JP2002108823A - Method for personal identification, method for one-stop service and related system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a reliable method for personal identification and to realize a method for batch providing plural services by once log in. SOLUTION: An IC card 4 stores the biological information of a user and log in information. A terminal device 3 inputs the biological information from the card 4 to send it to a biological information recognition part 13, which compares the biological information inputted directly from the user with that from the card 4. When they are coincident, the device 3 inputs the log in information from the card 4 and transmits it to a service providing system 5 to which a service is to be requested. The system 5 receives the plural service requests from the device 3 after log in identification, batch processes these service requests and transmits respective processing results to the device.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a personal authentication method using biometric information and login information, and to a one-stop service method for collectively processing a plurality of service requests after personal authentication.

[0002]

2. Description of the Related Art In a system for providing various services by accessing a server on a service providing side from a terminal device on a user side using the Internet, a technique for authenticating a user is essential. Conventionally, a login authentication method using electronic authentication information provided by a user ID and password or an encryption key management system, a personal authentication method using biometric information, and the like are known.

On the other hand, administrative and government services provide individual services at each service window, and no system has been constructed to provide several services collectively. For example, in the case of an address change, even if a change of address is submitted by submitting a notice of relocation to an administrative organization, the change of address described in various licenses has to be carried out by the administrative organization or the government organization.

[0004] An electronic commerce system using the Internet provides a service for mediating transactions with individual business partners for individual products to be traded.
No system has been constructed to execute collective transactions with a plurality of suppliers for a plurality of products.

[0005]

According to the above-mentioned conventional personal authentication method, in an authentication method using a user ID and a password, another person who can know the user ID of the user impersonates the user by analogy with the password. Can occur. In an authentication method using biometric information, when biometric information of a person flows over a network, it can be eavesdropped by another person and misused for impersonation.

[0006] In a service providing system for realizing electronic administration and electronic government, a method of collectively providing services for a plurality of service requests by one login is desired. In the electronic commerce system as well, there is a demand for a method of collectively executing a service that mediates transactions with a plurality of business partners for a plurality of products by a single login.

An object of the present invention is to provide a highly reliable personal authentication method.

Another object of the present invention is to realize a method for collectively providing a plurality of services by one login.

[0009]

SUMMARY OF THE INVENTION According to the present invention, when a terminal device compares biometric information collected from a user with biometric information stored in a storage device and determines that the two match, the terminal device determines whether the two match. A personal authentication method for performing secondary authentication of a user based on login information stored in a storage device is characterized. Further, the present invention is characterized by a personal authentication method for comparing biometric information in an IC chip so that the biometric information stored in the storage device is not sent to the outside.

Further, the present invention authenticates a user based on the login information of the user received from the outside, receives a plurality of service requests from the outside after the login authentication, and provides a service providing server corresponding to each service request. , The service providing process is executed, and each processing result is transmitted to the outside.

[0011]

Embodiments of the present invention will be described below with reference to the drawings.

FIG. 1 is a configuration diagram of a system related to issuance of an IC card, maintenance of security information relating to the IC card, and personal authentication using the IC card. The system includes a terminal device 3, an IC card 4, a plurality of service providing systems 5, a fraud management system 6, an encryption key management system 7, a fraud monitoring terminal 8, and the Internet 1 connecting these terminal devices or systems as shown.
0 and the like.

The terminal device 3 authenticates the user using biometric information recorded on the IC card 4 such as fingerprint information, iris information, and voiceprint information, and then logs in to the intended service providing system 5. Computer and terminal device that receives the service. The service providing system 5
It is a computer system installed according to the provided service. The fraud management system 6 uses the fraud database (D
B), which is a computer system that receives a report of personal authentication failure from the terminal device 3 and registers the card information in the unauthorized DB. Further, the fraud management system 6 notifies the card information of the IC card 4 that has been repeatedly reported to the fraud monitoring terminal 8. The unauthorized use monitoring terminal 8 is a terminal device that receives and displays the notification. The encryption key management system 7
It manages an encryption key and electronic authentication information used when logging in to the service providing system 5 and transmitting a message, and generates an encryption key and electronic authentication information in response to a request from the terminal device 3 and sends the generated information to the terminal device 3. It is a computer system to transmit.

