup unit 30A, 30B, 30C as a hash value based on the face image data received from the image pickup units 30A, 30B, 30C. It is extracted by the extraction means 14. At this time, the feature amount extracting means 14 extracts the feature amount of the user's face image for each of the imaging units 30A, 30B, and 30C. Further, the feature amount extracting means 14 extracts only the feature amount of the user's face image corresponding to the imaging units 30A, 30B, and 30C of the service institution selected in advance by the user. For example, the service institution where the imaging unit 30A is installed allows the user to use the face image data, but the service institution where the imaging unit 30B is installed does not allow the user to use the face image data. In this case, the feature amount extracting means 14 extracts only the feature amount of the user's face image corresponding to the imaging unit 30A. As described above, the memory 16 stores the user's identification information in association with the service institution selected by the user. Then, the processor 12 registers the feature amounts of the facial images corresponding to the imaging units 30A, 30B, and 30C extracted by the feature amount extracting means 14 in the memory 16 of the authentication system 10 by the registration means 13 (user identification). Information) and the identification information of the imaging units 30A, 30B, and 30C are stored in association with the identification information. In this way, the registration of the user's face image captured by the imaging units 38A, 38B, 38C of the imaging units 30A, 30B, 30C is completed. In such an embodiment, the user can register the feature amount of the user's face authentication in the authentication system 10 without using the user terminal 20.

According to the authentication method performed by the authentication system 10 according to the present embodiment having the above configuration, the user's face image data and the user's identification information are received, and based on the received user's face image data. The feature amount of the user's face image is extracted for each of a plurality of imaging units 30A, 30B, and 30C. Then, the information related to the feature amount of the user's face image for each of the plurality of extracted imaging units 30A, 30B, and 30C is stored in the memory 16 in association with the received user's identification information. According to such an authentication method, face authentication can be easily performed by a plurality of imaging units 30A, 30B, and 30C.

Specifically, it is generally widespread to provide an authentication engine using face recognition even in the past, but in the conventional authentication system, face recognition can be performed by an authentication engine that does not register face data. could not. Therefore, in order to authenticate with each of the plurality of authentication engines, the user needs to register the face data with each of the plurality of authentication engines, which is troublesome and stressful. On the other hand, in the present embodiment, the feature amount of the user's face image is registered by the authentication engine of the service organization (for example, the imaging unit 30A), but the authentication engine of another service organization (for example, the imaging unit). Even if it is not registered in 30B), the feature amount of the user's face image can be stored in the memory 16 of the authentication system 10 for each of the imaging units 30A, 30B, and 30C. The image pickup units 30A, 30B, and 30C of the service organization that are not registered can also authenticate the user by capturing the user's face image by the image pickup units 38A, 38B, and 38C. In this case, since it is not necessary for the user to register the face image data in all of the plurality of imaging units 30A, 30B, and 30C, the user's labor can be saved. As a result, it is troublesome to register the face image data, and it is possible to encourage users who have not used various services using the imaging unit to which the face image data is not registered to easily use the various services. ..

Further, when the feature amount of the user's face image such as a hash value is extracted and stored in the memory 16, the user's face image data itself is stored in the memory 16 as compared with the case where the user's face image data itself is stored in the memory 16. The amount of data can be significantly reduced. This is because the amount of data of the feature amount of the user's face image is smaller than the amount of data of the user's face image data itself. Further, in this case, since the user's face image data itself is not stored in the memory 16, the privacy of the user can be protected more reliably. Further, when information related to the feature amount of the user's face image is sent between the authentication system 10 and the imaging units 30A, 30B, 30C, the user's face image data is transmitted to the authentication system 10 and the imaging units 30A, 30B, 30B. , The amount of data communication can be significantly reduced as compared with the case of sending to and from 30C.

Further, in the authentication method of the present embodiment, as described above, when extracting the feature amount of the user's face image based on the received user's face image data, a plurality of feature amounts of the user's face image are used. It is extracted for each of the imaging units 30A, 30B, and 30C, and the feature amount of the user's face image for each of the extracted plurality of imaging units 30A, 30B, and 30C is stored in the memory in association with the user's identification information by the registration means 13. .. At this time, it is possible to deal with the case where the feature amount of the user's face image extracted by the feature amount extracting means 14 differs depending on the types of the imaging units 30A, 30B, and 30C. When the same program is used in the plurality of imaging units 30A, 30B, 30C and the feature amount of the user's face image extracted by the feature amount extracting means 14 is common to the imaging units 30A, 30B, 30C, It is not necessary to extract the feature amount of the user's face image for each of the plurality of imaging units 30A, 30B, and 30C.

Further, in the authentication method of the present embodiment, as described above, the memory 16 stores information related to the service institution selected by the user in association with the user's identification information, and the face of the user who received the data. A service selected by the user stored in the memory 16 in the step of extracting the feature amount of the user's face image for each of the plurality of imaging units 30A, 30B, and 30C by the feature amount extracting means 14 based on the image data. The feature amount extracting means 14 extracts the feature amount of the user's face image corresponding only to the imaging unit of the institution. In this case, since the feature amount of the user's face image corresponding to the image pickup units 30A, 30B, 30C of the service institution not selected by the user is not stored in the memory 16, the security can be improved and the user can be used. You can rest assured. In addition, a company or the like participating in a group of authentication engines managed by the authentication system 10 can be authenticated by a large number of authentication engines simply by registering face image data on the user terminal 20 or the like. It will be possible to appeal the improvement to customers.

Further, in the authentication method of the present embodiment, as described above, the feature amount extracting means 14 obtains a hash value obtained from the received user's face image data by a predetermined hash function as the feature amount of the user's face image. As a result, each of a plurality of imaging units 30A, 30B, and 30C is extracted. In this case, since the hash value is stored in the memory 16 as the feature amount of the user's face image, the amount of data stored in the memory 16 is reduced as compared with the case where the face image data itself is stored in the memory 16. be able to. Further, it is difficult to restore or infer the face image data from the hash value, and since only the hash value is stored in the authentication system 10, the privacy and security of the user can be enhanced.

