JP2009003805A - Validity authentication system and validity authentication method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a validity authentication system and a validity authentication method which enable the third person to efficiently confirm validity of each user without making each user carry a special recording medium for confirmation. <P>SOLUTION: Reference face image data of affiliates belonging to organizations are distributedly managed by a plurality of server devices provided per organization, and a certificate authority 30 specifies a pertinent server device 40 in response to an authentication request from an authentication terminal 10, and authentication processing is performed on the basis of reference face image data managed by the specified server device 40 and input face image data, and the authentication result is displayed on a display part connected to the authentication terminal 10 being an authentication request source. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a legitimacy authentication system and a legitimacy authentication method for authenticating the legitimacy of a user (member) belonging to a specific organization such as a company or a general household, and in particular, uses a special confirmation recording medium. The present invention relates to a legitimacy authentication system and a legitimacy authentication method capable of allowing a third party to confirm the legitimacy of each user efficiently without being carried by a user.

  Conventionally, an interphone with a camera has generally been installed near the entrance door of ordinary households and companies, and the visitor's face image captured by this camera and the voice of the visitor acquired via the interphone Therefore, it is often determined whether or not the visitor is a legitimate visitor.

  However, depending on the judgment based on the subjectivity of such individuals, when a malicious visitor impersonates a courier company, etc., it is legitimate that he cannot detect the malicious intention of this visitor. As a result, there is a risk of causing a crime.

  For this reason, there is known a conventional technique for automatically and systematically determining whether or not a visitor is a legitimate person. For example, in Patent Document 1, a user presents a recording medium for confirmation to a medium information acquisition unit and inputs medium information such as a facial photograph, and the user information acquisition unit captures a user's face image, A user verification system that determines whether or not a user terminal is the same person by comparing user information and medium information is disclosed.

  According to this Patent Document 1, even if a malicious user who does not have a regular confirmation recording medium is impersonated as a legitimate user, it is possible to prevent oversight of such impersonation through collation of face images. it can.

JP 2002-251380 A

  However, this Patent Document 1 has a problem in that each user is forced to bear an operational burden because he must always bring a kind of identification evidence called a confirmation recording medium. In addition, once a malicious user forges a confirmation recording medium in advance, the validity judgment by the confirmation recording medium becomes meaningless, and finally the user is legitimate by visual inspection by an examiner or the like. It will be necessary to judge whether or not.

  As described above, there are various problems in the identity verification technology using the confirmation recording medium. Therefore, the identity verification data is not recorded on the confirmation recording medium, but the identity verification data is collectively stored on the management server. Although management is conceivable, the storage capacity of this management server is limited, and the search time increases as the amount of data to be accumulated increases. Therefore, this conventional technique is applied only to limited situations. I can't.

  For example, each general household has a wide variety of visitors, such as courier companies, salesmen, and neighboring residents, and there are many visitors at first glance. It is virtually impossible to manage on the management server.

  From the above, how to realize a legitimacy confirmation system that allows each user to confirm the legitimacy of each user efficiently without having to carry a special confirmation recording medium to each user. Has become an important issue.

  The present invention has been made in view of the above problems (problems), and allows a third party to efficiently confirm the legitimacy of each user without causing each user to carry a special confirmation recording medium. An object of the present invention is to provide a legitimacy authentication system and a legitimacy authentication method that can be used.

  In order to solve the above-described problem, the present invention makes an authentication request including the affiliation information of members belonging to a specific organization and input personal characteristic data, and displays an authentication result in response to the authentication request as a predetermined display unit. A plurality of authentication terminals for display control and a plurality of server devices provided for each organization distributes and manages reference personal characteristic data of members belonging to the organization, and responds to an authentication request from the authentication terminal Authentication for identifying the corresponding server device, performing authentication processing based on the reference personal feature data managed by the identified server device and the input personal feature data, and notifying the authentication terminal of the authentication request source And a system.

  Further, the present invention is the above invention, wherein each authentication terminal has at least input means for inputting affiliation destination information of the member to be authenticated, and personal feature data acquisition means for acquiring input personal feature data of the member. Authentication request means for making an authentication request including the affiliation information input by the input means and the input personal characteristic data acquired by the personal characteristic data acquisition means, and an authentication result returned in response to the authentication request. A display control means for controlling display on a predetermined display unit is provided.

