KR102750290B1 - Device and method to authorize user based on video data - Google Patents

Abstract

A method for authenticating a user based on an image captured by a camera includes the steps of: detecting a target object corresponding to at least a part of a body of the user in the image; outputting one of predetermined commands through an output interface device; detecting movement of the target object; and generating an authentication signal for authenticating the user based on whether the detected movement of the target object corresponds to one of the commands.

Description

{DEVICE AND METHOD TO AUTHORIZE USER BASED ON VIDEO DATA}

The present invention relates to a device and method for processing image data, and more specifically, to a device and method for authenticating a user based on image data.

In a user authentication system, a computer device can determine whether to allow access to the computer device, performance of operations on the computer device, etc., based on authentication data provided by a user. Authentication data can be provided in various ways, and can include, for example, a password entered by a user, biometric information, etc. Biometric information can include information about a fingerprint, an iris, and a face.

As computer devices generally include cameras capable of capturing images or videos, facial authentication methods that are performed by capturing a user's face may have economic advantages over other authentication methods.

The above-described content is only intended to help understand the background technology for the technical ideas of the present invention, and therefore cannot be understood as content corresponding to prior art known to those skilled in the art in the technical field of the present invention.

In facial authentication methods that are performed by taking a picture of the user's face, there may be spoofing attacks that maliciously cause false authentication, and therefore, a means to prevent this is required in facial authentication methods.

The device and method for authenticating a user based on image data according to embodiments of the present invention can authenticate a user with an improved level of security. For example, the device and method for authenticating a user can effectively and efficiently detect a spoofing attack that attempts to pass user authentication by causing an unintended object to be photographed.

A method for authenticating a user based on an image captured by a camera according to an embodiment of the present invention comprises the steps of: detecting a target object corresponding to at least a part of a body of the user in the image; outputting one of predetermined commands through an output interface device; detecting a movement of the target object; and generating an authentication signal for authenticating the user based on whether the detected movement of the target object corresponds to one of the commands.

The method may further include a step of allowing or blocking access to the data server in response to the authentication signal.

The step of detecting the target object may include the step of outputting a message requesting that the target object be located in a defined area in the image through the output interface device; and the step of detecting the target object in the defined area in the image.

The method may further include a step of performing a liveness check based on the image; and a step of generating an authentication blocking signal for blocking authentication of the user based on a result of the liveness check.

The method may further include the step of blocking access to the data server in response to the authentication blocking signal.

The step of generating the above authentication signal may include a step of analyzing the detected movement of the target object using an artificial intelligence model that has learned a plurality of movements.

Another aspect of the present invention relates to a computer device. The computer device includes a camera; an output interface device; and a processor connected to the camera and the output interface device, wherein the processor is configured to detect a target object corresponding to at least a part of a user's body in an image captured by the camera; output one of predetermined commands through the output interface device; detect a movement of the target object; and generate an authentication signal for authenticating the user based on whether the detected movement of the target object corresponds to one of the commands.

Another aspect of the present invention relates to a storage medium readable by a computer device storing a computer program. The computer device includes a camera, an output interface device, and a processor connected to the camera and the output interface device, and the storage medium includes instructions for: when the computer program is executed by the processor, detecting a target object corresponding to at least a part of a user's body in an image captured by the camera; outputting one of predetermined commands through the output interface device; detecting a movement of the target object; and generating an authentication signal for authenticating the user depending on whether the detected movement of the target object corresponds to one of the commands.

The computer program may further include instructions that, when executed by the processor, allow or block access to the data server in response to the authentication signal.

The computer program may further include instructions for performing a liveness check based on the image when executed by the processor; and generating an authentication blocking signal for blocking authentication of the user based on a result of the liveness check.

According to embodiments of the present invention, a device and method for authenticating a user based on image data with an improved level of security are provided.