The IC card 4 has an arithmetic unit and a storage device therein, and operates by executing a program stored in the storage device. The storage device stores at least card information, login information, and biometric information.
The card information includes a card number and personal information such as the name, date of birth, and address of the card holder. The login information includes a user ID (ID information), personal identification information, an encryption key, electronic authentication information, and the like that are required when logging in to the service providing system 5 and transmitting a message to the service providing system 5. The biometric information is biometric information of the card holder. The arithmetic device inside the IC card 4 collates and compares the biometric information input from the outside with the biometric information stored in the storage device by a program stored in the storage device,
The result is notified to the terminal device 3. Comparison of biological information
Since the processing is performed in the IC chip of the IC card 4, the biological information stored in the storage device is not sent to the outside.

The terminal device 3 includes a display device 11, an input device 1,
2. Biological information input recognition unit 13, IC card read / write unit 1
4. It has a control unit 16 and an Internet connection unit 17. The biometric information input recognition unit 13 digitizes biometric information input from the user himself, performs processing such as data normalization, and transmits the biometric information added with the comparison instruction code to the control unit 16 and the IC card read / write. This is a mechanism for sending data to the IC card 4 via the loading unit 14. Also, the biological information input recognition unit 13
When registering the first input biometric information in the IC card 4, the same biometric information input a plurality of times is recognized and compared to determine good biometric information. Biometric information input recognition unit 1
It is desirable that the recognition rate of No. 3 be 99.9% or more. IC
The card read / write unit 14 is a mechanism that inputs information of the IC card 4 to the control unit 16 and outputs output data from the control unit 16 to the IC card 4. Internet connection unit 17
Is a communication control mechanism that supports an interface for connecting the terminal device 3 to the Internet 10. The control unit 16 has a memory, an arithmetic unit, and an interface control unit with other mechanisms of the terminal device 3, controls the other mechanisms, and executes the WWW browser stored in the memory to control the Internet 10. It accesses the service providing system 5, the injustice management system 6 and the encryption key system 7 via the server, and executes a program for performing the following personal authentication processing.

The terminal device 3 may be a terminal device installed in a municipal or government office, a company office, a general store, or may be a personal computer or a portable information terminal owned by an individual. Is also good. Biometric information input recognition unit 1
The IC card 3 may not be provided in the terminal device 3 but may be integrated with the IC card 4 to constitute an IC card carried by the owner outside the terminal device 3. Alternatively, the terminal device 3 may be a portable terminal, and the IC card 4 may be incorporated in the terminal device 3 as an IC chip constituting the terminal device 3, or the biometric information input recognizing section 13 of the biometric information input mechanism excluding the biometric information input mechanism The comparison mechanism may be incorporated in the terminal device 3 as an IC chip integrated with the IC card 4.

FIG. 2 is a flowchart showing the flow of processing of the terminal device 3 when issuing the IC card 4. The control unit 16 of the terminal device 3 displays a guidance screen on the display device 11, and displays the card information and ID inputted through the input device 12.
Receiving information and password information, and reading / writing IC card 1
4 to the IC card 4 (step 21).
Next, the biometric information of the user is input from the biometric information input recognition unit 13 and the IC card 4 is input via the IC card read / write unit 14.
(Step 22). Biometric information IC card 4
It is preferable to input the same biometric information a plurality of times to register the biometric information with good matching by majority logic. Next, when the original data for generating the encryption key is input via the input device 12 (step 23), the control unit 16
The input data is transmitted to the encryption key management system 7 via the Internet 10 (step 24), and electronic authentication information such as an encryption key and a digital signature is received (step 2).
5) Write the received encryption key and electronic authentication information to the IC card 4 (step 26). Next, the user accesses each service providing system 5 via the Internet 10, transmits the electronic authentication information to prove the identity, and registers the login information necessary for the identity authentication in each system (step). 27).