  Further, the present invention is the above invention, wherein the authentication system is provided for each organization and an authentication station that accepts an authentication request from each authentication terminal, and distributes and manages reference personal characteristic data of members belonging to the organization Each server device comprises a storage means for storing the identification information of each member belonging to the organization in association with the reference personal characteristic data of the member, and the identification information of the member. When a request for including reference personal feature data is received from the certificate authority, search means for searching for the corresponding reference personal feature data from the storage means, and returning the reference personal feature data searched by the search means to the certificate authority Return means, and the certificate authority identifies any of the plurality of server devices based on affiliation information included in an authentication request received from the plurality of authentication terminals. Reference personal feature data requesting means for requesting reference personal feature data to the specified server device, reference personal feature data returned from a predetermined server device in response to a request by the reference personal feature data requesting unit, and Authentication processing means for authenticating validity based on input personal characteristic data included in the authentication request, and authentication result notifying means for notifying the authentication terminal of the authentication request source of the authentication result by the authentication processing means. Features.

  Further, the present invention is the above invention, wherein the authentication system is provided for each organization and an authentication station that accepts an authentication request from each authentication terminal, and distributes and manages reference personal characteristic data of members belonging to the organization A plurality of server devices, wherein the certificate authority identifies any of the plurality of server devices based on affiliation information included in an authentication request received from the plurality of authentication terminals, and for the identified server device Transmission means for transmitting identification information and input personal characteristic data, and authentication result transfer means for transferring an authentication result returned from the server apparatus to an authentication terminal that is an authentication request source. Storage means for storing the identification information of each member belonging to the organization in association with the reference individual characteristic data of the member, and identification information and input personal characteristic data of the member from the certification authority Search means for searching for relevant reference personal feature data from the storage means when receiving data from a predetermined authentication terminal, input personal feature data received from the authentication terminal, and reference personal feature data retrieved by the search means The authentication processing means for authenticating the validity based on the authentication processing means, and the authentication result notifying means for notifying the authentication terminal of the authentication result by the authentication processing means.

  Further, the present invention is characterized in that, in the above invention, the personal feature data is face image data obtained by imaging a member's face or face image feature value data obtained by extracting a feature value from the face image data.

  Further, the present invention provides an acquisition step of acquiring membership information of an affiliated member belonging to a specific organization at the authentication terminal, identification information of the affiliated member, and input personal characteristic data, and the belonging location information obtained by the obtaining step. An authentication request step for making an authentication request including identification information and input personal characteristic data to the certificate authority, and an authentication request received by the certificate authority from the plurality of authentication terminals in response to the authentication request by the authentication request step A reference personal feature data requesting step for specifying any of the plurality of server devices based on affiliation information included in the request, and requesting reference personal feature data from the specified server device, and the reference personal feature data request In response to the request by the process, the server device corresponds to the identification information of the member from the reference personal characteristic data of each member stored in the storage unit in advance. A search step for searching for feature data, a return step for returning the reference personal feature data searched in the search step to the certificate authority, the reference personal feature data returned by the certificate authority in the return step, and the reference data An authentication processing step for authenticating validity based on the input personal characteristic data included in the authentication request; and an authentication result notification step for the authentication station notifying the authentication terminal of the authentication request source of the authentication result of the authentication processing step; And a display control step of controlling the display of the authentication result returned from the certificate authority in the authentication result notifying step on a predetermined display unit of the authentication terminal.

  Further, the present invention provides an acquisition step of acquiring membership information of an affiliated member belonging to a specific organization at the authentication terminal, identification information of the affiliated member, and input personal characteristic data, and the belonging location information obtained by the obtaining step. An authentication request step for making an authentication request including identification information and input personal characteristic data to the certificate authority, and an authentication request received by the certificate authority from the plurality of authentication terminals in response to the authentication request by the authentication request step A transmission step of identifying any of the plurality of server devices based on affiliation information included in the request, transmitting identification information and input personal characteristic data to the identified server device, and storing the server device in advance A search step of searching for reference personal feature data corresponding to the identification information transmitted by the transmission step from the reference personal feature data of each member stored in the department; An authentication processing step in which the device authenticates validity based on the reference personal feature data searched in the search step and the input personal feature data included in the authentication request; and the server device passes through the certificate authority. An authentication result notification step of notifying an authentication result of the authentication processing step to an authentication request source authentication terminal, and displaying an authentication result returned from the certification authority in the authentication result notification step on a predetermined display unit of the authentication terminal And a display control step for controlling.