In the present embodiment, the feature amount extracting means 14 extracts the feature amount of the user's face image as a hash value for each of a plurality of imaging units 30A, 30B, and 30C based on the received face image data of the user. It is not limited to that. The feature amount extracting means 14 extracts the feature amount of the user's face image for each of a plurality of imaging units 30A, 30B, and 30C with a value different from the hash value based on the received face image data of the user. It may be. For example, as a feature amount of the user's face image, the relative position, size, shape, etc. of each part of the face (eyes, nose, ears, etc.) may be extracted as a feature. Even in this case, if the amount of data of a value other than the hash value is smaller than the amount of data of the face image itself, the amount of data stored in the memory 16 can be reduced.

Further, in the authentication method of the present embodiment, as described above, the feature amount of the user's face image is extracted for each of the plurality of imaging units 30A, 30B, and 30C based on the received user's face image data. In the step of extracting by the means 14, based on the user's face image data transmitted from the user terminal 20 possessed by the user, the feature amount of the user's face image is set for each of the plurality of imaging units 30A, 30B, and 30C. It is extracted by the extraction means 14. Alternatively, in the step of extracting the feature amount of the user's face image by the feature amount extracting means 14 for each of the plurality of imaging units 30A, 30B, 30C based on the received user's face image data, the plurality of imaging units 30A, Based on the user's face image data transmitted from one of the imaging units 30B and 30C, the feature amount of the user's face image is extracted by the feature amount extracting means 14 for each of the plurality of imaging units 30A, 30B and 30C. May be good.

Further, in the present embodiment, a program executed by the processor 12 for performing the authentication method by the authentication system 10 and a recording medium on which the program is recorded are used. Here, the processor 12 receives the user's face image data and the user's identification information by executing the program, and based on the received user's face image data, the feature amount of the user's face image is measured by the plurality of imaging units 30A. , 30B, 30C. Then, the information related to the feature amount of the user's face image for each of the plurality of extracted imaging units 30A, 30B, and 30C is stored in the memory 16 in association with the received user's identification information. According to such a program and a recording medium, face recognition can be easily performed by a plurality of imaging units 30A, 30B, and 30C.

Further, in the present embodiment, the authentication system 10 including the processor 12 is used. In such an authentication system 10, the processor 12 receives the user's face image data and the user's identification information by executing the program, and the feature amount of the user's face image is based on the received user's face image data. Is extracted for each of a plurality of imaging units 30A, 30B, and 30C. Then, the information related to the feature amount of the user's face image for each of the plurality of extracted imaging units 30A, 30B, and 30C is stored in the memory 16 in association with the received user's identification information. According to such an authentication system 10, face authentication can be easily performed by a plurality of imaging units 30A, 30B, and 30C.

The authentication method and authentication system according to the present invention are not limited to the above-described aspects, and various changes can be made.

For example, an authentication system as shown in FIG. 16 may be used. The authentication system 50 shown in FIG. 16 has a processor 52, a first server 56, a second server 58, and a third server 60. Here, the servers 56, 58, and 60 correspond to the imaging units 30A, 30B, and 30C. Specifically, the first server 56 corresponds to the image pickup unit 30A, the second server 58 corresponds to the image pickup unit 30B, and the third server 60 corresponds to the image pickup unit 30C. Further, although three imaging units 30A, 30B, and 30C are shown in FIG. 16, when two or four or more imaging units are used, a server is provided in the authentication system 10 corresponding to each imaging unit. Be done. Further, the processor 52 includes a server management means 52a, a feature amount extraction means 54, a registration means 53, and an authentication means 55. The feature amount extraction means 54, the registration means 53, and the authentication means 55 of the processor 52 are abbreviated as the feature amount extraction means 14, the registration means 13, and the authentication means 15 of the processor 12 of the authentication system 10 shown in FIGS. 1, 4, and 7. It has the same function. The server management means 52a manages the servers 56, 58, and 60, respectively.

In each of the servers 56, 58, and 60, the feature amount of the data of the user's face image corresponding to each of the imaging units 30A, 30B, and 30C is stored in association with the user's identification information. Further, the servers 56, 58, and 60 are communicably connected to the corresponding imaging units 30A, 30B, and 30C via a network such as an Internet line. Each of the servers 56, 58, and 60 is configured to be collectively manageable by an API (application programming interface) by the server management means 52a. As a result, the system of each server 56, 58, 60 can be easily configured as compared with the system (program) of each server 56, 58, 60 which is independently configured. Further, the server management means 52a and the service organization in which the imaging units 30A, 30B, and 30C are installed are API-linked. For example, by opening the platform of the server management means 52a to each service institution and using the same platform as the server management means 52a in each service institution, it is easy to construct a system for providing services in each service institution. can do.

The authentication system 50 having such a processor 52 and each of the servers 56, 58, 60 can perform the same processing as the authentication system 10 having the processor 12. That is, according to the authentication method performed by the authentication system 50 shown in FIG. 16, the processor 52 obtains the feature amount of the user's face image for each of the imaging units 30A, 30B, and 30C based on the received user's face image data. The feature amount of the user's face image extracted by the feature amount extracting means 54 is stored in the servers 56, 58, 60 in association with the user's identification information and the imaging units 30A, 30B, 30C by the registration means 53. Let me.

Further, the information related to the feature amount of the user's face image stored in the servers 56, 58, and 60 is transmitted from the servers 56, 58, and 60 to the corresponding imaging units 30A, 30B, and 30C. As a result, when the user is authenticated in each of the imaging units 30A, 30B, 30C, the user's face image data is acquired by imaging the user with the imaging units 38A, 38B, 38C, and the acquired face image data is acquired. By extracting the feature amount of the user's face image by the feature amount extracting means 34A, 34B, 34C based on the above, the user can be authenticated by each of the imaging units 30A, 30B, 30C. After that, the processors 32A, 32B, 32C of the imaging units 30A, 30B, 30C transmit the information related to the usage status of the service to the authentication system 10. As a result, in the authentication system 50, information related to the service usage status in each service institution is stored in each server 56, 58, 60 for each user.

