JP2003087409A - System for identifying concerned person - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a system for identifying a concerned person that can build up and operate a collation system at a low cost in an authentication system for a user possessing terminal equipment. SOLUTION: In the system for identifying concerned person of this invention, terminal equipment (mobile phone 1) includes; a storage device for storing physical characteristic data of a user 10 itself; a data transmission means for transmitting data read from the storage device to the collation system; and a control means for reading the data from the storage device and gives the data to the data transmission means, and a collation system (entrance limit device 5a) includes; a data read means 9a; a data reception means 7a for receiving data sent from the data transmission means; and collation execution sections (8a, 8b and 8c) for collating physical characteristic data read by the data read means 9a with data received by the data reception means 7a and discriminate the correctness of the user on the basis of the collation result.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an identity verification system for verifying whether or not a person carrying a terminal device such as a mobile phone is a legitimate user.

[0002]

2. Description of the Related Art Conventionally, in order to authenticate a terminal device itself such as a mobile phone, that is, so-called terminal authentication, a method using an ID attached to the terminal device and a password to be stored by a user is mainly used. There is. On the other hand, the act of authentication also requires authentication of the legitimacy of the person who owns the terminal device, that is, authentication or confirmation of the identity. This is because if the password or the terminal device is stolen, there is a problem of illegal use due to so-called impersonation. Therefore, in order to confirm whether the person who owns the terminal device is an original legitimate user, that is, to confirm the identity, a method of using the physical characteristics of the user has been proposed. On the side, for example, an entrance / exit (gate) of a room or a venue, a ticket gate of a station, a vending machine, or the like, data indicating physical characteristics of a registered user, such as face image data, is stored. That is, the verification system side (gate side) has a database of face image data of registered users. The collation system side images the face of the user and collates it with a database of face data of the user. If they match, it is assumed that the identity of the person has been confirmed, and the passage through the gate is permitted. The physical feature is not limited to the face, and may be a fingerprint or a retina pattern (iris or iris pattern). For example, a method of confirming the identity may be used in which the user puts his / her finger on the fingerprint reading device, the collation system side reads the user's fingerprint, and collates it with the database in which the fingerprint data of each user is stored in advance.

Such a system in which the collation side prepares such a database of the physical characteristics data of the user, reads the physical characteristics of the user who owns the terminal device, and confirms the identity is as follows. There was a problem. This means that a database of data showing the physical characteristics of the user must be provided for each collation system at one location, and it costs a lot to build the personal identification system. A database of image data such as physical characteristics requires a huge storage capacity. For example, in the case where the terminal device with an ID is passed over the ticket gate of the station to authenticate the terminal, an image of the user's face is captured, and the database of the ticket gate side is collated to charge the fare, A database of user face image data must be provided for each station. Of course, a method is also conceivable in which a face image database is placed at one or several centers, face image data captured at the ticket gate is transmitted to the center, and the center collates (authenticates). However, in this center method, it takes too much time to transmit the face image data from the station to the center, and it cannot be said that it is very realistic. This is because it is desirable for the user to confirm his / her identity while passing through the ticket gate. In addition, in terms of operating costs, it is disadvantageous that each time one user passes through the ticket gate, a telephone bill is taken to reach the center. A huge amount of money will be incurred because a dedicated line will be drawn between the center and each station in order to eliminate the need for telephone charges (call charges) from the station to the center. Furthermore, if you change the database of face image data, you have to change the database of all stations,
There is also the problem that the effort and cost are not ridiculous.

[0004]

DISCLOSURE OF INVENTION Problems to be Solved by the Invention The personal identification method according to the present invention has been made in view of the problems of the above-mentioned conventional techniques.
It was made and aims to solve the following problems. It is not necessary to build a database of physical characteristic data of registered users for personal identification on the side of the collation system,
Therefore, the verification system side can be constructed at low cost, and the verification system side can be operated at low cost.