  According to the present invention, an authentication request including an affiliation information of members belonging to a specific organization and input personal characteristic data is made to the authentication system at the authentication terminal, and in this authentication system, a plurality of units provided for each organization The reference personal feature data of the members belonging to the organization is distributed and managed by the server device, the corresponding server device is identified in response to the authentication request from the authentication terminal, and the reference individual managed by the identified server device The authentication process is performed based on the feature data and the input personal feature data, and the authentication result is notified to the authentication request source authentication terminal. The authentication terminal displays the authentication result in response to the authentication request on a predetermined display unit. Since it is configured to control, the validity of each user can be efficiently confirmed by a third party without causing each user to carry a special confirmation recording medium. In particular, the reference personal feature data of each member is distributed and managed by a plurality of server devices, and the server device corresponding to the person to be authenticated is specified to acquire the reference personal feature data. Even if the number is not limited and the number of persons to be authenticated is enormous, it can be handled efficiently.

  Further, according to the present invention, each authentication terminal acquires the affiliation destination information of the affiliation member to be authenticated and the input personal characteristic data of the affiliation member, and issues an authentication request including the affiliation information and the input personal characteristic data. Since it is configured to display and control the authentication result returned to the authentication system in response to the authentication request on a predetermined display unit, the authentication terminal can be positioned as a small and low-cost device. Various authentication needs can be met by using authentication terminals arranged at various locations.

  Further, according to the present invention, the certificate authority specifies the affiliation information included in the authentication request received from a plurality of authentication terminals, requests reference personal feature data from the specified server device, The apparatus stores the identification information of each member belonging to the organization in association with the reference personal characteristic data of the member, and receives a request for reference personal characteristic data including the identification information of the member from the certification authority. At this time, the corresponding reference personal feature data is retrieved and returned to the certificate authority, and the certificate authority authenticates the validity based on the reference personal feature data returned from the server device and the input personal feature data included in the authentication request. And the authentication result is notified to the authentication requesting authentication terminal, so that personal feature data, which is a kind of personal information, is distributed and managed by the organization's server device. For performed in the authentication station, it is possible to achieve both guarantee certificate authority personal information protection and authentication result with.

  Further, according to the present invention, the certificate authority specifies the server device based on the affiliation information included in the authentication request received from the plurality of authentication terminals, and transmits the identification information and the input personal characteristic data. The identification information of each member belonging to the organization and the reference personal feature data of the member are stored in association with each other, and the corresponding reference when the member identification information and the input personal feature data are received from the certificate authority Since it is configured to search for personal characteristic data, authenticate the validity based on the input personal characteristic data received from the authentication terminal and the retrieved reference personal characteristic data, and notify the authentication terminal of the authentication result. It can be positioned as a kind of agent for the server device group, and thus it is possible to protect personal information and secure the authentication result under the responsibility of each server device.

  Further, according to the present invention, the face image data obtained by capturing the face of the member or the face image feature amount data obtained by extracting the feature amount from the face image data is used as the personal feature data. The person can be authenticated efficiently simply by standing in front of the camera and inputting data. In particular, when face image feature amount data obtained by extracting feature amounts from face image data is used, it is possible to prevent outflow of face images, which are personal data that can be directly recognized, and to significantly reduce the amount of data to be stored.

  Exemplary embodiments of a validity authentication system and a validity authentication method according to the present invention will be described below in detail with reference to the accompanying drawings. The first embodiment shown below shows a case where the authentication process is performed in the certificate authority, and the second embodiment shows a case where the authentication process is performed in the server device.

  First, the concept of the validity authentication system according to the first embodiment will be described. FIG. 1 is an explanatory diagram for explaining the concept of the validity authentication system according to the first embodiment, and shows a case where an employee such as a delivery company visits a house where an individual lives.

  The legitimacy authentication system shown in FIG. 1 manages the reference face image data of each employee belonging to a certain company on the company server 40 in association with a personal ID code such as an employee code. When visiting the home 20 of the home, the input face image data obtained by imaging the face of the visitor and the reference face image data are collated to authenticate whether or not the visitor is a company employee. The authentication result can be displayed on the display unit in the house 20.