Figure 1 is a diagram showing a client terminal and a user positioned in front of it.
FIG. 2 is a block diagram showing a network system according to an embodiment of the present invention.
FIG. 3 is a block diagram showing an embodiment of the user authenticator of FIG. 2.
FIG. 4 is a drawing showing an example of a graphical interface displayed on a display device by the user object detection unit of FIG. 3.
FIG. 5 is a drawing showing an example of a graphical interface displayed on a display device by the command output unit of FIG. 3.
FIG. 6 is a block diagram showing an example of the command-based authentication unit of FIG. 3.
FIG. 7 is a block diagram showing another embodiment of the user authenticator of FIG. 2.
FIG. 8 is a flowchart showing a method for authenticating a user from an image captured by a camera according to an embodiment of the present invention.
Figure 9 is a flowchart showing an example of step S110 of Figure 6.
FIG. 10 is a flowchart showing another embodiment of a method for authenticating a user from an image captured by a camera.
FIG. 11 is a block diagram showing an embodiment of a computer device suitable for implementing the client terminal of FIG. 2.
FIG. 12 is a block diagram showing an embodiment of a client control module of FIG. 11 or a client server providing its installation file.

Hereinafter, preferred embodiments according to the present invention will be described in detail with reference to the attached drawings. In the following description, only the parts necessary for understanding the operation according to the present invention will be described, and it should be noted that the description of other parts will be omitted so as not to obscure the gist of the present invention. In addition, the present invention is not limited to the embodiments described herein and may be embodied in other forms. However, the embodiments described herein are provided in order to explain the technical idea of the present invention in detail to a degree that a person having ordinary knowledge in the technical field to which the present invention belongs can easily practice it.

Throughout the specification, when a part is said to be "connected" to another part, this includes both the "directly connected" case and the "indirectly connected" case with another element in between. The terminology used herein is for the purpose of describing particular embodiments and is not intended to limit the present invention. Throughout the specification, when a part is said to "comprise" a certain element, this does not exclude other elements unless specifically stated to the contrary, but rather means that other elements can be included. "At least one of X, Y, and Z," and "at least one selected from the group consisting of X, Y, and Z" can be interpreted as one X, one Y, one Z, or any combination of two or more of X, Y, and Z (e.g., XYZ, XYY, YZ, ZZ). Herein, "and/or" includes any combination of one or more of the said elements.

Figure 1 is a diagram showing a client terminal and a user positioned in front of it.

Referring to FIG. 1, the client terminal (20) can authenticate a user (10) who wants to use the client terminal (20) or a data server connected thereto through user authentication. For example, the client terminal (20) can obtain a face image of the user (10) using a camera (CMR) and analyze the obtained face image to determine whether to allow an arbitrary operation of the client terminal (20). In embodiments, an object corresponding to a face is detected in the image, feature values are extracted from the detected object, the extracted feature values are compared with registered features for a valid user, and whether user authentication is successful or not can be determined based on the comparison result. The pass of authentication can allow or trigger various operations of the client terminal (20), for example, specific operations performed in response to a request from the user (10), according to embodiments.

A valid user can pre-register his/her face on a client terminal (20) by, for example, taking a picture of his/her face with a camera (CMR), and the client terminal (20) can store information related to the face in a network database such as a storage device or a cloud storage medium. For example, feature values extracted from a face image of the valid user can be stored as registration information of the valid user.

An attack that maliciously nullifies user authentication may be attempted. For example, a user who is not a valid user may attempt user authentication by having the face of the valid user displayed on an electronic device, a photograph, or the face of the valid user printed on paper, etc., captured by a camera (CMR). In this case, if the user authentication passes, the security of the client terminal (20) and/or data associated with the client terminal (20) becomes vulnerable. The network system and/or client terminal (20) according to an embodiment of the present invention is configured to prevent such erroneous authentication.

FIG. 2 is a block diagram showing a network system according to an embodiment of the present invention.