FIG. 3 is a flowchart showing a flow of processing of the terminal device 3 when changing the login information registered in the IC card 4 and the service providing system 5. When the control unit 16 of the terminal device 3 receives an instruction to change the login information via the input device 12 (step 31), the biometric information input recognition unit 13 directly inputs biometric information from the user and performs digitization and normalization. (Step 32)
The biological information to which the comparison instruction code is added is sent to the IC card 4 via the IC card reading / writing unit 14 (step 3).
3). The IC card 4 compares the received biometric information with the biometric information stored in the storage device, and reports the comparison result to the control unit 16 via the IC card read / write unit 14. If both biometric information matches (step 34YE
S), the control unit 16 inputs the ID information and the password information via the input device 12 and writes them into the IC card 4 (step 35). Next, if there is an instruction to change the encryption key and the electronic authentication information, the processing of steps 23 to 27 is executed (step 36). If the two pieces of biological information do not match (step 34N
O), the process ends.

FIG. 4 shows the terminal device 3 when the card information registered in the fraud DB of the fraud management system 6 is erroneously canceled.
3 is a flowchart showing the flow of the processing of FIG. Terminal device 3
Is instructed via the input device 12 to cancel the card information registered in the fraudulent DB (step 4).
1) If the IC card 4 has been returned to the user, after performing the personal authentication in steps 32 to 34,
The card information such as the card number is transmitted to the fraud management system 6, and a request is made to delete the card information registered in the fraud DB (step 42). Upon receiving the deleted response from the fraud management system 6, a message to that effect is displayed on the display device 11 (step 43). If the IC card 4 has not been returned to the user, steps 41 to 4
Step 3 shall be performed at a counter terminal not operated by the person himself / herself,
After the identity verification, the processing of steps 41 to 43 is performed. Thereafter, the stored IC card 4 is returned to the user.

FIG. 5 shows a service providing system 5
9 is a flowchart showing a flow of processing of the terminal device 3 when receiving service provision from the terminal device 3. When card information is input from the IC card 4 via the IC card read / write unit 14 (step 51), the biometric information input recognition unit 13 inputs biometric information directly from the user and performs processing such as digitization and normalization. Then, the control unit 16 and the IC
The data is sent to the IC card 4 via the card read / write unit 14 (step 52). The IC card 4 compares the received biometric information with the biometric information stored in the storage device, and compares the comparison result with the control unit 16 via the IC card read / write unit 14.
Report to If both biometric information matches (step 5
3YES), the control unit 16 requests the IC card 4 and inputs login information (step 54). Next, a menu of the service providing system 5 is displayed on the display device 11,
A selection input of any service providing system is received via the input device 12 (step 55). Next, of the input login information, the login information necessary for the personal authentication of the selected service providing system 5 is sent to the target service providing system 5 to log in, and the service of the service providing system 5 is provided ( Step 5
6). Further, depending on the service providing system, it is necessary to send card information such as a card number, a name, and a date of birth to the service providing system at the time of a login request.

If the two pieces of biological information do not match (step 5)
3NO), if the input of the biological information is within a predetermined number of attempts (YES in step 57), a message is displayed on the display device 11, and the process returns to step 51. When the number of trials exceeds a certain number of times (step 57 NO), information other than personal information such as the card number of the IC card 4 and information such as biometric information of an unauthorized user and a terminal number are transmitted to the fraud management system 6 and illegal A check of the DB is requested (step 58).
When the IC card 4 is incorporated in the terminal device 3, an identifier indicating a mismatch source such as the identifier of the terminal device 3 is transmitted to the fraud management system 6 instead of the card number. The fraud management system 6 refers to the fraud DB and checks whether or not the card information is already registered in the fraud DB. If the card information is not registered in the fraudulent DB, card information other than the personal information of the card, biometric information of the fraudulent user, and information such as a terminal number are registered in the fraudulent DB. If the card information is already registered in the unauthorized DB, the card information is transmitted to the unauthorized use monitoring terminal 8 and the terminal device 3 to warn the user. The terminal device 3 ejects the IC card 4 from the device or takes it into the terminal device 3 and stops accepting the IC card 4 (step 59). Whether the IC card 4 is discharged or collected in the terminal device 3 may be set for each type of the terminal device 3.

