JP2008250821A - Authentication system, authentication apparatus, authentication method and authentication program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a secure and inexpensive authentication system for personal authentication. <P>SOLUTION: The authentication system includes an authentication database 42 for storing and correlating biometric authentication data 111, a user ID 410 and a door ID 311; an authentication server 4 for transmitting the user ID 410 corresponding to biometric authentication data 111 transmitted from a portable terminal 1 to the portable terminal 1 on the basis of the authentication database 42; and a door section 31 having an open/close operation function for transmitting the user ID 410 transmitted from the portable terminal 1 to the authentication server 4 after adding the door ID 311 thereto and for controlling the open/close operation of the door on the basis of an authentication result transmitted from the authentication server 4. The authentication server 4 conducts authentication for the user ID 410 and door information transmitted from the door section 31 on the basis of the authentication database 42 and transmits the authentication result to the door section 31. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an authentication system, an authentication device, an authentication method, and an authentication program for performing authentication based on biometric information unique to a user.

  In modern society, personal authentication is necessary and important in various aspects in order to live a daily life. For this reason, as disclosed in Patent Document 1 (Japanese Patent Laid-Open No. 2004-13870), personal authentication is roughly divided into the following four methods as conventional methods. .

(Method 1) A method of authenticating a person who has a physical key for unlocking a locked door as an individual to be authenticated.
(Method 2) A method of authenticating by visual confirmation by a person using a certificate, such as a driver's license, containing a photograph of the face of the person to be authenticated.
(Method 3) A method of authenticating an individual with an electronic password.
(Method 4) An authentication method based on biometric authentication using personal biometric features such as fingerprints instead of passwords.
JP 2004-13870 A

  However, the conventional method for authenticating an individual has the following problems.

  First, the conventional methods such as the method 1 and the method 3 have a problem that information used for authentication and the key itself are stolen by a method such as theft, and unauthorized authentication is performed.

  Secondly, the conventional methods such as the method 1 and the method 2 have a problem that information and keys themselves used for authentication are forged and unauthorized authentication is performed.

  Thirdly, there is a problem of authentication information leakage, unauthorized use, and theft by distributing information to be verified for authentication in advance to all the places where authentication is required.

  Fourthly, the conventional method such as the above method 4 has a high authentication cost because a person is arranged for authentication or an expensive authentication device is arranged in a place where all authentication is required. There was a problem.

  Fifth, in addition to the above, when temporary authentication is required for a third party, when a physical key is given to a third party for temporary authentication, when the key is not passed directly The key itself may be stolen by methods such as theft, and the key may not be returned even after the expiration date. If a temporary authentication is provided using an electronic password, the password will be leaked. There was a problem that temporary authentication was given to persons other than those intended.

(the purpose)
An object of the present invention is to provide an authentication system that solves all the above problems and performs secure and inexpensive personal authentication.

  In order to achieve the above object, the present invention is an authentication system that performs authentication based on biometric information unique to a user, and identifies the biometric information, user information for identifying the user, and a door to be controlled for opening and closing operations. Authentication database for storing door information in association with each other, and authentication for transmitting the user information corresponding to the biometric information transmitted from the user portable terminal to the portable terminal based on the authentication database A server and the user information transmitted from the user's portable terminal are added with door information for identifying a door to be controlled for its own opening / closing operation and transmitted to the server, and transmitted from the authentication server. Door opening / closing operation control means for controlling the opening / closing operation of the door based on the authentication result, and the authentication server stores the authentication database in the authentication database. Zui and authenticates for said user information and door information transmitted from the door opening and closing operation control means, and transmits an authentication result to the door opening and closing control means.

(Function)
With the above configuration, the door opening / closing operation control means does not unlock and lock with a physical key, but the door opening / closing operation control means determines whether the user ID corresponding to the biological information is associated with the door information. Controls opening and closing.

  According to the present invention, the following effects are achieved.

  First, it is possible to prevent information used for authentication and the key itself from being stolen by a method such as theft, or unauthorized authentication due to forgery of information and a key used for authentication.

  The reason is that the door opening / closing operation control means does not unlock and lock with the physical key, but the door opening / closing operation control means determines whether the user ID corresponding to the biological information is associated with the door information. Because it controls the opening and closing, it is not necessary for the user to possess the information used for authentication or the unique key itself, and it is not necessary to store all personal information including biometric information on the mobile terminal, and the mobile terminal is lost or stolen. This is because there is no unauthorized use or information leakage.

  Second, it is possible to prevent leakage or unauthorized use of authentication information based on distributing information to be verified for authentication in advance to all parts that require authentication.

  The reason is that an authentication server including an authentication database that stores biometric information, a user ID, and door information in association with each other corresponds to a user ID corresponding to the biometric information of the user of the mobile terminal associated with the door information. Because it controls the opening and closing of the door based on whether or not it is, it is not necessary to pre-distribute the information necessary for authentication to all the places that require authentication, and it is not necessary to manage by the user himself It is.

  Third, secure and inexpensive personal authentication can be performed.

  The reason is that the door opening / closing operation control means controls the opening / closing of the door based on whether or not the user ID corresponding to the biometric information is associated with the door information. This is because it is not necessary to place an expensive biometric authentication device in every place where authentication is required.

(First embodiment)
Hereinafter, an authentication system according to a first embodiment of the present invention will be described with reference to the drawings.

(Configuration of the first embodiment)
FIG. 1 is a block diagram showing a configuration of an authentication system according to this embodiment.

  Referring to FIG. 1, the authentication system according to the present embodiment includes a mobile phone 1, a house 3, and an authentication server 4 connected to the mobile phone 1 and the house 3 via a network 6.

  FIG. 2 is a block diagram showing a configuration of the mobile phone according to the present embodiment.

  Referring to FIG. 2, the cellular phone 1 is connected to a biometric authentication input unit 11, a temporary storage unit 12, a data transmission / reception unit 13, a display unit 14, a telephone control unit 15 that controls a calling function, and the like. And a key input unit 16 that is operated to input information.