Referring to FIG. 2, the network system (100) may include a network (105), a client terminal (110), and a data server (120).

The network system (100) may include a plurality of devices, servers, and/or software configurations that operate to perform various methods according to the embodiments of the present invention described herein. The devices and/or servers illustrated in FIG. 2 may be configured in other manners, and the operations and services provided by the devices and/or servers may be combined or separated for the embodiments described herein, and may be performed by more or fewer devices and/or servers. One or more of the devices and/or servers may be driven and/or maintained by the same or different entities.

The network (105) connects components within the network system (100), such as client terminals (110) and data servers (120). The network (105) may include at least one of a public network, at least one private network, a wired network, a wireless network, other suitable types of networks, and combinations thereof. Each of the components within the network system (100) may include at least one of a wired communication function and a wireless communication function, and thus may communicate with each other through the network (105).

A client terminal (110) can access a data server (120) via a network (105) in response to a user's control. The client terminal (110) can include an output interface device (111), a user input device (112), a communicator (113), a camera (CMR), and a client control device (114).

The output interface device (111) is configured to output information in a form that can be recognized by a user in response to control of the client control device (114). In embodiments, the output interface device (111) may include a display device configured to output visual information.

The user input device (112) is configured to receive user inputs from a user, for example, for controlling operations of the client control device (114), and to provide the received user inputs to the client control device (114). In embodiments, the user input device (112) may include a key pad, a touch pad, a mouse, etc. In particular, when the touch pad is formed integrally with the display device of the output interface device (111), it may be called a touch screen. In this case, the user input device (112) may be visualized by the display device.

The communication device (113) is configured to connect to the network (105) and communicate with an external device and/or server, for example, a data server (120). The communication device (113) supports wired communication functions and/or wireless communication functions, and can communicate with the data server (120) on the network (105) through these.

The camera (CMR) is installed to aim at any suitable area and is configured to photograph the oriented area in response to the control of the client control device (114) to provide an image (VD). A user can be positioned in the oriented area of the camera (CMR) and photographed by the camera (CMR).

The client control device (114) is configured to control the output interface device (111), the user input device (112), the communicator (113), and the camera (CMR). The client control device (114) may include a main controller (115) and a user authenticator (116). The main controller (115) may perform and/or support various operations for various purposes (e.g., working from home). In embodiments, the client control device (114) may be implemented as an application for accessing the data server (120). The main controller (115) may receive data from the data server (120) and visually and/or audibly output the received data through the output interface device (111), such as a display device and/or an audio device. The main controller (115) may receive a user input and transmit data according to the received user input to the data server (120) through the communicator (113). In this way, the main controller (115) can interact with the data server (120) to perform various operations.

Among the various operations of the main controller (115), at least some of the operations are permitted and/or prohibited depending on the authentication signal (AS). The main controller (115) can perform the operations while the authentication signal (AS) is generated (or enabled). The main controller (115) can prohibit the performance of the operations while the authentication signal (AS) is not generated (or disabled). For example, the main controller (115) can perform an operation of receiving and displaying data from the data server (120) while the authentication signal (AS) is generated, and can not perform an operation of receiving data from the data server (120) while the authentication signal (AS) is not generated, even if a user's request is received. Considering that the operations of the main controller (115) are permitted and/or prohibited according to the authentication signal (AS), if the user authenticator (116) performs authentication with high reliability and provides the authentication signal (AS), data security associated with the client terminal (110) and/or the data server (120) can be improved.

The user authenticator (116) is configured to authenticate a user using a client terminal (110) based on an image (VD) captured by a camera (CMR) and generate an authentication signal (AS) accordingly. The user authenticator (116) can detect a target object corresponding to at least a part of the user's body in the image (VD), output an arbitrary command through an output interface device (111), and then detect movement of the target object, and determine whether the movement of the detected target object corresponds to the output command to generate an authentication signal (AS).