The program in the IC card 4 expects a processing procedure in which input of card information is requested first, then comparison and matching of biometric information is requested, and then input of login information is requested. If the input of the login information is first requested, it is regarded that the program of the terminal device 3 has been tampered with and the input of the login information is rejected. If the input of the login information is requested after the determination that the biological information does not match, the input of the login information is rejected.
In this case, the falsification of the program of the terminal device 3 that bypasses the step 53 can be prevented.

FIG. 6 is a block diagram of a system for providing services related to electronic administration. The terminal device 3 is a terminal device in which a user transmits a service request to the service providing system 5 and receives a service processing result. The fraud management system 6 is a system which responds to the inquiry of the card information from the service providing system 5 by referring to the fraud DB. The encryption key management system 7 is a system that performs identity verification based on the electronic authentication information received in response to the identity verification request from the service providing system 5, and returns the result to the service providing system 5.

The service providing system 5 includes a one-stop server 61, a user authentication server / use accounting / commission payment server 62, a resident information processing server 63, a local tax inquiry / declaration / payment processing server 64, various license systems 65, and electronic procurement processing. Server 69, user DB, resident DB, family register DB
DB66 with fee payment DB and notification DB6
7, a DB 681 having a resident tax DB, a property tax DB, and a car tax DB, a procurement announcement DB, a bid result DB, a bidder DB, and a DB 691 having a procurement specification DB. The one-stop server 61 has a DB that stores the correspondence between the type of service and the location information of the server that provides the service. Upon receiving a login request from the terminal device 3, the one-stop server 61 accesses the encryption key management system 7 via the Internet 10 as necessary, and also accesses the user authentication server / usage billing / fees payment server 62. To authenticate the user. In addition, in response to a service request from the terminal device 3, the terminal device 3 accesses a designated service providing server and transmits a service processing result to the terminal device 3. The one-stop service is a service in which one or a plurality of service requests are collectively processed by a single login, and each processing result is returned to the terminal device 3. User authentication server / usage billing / commission payment server 6
2. The resident information processing server 63, the local tax inquiry / declaration / payment processing server 64, and the various license systems 65 are service providing servers.

Although a WWW server function normally intervenes between the Internet 10 and each system or server, it is not shown. The program of the WWW server has an application program interface. Using this interface, an application program including an authentication request to the user authentication server, a processing request to each service providing server according to the service type, transmission of a processing result to the terminal device 3, and the like can be incorporated. The correspondence between the server or the system and the computer system that realizes it is not always 1: 1.

FIG. 7 is a flowchart showing the flow of processing of the one-stop server 61. The one-stop server 61 receives a user request sent from the terminal device 3 via the Internet 10 (step 71), and passes control to each processing program for each type of request. In the case of a login request, if the one-stop server 61 employs an identity verification means based on electronic authentication information, the user's electronic authentication information is sent to the encryption key management system 7 via the Internet 10 to confirm the identity. A request is made and the result is received (step 72). Next, of the login information, the personal information such as the user ID, personal identification information, or card number, the user's name, date of birth, and address, which is adopted in the system, is sent to the user authentication server, and the An authentication result is received (step 73). When the identity is confirmed as a result of the above authentication,
The login authentication information is temporarily stored in the storage device (step 74). When a logout request is received, the temporarily stored authentication information is deleted from the storage device (step 75).