  The biometric authentication input unit 11 has a function of acquiring biometric authentication data (for example, fingerprint data) 111 that is biometric information for identifying an individual as input information.

  The temporary storage unit 12 stores the biometric authentication data 111 and the stored biometric when a preset time (timer value) has elapsed or when transmission of the biometric authentication data 111 to the authentication server 4 is completed. It has a function of deleting the authentication data 111 and a function of temporarily storing the user ID 410 received by the data transmitting / receiving unit 13.

  The data transmission / reception unit 13 has a function of transmitting the biometric authentication data 111 registered in the temporary storage unit 12 via the network 6 and a function of receiving data via the network 6.

  Further, the data transmission / reception unit 13 receives the short-range wireless function such as infrared communication, the function of receiving the user ID 410 transmitted from the authentication database management unit 41, and the user ID 410 registered in the temporary storage unit 12. It has the function to transmit with respect to the communication part 32 of the house 3 according to a function.

  The display unit 14 is a liquid crystal display or the like, and has a function of displaying an authentication result (authentication OK, authentication NG) received by the data transmitting / receiving unit 13. The display unit 14 may have a speaker function or a vibration function, and output an authentication result using the function.

  FIG. 3 is a block diagram illustrating a configuration of a house according to the present embodiment.

  Referring to FIG. 3, the house 3 includes a door unit 31, a communication unit 32, a temporary storage unit 33, and a door ID storage unit 34 that stores a door ID 311 that identifies the door unit 31 of the house 3.

  The door unit 31 has an opening / closing control function for controlling the opening / closing of the door. The door unit 31 unlocks the door when receiving an instruction for unlocking the door from the communication unit 32, and the door unit 31 receives an instruction for locking the door. Lock.

  The communication unit 32 includes a short-range wireless function such as infrared communication, a function of receiving the user ID 410 transmitted from the mobile phone 1 using the short-range wireless function, and the received user ID 410 in the door ID storage unit 34. When the door ID 311 is added and the function of transmitting to the authentication server 4 via the network 6 and the door authentication OK data 412 are received, the door unit 31 is instructed to unlock the door, and the door authentication NG data 411 And a function of instructing locking when receiving.

  The temporary storage unit 33 has a function of temporarily storing the user ID 410 received by the communication unit 32 and a function of deleting the user ID 410 when a preset time (timer value) has elapsed.

  FIG. 4 is a block diagram showing the configuration of the authentication server according to this embodiment.

  Referring to FIG. 4, the authentication server 4 includes an authentication database (DB) management unit 41, an authentication database 42, and a door authentication database 43.

  The authentication database management unit 41 has a function of receiving the biometric authentication data 111 transmitted from the mobile phone 1 and the biometric authentication data 111 that is the same as the biometric authentication data 111 transmitted from the mobile phone 1 by searching the authentication database 42. And a function for confirming whether or not it is registered in the authentication database 42. In other words, when the same biometric authentication data 111 as the biometric authentication data 111 transmitted from the mobile phone 1 exists on the authentication database 42, the owner of the mobile phone 1 is registered in advance in the authentication database management unit 41. Confirmation that it is a user is completed.

  In addition, the authentication database management unit 41 converts the biometric authentication data 111 into the user ID 410 when the owner of the mobile phone 1 completes the confirmation that the user is a registered user correctly registered in the authentication database 42, and the converted user The function of transmitting the ID 410 to the data transmitting / receiving unit 13 of the mobile phone 1 and the authentication NG data 411 when the biometric authentication data 111 identical to the biometric authentication data 111 sent from the mobile phone 1 does not exist in the authentication database 42 Is transmitted to the data transmitting / receiving unit 13 of the mobile phone 1.

  The authentication database management unit 41 responds to the received biometric authentication data 111 when the user ID 410 uniquely determined for the biometric authentication data 111 is registered in the authentication database 42 or the door authentication database 43 in advance. The user ID 410 to be transmitted is transmitted to the mobile phone 1. Otherwise, the user ID 410 corresponding to the received biometric authentication data 111 is generated, and the generated user ID 410 is transmitted to the mobile phone 1 and received. The data is stored in the door authentication database 43 in association with the data 111 and the door ID 311.

  Further, when receiving the user ID 410 and the door ID 311 transmitted from the communication unit 32, the authentication database management unit 41 searches the door authentication database 43 and the user ID 410 and the door ID 311 transmitted from the communication unit 32 are converted into the door authentication database 43. It has the function to confirm whether it is registered in. That is, when the user ID 410 and the door ID 311 transmitted from the communication unit 32 exist in the door authentication database 43, the user is the user of the door unit 31 registered (permitted) in advance in the authentication database management unit 41. Confirmation is complete.

  Furthermore, the authentication database management unit 41 transmits the door authentication OK data 412 to the communication unit 32 and the data transmission / reception unit of the mobile phone 1 when confirmation that the user using the mobile phone 1 is a user of the door unit 31 is completed. 13, when the user ID 410 and the door ID 311 transmitted from the communication unit 32 are not present in the door authentication database 43, the door authentication NG data 411 is transmitted to and from the communication unit 32. And a function of transmitting to the unit 13 via the network 6.

  The authentication database 42 has a function of storing biometric authentication data (for example, fingerprint data) 111, which is biometric information for identifying an individual, and a user ID 410 in association with each other.

  FIG. 5 is a block diagram showing the configuration of the authentication database according to this embodiment.

  Referring to FIG. 5, the authentication database 42 stores biometric authentication data 111 and a user ID 410 in association with each other.

  The door authentication database 43 stores the user ID 410 and the door ID 311 in association with each other, stores the door ID 311 and the door detailed information 312 in association with each other, and stores the user ID 410 and the validity period information 121 in association with each other. Have.

  FIG. 6 is a diagram illustrating a configuration of the door authentication database according to the present embodiment.