FIG. 3 is a block diagram showing an embodiment of the user authenticator of FIG. 2. FIG. 4 is a diagram showing an example of a graphic interface displayed on a display device by the user object detection unit of FIG. 3. FIG. 5 is a diagram showing an example of a graphic interface displayed on a display device by the command output unit of FIG. 3. FIG. 6 is a block diagram showing an embodiment of the command-based authentication unit of FIG. 3.

Referring to FIG. 3, the user authenticator (200) may include a user object detection unit (210), a command output unit (220), an object-based authentication unit (230), a command-based authentication unit (240), and an authentication signal generation unit (270).

The user object detection unit (210) is configured to receive an image (VD) from a camera (CMR, see FIG. 2) and detect a target object (TOBJ) corresponding to at least a part of the user's body in the image (VD). For example, a part of the user's face may be detected as the target object (TOBJ). Referring to FIG. 4, the user object detection unit (210) may display a graphical interface (GUI1) including a message requesting that a part of the body be appropriately moved so that the target object (TOBJ) is located in a predetermined area (AR) of the image (VD), on the output interface device (111), and accordingly, when the user appropriately moves a part of the body, the user object detection unit (210) may detect the target object (TOBJ) in the predetermined area (AR) of the image (VD). Referring again to FIG. 3, the user object detection unit (210) notifies the object-based authentication unit (230) and the command-based authentication unit (240) of the detected target object (TOBJ).

The user object detection unit (210) may provide an enable signal (EN) to the command output unit (220) in response to detection of a target object (TOBJ). The command output unit (220) may display a graphical interface (GUI2) including a message indicating a specific command on the output interface device (111) in response to the enable signal (EN). For example, as illustrated in FIG. 5, a message such as “Rotate your face left and right twice” may be displayed on the output interface device (111). The command may be any one of various forms of messages and/or signals requesting a specific movement or action from the user. A plurality of commands may be stored in a storage medium of the client terminal (110), and the command output unit (220) may select any one of them and output the corresponding message.

The object-based authentication unit (230) determines whether to authenticate the user based on whether the target object (TOBJ) matches the reference data, and notifies the authentication result to the authentication signal generation unit (270). In embodiments, the object-based authentication unit (230) may extract feature values from the target object (TOBJ), compare the extracted feature values with registered feature values corresponding to a valid user, i.e., the reference data, and determine pass or fail of user authentication based on the comparison result. A valid user may take a picture of his or her own face and register it in advance in the client terminal (110), and the object-based authentication unit (230) may extract feature values from the photographed face of the valid user and store the extracted feature values as reference data in the storage medium of the client terminal (110).

The command-based authentication unit (240) detects the movement of the target object (TOBJ), determines whether to authenticate the user based on whether the detected movement conforms to the command provided by the command output unit (220), and reports the authentication result to the authentication signal generation unit (270). In embodiments, the command-based authentication unit (240) may detect the movement of the target object (TOBJ) using at least one of various types of gesture recognition algorithms, and determine whether the detected movement conforms to the command. In embodiments, the command-based authentication unit (240) may detect the movement of the target object (TOBJ) using an artificial intelligence model based on deep learning, and determine whether the detected movement conforms to the command. Referring to FIG. 6, the command-based authentication unit (300) may include an artificial intelligence model (310) and an artificial intelligence processor (320). The artificial intelligence model (310) may be pre-trained to output data (MST) representing the type of movement (or gesture) when a moving target object (TOBJ) is input. In embodiments, the artificial intelligence model (310) may include one or more neural networks (L1, L2, ..., L_k-1, L_k), which may pre-train moving objects and their movement types. For example, the neural networks (L1, L2, ..., L_k-1, L_k) may include neural networks corresponding to encoders for outputting vectors representing feature information from the moving target object (TOBJ), and neural networks corresponding to decoders for converting the vectors representing feature information into movement type data (MST).