When a service request is received after the login is completed, the one-stop server 61 receives one or more service requests from the terminal device 3 (step 76), and refers to the database of the one-stop server 61 for the designated service. Is obtained (step 77). Next, one of the target service providing servers is called via the Internet 10 to transmit a user request (step 78). At this time, the one-stop server 61 also transmits the personal information of the user received from the terminal device 3 that is required by the service providing server. Next, the processing result of the designated service providing server is received, and the user terminal device 3 is connected via the Internet 10.
(Step 79). If not all of the one or more service requests have been processed (step 80N
O), returning to step 78; When all the service requests have been processed, the processing for the service request ends.

When a DB maintenance request is received from the terminal device 3 after the log-in process from the terminal device 3 of the system administrator is completed, the DB of the one-stop server 61 is registered / updated according to the request (step 81).

The resident information processing server 63 accesses the DB 66 according to the service request, and accepts applications such as a change of a user's address, issuance of a resident's card / extract of a family register / a copy of a family register, issuance of a seal certificate, examination, registration, etc. Performs document delivery and payment processing.

Local tax inquiry / declaration / payment processing server 64
Performs each process for service requests for inquiries, declarations, and payments of residence tax, property tax, and automobile tax. It also performs the tax transfer process.

For example, when changing the address of a user, the terminal device 3 can make a request for changing the address of the resident DB and a request for changing the address of the license DB. One-stop server 61
Calls the resident information processing server 63 to update the resident DB, and calls various license systems 65 to update the address of the license.

The electronic procurement processing server 69 is a server that performs a procurement process for goods to be procured by the local government through bidding, and accesses a DB 691 having a procurement announcement DB, a bid result DB, a bidder DB, and a procurement specification DB, and from the announcement. A series of processes up to the electronic bidding process and the announcement of the bid result are performed. The one-stop server 61 sends the information of the bid participants to the server 62, and the server 62 determines whether or not there is a bid qualification.

User authentication server / usage / payment payment server 62, resident information processing server 63, local tax inquiry / declaration / payment processing server 64 or various license systems 65
Can access the fraud management system 6 as necessary and check whether the IC card 4 used by the user is a fraudulent IC card registered in the fraud DB of the fraud management system 6.

FIG. 8 is a block diagram of a system for providing services related to the electronic government. The functions of the terminal device 3, the fraud management system 6, the encryption key management system 7, and the one-stop server 61 are the same as the functions of the system for providing services related to the electronic administration shown in FIG. The service providing system 5 includes a one-stop server 61, a user authentication server,
A server 91 having a fee payment server, a server 92 having a license application reception / application processing server and a national examination application reception / application processing server, a national tax inquiry / report reception / report processing server 93, an electronic procurement processing server 94, a user DB, Fee payment DB, DB95 with tender qualified DB, license application D
B, DB 96 with test application DB, various tax DB, DB 97 with filer DB, procurement announcement DB, bid result D
B, a bidder DB, and a DB 98 having a procurement specification DB.

The license application receiving / application processing server of the server 92 receives various license inquiries and application requests, and
In response to the inquiry with reference to the license application DB of No. 6, the application is examined, and the received application is registered in the license application DB.

The national test application reception / application processing server of the server 92 receives an inquiry and an application request, refers to the test application DB of the DB 96, responds to the inquiry, performs examination processing on the application, and tests the received application. Register in the application DB.

National Tax Inquiry / Report Receipt / Report Processing Server 93
Receives a request for an inquiry and a report, responds to the inquiry by referring to the DB 97, performs processing on the report, and
Register in B97. Tax payments are processed through fund transfer.

The electronic procurement processing server 94 receives a bid request, performs a bidding process and an electronic bidding process, and stores the result in a DB.
At the same time as registering the result in 98, a result announcement process is performed and the result is announced. The one-stop server 61 sends the login information and the bidder information of the bid participants to the server 91, and the server 91 determines whether or not there is a bid qualification.

The charge associated with each application is made by the charge payment server of the server 91, and is recorded in the charge payment DB of the DB 95.

In addition, a public servant recruitment / application reception server may be provided to perform processing for receiving application of public servants.