[0005]

The personal identification method according to the present invention has solved the above-mentioned problems. Claim 1
The personal identification confirmation method of is configured as follows. Matching of data, a collation system side for determining mismatch, and a terminal device owned by the user, in the collation method for authenticating that the user is a legitimate holder of the terminal device, the terminal device, A storage device for storing the physical characteristic data of the user himself, a data transmission means for transmitting the data read from the storage device to the collation system side, and a data read from the storage device and passed to the data transmission means. And a control means. The collation system side includes a physical characteristic reading unit and a data receiving unit that receives data transmitted from the data transmitting unit. Further, the collation system collates the physical characteristic data read by the physical characteristic reading unit with the data received by the data receiving unit, and determines the user's legitimacy based on the collation result. And a collation execution unit.

[0006] The identity verification system of claim 2 has the following configuration. In the personal identification method according to claim 1,
The physical feature is a face, fingerprint, or retina.

[0007]

1 is a block diagram of an identity verification system according to the present invention. Entrance control device 5a here
Because, for example, entrance and exit management device, automatic ticket gate,
In some cases, vending machines, ATMs, etc. It is a device that permits or restricts the action that the user who owns the terminal device should perform next, and is not a gate device having an entrance or an exit, that is, a device that restricts only entry and exit. The entrance restriction device 5a includes a matching execution unit. In FIG. 1, the collation execution unit includes a CPU 8a, a frame memory 8b, and an RO as constituent elements.
It includes an M / RAM 8c. That is, the verification execution unit is also the control center on the verification system side. Although the ROM and the RAM are actually separate storage elements, they are referred to as the ROM / RAM 8c in this specification and the drawings, and are represented by one block. ROM / RAM that is a functional block included in the verification execution unit as one of the constituent elements
8c stores information for identifying and charging the terminal device and the user, for example, address, name, telephone number, user ID, financial institution account number, terminal device ID (terminal ID), etc. as a charging information database. To do. Since these pieces of information are not large-capacity information such as image data, they may be stored in a normal semiconductor memory (eg, RAM, ROM). Further, the ROM / RAM 8c is also loaded with programs in which various control operations performed by the CPU 8a, which is the central block of the collation executing unit, are described.

A user 10 having a registered terminal device, here a mobile phone 1, passes through the entrance restriction device 5a,
To enter (go to the right towards the drawing) into it, do the following: User 10 is mobile phone 1
Over a data reading device 9a provided at an appropriate part of the entrance restriction device 5a. The mobile phone 1 uses the data reading device 9a to obtain identification information such as an ID and information necessary for billing.
Send to. Data may be transmitted or received between the mobile phone 1 and the data reading device 9a by contact communication (wireless communication) or non-contact communication (wired communication).
In addition, almost the same as the above operation, the mobile phone 1
Transmits the physical characteristic data of the user 10 to the data receiving means 7a. Here, it is assumed that the face image data of the user is physical characteristic data. The face image data of the user 10 is stored in the mobile phone 1 in advance.
Recently, a camera-equipped mobile phone is also on the market, so that it may be used, or a so-called digital camera may be used to image one's face and the face image data may be stored in the mobile phone. The CPU 8a stores the face image data received via the data receiving means 7a in a predetermined area of the frame memory 8b. On the other hand, the entrance restriction device 5a includes a camera 6a, and captures (reads) the face of the user 10. C
The PU 8a stores the face image data of the user captured by the camera 6a in another predetermined area of the frame memory 8b. Therefore, the entrance restriction device 5a, which is the collation system side, has two types of face image data of the user obtained from different routes in the collation execution unit (frame memory 8b). One is the user 1 who is stored in the mobile phone 1 in advance.
The face image data is 0, which is fetched from the mobile phone 1 via the data receiving means 7a and temporarily stored in the collation executing unit (frame memory 8b). The other is face image data obtained by capturing an image of the user 10 with the camera 6a included in the collation system in order to confirm the identity of the user 10 who has the mobile phone 1. The collation execution unit (frame memory 8b) is also used. ) To temporarily store. The CPU 8a compares and collates these two face image data, and if it is determined that they match, the CPU 8a opens the gate 12 to allow the user 10 to pass through the entrance restriction device 5a. Further, the CPU 8a compares and collates the two face image data, and if it is determined that they do not match, the gate 12 is closed and the user 10 disables or prohibits passage of the entrance restriction device 5a. It is a feature of the present invention that the two face image data are fetched from the terminal device side or the side having the terminal device into the entrance restriction device 5a, which is the collation system side, and collation, that is, the identity is confirmed. According to the present invention, even if the mobile phone 1 is stolen, so long as the face image data captured by the camera 6a and the face image data transmitted from the mobile phone 1 do not match, so-called impersonation does not occur. That is, the security (degree) in the authentication of the terminal device can be improved by confirming the legitimacy of the user who owns the terminal (device) in addition to the terminal (device) authentication.