The artificial intelligence processor (320) is configured to control the artificial intelligence model (310). The artificial intelligence processor (320) may include a data learning unit (321) and a data processing unit (322). The data learning unit (321) may train the artificial intelligence model (310) using learning data including moving objects and movement types corresponding to them so that when a moving object is input to the artificial intelligence model (310), the corresponding movement type data is output. The data processing unit (322) may obtain movement type data (MST) by inputting a moving target object (TOBJ) to the trained artificial intelligence model (310). The movement type data (MST) may include a determined movement type and its likelihood (or probability value). The data processing unit (322) may determine pass or fail of user authentication depending on whether the movement type data (MST) matches a command provided by the command output unit (220). Whether the motion type data (MST) matches the command can be determined probabilistically, and such a probability value can be compared to, for example, a threshold to determine pass or fail of user authentication.

In the embodiments, the artificial intelligence model (310) and the artificial intelligence processor (320) may be implemented as a processor and a memory. The processor may include one or more cores, such as a single core, a dual core, a quad core, etc. The processor may load programs and/or instructions into the memory and execute the loaded programs and/or instructions, thereby providing the artificial intelligence model (310) and the artificial intelligence processor (320), respectively.

By performing user authentication based on whether the user performs a movement that matches a command in this way, malicious attacks that attempt false authentication by having the camera capture an unintended object, such as the user's face displayed on an electronic device, a photograph, or the user's face printed on paper, can be effectively and efficiently detected.

Referring back to FIG. 3, the authentication signal generation unit (270) is configured to generate an authentication signal (AS) based on the user authentication results of the object-based authentication unit (230) and the command-based authentication unit (240). In embodiments, the authentication signal generation unit (270) may generate (or enable) the authentication signal (AS) when both the user authentication results of the object-based authentication unit (230) and the command-based authentication unit (240) pass. In other embodiments, the authentication signal generation unit (270) may generate the authentication signal (AS) when one or more of the user authentication results of the object-based authentication unit (230) and the command-based authentication unit (240) pass.

In embodiments, each of the user object detection unit (210), the command output unit (220), the object-based authentication unit (230), the command-based authentication unit (240), and the authentication signal generation unit (270) may be implemented as hardware, software, firmware, or a combination thereof. In embodiments, one or more of the user object detection unit (210), the command output unit (220), the object-based authentication unit (230), the command-based authentication unit (240), and the authentication signal generation unit (270) may be separated or integrated into more components.

FIG. 7 is a block diagram showing another embodiment of the user authenticator of FIG. 2.

Referring to FIG. 7, the user authenticator (400) may include a user object detection unit (410), a command output unit (420), an object-based authentication unit (430), a command-based authentication unit (440), an authentication signal generation unit (470), and a liveness check unit (480).

The user object detection unit (410), the command output unit (420), the object-based authentication unit (430), the command-based authentication unit (440), and the authentication signal generation unit (470) may be configured similarly to the user object detection unit (210), the command output unit (220), the object-based authentication unit (230), the command-based authentication unit (240), and the authentication signal generation unit (270) of FIG. 3, respectively. Hereinafter, any duplicate description will be omitted.

The authentication signal generation unit (470) is configured to generate an authentication blocking signal (ABS) in response to the user authentication result of the liveness check unit (480).

The liveness test unit (480) is configured to perform a liveness test on the target object (TOBJ) and to report the test result to the authentication signal generation unit (470). The liveness test is to test whether the target object (TOBJ) is a living object, and is to determine the authenticity of an object captured by a camera (CMR). For example, the liveness test is to test whether the target object (TOBJ) is a genuine face of a person or a fake face. In this way, the liveness test is used to distinguish between a non-living object (e.g., a photograph, paper, video, model, etc. used as a means of forgery) and a living object (e.g., a genuine face of a person). In embodiments, the liveness test unit (480) may perform the liveness test on the target object (TOBJ) using at least one of various types of liveness test algorithms. In embodiments, the liveness check unit (480) may perform a liveness check on the target object (TOBJ) using an artificial intelligence model that is trained to provide output data indicating whether an object corresponds to liveness when input. In embodiments, the liveness check unit (480) may notify the authentication signal generation unit (470) that the user authentication has failed when no eye blinking is detected in the target object (TOBJ) for a certain period of time.