As another method for authenticating the user, when the user is authenticated in each of the imaging units 30A, 30B, 30C, the user's face image data is acquired by imaging the user with the imaging units 38A, 38B, 38C. Based on the acquired face image data, the feature amount of the user's face image is extracted by the feature amount extraction means 34A, 34B, 34C. Then, information related to the feature amount of the user's face image is transmitted from each of the imaging units 30A, 30B, and 30C to the authentication system 50. As a result, the user can be authenticated by the authentication means 55. After that, the user authentication result is transmitted from the authentication system 50 to the original imaging units 30A, 30B, 30C.

As yet another method for authenticating the user, when the user is authenticated in each of the imaging units 30A, 30B, 30C, the user's face image data is acquired by imaging the user with the imaging units 38A, 38B, 38C. .. Then, the user's face image data is transmitted from the imaging units 30A, 30B, and 30C to the authentication system 50. Then, the processor 52 extracts the feature amount of the user's face image by the feature amount extracting means 54 based on the user's face image data transmitted to each of the servers 56, 58, and 60, and the extracted user's face image. The feature amount of the user's face image stored in each of the servers 56, 58, and 60 is compared with the feature amount of the user's face image by the authentication means 55. As a result, the user can be authenticated by the authentication means 55. After that, the user authentication result is transmitted from the authentication system 50 to the original imaging units 30A, 30B, 30C.

According to these authentication methods, face authentication can be easily performed by a plurality of imaging units 30A, 30B, and 30C.

Further, in the authentication system 10 as shown in FIGS. 1, 4, 7, and the like, the processor 12 stores the user's face image data itself transmitted from the user terminal 20 and the imaging units 30A, 30B, and 30C in the memory 16. You may let me.

Further, in the above example, the mode in which the authentication systems 10 and 50 are installed separately from the image pickup units 30A, 30B, and 30C installed in each service institution is shown, but the image pickup unit installed in each service institution. An imaging unit among 30A, 30B, and 30C may also have the functions of the authentication systems 10 and 50. That is, the processor of the imaging unit among the imaging units 30A, 30B, and 30C installed in each service organization is registered with the feature amount extracting means 14 in the processor 12 of the authentication system 10 shown in FIGS. 1, 4, 7, and the like. It may have a feature amount extraction means, a registration means, and an authentication means having the same functions as the means 13 and the authentication means 15.

As yet another example, the authentication system 10 has a feature amount (specifically, for example, a hash value) of the user's face image extracted from the user's face image data, and a feature amount other than the feature amount of the user's face image. User authentication may be performed in two steps by using elements (specifically, for example, a password entered in the user terminal 20 at the time of user registration and identification information of the user terminal 20). At this time, the elements required for authentication may be combined according to the security level required for the image pickup units 30A, 30B, and 30C of the service organization.

Further, in the above description, when the user registers the face image data in the authentication system 10 using the user terminal 20, the registration information such as the name, date of birth, telephone number, e-mail address, and password is displayed on the user registration screen. After entering and checking the field that agrees to the terms of use, press the registration button. Further, when the user captures a face image by the user terminal 20 on the imaging screen, various information input on the user registration screen and the user's face image data are transmitted from the user terminal 20 to the authentication system 10. After that, the processor 12 issues a user ID as user identification information, and stores the issued user ID in the memory 16. However, this embodiment is not limited to such an embodiment. As another embodiment, the feature amount (specifically, for example, hash value) of the user's face image extracted for each of the imaging units 30A, 30B, and 30C by the feature amount extracting means 14 from the user's face image data is the user ID. May be used as. In this case, the user ID (that is, the hash value) is different for each of the imaging units 30A, 30B, and 30C, but the processor 12 of the authentication system 10 has a plurality of different user IDs for each of the imaging units 30A, 30B, and 30C of the same user. It is designed to be linked.

Further, the processor 12 of the authentication system 10 performs authentication other than face authentication with the user ID issued as user identification information after receiving various information input on the user registration screen and the user's face image data. It may be associated with a user ID (user identification information) used in the authentication engine 30D of various service organizations. That is, the authentication system 10 is a user related to a user ID (user identification information) used in the authentication engine 30D of a service organization that performs authentication other than face authentication and a feature amount of the user's face image stored in the memory 16. The linking means 19 for linking with the ID (user's identification information) may be further provided. Specifically, as the user ID used in the authentication engine 30D of various service organizations that perform authentication other than face authentication, the identification information of the user terminal 20 such as a smartphone owned by the user, the fingerprint information of the user, the vein information, etc. User identification information (for example, hash value) obtained from biometric information, several-digit code (specifically, a combination of numbers and Roman characters) and password entered into the user terminal 20 such as a smartphone by the user. Conceivable. In this case, the user based on the user's face image data obtained by capturing the face image with the user terminal when the user authenticates with the authentication engine 30D of various service organizations that perform authentication other than face recognition. The ID (specifically, the hash value extracted from the face image data) can be substituted, and thus the convenience for the user can be improved. Further, even after the linking is performed by the linking means 19, the user ID used in the authentication engine 30D of the service organization may be left. In this case, the user can be appropriately authenticated even when the user is authenticated stand-alone by the authentication engine 30D of the service organization without using the authentication system 10 which is a cloud.