  Referring to FIG. 6, the user ID 410 and the door ID 311 are stored in association with each other, the door ID 311 and the door detailed information 312 are stored in association with each other, and the user ID 410 and the validity period information 121 are stored in association with each other. Yes.

  Here, the hardware configuration of the authentication server 4 will be described.

  FIG. 7 is a block diagram illustrating a hardware configuration example of the authentication server 4 of the authentication system according to the present embodiment.

  Referring to FIG. 7, the authentication server 4 according to the present invention can be realized by a hardware configuration similar to that of a general computer device, and a main memory such as a CPU (Central Processing Unit) 1001 and a RAM (Random Access Memory). A main storage unit 1002 used for a data work area and a temporary data save area, a communication control unit 1003 for transmitting and receiving data via the network 6, a display unit 1004 such as a liquid crystal display, a printer and a speaker, a keyboard, Hard disk device including an input unit 1005 such as a mouse, an interface unit 1006 that transmits and receives data by connecting to a peripheral device, a ROM (Read Only Memory), a magnetic disk, and a nonvolatile memory such as a semiconductor memory And a system bus 1008 for connecting certain auxiliary storage unit 1007, the above components of the information processing apparatus to each other.

  The authentication server 4 according to the present invention is implemented by mounting a circuit component made of a hardware component such as an LSI (Large Scale Integration) in which a program for realizing such a function is incorporated in the authentication server 4. As a matter of course, it can be realized in software by executing a program for providing each function of each component described above by the CPU 1001 on the computer processing apparatus.

  That is, the CPU 1001 implements each function described above in software by loading the program stored in the auxiliary storage unit 1007 into the main storage unit 1002 and executing it, and controlling the operation of the authentication server 4.

  Note that the mobile phone 1, the mobile phone 2 (described later), the house 3, and the personal information server 5 may have the above-described configuration, and each function described above may be realized in hardware or software.

(Operation of the first embodiment)
Hereinafter, with respect to the operation of the authentication system according to the present embodiment, until the user who uses the mobile phone 1 authenticates that the user owns the mobile phone 1 and controls the unlocking of the door portion 31 of the house 3. A series of flows will be described.
FIG. 8 is a flowchart showing the operation of issuing the user ID of the authentication system according to this embodiment.

  Referring to FIG. 8, the data transmitting / receiving unit 13 of the mobile phone 1 according to the present embodiment receives the user biometric data 111 input from the biometric authentication input unit 11 of the mobile phone 1 and stored in the temporary storage unit 12 ( Step S101), and transmits to the authentication server 4 via the network 6 (Step S102). The biometric authentication data 111 stored in the temporary storage unit 12 is deleted when a preset time (timer value) has elapsed or when transmission of the biometric authentication data 111 to the authentication server 4 is completed ( Step S103).

  Next, when the authentication database management unit 41 of the authentication server 4 receives the biometric authentication data 111 transmitted from the mobile phone 1 (step S104), the authentication database 42 searches the authentication database 42 and transmits the biometric authentication data 111 transmitted from the mobile phone 1. It is confirmed whether the same biometric authentication data 111 is registered in the authentication database 42 (step S105). If registered, the biometric authentication data 111 is converted into a user ID 410 (the user ID 410 is extracted) (step S106). ), The converted (extracted) user ID 410 is transmitted to the data transmission / reception unit 13 of the mobile phone 1 (step S107), and if it is not registered, the authentication NG data 411 is transmitted to the data transmission / reception unit 13 of the mobile phone 1 (step S107). S108).

  When the data transmitting / receiving unit 13 of the mobile phone 1 receives the authentication NG data 411, the display unit 14 displays the authentication result (authentication NG) (step S109).

  The authentication database management unit 41 responds to the received biometric authentication data 111 when the user ID 410 uniquely determined for the biometric authentication data 111 is registered in the door authentication database 43 in advance (step S106). The user ID 410 to be transmitted is transmitted to the mobile phone 1 (step S107). Otherwise, the user ID 410 corresponding to the received biometric authentication data 111 is generated (step S106). (Step S107) and may be stored in the door authentication database 43 in association with the biometric data 111 and the door ID 311 received.

  Next, when the data transmission / reception unit 13 of the mobile phone 1 receives the user ID 410, the temporary storage unit 12 temporarily stores the user ID 410 received by the data transmission / reception unit 13 (step S110), and the display unit 14 authenticates. The result (authentication OK) is displayed (step S111).

  When the mobile phone 1 that has received the user ID 410 is held over the communication unit 32 of the house 3, the mobile phone 1 transmits the user ID 410 to the communication unit 32 by the short-range wireless function (step S112).

  Further, the user ID 410 stored in the temporary storage unit 12 is deleted after a predetermined time (step S113).

  FIG. 9 is a flowchart showing an operation of opening / closing control of the door portion of the authentication system according to the present embodiment.

  Note that the authentication information of the user who owns the mobile phone 1 (the biometric authentication data 111 used for authentication, the user ID 410 paired with the biometric authentication data 111), the door authentication information (the door ID 311 instead of the key, the door The user ID 410 paired with the ID 311 is stored in the door authentication database 43 or the authentication database 42 of the authentication server 4 in advance (at the time of contracting the mobile phone 1 and before any personal authentication after the contract). It is assumed that registration is performed from the telephone company authentication information registration PC via the Internet.

  Referring to FIG. 9, the communication unit 32 held over the mobile phone 1 that has received the user ID 410 temporarily acquires the user ID 410 by the short-range wireless function (step S201).

  Next, the communication unit 32 adds the door ID 311 for identifying the door unit 31 to the received user ID 410 (step S202), and transmits it to the authentication server 4 via the network 6 (step S203). The user ID 410 stored in the temporary storage unit 33 is deleted when the timer value elapses or when transmission to the authentication server 4 is completed via the network 6 (step S204).