By performing user authentication based more on the liveness check of the target object (TOBJ) in this way, malicious attacks attempting false authentication by having the camera capture an unintended object can be effectively and efficiently detected.

FIG. 8 is a flowchart showing a method for authenticating a user from an image captured by a camera according to an embodiment of the present invention.

Referring to FIG. 1 and FIG. 8, in step S110, a target object corresponding to at least a part of a user's body is detected in an image captured by a camera (CMR). For example, the target object may correspond to the user's face.

In step S120, it is determined whether the target object matches predetermined reference data. A valid user can take a picture of his/her face with a camera (CMR) in advance, and feature values can be extracted from the taken face and stored as reference data. Feature values are extracted from the detected target object, and the extracted feature values are compared with the reference data to determine whether the target object matches the predetermined reference data. For example, step S120 is performed in the same manner as the operations of the object-based authentication unit (230) described with reference to FIG. 3. If the target object matches the predetermined reference data, step S130 is performed.

In step S130, one of the predetermined commands is output through an output interface device of the client terminal (20), for example, a display device. For example, as shown in Fig. 5, a command such as “Rotate your face left and right twice” may be displayed through the output interface device.

In step S140, the movement of the target object is detected after the command is output. In step S150, it is determined whether the movement of the target object corresponds to the output command. For example, step S150 is performed in the same manner as the operations of the command-based authentication unit (240) described with reference to FIG. 3. If the movement of the target object corresponds to the output command, step S160 is performed.

In step S160, an authentication signal is generated to authenticate the user. One or more operations of the client terminal (20) may be permitted and/or prohibited according to the authentication signal. In embodiments, in step S170, access to the data server (see 120 of FIG. 2) of the client terminal (20) may be permitted in response to the authentication signal. For example, the client terminal (20) may receive a user input from the user (10), receive data from the data server in response to the user input, and display the received data.

Figure 9 is a flowchart showing an example of step S110 of Figure 6.

Referring to FIG. 9, in step S210, after a predetermined area (see AR of FIG. 4) is displayed within an image, a message requesting that a target object be located within the corresponding area within the image may be output through the display device. In step S220, after a user appropriately moves a part of the body, the target object may be detected within the predetermined area within the image.

FIG. 10 is a flowchart showing another embodiment of a method for authenticating a user from an image captured by a camera.

Referring to FIGS. 1 and 10, in step S310, a liveness check is performed on a target object detected in an image captured by a camera (CMR). The liveness check is to check whether the target object is a living object, and the liveness check can be performed on the target object using at least one of various types of liveness check algorithms. In embodiments, the target object may be a user's two eyes, and whether eye blinking is detected in the target object can be monitored.

In step S320, either step S330 or step S350 may be performed depending on whether the liveness check result determines that the target object is counterfeit.

In step S330, when the liveness check result indicates that the target object is forged, an authentication blocking signal is generated. Operations of the client terminal (20) may be prohibited in response to the authentication blocking signal. In embodiments, in step S340, access of the client terminal (20) to the data server (see 120 of FIG. 2) may be prohibited in response to the authentication blocking signal.

In step S350, an authentication signal is generated (or maintained). Operations of the client terminal (20) may be permitted according to the authentication signal. In embodiments, in step S360, access of the client terminal (20) to the data server may be permitted in response to the authentication signal. Steps S310 to S360 of FIG. 10 may be performed, for example, periodically and repeatedly, after the authentication signal described with reference to FIG. 8 is generated.

FIG. 11 is a block diagram showing an embodiment of a computer device suitable for implementing the client terminal of FIG. 2.