In addition, different strengths of certification may be set depending on the type of service organization. Specifically, for example, when an office building or a home locking system in which a user works is used as an authentication engine of a service organization, a so-called smart door is unlocked by the identification information of the user terminal 20 such as a smartphone. Locks are used. Specifically, the identification information of the user terminal 20 can be read by the function of Bluetooth (registered trademark) simply by bringing the user terminal 20 close to the door of the lock system of the office building or home where the user works or a receiving device installed in the vicinity thereof. When the user inputs a command to unlock the door by the smart lock application installed on the user terminal 20, the user is authenticated based on the identification information of the user terminal 20. Then, when the user is authenticated as a pre-registered user, the doors of the office building or home where the user works are unlocked. On the other hand, when a transfer system or payment system to a financial institution's account is used as the authentication engine of the service institution, face authentication is required when logging in to the financial institution service or payment service on the user terminal 20, and further to the account. At the time of transfer or payment, in addition to face authentication, authentication by delivery of SMS (Short Message Service) and password input are required. In this way, by making the authentication strength of the user ID different depending on the application, the authentication strength of the service organization that is frequently used is lowered to improve the convenience of the user and money. The security of the certification engine of the service organization that handles the above can be improved by increasing the strength of the certification.

Further, in addition to the service institution related to face recognition, the user can add or delete a service institution that performs authentication other than face recognition on the screen as shown in FIG. 13 by the user terminal 20. May be good. That is, in addition to the list of service institutions related to face recognition, a list of service institutions that perform authentication other than face recognition is also registered in advance in the authentication system 10. Then, when the user registers the unregistered service on the screen of the user terminal 20 as shown in FIG. 13, the user ID used by the authentication engine of the newly registered service institution is stored in the memory 16. At this time, the user ID of another service institution already stored in the memory 16 and the user ID used in the newly registered authentication engine of the service institution (for example, the identification information of the user terminal 20 and the new user ID). The several-digit code, password, etc. entered by the user when registering the service institution is linked by the linking means 19. In this case, when a service institution that performs authentication other than face recognition is newly registered, it can be obtained by capturing a face image on the user terminal when the user authenticates with the authentication engine of this service institution. A user ID (specifically, a hash value extracted from the face image data) based on the user's face image data can be substituted, and thus convenience for the user can be improved. Further, on the screen as shown in FIG. 13, when a service organization that performs authentication other than face recognition is registered, this registered service can be deleted. In this case, the registered service becomes an unregistered service. Further, the user ID corresponding to the authentication engine of the service organization related to the deleted registered service stored in the memory 16 is deleted.

According to the authentication system 10 of the above-described aspect, the authentication system 10 shown in FIGS. 4 to 6 and the authentication system 10 shown in FIGS. 7 to 9 accept the user's face image data from the user terminal at the time of user registration. , An information acquisition means that extracts the feature amount of the user's face image based on the received user's face image data and stores the information related to the extracted feature amount of the user's face image in the memory 16 as the user's identification information. 17 and the feature amount of the user's face image extracted from the user's face image data received from the image pickup units 30A, 30B, 30C of the service organization at the time of user authentication, or the user's face received from the image pickup units 30A, 30B, 30C. An authentication means 15 that authenticates the user by comparing the feature amount of the image with the feature amount of the user's face image stored in the memory 16 and an authentication engine 30D of a service organization that performs authentication other than face authentication. The user's identification information to be used is provided with a linking means 19 for linking the user's identification information related to the feature amount of the user's face image stored in the memory 16. According to such an authentication system 10, it is convenient to use the registered face image data (specifically, the feature amount of the user's face image) in the authentication engine 30D that performs authentication other than face authentication. Can be improved.

Further, in the authentication system 10 shown in FIGS. 1 to 3, the authentication system 10 receives the user's face image data from the user terminal at the time of user registration, and the authentication system 10 receives the user's face image data based on the received user's face image data. The information acquisition means 17 that extracts the feature amount and stores the information related to the feature amount of the extracted user's face image in the memory 16 as the user's identification information, and the image pickup units 30A, 30B, and 30C of each service organization of the user. A communication unit as a transmission means for transmitting information related to the feature amount of the user's face image stored in the memory 16 to the imaging units 30A, 30B, and 30C of each service organization in order to perform authentication based on the face image. A string that links 18 with the user identification information used in the authentication engine 30D of a service organization that performs authentication other than face authentication and the user identification information related to the feature amount of the user's face image stored in the memory 16. It is provided with the attaching means 19. Even in such an authentication system 10, convenience is improved by using the registered face image data (specifically, the feature amount of the user's face image) in the authentication engine 30D that performs authentication other than face authentication. Can be made to.

Further, in the authentication system 10 of the present embodiment, the user identification information used in the authentication engine 30D of the service organization that performs authentication other than face authentication includes the identification information of the user terminal possessed by the user and the living body other than the user's face. It includes at least one of a group consisting of information obtained from the information, a code or password entered by the user into the user terminal.

Further, in the authentication system 10 of the present embodiment, when an instruction to add the authentication engine of the service organization is received from the user terminal, the associating means 19 is used for the authentication of the authentication engine of the added service organization. The user's identification information is associated with the user's identification information related to the feature amount of the user's face image stored in the memory 16.

Further, in the authentication system 10 of the present embodiment, the user identification information used in the authentication engine of each service organization is left as it is even after the user identification information is associated by the association means 19.

Further, in the information processing method by the authentication system 10 shown in FIGS. 4 to 6 and the authentication system 10 shown in FIGS. 7 to 9, the user's face image data is received from the user terminal 20 at the time of user registration, and the accepted user's face. A process of extracting the feature amount of the user's face image based on the image data and storing the information related to the extracted feature amount of the user's face image in the memory 16 as user identification information, and a service organization at the time of user authentication. The feature amount of the user's face image extracted from the user's face image data received from the image pickup units 30A, 30B, 30C of the above, or the feature amount of the user's face image received from the image pickup units 30A, 30B, 30C of the service organization. The process of authenticating the user by comparing the feature amount of the user's face image stored in the memory 16, the user identification information used in the authentication engine 30D of the service organization that performs authentication other than face authentication, and the user identification information. It includes a step of associating the user's identification information related to the feature amount of the user's face image stored in the memory 16. According to such an information processing method, it is convenient to use the registered face image data (specifically, the feature amount of the user's face image) in the authentication engine 30D that performs authentication other than face recognition. Can be improved.