FIG. 2 is a block diagram showing an embodiment of the terminal equipment. To carry out the present invention, the configuration of the mobile phone 1, which is a terminal device, is as follows, for example. The mobile phone 1 includes a connector 16 for performing wired data communication with an external device, that is, a terminal. The connector 16 is usually a 16-core (16-pin) terminal. The connector 16 has an additional unit 1 which is a kind of communication device.
Connect 7. The addition unit 17 includes a control unit 4, a storage device 2, a data communication unit 3, and the like. It is assumed that the storage device 2 of the addition unit 17 stores the physical characteristic data of the user, here, face image data. This face image data is transmitted via the data transmission means 3 to the data reception means 7a of the entrance restriction device 5a shown in FIG.
To the face image data. As shown in FIG. 1, when the user 10 holds the mobile phone 1 over the data reading device 9a, communication is performed between the additional unit 17 and the data reading device 9a, and the additional unit 17 causes the data reading device 9a to communicate. Information about billing is passed to. Almost at the same time as the establishment of communication between the addition unit 17 and the data reading device 9a as a trigger, the addition unit 17 transmits the face image data to the data reception unit 7a. Alternatively, the user 10 pushes a predetermined dial button (not shown) of the mobile phone 1 to generate a call command in the mobile phone 1, and instructs the control means 4 of the additional unit 17 to generate the face image data. May be transmitted from the additional unit 17 to the data receiving means 7a.

The mobile phone 1 which is the terminal device (side) may have a configuration as shown in FIG. FIG. 4 is a block diagram showing another embodiment of a terminal device. Inside a mobile phone 1, a data transmission unit 11 having a storage device 2, a control means 4 and a data transmission means 3 is provided. The storage device 2, the control means 4, and the data transmission means 3 are the same blocks (functional units) as in FIG. The data transmission means 11 is, for example, one substrate (module) or one IC chip for communicating with Bluetooth which is a communication specification or standard. The data transmission means 3 may be provided outside the data transmission unit 11. When a predetermined trigger signal (for example, a call command from the mobile phone 1) is input from the outside, the data transmission unit 11 sends the user's face image data stored in the storage device 2 to the data reception means 7a. Send.

FIG. 3 is a block diagram showing an embodiment of the identity verification system according to the present invention. The user's physical characteristic data is not limited to face image data. It may be fingerprint data or retina (iris, iris) pattern data. Retina pattern data (hereinafter referred to as retina image data) is stored in the mobile phone 1 in advance. User 1
0 is made to look into the retina imaging camera 6b, and the retina pattern information read by the user at that time and read by the user is temporarily stored in the frame memory 8b. From the mobile phone 1, the previously stored retinal image data is transmitted,
The data is received by the data receiving means 7b, and is also the frame memory 8
Temporarily store in another area of b. The CPU 8a compares and collates the image data regarding the two retina patterns temporarily stored in the frame memory 8b. The data receiving means 7b
Is the data receiving means 7a and the data reading device 9a of FIG.
Is a single block (functional unit).
In the present invention, the physical characteristic data (here, retina image data) and the ID information of the terminal device (mobile phone 1) may be received by one data receiving means 7b. .