Server 91, Server 92, National Tax Inquiry / Declaration Acceptance / Declaration Processing Server 93 or Electronic Procurement Processing Server 9
4 accesses the fraud management system 6 as necessary,
It is possible to check whether or not the IC card 4 used by the user is an unauthorized IC card registered in the injustice DB of the injustice management system 6.

FIG. 9 is a block diagram of a system for providing services relating to receivables and payables. The functions of the terminal device 3, the fraud management system 6, and the encryption key management system 7 are the same as the functions of the system for providing services related to the electronic administration shown in FIG. The service providing system 5 includes a user authentication server 10
1. It comprises a debt processing server 102, a debt processing server 103, a user DB 104, a debt DB 105, and a debt DB 106.

The WWW server on the Internet transmits a menu of the service to be used to the terminal device 3. When the service type is selected by the terminal device 3, the user authentication server 101 authenticates the user with reference to the user DB 104, and when it is determined that the user is a valid user,
2 or the debt processing server 103 starts processing. The bond processing server 102 performs each processing in response to a request for a bond status inquiry, a bond split or a bond transfer, and the bond DB
105, and updates the receivables DB 105 as necessary, and transmits the processing result to the terminal device 3. The debt processing server 103 performs each process in response to a debt status inquiry, a debt repayment or a partial repayment request, and issues a debt DB1
06, and updates the debt DB 106 as necessary and transmits the processing result to the terminal device 3. The service providing server can access the fraud management system 6 as necessary and check whether the IC card 4 used by the user is a fraudulent IC card registered in the fraud DB of the fraud management system 6.

FIG. 10 is a block diagram of a system for providing an electronic commerce service. The functions of the terminal device 3, the fraud management system 6, and the encryption key management system 7 are the same as the functions of the system for providing services related to the electronic administration shown in FIG. The terminal device 3 is a terminal device of a transaction source of the electronic commerce, a customer terminal 9.
Is a terminal device of the business partner.

The service providing system 5 includes a one-stop server 111, a server 112 having a user authentication server and a billing / payment storage server, an electronic commerce server 113, an electronic commerce server 114, a server 115 having a credit settlement server and an account debit server, It comprises a DB 116 having a user DB and a payment DB, and a credit investigation system 117. The one-stop server 111 has a DB that stores a correspondence between a product identifier and location information of a server that provides a service for the product. The one-stop server 111 performs the same login processing as the one-stop server 61, accesses the designated service providing server in response to the service request related to the commercial transaction from the terminal device 3, and calls the customer terminal 9 as necessary. Between the terminal device 3 and the business partner terminal 9. The service processing result is transmitted to the terminal device 3.
The e-commerce server 113 has a product DB for products A, B, and C, and the e-commerce server 114 has products D,
It has a product DB for E and F. The product DB registers seller's selling information for each product. In addition, one or a plurality of buying information is registered by linking to this selling information.

FIG. 11 is a flowchart showing the flow of processing of the one-stop server 111. The one-stop server 111 receives the user request sent from the terminal device 3 via the Internet 10 (step 12).
1) Transfer control to each processing program for each type of request. The processing for the login / logout request is the same as the processing of steps 72 to 75. If there is a maintenance request for the DB held by the one-stop server 111, the process is the same as that in step 81.

When the service request is received after the login is completed, the one-stop server 111 receives the designation of the transaction and one or a plurality of target products from the terminal device 3 (step 122). The types of transaction include registration of merchandise by a seller, registration of buying information by a buyer, inquiry of a buying situation by a seller, update / deletion of registered selling information, update / deletion of buying information, and the like. Next, D of the one-stop server 111
With reference to B, the server location information of each of the designated products is acquired (step 123). Next, the e-commerce server 1
13. Access a target service providing server such as the electronic commerce server 114, and refer to, update or register information on the target product (step 124). For example, registration of a product or registration of buying information by a seller is registration in a product DB. Updating / deleting selling information or buying information is updating the product DB. Further, the inquiry of the buying situation by the seller is referred to the product DB.