  Next, the authentication database management unit 41 of the authentication server 4 that has received the user ID 410 and the door ID 311 transmitted from the communication unit 32 (step S205) searches the door authentication database 43 and transmits the user ID 410 and the transmitted from the communication unit 32. It is confirmed whether or not the door ID 311 is registered in the door authentication database 43 (step S206).

  Next, when the user ID 410 and the door ID 311 transmitted from the communication unit 32 are registered in the door authentication database 43, the authentication database management unit 41 transmits door authentication OK data 412 to the communication unit 32 ( If the user ID 410 and the door ID 311 transmitted from the communication unit 32 are not registered in the door authentication database 43 (step S207), the door authentication NG data 411 is transmitted to the communication unit 32 (step S208).

  Next, when receiving the door authentication OK data 412, the communication unit 32 displays the door authentication OK (step S209) and instructs the door unit 31 to unlock the door (step S210), and the door authentication NG data. When 411 is received, door authentication NG is displayed (step S211).

(Effects of the first embodiment)
According to the present embodiment, the following effects can be achieved.

  First, it is possible to prevent information used for authentication and the key itself from being stolen by a method such as theft, or unauthorized authentication due to forgery of information and a key used for authentication.

  The reason is that the user ID 410 corresponding to the biometric data 111, which is the biometric information for identifying the individual, is not the door unit 31 that controls the opening and closing of the door, instead of unlocking and locking with a physical key. Since opening / closing of the door is controlled based on whether or not it is associated with the key-specific door ID 311, it is not necessary for the user to possess information used for authentication or the unique key itself, and the biometric authentication data 111 is included. This is because there is no need to store any personal information in the mobile phone 1 and there is no unauthorized use or information leakage even if the mobile phone 1 is lost or stolen. Further, as described above, since the authentication does not depend on the predetermined mobile phone 1, for example, even if the user of the mobile phone 1 uses a mobile phone owned by another person, the authentication can be performed similarly.

  Second, it is possible to prevent leakage or unauthorized use of authentication information based on distributing information to be verified for authentication in advance to all parts that require authentication.

  The reason is that the authentication server 4 includes the authentication database 42 that stores the biometric authentication data 111, the biometric authentication data 111, the user ID 410, and the door ID 311 in association with each other, and the mobile phone 1 Since the user ID 410 corresponding to the biometric authentication data 111 of the user is associated with the door ID 311 unique to the key to control the opening and closing of the door, the information necessary for authentication is authenticated. This is because it is not necessary to pre-distribute to all necessary parts, and it is not necessary to manage by the user himself.

  Third, secure and inexpensive personal authentication can be performed.

  The reason is that the door unit 31 that controls the opening and closing of the door is based on whether or not the user ID 410 corresponding to the biometric data 111 that is biometric information for identifying an individual is associated with the door ID 311 unique to the key. In order to control the opening and closing of the door, there is no need to place a person who performs authentication, or to place expensive biometric authentication devices in all places where authentication is required, and cheap communication to places where authentication is required This is because only the unit 32 is arranged and the cellular phone 1 that is close to the user is used.

  Fourthly, since information necessary for personal authentication is based on biometric information for identifying an individual, it is difficult to forge.

(Second Embodiment)
Hereinafter, an authentication system according to the second embodiment of the present invention will be described with reference to the drawings.

(Configuration of Second Embodiment)
FIG. 10 is a block diagram showing the configuration of the authentication system according to this embodiment.

  Referring to FIG. 10, the authentication system according to the present embodiment includes a mobile phone 1, a mobile phone 2, a house 3, and an authentication server 4 connected to the mobile phone 1, the mobile phone 2, and the house 3 via a network 6. And the personal information server 5 connected to the mobile phone 1 and the mobile phone 2 via the network 6, the mobile phone 2 having the same configuration as the mobile phone 1 and the personal information server 5 are provided. This is different from the embodiment. The following description will focus on the points that differ from the first embodiment.

  The temporary storage unit 12 according to the present embodiment includes the biometric authentication data 111 of the mobile phone 1, the selected door ID 311, the mobile number 200 of the mobile phone 2 that is the substitute user, and the valid period information 121 indicating the valid period of the proxy. Is temporarily stored. The biometric authentication data 111 and the door ID 311 of the mobile phone 1 stored in the temporary storage unit 12, the mobile phone number 200 of the mobile phone 2 serving as the substitute user, and the valid period information 121 are set in advance (timer value). Or when the transmission of the biometric data 111 to the authentication server 4 is completed.

  The data transmission / reception unit 13 according to the present embodiment stores the biometric authentication data 111 and the door ID 311 of the mobile phone 1 registered in the temporary storage unit 12, the mobile phone number 200 of the mobile phone 2 serving as the substitute user, and the validity period information 121. 6 to transmit to the authentication server 4 via

  The display unit 14 according to the present embodiment has a function of displaying the door ID list information 413 received by the data transmitting / receiving unit 13.

  In the key input unit 16 according to the present embodiment, a door ID 311 that needs to be substituted is input from the door ID list information 413 displayed on the display unit 14 by an operation by a user of the mobile phone 1 or the like. As a user, validity period information 121 indicating a period in which the mobile phone 2 of the mobile phone 2 can be substituted is input.

  The authentication database management unit 41 according to the present embodiment corresponds to the biometric authentication data 111 when the confirmation that the owner of the mobile phone 1 is a user who is correctly registered in the authentication database 42 is completed. A function of retrieving the user ID 410 from the authentication database 42, a function of searching the door authentication database 43 using the user ID 410 retrieved from the authentication database 42 as a key, and extracting door ID list information 413 indicating a list of registered door IDs 311; The extracted door ID list information 413 has a function of transmitting the data transmission / reception unit 13 of the mobile phone 1 via the network 6.