Referring to FIG. 11, a computer device (1000) may include a camera (CMR), a display device (1100), a user input device (1200), a communicator (1300), a nonvolatile storage medium (1400), a processor (1500), and a system memory (1600).

The camera (CMR) can generate an image by capturing a targeted area in response to the control of the processor (1500) and provide the generated image to the processor (1500). The camera (CMR) can be provided as the camera (CMR) of FIG. 2.

The display device (1100) displays information processed by the processor (1500). In embodiments, the display device (1100) may include at least one of a liquid crystal display, an organic light-emitting diode display, a flexible display, etc. The user input device (1200) receives a user input for controlling the operation of the computer device (1000). The user input device (1200) may include a key pad, a dome switch, a touch pad (static/capacitive), a jog wheel, a jog switch, a finger mouse, etc. In particular, when the touch pad is formed integrally with the display device (1100), it may be called a touch screen. In this case, the user input device (1200) may be visualized by the display device (1100). The communication device (1300) is configured to connect to a network (105, see FIG. 2) via wired and/or wireless communication in response to the control of the processor (1500). The display device (1100), the user input device (1200), and the communication device (1300) may be provided as the output interface device (111), the user input device (112), and the communication device (113) of FIG. 2, respectively.

The nonvolatile storage medium (1400) may include at least one of storage media that maintains stored data even when power is cut off, such as a flash memory type, a hard disk type, a multimedia card, etc. The nonvolatile storage medium (1400) is configured to write and read data in response to the control of the processor (1500).

The processor (1500) controls operations of a camera (CMR), a display device (1100), a user input device (1200), a communicator (1300), a nonvolatile storage medium (1400), and a system memory (1600). The processor (1500) may include a plurality of processing units (or a plurality of cores) to perform various processes such as calculations and comparisons. For example, the processor (1500) may include a central processing unit. For example, the processor (1500) may further include a graphic processing unit.

The processor (1500) can load program codes and/or instructions into the system memory (1600) and perform the operations of the client control device (114) of FIG. 2 by executing the loaded program codes and/or instructions. The processor (1500) can load the client control module (1620) into the system memory (1600) and perform the operations of the client control device (114) of FIG. 2 by executing the loaded client control module (1620). For example, the processor (1500) can download an installation file from an arbitrary client server and obtain the client control module (1620) by installing the downloaded installation file.

In addition, the processor (1500) can load the operating system (1610) into the system memory (1600) and execute the loaded operating system (1610) to control the overall operations of the computer device (1000). The operating system (1610) can provide an interface to a camera (CMR), a display device (1100), a user input device (1200), a communicator (1300), a nonvolatile storage medium (1400), and the system memory (1600) to application programs operating under the operating system (1610), for example, a client control module (1620). In this way, the operating system (1610) provides an environment that allows the client control module (1620) to use the hardware devices of the computer device (1000).

The system memory (1600) may include at least one of a Random Access Memory (RAM), a Read Only Memory (ROM), and other types of computer-readable storage media. In FIG. 11, the system memory (1600) is illustrated as a separate component from the processor (1500), but this is exemplary and at least a portion of the system memory (1600) may be included within the processor (1500). The system memory (1600) may be separated into a plurality of components as needed.

FIG. 12 is a block diagram showing an embodiment of a client control module of FIG. 11 or a client server providing its installation file.

Referring to FIG. 12, a client server (2000) may be connected to a computer device (1000) of FIG. 11 via a network (105, see FIG. 11). A computer program executed by the computer device (1000) may be provided from the client server (2000). Referring to FIG. 12, the client server (2000) may include a communication device (2100), a processor (2200), and a database (2300). The communication device (2100) may communicate with the computer device (1000) via the network (105). The database (2300) may include a storage medium configured to store a computer program that may be executed by the computer device (1000), for example, the client control module (1620) of FIG. 11, or an installation file including corresponding program codes and/or commands. The database (2300) may be implemented with at least one of non-volatile storage media such as flash memory, hard disk, multimedia card, etc.