Next, the one-stop server 111 sends the product D
The reference result of B is checked, and one or a plurality of supplier information for one product is sent to the terminal device 3 via the Internet 10 to receive a user's selection designation (step 12).
5). The processing in step 125 occurs in the terminal device 3
Is a case where one or a plurality of pieces of buying information are added to the selling information of a previously transmitted and registered product. Terminal device 3
Displays the buying information on the display device 11 and receives a selection input via the input device 12. The terminal device 3 transmits the input identifier of the purchase information and the transaction conditions to the one-stop server 111. If there is one buying information,
This is a selection as to whether or not to specify the purchase information. Next, the one-stop server 111 calls the supplier terminal 9 that has transmitted the specified buying information, and transmits the transaction conditions of the seller user and the like (step 126). Next, the one-stop server 111 transmits the processing result of the designated transaction to the user of the terminal device 3 (step 127). The transaction processing result is, for example, an answer to the transaction condition when the customer terminal 9 is called. In the case of registration of merchandise or registration of purchase information, the notification is that registration has been completed or registration has been disabled.
In the case of updating / deleting the selling information or the buying information, the update information includes a notice of completion of the updating / deletion. Next, if there is any remaining supplier information transmitted to the user in step 125, or if there is an unprocessed target product, the process returns to step 125 to process the remaining business partner or one of the remaining target products. Is repeated (step 128 NO). The processing is terminated when the processing of all the suppliers is completed, when the processing of all the target products is completed, or when the user's terminal device 3 gives an instruction to terminate the processing.

For payment for a commercial transaction, the server 115 performs a credit payment or a bank account debit process. Further, the payment storage server of the server 112 performs payment processing of the transaction source and the customer terminal for the electronic commerce service.

After receiving the transaction type in step 122, the user may access the credit inspection system 117 via the server 112 to perform a user credit inspection.

FIG. 12 is a configuration diagram of a system for providing a financial service. The functions of the terminal device 3, the fraud management system 6, and the encryption key management system 7 are the same as the functions of the system for providing services related to the electronic administration shown in FIG. The service providing system 5 includes a user authentication server 131, an account management server 132, a remittance / payment / transfer processing server 133, a user DB 134, an account DB 135, and a remittance / payment / transfer D
B136.

The WWW server on the Internet side sends a menu of the service to be used to the terminal device 3. When the service type is selected by the terminal device 3, the user authentication server 131 authenticates the user by referring to the user DB 134 according to the service type, and when the user is determined to be a valid user,
Access the target service providing server and start processing. The account management server 132 refers to the account DB 135 and performs processes such as balance inquiry, deposit or withdrawal of account based on remittance and remittance, and entry of balance. The remittance / settlement / transfer processing server 133 refers to the remittance / settlement / transfer DB 136 and performs remittance processing, transfer processing, transfer processing, and the like.
The processing result is returned to the terminal device 3. The service providing server can access the fraud management system 6 as necessary and check whether the IC card 4 used by the user is a fraudulent IC card registered in the fraud DB of the fraud management system 6.

As described above, a plurality of services can be provided collectively by one-time login by the one-stop server, which is convenient for the user. On the other hand, the service providing system 5 may want to check whether the IC card 4 or the terminal device 3 owned by the user is legitimate depending on the application, in addition to the general authentication by login. By accessing the fraud management system 6 according to the necessity of such an application on the service providing side, the validity of the IC card 4 or the terminal device 3 can be checked.

[0054]

As described above, according to the personal identification method of the present invention, the biometric information is used in a mechanism capable of protecting the privacy information without the biometric information and the personal information of the individual coming out of the IC chip. Since the secondary authentication based on the login information is performed after the primary authentication is performed, a highly reliable personal authentication method can be provided. In the case of unauthorized use of another person's IC card or terminal, the biometric information of the unauthorized user must be registered in the unauthorized management system and used to output an unauthorized use warning, refer to the service providing system, Being able to be used for follow-up investigations can reduce unauthorized use.