  Further, the authentication database management unit 41 according to the present embodiment has a function of receiving the biometric authentication data 111 transmitted from the mobile phone 1, the door ID 311, the mobile number 200 of the mobile phone 2 serving as the substitute user, and the validity period information 121. And a function of searching the authentication database 42 and confirming whether or not the same biometric authentication data 111 as the biometric authentication data 111 transmitted from the mobile phone 1 is registered in the authentication database 42. In other words, when the same biometric authentication data 111 as the biometric authentication data 111 transmitted from the mobile phone 1 exists on the authentication database 42, the owner of the mobile phone 1 is registered in advance in the authentication database management unit 41. Confirmation that it is a user is completed.

  Furthermore, the authentication database management unit 41 according to the present embodiment, when the confirmation that the owner of the mobile phone 1 is a user who is correctly registered in the authentication database is completed, is the mobile phone that is the substitute user and the door ID 311. 2 is transmitted to the personal information database management unit 51 of the personal information server 5.

  Furthermore, when the authentication database management unit 41 receives the user ID 410, the door ID 311, and the validity period information 121 transmitted from the personal information database management unit 51, the authentication database management unit 41 searches the door authentication database 43 and transmits it from the personal information database management unit 51. A function of confirming whether or not the same door ID 311 as the registered door ID 311 is registered in the door authentication database 43, and if registered, the user ID 410 of the mobile phone 2 acting as a substitute user for the registered door ID 311 As a proxy user ID 420 and a function of registering the validity period information 121 of the proxy user ID 420.

  When the authentication database management unit 41 receives the user ID 410 and the door ID 311 transmitted from the communication unit 32, the authentication database management unit 41 searches the door authentication database 43 and the user ID 410 and the door ID 311 transmitted from the communication unit 32 become the door authentication database 43. And the function of referring to the registered valid period information 121 when the user ID 410 and the door ID 311 transmitted from the communication unit 32 exist in the door authentication database 43. In other words, if it is within the period, the authentication database management unit 41 completes confirmation that the user is a proxy user registered (permitted) in advance.

  Further, the authentication database management unit 41 has a function of transmitting the door authentication OK data 412 to the communication unit 32 when the confirmation that the user using the mobile phone 2 is a substitute user of the door is completed, and the door authentication is performed. A function of transmitting the door authentication NG data 411 to the communication unit 32 when it is not normal.

  FIG. 11 is a block diagram showing the configuration of the personal information server according to the present embodiment.

  Referring to FIG. 11, the personal information server 5 includes a personal information database (DB) management unit 51 and a personal information database 52.

  The personal information database management unit 51 has a function of receiving the door ID 311 transmitted from the mobile phone 1, the mobile number 200 of the mobile phone 2 that is the substitute user, and the validity period information 121, and searches the personal information database 52 to search for the substitute user. And the function of confirming whether or not the same mobile number as the mobile phone number 200 of the mobile phone 2 is registered in the personal information database 52. That is, when the same mobile number as the mobile phone number 200 of the mobile phone 2 serving as the substitute user exists in the personal information database, the owner of the mobile phone 2 serving as the substitute user is registered in advance in the personal information database management unit 51. Confirmation that the user is an active user.

  In addition, the personal information database management unit 51, when the confirmation that the owner of the mobile phone 2 as a substitute user is a user who is correctly registered in the personal information database is completed, It has a function of acquiring a user ID 410 that is paired with the mobile number 200.

  Further, the personal information database management unit 51 has a function of transmitting the acquired user ID 410, door ID 311, and validity period information 121 to the authentication database management unit 41 of the authentication server 4.

  FIG. 12 is a block diagram showing the configuration of the personal information database according to this embodiment.

  Referring to FIG. 12, the personal information database 52 stores a mobile number for identifying a mobile phone and a user ID 410 in association with each other.

  The door authentication database 43 according to the present embodiment stores the user ID 410, the substitute user ID 420, and the door ID 311 in association with each other, stores the door ID 311 and the door detailed information 312 in association with each other, and stores the user ID 410 and the valid period information 121. Are stored in association with each other.

  FIG. 13 is a diagram illustrating a configuration of the door authentication database according to the present embodiment.

  Referring to FIG. 13, the user ID 410, the substitute user ID 420, and the door ID 311 are stored in association with each other, the door ID 311 and the door detailed information 312 are stored in association with each other, and the user ID 410 and the validity period information 121 are associated with each other. Saved.

(Operation of Second Embodiment)
Hereinafter, regarding the operation of the authentication system according to the present embodiment, as an embodiment for (Problem 5) in the conventional problem, the user of the mobile phone 2 is designated as a substitute user of the user of the mobile phone 1 for the period 3 A series of flow until unlocking control of the door part 31 is described.
FIG. 14 is a flowchart showing an operation of registering the substitute user ID 420 of the authentication system according to the present embodiment.

  Referring to FIG. 14, the data transmitting / receiving unit 13 of the mobile phone 1 according to the present embodiment receives the user biometric data 111 input from the biometric authentication input unit 11 of the mobile phone 1 and stored in the temporary storage unit 12 ( Step S301), and transmits to the authentication server 4 via the network 6 (Step S302). The biometric authentication data 111 stored in the temporary storage unit 12 is deleted when a preset time (timer value) has elapsed or when transmission of the biometric authentication data 111 to the authentication server 4 is completed ( Step S303).

  Next, when the authentication database management unit 41 of the authentication server 4 receives the biometric authentication data 111 transmitted from the mobile phone 1 (step S304), the authentication database 42 searches the authentication database 42 and transmits the biometric authentication data 111 transmitted from the mobile phone 1. Whether or not the same biometric authentication data 111 is registered in the authentication database 42 (step S305), and if registered, the user ID 410 corresponding to the biometric authentication data 111 is extracted from the authentication database 42 (step S305). S306).

  Next, the authentication database management unit 41 searches the door authentication database 43 using the user ID 410 extracted from the authentication database 42 as a key, and extracts (generates) door ID list information 413 indicating a list of registered door IDs 311 ( In step S307), the extracted (generated) door ID list information 413 is transmitted to the data transmitting / receiving unit 13 of the mobile phone 1 via the network 6 (step S308).