Further, in the information processing method by the authentication system 10 shown in FIGS. 1 to 3, the user's face image data is received from the user terminal 20 at the time of user registration, and the user's face image is based on the received user's face image data. The process of extracting the feature amount and storing the information related to the feature amount of the extracted user's face image in the memory 16 as the user's identification information and the user's face image in the imaging units 30A, 30B, and 30C of each service institution. In order to perform authentication based on the method, a process of transmitting information related to the feature amount of the user's face image stored in the memory 16 to the imaging units 30A, 30B, 30C of each service organization, and authentication other than face authentication are performed. It includes a step of associating the user identification information used in the authentication engine 30D of the service organization to be performed with the user identification information related to the feature amount of the user's face image stored in the memory 16. Even in such an information processing method, convenience is improved by using the registered face image data (specifically, the feature amount of the user's face image) in the authentication engine 30D that performs authentication other than face authentication. Can be made to.

Further, as yet another example, the authentication system 10 shown in FIG. 17 may be used. For the authentication system 10 and the imaging units 30A, 30B, 30C shown in FIG. 17, the same reference numerals are used for the same components as the authentication system 10 and the imaging units 30A, 30B, 30C shown in FIGS. 1, 4, and 7. The explanation will be omitted.

As shown in FIG. 17, the processor 12 of the authentication system 10 is imaged by the registration means 13 for registering the face image data received from the user terminal 20 and the imaging units 38A to 38C of the imaging units 30A, 30B, and 30C. It has an authentication means 15 that authenticates the user based on the user's face image data. By executing the program stored in the memory 16, the processor 12 associates the user's face image data registered in the registration means 13 with the user's identification information and the identification information of the imaging units 30A, 30B, and 30C. It is designed to be stored in the memory 16. Further, the processor 12 executes the program stored in the memory 16 to obtain the user's face image data captured by the imaging units 38A to 38C of the imaging units 30A, 30B, and 30C by the authentication means 15. The user is authenticated by comparing it with the user's face image data stored in the memory 16. The program executed by the processor 12 is not limited to the one stored in the memory 16. By executing the program transmitted from the external device to the authentication system 10 and the program stored in the recording medium detachably attached to the authentication system 10, the registration means 13 and the authentication means 15 each execute the program. Processing may be performed. Further, in the present embodiment, the information acquisition means 17 is configured by the registration means 13. The information acquisition means 17 receives the user's face image data at the time of user registration, and stores the received user's face image data in the memory 16 as user identification information.

Each of the image pickup units 30A, 30B, 30C arranged in each service organization is composed of, for example, a computer or the like, and each of the image pickup units 30A, 30B, 30C includes processors 32A, 32B, 32C such as a CPU and memory 36A, respectively. It has 36B, 36C, imaging units 38A, 38B, 38C, processing units 40A, 40B, 40C, and communication units 42A, 42B, 42C.

In the example shown in FIG. 17, the authentication system 10 and the imaging units 30A, 30B, and 30C arranged in each service organization are API-linked (application programming interface). As a result, the systems of the imaging units 30A, 30B, and 30C can be easily configured as compared with the systems of the imaging units 30A, 30B, and 30C that are independently configured.

Next, the processing contents when the user is authenticated by the authentication system 10 and the imaging units 30A, 30B, and 30C as shown in FIG. 17 will be briefly described.

First, a process in which the user registers the face image data in the authentication system 10 using the user terminal 20 will be described. Since the specific method for the user to capture the face image by the user terminal 20 has already been described, the specific method will be omitted here. When the user first registers the user with such a face authentication application on the user terminal 20, various information input on the user registration screen and the user's face image data are transmitted from the user terminal 20 to the authentication system 10. In this way, the processor 12 of the authentication system 10 receives the face image data from the user terminal 20. Further, the processor 12 of the authentication system 10 also receives the identification information of the user terminal 20 and the registration information such as the user's name, date of birth, telephone number, e-mail address, and password input to the user terminal 20 from the user terminal 20. .. Further, the processor 12 issues a user ID as user identification information, and stores the issued user ID in the memory 16.

Next, the processor 12 of the authentication system 10 transmits the face image data received from the user terminal 20 to the memory 16 of the authentication system 10 by the registration means 13 with the user ID (user identification information) and the imaging units 30A, 30B, 30C. Store it in association with the identification information. In this way, the registration of the user's face image captured by the user terminal 20 is completed. In the example shown in FIG. 17, the user's face image data stored in the memory 16 is not transmitted from the authentication system 10 to the imaging units 30A, 30B, and 30C of the service organization selected by the user.

Next, the process of authenticating the user in each of the imaging units 30A, 30B, and 30C will be described. When user authentication is required at the service institution where each image pickup unit 30A, 30B, 30C is installed, first, the user is imaged by the image pickup units 38A, 38B, 38C of the image pickup units 30A, 30B, 30C. Acquires the user's face image data. The processors 32A, 32B, 32C of the imaging units 30A, 30B, 30C transmit the user's face image data captured by the imaging units 38A, 38B, 38C to the processor 12 of the authentication system 10 by the communication units 42A, 42B, 42C. .. When the processor 12 of the authentication system 10 receives the user's face image data from the image pickup units 30A, 30B, 30C, the image pickup units 30A, 30B, 30C of the service organization selected by the user are stored in the memory 16. Accepts the user's face image data sent only from. Then, in the authentication system 10, the processor 12 compares the face image data received from the imaging units 30A, 30B, and 30C with the user's face image data stored in the memory 16 by the authentication means 15, so that the user can use the authentication system 10. Authenticate. More specifically, the matching rate between the user's face image data received from the imaging units 30A, 30B, and 30C and the user's face image data stored in the memory 16 sets a predetermined threshold value (for example, 80%). If it exceeds, the authentication means 15 authenticates the user. As described above, the memory 16 stores the user's identification information registered in advance, the identification information of the imaging units 30A, 30B, and 30C, and the user's face image data in association with each other.