Further, using a highly reliable personal authentication method capable of preventing unauthorized use and preventing leakage of privacy information to the network, an electronic administrative procedure, an electronic government system, a credit and debt processing system, Can provide services such as financial systems.

Further, according to the one-stop service method of the present invention, a plurality of services can be collectively provided by one login.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of a system relating to personal authentication using an IC card according to an embodiment.

FIG. 2 is a flowchart illustrating a flow of a process for issuing an IC card according to the embodiment;

FIG. 3 is a flowchart illustrating a flow of a process of changing login information registered in the IC card and the service providing system of the embodiment.

FIG. 4 is a flowchart illustrating a flow of processing for canceling card information erroneously registered in an unauthorized DB according to the embodiment;

FIG. 5 is a flowchart illustrating a flow of processing when a user of the embodiment receives service provision.

FIG. 6 is a configuration diagram of a system for providing services related to electronic administration according to the embodiment.

FIG. 7 is a flowchart showing a processing procedure of a one-stop server 61 of the embodiment.

FIG. 8 is a configuration diagram of a system for providing a service related to the electronic government according to the embodiment.

FIG. 9 is a configuration diagram of a system for providing services relating to receivables and payables according to the embodiment.

FIG. 10 is a configuration diagram of a system for providing an electronic commerce service according to the embodiment.

FIG. 11 is a flowchart illustrating a flow of processing of a one-stop server 111 according to the embodiment.

FIG. 12 is a configuration diagram of a system for providing a financial service according to the embodiment.

[Explanation of symbols]

3: Terminal device, 4: IC card, 5: Service providing system, 6: Fraud management system, 7: Encryption key management system, 8: Fraud use monitoring terminal, 10: Internet, 1
3: biometric information input recognition unit, 61: one-stop server,
111: One-stop server

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G06K 17/00 G06K 17/00 V H04L 9/32 H04L 9/00 673D 673E

Claims (8)

[Claims] When a terminal device compares biometric information collected from a user with biometric information stored in a storage device and determines that the two match, the login information stored in the storage device is determined. 2. A personal authentication method comprising: performing secondary authentication of a user according to the following. 2. A comparison of the biological information is performed by an IC so that the biological information stored in the storage device is not transmitted to the outside.
2. The personal authentication method according to claim 1, wherein the authentication is performed in a chip. 3. When the terminal device detects the discrepancy of the recognition judgment more than a predetermined number of times, the discriminator of the discrepancy source and the biometric information collected from the user are registered in the database of the external system. The method according to claim 1, wherein the method is transmitted to a system. 4. A user is authenticated based on the user's login information received from the outside, a plurality of service requests are received from the outside after the login authentication, and a corresponding service providing server is called for each service request. A service providing process, and transmitting a result of each process to the outside. 5. A system to which a terminal device on the user side, a fraud management system and a service providing system are connected via a network, wherein the terminal device is stored in a storage device and biometric information collected from the user. Means for comparing the biometric information with the obtained biometric information, means for transmitting the login information stored in the storage device to the service providing system when the recognition is determined to match, Means for transmitting user information and biometric information collected from the user to the fraud management system, wherein the fraud management system includes the user information received from the terminal device and the biometric information. And a means for registering information in a database, wherein the service providing system authenticates a user based on login information received from the terminal device. System characterized in that it comprises means for performing, and means for querying the presence of the database entry of a user by sending the user information to the fraud management system. 6. A system in which a user terminal device and a service providing system are connected via a network, wherein the terminal device includes means for transmitting login information and a plurality of service requests to the service providing system. The service providing system comprises: means for authenticating a user based on login information received from the terminal device; means for receiving a plurality of service requests from the terminal device after login authentication; Means for transmitting a processing result to the terminal device, wherein the system performs processing for a plurality of service requests by one login. 7. The personal authentication method according to claim 1, wherein the personal authentication method is applied to a service providing system for electronic administrative procedures, electronic government, receivables and payables, or financial services. 8. The one-stop service method according to claim 4, wherein the method is applied to an electronic administrative procedure, an electronic government, or an electronic commerce service providing system.