  Next, when the data transmission / reception unit 13 of the mobile phone 1 receives the door ID list information 413 (step S309), the display unit 14 displays the door ID list information 413 (step S310), and the key by the user of the mobile phone 1 is displayed. The operation of the input unit 16 inputs (selects) a door ID 311 that needs to be substituted from the displayed door ID list information 413 (step S311).

  In addition, by the operation of the key input unit 16 by the user of the mobile phone 1, valid period information 121 indicating a period in which the mobile phone 2 can be used as a substitute user is input (step S 312).

  Next, the data transmission / reception unit 13 of the mobile phone 1 receives the biometric authentication data 111 of the user of the mobile phone 1 input from the biometric authentication input unit 11 of the mobile phone 1 and stored in the temporary storage unit 12 (step S313), key The selected door ID 311 input from the input unit 16 and stored in the temporary storage unit 12, the mobile phone number 200 of the mobile phone 2 serving as the substitute user, and the validity period information 121 are transmitted to the authentication server 4 via the network 6. (Step S314).

  Note that the biometric authentication data 111 of the user of the mobile phone 1 stored in the temporary storage unit 12 of the mobile phone 1, the selected door ID 311, the mobile phone number 200 of the substitute mobile phone 2 and the validity period information 121 are stored in advance. It is deleted when the set time (timer value) has elapsed or when the transmission of the biometric data 111 from the mobile phone 1 to the authentication server 4 is completed (step S315).

  Next, when the authentication database management unit 41 of the authentication server 4 receives the biometric authentication data 111 transmitted from the mobile phone 1, the selected door ID 311, the mobile phone number 200 and the validity period information 121 of the mobile phone 2 that is the substitute user. (Step S316) The authentication database 42 is searched to check whether the same biometric data 111 as the biometric data 111 transmitted from the mobile phone 1 is registered in the authentication database 42 (Step S317). If so, the door ID 311, the mobile number 200 of the mobile phone 2 serving as the substitute user, and the validity period information 121 are transmitted to the personal information database management unit 51 of the personal information server 5 (step S 318).

  Next, the personal information database management unit 51 of the personal information server 5 stores the biometric authentication data 111 transmitted from the mobile phone 1, the selected door ID 311, the mobile phone number 200 of the mobile phone 2 serving as the substitute user, and the validity period information 121. When received (step S319), the personal information database 52 is searched to check whether or not the same mobile number as the mobile phone number 200 of the mobile phone 2 serving as the substitute user is registered in the personal information database 52 (step S320). If registered, the user ID 410 that is paired with the mobile phone number 200 of the mobile phone 2 that is the substitute user is acquired (step S321).

  Next, the personal information database management unit 51 transmits the acquired user ID 410, the selected door ID 311 and the validity period information 121 to the authentication database management unit 41 of the authentication server 4 (step S322).

  Next, when the authentication database management unit 41 of the authentication server 4 receives the user ID 410, the selected door ID 311 and the validity period information 121 transmitted from the personal information database management unit 51 (step S323), the authentication database management unit 41 searches the door authentication database 43. Then, it is confirmed whether or not the same door ID 311 as the received door ID 311 is registered in the door authentication database 43 (step S324), and if registered, the mobile phone which is a substitute user for the registered door ID 311 The user ID 410 of No. 2 is registered as the substitute user ID 420, and the valid period information 121 transmitted from the personal information database management unit 51 is registered as a valid period of the substitute user ID 420 (step S325).

  FIG. 15 is a flowchart showing an operation of issuing the user ID 410 of the authentication system according to this embodiment.

  Referring to FIG. 15, the data transmitting / receiving unit 23 of the mobile phone 2 according to the present embodiment receives the biometric authentication data 111 of the user input from the biometric authentication input unit 21 of the mobile phone 2 and stored in the temporary storage unit 22 ( In step S401, the data is transmitted to the authentication server 4 via the network 6 (step S402). The biometric authentication data 111 stored in the temporary storage unit 22 is deleted when a preset time (timer value) has elapsed or when transmission of the biometric authentication data 111 to the authentication server 4 is completed ( Step S403).

  Next, when the authentication database management unit 41 of the authentication server 4 receives the biometric authentication data 111 transmitted from the mobile phone 2 (step S404), the authentication database 42 searches the authentication database 42 and transmits the biometric authentication data 111 transmitted from the mobile phone 2. Whether or not the same biometric authentication data 111 is registered in the authentication database 42 (step S405). If registered, the biometric authentication data 111 is converted into a user ID 410 (step S406), and the converted user ID 410 is converted. Is transmitted to the data transmitter / receiver 13 of the mobile phone 1 (step S407), and if it is not registered, the authentication NG data 411 is transmitted to the data transmitter / receiver 23 of the mobile phone 2 (step S408).

  Next, the temporary storage unit 22 temporarily stores the user ID 410 received by the data transmission / reception unit 23 (step S409), and the display unit 24 displays the authentication result (authentication OK) (step S4010).

  In addition, when the mobile phone 2 that has received the user ID 410 is held over the communication unit 32 of the house 3, the mobile phone 2 transmits the user ID 410 to the communication unit 32 by the short-range wireless function (step S411).

  Further, the user ID 410 stored in the temporary storage unit 12 is deleted when a certain time has elapsed (step S412).

  FIG. 16 is a flowchart showing the door control opening / closing operation of the authentication system according to the present embodiment.

  Note that the authentication information of the user who owns the mobile phone 2 (the biometric authentication data 111 used for authentication, the user ID 410 paired with the biometric authentication data 111), the door authentication information (the door ID 311 instead of the key, the door The user ID 410 paired with the ID 311 is stored in the door authentication database 43 or the authentication database 42 of the authentication server 4 in advance (at the time of contracting the mobile phone 1 and before any personal authentication after the contract). It is assumed that registration is performed from the telephone company authentication information registration PC via the Internet.

  Referring to FIG. 16, the communication unit 32 held over the mobile phone 2 that has received the user ID 410 temporarily acquires the user ID 410 by the short-range wireless function (step S501).