The processor (2200) can provide a computer program stored in a database (2300) to the computer device (1000) through the communication device (2100) in response to a request from the computer device (1000). The computer program can be installed and executed on the computer device (1000).

Although specific embodiments and application examples have been described herein, they have been provided only to help a more general understanding of the present invention, and the present invention is not limited to the above embodiments, and various modifications and variations are possible from this description to those skilled in the art to which the present invention pertains.

Therefore, the idea of the present invention should not be limited to the described embodiments, and all things that are equivalent or equivalent to the claims described below as well as the claims are included in the scope of the idea of the present invention.

20, 110: Client terminal
CMR: Camera
111: Output interface device
112: User Input Device
113: Communicator
114: Client Control Device
115: Main Controller
116: User Authenticator

Claims (10)

A method for authenticating a user based on an image captured by a camera:
A step of detecting a target object corresponding to at least a part of the user's body in the above image;
A step of outputting one of the predetermined commands requesting to transform the target object through an output interface device;
A step of detecting the movement of the target object; and
A step of generating an authentication signal for authenticating the user based on the one of the target object and the commands,
The step of detecting the above target object is:
A step of outputting a message requesting that the target object be located in a predetermined area within the image through the output interface device; and
Comprising a step of detecting the target object in the determined area within the image,
A method wherein the step of generating the authentication signal comprises the step of generating the authentication signal when a movement that deforms the target object appears within the determined area in the image, depending on whether the movement that deforms the target object corresponds to one of the commands. In paragraph 1,
A method further comprising the step of allowing or blocking access to the data server in response to said authentication signal. delete In paragraph 1,
A step of performing a liveness test based on the above image; and
A method further comprising the step of generating an authentication blocking signal for blocking authentication of the user based on the result of the liveness check. In paragraph 4,
A method further comprising the step of blocking access to the data server in response to the above authentication blocking signal. In paragraph 1,
A method wherein the step of generating the authentication signal depending on whether the movement that deforms the target object matches one of the commands comprises the step of obtaining movement type data indicating a type of the movement that deforms the target object using an artificial intelligence model that has learned a plurality of movements, and generating the authentication signal depending on whether the movement type data matches one of the commands. camera;
output interface device; and
comprising a processor connected to the camera and the output interface device;
The above processor,
A message is output through the output interface device requesting that a target object corresponding to at least a part of the user's body be located in a predetermined area within an image captured by the camera, and the target object is detected in the predetermined area within the image;
Outputting one of the predetermined commands requesting transformation of the target object through the output interface device;
Detecting movement of the above target object;
A computer device configured to generate an authentication signal for authenticating the user when a movement for transforming the target object appears within the determined area in the image, depending on whether the movement for transforming the target object corresponds to one of the commands. In a storage medium readable by a computer device, storing a computer program:
The computer device includes a camera, an output interface device, and a processor connected to the camera and the output interface device,
When the above computer program is executed by the processor,
A message is output through the output interface device requesting that a target object corresponding to at least a part of the user's body be located in a predetermined area within an image captured by the camera, and the target object is detected in the predetermined area within the image;
Outputting one of the predetermined commands requesting transformation of the target object through the output interface device;
Detecting movement of the above target object;
A storage medium including commands for generating an authentication signal for authenticating the user when a movement for transforming the target object appears within the determined area in the image, depending on whether the movement for transforming the target object corresponds to one of the commands. In Article 8,
When the above computer program is executed by the processor,
A storage medium further comprising commands for allowing or blocking access to a data server in response to said authentication signal. In Article 8,
When the above computer program is executed by the processor,
Perform a liveness test based on the above image;
A storage medium further comprising commands for generating an authentication blocking signal for blocking authentication of the user based on the results of the liveness check.

Images