Then, when the user is authenticated by the authentication means 15, the information related to the authentication result is transmitted from the processor 12 of the authentication system 10 to the imaging units 30A, 30B, and 30C by the communication unit 18. Then, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C that have received the information related to the authentication result can provide the services corresponding to the imaging units 30A, 30B, and 30C by the processing units 40A, 40B, and 40C. And. After that, the processors 32A, 32B, 32C of the imaging units 30A, 30B, 30C transmit the information related to the usage status of the service to the authentication system 10. As a result, in the authentication system 10, information relating to the service usage status of each service institution is stored in the memory 16 for each user.

On the other hand, the user's face image data received from the imaging units 30A, 30B, and 30C does not substantially match the user's face image data stored in the memory 16, and the user cannot be authenticated by the authentication means 15. In this case, the information related to the authentication result is transmitted from the processor 12 of the authentication system 10 to the imaging units 30A, 30B, and 30C by the communication unit 18 (STEP58). Then, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C that have received the information related to the authentication result cannot provide the services corresponding to the imaging units 30A, 30B, and 30C by the processing units 40A, 40B, and 40C. do. Also in this case, the processors 32A, 32B, and 32C of the imaging units 30A, 30B, and 30C are used to authenticate the information related to the service usage status (specifically, the user tries to authenticate with the imaging units 30A, 30B, and 30C. Information that the service could not be used without being used) is transmitted to the authentication system 10.

According to such an authentication method, the user's face image data is registered in the authentication engine of a service institution (for example, the image pickup unit 30A), but is registered in the authentication engine of another service institution (for example, the image pickup unit 30B). By storing the user's face image data in the memory 16 of the authentication system 10 even if it is not registered, the user's face image is captured by the imaging unit even at a service institution in which the user's face image data is not registered. By doing so, the user can be authenticated. In this case, since it is not necessary for the user to register the face image data in all of the plurality of authentication engines, the user's trouble can be saved.

Further, the authentication system 10 shown in FIG. 17 is also provided with the associating means 19. The linking means 19 links the user identification information used in the authentication engine 30D of the service organization that performs authentication other than face recognition with the user identification information related to the user's face image data stored in the memory 16. .. According to such an authentication system 10, convenience is improved by using the registered face image data (specifically, the user's face image data) in the authentication engine 30D that performs authentication other than face authentication. Can be made to.

Further, in a further modification, in the authentication system 10 as shown in FIGS. 1 to 3, the authentication means 35A, 35B, 35C of the imaging units 30A, 30B, 30C are not the feature amount of the user's face image but the user. The user may be authenticated using the face image data of the above. In this case, the face image data of the user registered in the authentication system 10 is transmitted to the imaging units 30A, 30B, and 30C. Further, in this case, the associating means 19 of the authentication system 10 as shown in FIGS. 1 to 3 stores the user identification information used in the authentication engine 30D of the service organization that performs authentication other than face authentication and the user identification information in the memory 16. It is associated with the user's identification information related to the user's face image data. Even in such an authentication system 10, convenience is improved by using the registered face image data (specifically, the feature amount of the user's face image) in the authentication engine 30D that performs authentication other than face authentication. Can be made to.

10 Authentication system 12 Processor 13 Registration means 14 Feature quantity extraction means 15 Authentication means 16 Memory 17 Information acquisition means 18 Communication unit 19 Linking means 20 User terminals 30A, 30B, 30C Imaging unit 30D Authentication engine 32A, 32B, 32C Processor 34A, 34B, 34C Feature extraction means 35A, 35B, 35C Authentication means 36A, 36B, 36C Memory 38A, 38B, 38C Imaging unit 40A, 40B, 40C Processing unit 42A, 42B, 42C Communication unit 50 Authentication system 52 Processor 52a Server management means 53 Registration means 54 Feature extraction means 55 Authentication means 56 First server 58 Second server 60 Third server

The authentication system of the present invention
An authentication system that authenticates users using information received from user terminals.
At the time of user registration, the user's face image data is received from the user terminal, the feature amount of the user's face image is extracted based on the received user's face image data, and the information related to the extracted feature amount of the user's face image is extracted. Information acquisition means to store the image in the memory
At the time of user authentication, the feature amount of the user's face image extracted from the user's face image data received from the image pickup unit of the service institution or the feature amount of the user's face image received from the image pickup unit of the service institution is stored in the memory. An authentication means that authenticates the user's face by comparing it with the feature amount of the user's face image,
A linking means for linking the user identification information used in the authentication engine of a service organization that performs authentication other than face recognition with the user identification information related to the feature amount of the user's face image stored in the memory.
Equipped with a,
Different strengths of authentication are set depending on the type of service institution. In one type of service institution, the user is authenticated based on the face authentication by the authentication means, and in another type of service institution, the face authentication by the authentication means is performed. In addition to this, the user is authenticated by using information other than biometric authentication .

The authentication system of the present invention
An authentication system that authenticates users using information received from user terminals.
At the time of user registration, the user's face image data is received from the user terminal, the feature amount of the user's face image is extracted based on the received user's face image data, and the information related to the extracted feature amount of the user's face image is extracted. Information acquisition means to store the image in the memory
A transmission means for transmitting information related to the feature amount of the user's face image stored in the memory to the image pickup unit of each service institution so that the image pickup unit of each service institution performs authentication based on the user's face image. When,
A linking means for linking the user identification information used in the authentication engine of a service organization that performs authentication other than face recognition with the user identification information related to the feature amount of the user's face image stored in the memory.
Equipped with a,
Different strengths of authentication are set depending on the type of service institution. In one type of service institution, the user is authenticated based on the face authentication by the authentication means, and in another type of service institution, the face authentication by the authentication means is performed. In addition to this, the user is authenticated by using information other than biometric authentication .