  Next, the communication unit 32 adds the door ID 311 for identifying the door unit 31 to the received user ID 410 (step S502), and transmits it to the authentication server 4 via the network 6 (step S503). Note that the user ID 410 stored in the temporary storage unit 33 is deleted when the timer value has elapsed or when transmission to the authentication server 4 via the network 6 is completed.

  Next, the authentication database management unit 41 of the authentication server 4 that has received the user ID 410 and the door ID 311 transmitted from the communication unit 32 searches the door authentication database 43 and the user ID 410 and the door ID 311 transmitted from the communication unit 32 are the doors. It is confirmed whether or not it is registered in the authentication database 43 (step S504).

  Next, when registered, the authentication database management unit 41 of the authentication server 4 refers to the validity period information 121 and determines whether or not it is within the period (step S505). If it is within the period, the authentication server 4 completes confirmation that the user using the mobile phone 2 is a proxy user registered (permitted) in advance.

  Next, when the user ID 410 and the door ID 311 transmitted from the communication unit 32 are registered in the door authentication database 43 and the authentication database management unit 41 is within the period, the door authentication OK data 412 is transmitted to the communication unit 32. If the user ID 410 and the door ID 311 transmitted from the communication unit 32 are not registered in the door authentication database 43, the door authentication NG data 411 is transmitted to the communication unit 32. (Step S507).

  Next, the communication unit 32 instructs the door unit 31 to unlock the door when the door authentication OK data 412 is received, and locks the door with respect to the door unit 31 when the door authentication NG data 411 is received. Is instructed (step S508).

(Effect of the second embodiment)
According to the present embodiment, when temporary authentication of a third party who is not the owner of the mobile phone is necessary, it is necessary to receive a key or information necessary for the authentication or to ask in advance. Therefore, convenient and low-risk authentication can be performed in addition to the effects of the first embodiment.

  Although the present invention has been described with reference to the preferred embodiments, the present invention is not necessarily limited to the above embodiments, and various modifications can be made within the scope of the technical idea. .

It is a block diagram which shows the structure of the authentication system by the 1st Embodiment of this invention. It is a block diagram which shows the structure of the mobile telephone by 1st Embodiment. It is a block diagram which shows the structure of the house by 1st Embodiment. It is a block diagram which shows the structure of the authentication server by 1st Embodiment. It is a block diagram which shows the structure of the authentication database by 1st Embodiment. It is a figure which shows the structure of the door authentication database of 1st Embodiment. It is a block diagram which shows the hardware structural example of the authentication server 4 of the authentication system by 1st Embodiment. It is a flowchart which shows operation | movement of user ID issue of the authentication system by 1st Embodiment. It is a flowchart which shows the operation | movement of the opening / closing control of the door part of the authentication system by 1st Embodiment. It is a block diagram which shows the structure of the authentication system by the 2nd Embodiment of this invention. It is a block diagram which shows the structure of the personal information server by 2nd Embodiment. It is a block diagram which shows the structure of the personal information database by 2nd Embodiment. It is a figure which shows the structure of the door authentication database of 2nd Embodiment. It is a flowchart which shows the operation | movement of proxy user ID registration of the authentication system by 2nd Embodiment. It is a flowchart which shows operation | movement of user ID issuing of the authentication system by 2nd Embodiment. It is a flowchart which shows the operation | movement of the opening / closing control of the door part of the authentication system by 2nd Embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1, 2: Mobile phone 11: Biometric authentication input part 111: Biometric authentication data 12: Temporary storage part 121: Valid period information 13: Data transmission / reception part 14: Display part 15: Telephone control part 16: Key input part 200: Mobile number 3: House 31: Door 311: Door ID
312: Door detailed information 32: Communication unit 33: Temporary storage unit 34: Door ID storage unit 4: Authentication server 41: Authentication database management unit 410: User ID
420: Proxy user ID
411: Door authentication NG data 412: Door authentication OK data 413: Door ID list information 42: Authentication database 43: Door authentication database 5: Personal information server 51: Personal information database management unit 52: Personal information database 6: Network 1001: CPU
1002: Main storage unit 1003: Communication control unit 1004: Presentation unit 1005: Input unit 1006: Interface unit 1007: Auxiliary storage unit 1008: System bus

Claims (20)