FIG. 5 is a block diagram showing an embodiment of the collation system side. For example, an entrance restriction device (5a,
It is assumed that 5z) is the automatic ticket gate at the station. In FIG. 1 and FIG. 3, the matching execution unit (CPU 8a, frame memory 8) provided inside the entrance restriction device (5a, 5b).
b, ROM / RAM 8c, etc.) are the entrance control devices (5
One may be provided in the central management device 15 (central management room or central control room) outside of a to 5z). The ID information (user information, billing information) of the mobile phone 1, the physical feature data stored in advance in the mobile phone 1, the physical feature data captured by the entrance restriction device 5a, and the like are:
The data is transmitted from (the data communication device 13a of) the entrance restriction device 5a to the I / O 14 (input / output interface device) of the central management device 15. The matching execution unit 8 compares and matches two different physical characteristic data, and based on the result, sends an appropriate command to the corresponding entrance restriction device. For example,
When the physical characteristic data received from the entrance restriction device 5z is compared and collated, for example, a gate opening / closing command is issued to (the data communication device 13z of) the entrance restriction device 5z. Since it is only necessary to provide one matching execution unit 8 for all the entrance restriction devices instead of one for each entrance restriction device, a verification system (authentication system) to which the identity verification method according to the present invention is applied is provided. It can be constructed at low cost,
Easy update of billing information database (at low cost)
it can.

[0013]

The personality confirmation system according to the present invention is configured as described above, and therefore has the following effects. From the terminal device to the verification system side,
In this system, one piece of physical characteristic data is transmitted, and at the same time, the collation system captures the user's physical characteristic on the spot, captures the data, and collates these two pieces of physical characteristic data. Therefore, the collation system does not need to have a database of physical characteristic data of each user. Of course, there is no need to update the database. Therefore, it is not necessary to construct the database of the physical characteristics data of the registered user for personal identification on the side of the collation system. Therefore, the collation system side can be constructed at low cost, and the collation system side can be operated at low cost. It is possible to provide a personality confirmation method.

[Brief description of drawings]

FIG. 1 is a block diagram of an identification method according to the present invention.

FIG. 2 is a block diagram showing an embodiment of a terminal device.

FIG. 3 is a block diagram showing an embodiment of an identity verification system according to the present invention.

FIG. 4 is a block diagram showing another embodiment of the terminal device.

FIG. 5 is a block diagram showing an embodiment on the collation system side.

[Explanation of symbols]

1 mobile phone 2 storage devices 3 data transmission means 4 Control means 5a, 5b, 5z Entrance control device 6a camera 6b Retina imaging camera 7a, 7b data receiving means 8 Verification execution unit 8a CPU 8b frame memory 8c ROM / RAM 9a data reader 10 users 11 Data transmission unit 12 gates 13a, 13z data communication device 14 I / O 15 Central management device 16 connectors 17 Additional unit

Claims (2)

[Claims] 1. A collation system that includes a collation system side that determines whether or not data matches and a terminal device owned by a user, and that authenticates that the user is a legitimate holder of the terminal device. The terminal device includes a storage device for storing the physical characteristic data of the user himself, a data transmission unit for transmitting the data read from the storage device to the collation system side, the data read from the storage device, and the data And a control means for delivering the data to a transmission means, wherein the collation system side comprises a physical characteristic reading means, a data receiving means for receiving data transmitted from the data transmitting means, and a physical characteristic reading means. The read physical characteristic data is collated with the data received by the data receiving means, and the legitimacy of the user is verified based on the collation result. Identity verification system comprising: a matching execution unit for disconnection, the. 2. The personal identification method according to claim 1, wherein the physical characteristic is a face, a fingerprint, or a retina.