The authentication system of the present invention
An authentication system that authenticates users using information received from user terminals.
An information acquisition means that receives the user's face image data from the user terminal at the time of user registration and stores the received user's face image data in the memory.
An authentication means that authenticates the user by comparing the user's face image data received from the imaging unit of the service organization with the user's face image data stored in the memory at the time of user authentication.
A linking means for linking the user identification information used in the authentication engine of a service organization that performs authentication other than face authentication with the user identification information related to the user's face image data stored in the memory.
Equipped with a,
Different strengths of authentication are set depending on the type of service institution. In one type of service institution, the user is authenticated based on the face authentication by the authentication means, and in another type of service institution, the face authentication by the authentication means is performed. In addition to this, the user is authenticated by using information other than biometric authentication .

The authentication system of the present invention
An authentication system that authenticates users using information received from user terminals.
An information acquisition means that receives the user's face image data from the user terminal at the time of user registration and stores the received user's face image data in the memory.
A transmission means for transmitting the user's face image data stored in the memory to the image pickup unit of each service institution in order to perform authentication based on the user's face image in the image pickup unit of each service institution.
A linking means for linking the user identification information used in the authentication engine of a service organization that performs authentication other than face authentication with the user identification information related to the user's face image data stored in the memory.
Equipped with a,
Different strengths of authentication are set depending on the type of service institution. In one type of service institution, the user is authenticated based on the face authentication by the authentication means, and in another type of service institution, the face authentication by the authentication means is performed. In addition to this, the user is authenticated by using information other than biometric authentication .

The information processing method of the present invention
It is an information processing method by an authentication system that authenticates the user using the information received from the user terminal.
At the time of user registration, the user's face image data is received from the user terminal, the feature amount of the user's face image is extracted based on the received user's face image data, and the information related to the extracted feature amount of the user's face image is extracted. And the process of storing
At the time of user authentication, the feature amount of the user's face image extracted from the user's face image data received from the image pickup unit of the service institution or the feature amount of the user's face image received from the image pickup unit of the service institution is stored in the memory. The process of authenticating the user by comparing the feature amount of the user's face image
A process of associating a user's identification information used in an authentication engine of a service organization that performs authentication other than face authentication with a user's identification information related to a feature amount of the user's face image stored in the memory.
Equipped with a,
Different strengths of authentication are set depending on the type of service institution. In one type of service institution, the user is authenticated based on the face authentication by the authentication means, and in another type of service institution, the face authentication by the authentication means is performed. In addition to this, the user is authenticated by using information other than biometric authentication .

The information processing method of the present invention
It is an information processing method by an authentication system that authenticates the user using the information received from the user terminal.
At the time of user registration, the user's face image data is received from the user terminal, the feature amount of the user's face image is extracted based on the received user's face image data, and the information related to the extracted feature amount of the user's face image is extracted. And the process of storing
A process of transmitting information related to the feature amount of the user's face image stored in the memory to the imaging unit of each service institution in order to allow the imaging unit of each service institution to perform authentication based on the user's face image. ,
A process of associating a user's identification information used in an authentication engine of a service organization that performs authentication other than face authentication with a user's identification information related to a feature amount of the user's face image stored in the memory.
Equipped with a,
Different strengths of authentication are set depending on the type of service institution. In one type of service institution, the user is authenticated based on the face authentication by the authentication means, and in another type of service institution, the face authentication by the authentication means is performed. In addition to this, the user is authenticated by using information other than biometric authentication .

The information processing method of the present invention
It is an information processing method by an authentication system that authenticates the user using the information received from the user terminal.
At the time of user registration, the process of receiving the user's face image data from the user terminal and storing the received user's face image data in the memory,
A process of authenticating a user by comparing the user's face image data received from an imaging unit of a service organization with the user's face image data stored in the memory at the time of user authentication.
A process of associating a user's identification information used in an authentication engine of a service organization that performs authentication other than face authentication with a user's identification information related to the user's face image data stored in the memory.
Equipped with a,
Different strengths of authentication are set depending on the type of service institution. In one type of service institution, the user is authenticated based on the face authentication by the authentication means, and in another type of service institution, the face authentication by the authentication means is performed. In addition to this, the user is authenticated by using information other than biometric authentication .

The information processing method of the present invention
It is an information processing method by an authentication system that authenticates the user using the information received from the user terminal.
At the time of user registration, the process of receiving the user's face image data from the user terminal and storing the received user's face image data in the memory,
A process of transmitting the user's face image data stored in the memory to the image pickup unit of each service institution in order to perform authentication based on the user's face image in the image pickup unit of each service institution.
A process of associating a user's identification information used in an authentication engine of a service organization that performs authentication other than face authentication with a user's identification information related to the user's face image data stored in the memory.
Equipped with a,
Different strengths of authentication are set depending on the type of service institution. In one type of service institution, the user is authenticated based on the face authentication by the authentication means, and in another type of service institution, the face authentication by the authentication means is performed. In addition to this, the user is authenticated by using information other than biometric authentication .

Claims (15)