In an authentication system that performs authentication based on biometric information unique to a user,
An authentication database for storing the biometric information, user information for identifying a user, and door information for identifying a door to be controlled for opening and closing operations;
An authentication server that transmits the user information corresponding to the biological information transmitted from the mobile terminal of the user to the mobile terminal based on the authentication database;
The user information transmitted from the user's mobile terminal is added with door information for identifying the door to be controlled for its own opening / closing operation and transmitted to the server, and the authentication result transmitted from the authentication server Door opening / closing operation control means for controlling the opening / closing operation of the door based on
The authentication server authenticates the user information and door information transmitted from the door opening / closing operation control means based on the authentication database, and transmits an authentication result to the door opening / closing operation control means. A featured authentication system. A personal information database for storing the terminal identification information for identifying the portable terminal and the user information in association with each other;
The authentication server succeeds in authenticating the biometric information transmitted from the mobile terminal of the user, the user ID, and the door ID of the door to be controlled for opening / closing operation based on the authentication database. In addition, the user information corresponding to the terminal identification information of the other mobile terminal acquired based on the personal information database is registered as proxy user information in the authentication database and transmitted from the other mobile terminal. The authentication system according to claim 1, wherein the proxy user information corresponding to the biometric information of the user is transmitted to the other mobile terminal. The authentication server extracts door information list information indicating a list of registered door information corresponding to the user information transmitted from the mobile terminal of the user, extracted based on the authentication database, to the mobile terminal The authentication system according to claim 1 or 2, wherein the authentication system transmits the information. The said authentication server has the information which shows the effective period which can use the said proxy user information transmitted from the said user's portable terminal for an authentication process, The any one of Claims 1-3 characterized by the above-mentioned. The authentication system described in the section. The biometric information input to the mobile terminal is erased from the mobile terminal when a predetermined time set in advance elapses or when transmission of the biometric information to the authentication server is completed. The authentication system according to any one of claims 1 to 4. The authentication according to any one of claims 1 to 5, wherein the user ID transmitted to the mobile terminal is deleted from the mobile terminal after a predetermined time has elapsed. system. In an authentication device that performs authentication based on biometric information unique to a user,
An authentication database for storing the biometric information, user information for identifying a user, and door information for identifying a door to be controlled for opening and closing operations;
Authentication means for transmitting the user information corresponding to the biometric information transmitted from the mobile terminal of the user to the mobile terminal based on the authentication database;
The authentication means includes a door opening / closing operation control means for adding door information for identifying a door to be controlled for its own opening / closing operation to the user information transmitted from the mobile terminal of the user based on the authentication database. An authentication apparatus that authenticates the transmitted user information and door information and transmits an authentication result to the door opening / closing operation control means. A personal information database for storing the terminal identification information for identifying the portable terminal and the user information in association with each other;
When the authentication means succeeds in authenticating the biometric information transmitted from the user's portable terminal, the user ID, and the door ID of the door to be controlled for opening / closing operation based on the authentication database. In addition, the user information corresponding to the terminal identification information of the other mobile terminal acquired based on the personal information database is registered as proxy user information in the authentication database and transmitted from the other mobile terminal. The authentication apparatus according to claim 7, wherein the proxy user information corresponding to the biometric information of the user is transmitted to the other mobile terminal. The authentication means extracts door information list information indicating a list of registered door information corresponding to the user information transmitted from the mobile terminal of the user, extracted based on the authentication database, to the mobile terminal The authentication device according to claim 7 or 8, wherein the authentication device transmits the authentication information. The said authentication means has the information which shows the effective period which can use the said substitute user information transmitted from the said user's portable terminal for an authentication process, The any one of Claim 7 to 9 characterized by the above-mentioned. The authentication device according to item. An authentication method for performing authentication based on biometric information unique to a user,
Storing the biometric information, user information for identifying a user, and door information for identifying a door to be controlled in an opening / closing operation in association with each other in an authentication database;
A transmission step of transmitting the user information corresponding to the biometric information transmitted from the mobile terminal of the user from the authentication server to the mobile terminal based on the authentication database;
Adding to the user information transmitted from the mobile terminal of the user, door information for identifying a door to be controlled of its own opening and closing operation, and transmitting the information to the server;
A door opening / closing operation control step for controlling the opening / closing operation of the door based on the authentication result transmitted from the authentication server;
In the authentication server, an authentication step for authenticating the user information and door information transmitted from the door opening / closing operation control means based on the authentication database;
And a door opening / closing operation control step for controlling the opening / closing operation of the door based on an authentication result transmitted from the authentication server. Storing terminal identification information for identifying the portable terminal and the user information in a personal information database in association with each other;
In the authentication server, when the authentication of the biometric information transmitted from the user's portable terminal, the user ID, and the door ID of the door to be controlled for opening / closing operation is successful based on the authentication database. And registering the user information corresponding to the terminal identification information of the other portable terminal acquired based on the personal information database as proxy user information in the authentication database;
The said authentication server has the step which transmits the said proxy user information corresponding to the said biometric information of the said user transmitted from the said other portable terminal with respect to the said other portable terminal. Authentication method described in. In the authentication server, door information list information indicating a list of registered door information corresponding to the user information transmitted from the mobile terminal of the user extracted based on the authentication database is provided to the mobile terminal. The authentication method according to claim 11 or 12, further comprising a step of transmitting the information. The authentication server includes a step of performing authentication processing of the proxy user information using information indicating an effective period in which the proxy user information transmitted from the mobile terminal of the user can be used for authentication processing. The authentication method according to any one of claims 11 to 13. Erasing the biometric information input to the portable terminal from the portable terminal when a predetermined time has elapsed or when the transmission of the biometric information to the authentication server is completed. The authentication method according to any one of claims 11 to 14. 16. The method according to claim 11, further comprising: deleting the user ID transmitted to the mobile terminal from the mobile terminal after elapse of a predetermined time set in advance. Authentication method. An authentication program executed on an authentication server that performs authentication based on biometric information unique to a user,
In the authentication server,
The living body transmitted from the user's mobile terminal based on an authentication database in which the biological information, user information for identifying a user, and door information for identifying a door to be controlled for opening and closing operations are associated with each other. A function of transmitting the user information corresponding to information to the mobile terminal;
The user transmitted from the door opening / closing operation control means for adding door information for identifying the door to be controlled of its own opening / closing operation to the user information transmitted from the user's portable terminal based on the authentication database. A function of authenticating information and the door information;
An authentication program that realizes a function of transmitting an authentication result to the door opening / closing operation control means. In the authentication server,
If the biometric information transmitted from the mobile terminal of the user, the user ID, and the door ID of the door to be controlled for opening / closing operation are successfully authenticated based on the authentication database, the mobile terminal The user information corresponding to the terminal identification information of the other mobile terminal acquired based on the personal information database in which the terminal identification information for identifying the user and the user information is associated is used as the proxy user information for the authentication The ability to register in the database;
The authentication according to claim 17, further comprising a function of transmitting the proxy user information corresponding to the biometric information of the user transmitted from the other mobile terminal to the other mobile terminal. program. In the authentication server,
A function of transmitting door information list information indicating a list of registered door information corresponding to the user information transmitted from the user's mobile terminal, extracted based on the authentication database, to the mobile terminal. The authentication program according to claim 17 or 18, characterized by being realized. In the authentication server,
18. The proxy user information authentication process is executed using information indicating a valid period in which the proxy user information transmitted from the user's mobile terminal can be used for the authentication process. Item 20. The authentication program according to any one of Items19.

Images