An authentication system that authenticates users using information received from user terminals.
At the time of user registration, the user's face image data is received from the user terminal, the feature amount of the user's face image is extracted based on the received user's face image data, and the information related to the extracted feature amount of the user's face image is extracted. Information acquisition means to store the image in the memory
At the time of user authentication, the feature amount of the user's face image extracted from the user's face image data received from the image pickup unit of the service institution or the feature amount of the user's face image received from the image pickup unit of the service institution is stored in the memory. An authentication means that authenticates the user by comparing the feature amount of the user's face image
A linking means for linking the user identification information used in the authentication engine of a service organization that performs authentication other than face recognition with the user identification information related to the feature amount of the user's face image stored in the memory.
Authentication system with. The authentication system according to claim 1, wherein when the user is authenticated by the authentication means, two-factor authentication is performed by using a feature amount of the user's face image and an element other than the feature amount of the user's face image. An authentication system that authenticates users using information received from user terminals.
At the time of user registration, the user's face image data is received from the user terminal, the feature amount of the user's face image is extracted based on the received user's face image data, and the information related to the extracted feature amount of the user's face image is extracted. Information acquisition means to store the image in the memory
A transmission means for transmitting information related to the feature amount of the user's face image stored in the memory to the image pickup unit of each service institution so that the image pickup unit of each service institution performs authentication based on the user's face image. When,
A linking means for linking the user identification information used in the authentication engine of a service organization that performs authentication other than face recognition with the user identification information related to the feature amount of the user's face image stored in the memory.
Authentication system with. The user identification information used in the authentication engine of the service organization that performs authentication other than face authentication is input to the user terminal by the user, the identification information of the user terminal possessed by the user, the information obtained from the biometric information other than the user's face, and the user. The authentication system according to any one of claims 1 to 3, which includes at least one of a group consisting of a code or a password. When an instruction to add the authentication engine of the service organization is received from the user terminal, the linking means is stored in the memory with the user identification information used for the authentication of the authentication engine of the added service organization. The authentication system according to any one of claims 1 to 4, which associates the user's identification information related to the feature amount of the user's face image with the user's identification information. The user's identification information used in the authentication engine of each service organization remains as it is even after the user's identification information is associated by the association means, according to any one of claims 1 to 5. Authentication system. The information acquisition means obtains a hash value obtained by a hash function from the received user's face image data when extracting the feature amount of the user's face image based on the received user's face image data. The authentication system according to any one of claims 1 to 6, which is extracted as a feature amount of a face image. An authentication system that authenticates users using information received from user terminals.
At the time of user registration, the user's face image data is received from the user terminal, the feature amount of the user's face image is extracted based on the received user's face image data, and the information related to the extracted feature amount of the user's face image is extracted. Information acquisition means to store the image in the memory
At the time of user authentication, the feature amount of the user's face image extracted from the user's face image data received from the image pickup unit of the service institution or the feature amount of the user's face image received from the image pickup unit of the service institution is stored in the memory. An authentication means that authenticates the user by comparing the feature amount of the user's face image
With
An authentication system that performs two-factor authentication by using a feature amount of a user's face image and an element other than the feature amount of the user's face image when the user is authenticated by the authentication means. An authentication system that authenticates users using information received from user terminals.
An information acquisition means that receives the user's face image data from the user terminal at the time of user registration and stores the received user's face image data in the memory.
An authentication means that authenticates the user by comparing the user's face image data received from the imaging unit of the service organization with the user's face image data stored in the memory at the time of user authentication.
A linking means for linking the user identification information used in the authentication engine of a service organization that performs authentication other than face authentication with the user identification information related to the user's face image data stored in the memory.
Authentication system with. An authentication system that authenticates users using information received from user terminals.
An information acquisition means that receives the user's face image data from the user terminal at the time of user registration and stores the received user's face image data in the memory.
A transmission means for transmitting the user's face image data stored in the memory to the image pickup unit of each service institution in order to perform authentication based on the user's face image in the image pickup unit of each service institution.
A linking means for linking the user identification information used in the authentication engine of a service organization that performs authentication other than face authentication with the user identification information related to the user's face image data stored in the memory.
Authentication system with. It is an information processing method by an authentication system that authenticates the user using the information received from the user terminal.
At the time of user registration, the user's face image data is received from the user terminal, the feature amount of the user's face image is extracted based on the received user's face image data, and the information related to the extracted feature amount of the user's face image is extracted. And the process of storing
At the time of user authentication, the feature amount of the user's face image extracted from the user's face image data received from the image pickup unit of the service institution or the feature amount of the user's face image received from the image pickup unit of the service institution is stored in the memory. The process of authenticating the user by comparing the feature amount of the user's face image
A process of associating a user's identification information used in an authentication engine of a service organization that performs authentication other than face authentication with a user's identification information related to a feature amount of the user's face image stored in the memory.
Information processing method with. It is an information processing method by an authentication system that authenticates the user using the information received from the user terminal.
At the time of user registration, the user's face image data is received from the user terminal, the feature amount of the user's face image is extracted based on the received user's face image data, and the information related to the extracted feature amount of the user's face image is extracted. And the process of storing
A process of transmitting information related to the feature amount of the user's face image stored in the memory to the imaging unit of each service institution in order to allow the imaging unit of each service institution to perform authentication based on the user's face image. ,
A process of associating a user's identification information used in an authentication engine of a service organization that performs authentication other than face authentication with a user's identification information related to a feature amount of the user's face image stored in the memory.
Information processing method with. It is an information processing method by an authentication system that authenticates the user using the information received from the user terminal.
At the time of user registration, the user's face image data is received from the user terminal, the feature amount of the user's face image is extracted based on the received user's face image data, and the information related to the extracted feature amount of the user's face image is extracted. And the process of storing
At the time of user authentication, the feature amount of the user's face image extracted from the user's face image data received from the image pickup unit of the service institution or the feature amount of the user's face image received from the image pickup unit of the service institution is stored in the memory. The process of authenticating the user by comparing the feature amount of the user's face image
With
An information processing method in which two-factor authentication is performed by using a feature amount of a user's face image and an element other than the feature amount of the user's face image when the user is authenticated by the authentication means. It is an information processing method by an authentication system that authenticates the user using the information received from the user terminal.
At the time of user registration, the process of receiving the user's face image data from the user terminal and storing the received user's face image data in the memory,
A process of authenticating a user by comparing the user's face image data received from an imaging unit of a service organization with the user's face image data stored in the memory at the time of user authentication.
A process of associating a user's identification information used in an authentication engine of a service organization that performs authentication other than face authentication with a user's identification information related to the user's face image data stored in the memory.
Information processing method with. It is an information processing method by an authentication system that authenticates the user using the information received from the user terminal.
At the time of user registration, the process of receiving the user's face image data from the user terminal and storing the received user's face image data in the memory,
A process of transmitting the user's face image data stored in the memory to the image pickup unit of each service institution in order to perform authentication based on the user's face image in the image pickup unit of each service institution.
A process of associating a user's identification information used in an authentication engine of a service organization that performs authentication other than face authentication with a user's identification information related to the user's face image data stored in the memory.
Information processing method with.

Images