  Specifically, the company server 40 is connected to the certificate authority 30 so as to be communicable, and the certificate authority 30 is connected to the authentication terminal 10 disposed in the house 20 of a general household. The authentication terminal 10 is connected to the operation unit 11 and the camera 12 provided outside the entrance door (hereinafter simply referred to as “door”) 21 of the house 20, and is provided inside the house 20. A display unit (not shown) is also connected.

  Here, when this employee visits the house 20, the employee is informed of the visit by an interphone (not shown) provided on the door 21, and the company telephone number of the company to which he belongs is assigned using the operation unit 11. A personal ID code is input (step S101). Then, the camera 12 provided in front of the door 21 is activated to take a face image of the employee who is a visitor (step S102), and authentication request data including a business phone number, a personal ID code and input face image data is obtained. It is transmitted to the certificate authority 30 (step S103).

  The certificate authority 30 that has received the authentication request data specifies the corresponding company server 40 from among various company servers using the company telephone number included in the authentication request data, and a personal ID code for the specified company server 40. Is transmitted to request reference face image data (step S104). On the other hand, the company server 40 that has received this request searches the reference face image database (hereinafter abbreviated as “reference face image DB”) 43 using this personal ID code, and acquires the corresponding reference face image data. It transmits to the certification authority 30 (step S105).

  Upon receiving the reference face image data, the certificate authority 30 collates the input face image data included in the authentication request data with the reference face image data, and the visitor has a personal ID code managed by the company server 40. Whether or not the employee is an employee is authenticated (step S106), and the authentication result is transmitted to the authentication terminal 10 (step S107). And the authentication terminal 10 which received this authentication result displays the authentication result on the display part which is not shown in figure (step S108).

  As described above, in the first embodiment, the reference face image data of the members belonging to the organization is distributed and managed by a plurality of server devices provided for each organization, and the authentication station 30 issues an authentication request from the authentication terminal 10. The corresponding server device 40 is identified in response to the authentication, the authentication processing is performed based on the reference face image data and the input face image data managed by the identified server device 40, and the authentication result is authenticated by the authentication request source. A display unit connected to the terminal 10 is configured to display.

  The reason for adopting such a configuration is that there is a great need for a resident who lives in the house 20 to eliminate malicious visitors who try to impersonate a courier and prevent crimes. is there. Conventional employee certificates can be easily counterfeited even if they are digitized, while it is practically impossible to collectively manage information about employees at the certificate authority 30, thus eliminating such problems. That's what it meant.

  Next, the configuration of the authentication terminal 10, the certificate authority 30, and the enterprise server 40 illustrated in FIG. 1 will be described. FIG. 2 is a functional block diagram illustrating configurations of the authentication terminal 10, the certificate authority 30, and the enterprise server 40 illustrated in FIG.

  As illustrated in FIG. 1, the authentication terminal 10 includes an operation unit 11, a camera 12, a display unit 13, a storage unit 14, and a control unit 15. The operation unit 11 is an input device including a numeric keypad and is used when a visitor inputs a company telephone number and a personal ID code. Note that a reader / writer capable of non-contact communication may be provided instead of the operation unit 11 so as to acquire a business phone number and a personal ID code from a mobile phone or the like owned by a visitor.

  The camera 12 is composed of an image sensor such as a CCD, and is used to capture a face image of a visitor. The camera 12 and the operation unit 11 are disposed outside the door 21 of the house 20, and the operation unit 11 is provided with a display unit to provide guidance on the operation content or to operate the operation content. Can also be visually recognized by a person. The display unit 13 is a display device such as a liquid crystal panel, and is used when displaying an authentication result. The display unit 13 is provided with an operation unit such as a numeric keypad so that various operations corresponding to the authentication result can be performed. You can also.

  The memory | storage part 14 is a memory | storage device which consists of non-volatile memories etc., and memorize | stores the reference face image data of the householder who lives in the house 20 in association with a personal ID code. The reason why the reference face image data of the householder is stored in the storage unit 14 is to enable authentication even if the householder of the house 20 enters and leaves, as with other visitors. In this case, the certificate authority 30 requests reference face image data from the authentication terminal 10 instead of the company server 40.

  The control unit 15 is a control unit that performs overall control of the authentication terminal 10, and includes an authentication request processing unit 15a and an authentication result display control unit 15b. The authentication request processing unit 15a receives the business phone number and the personal ID code from the operation unit 11, and when receiving the input face image data from the camera 12, the authentication request processing unit 15a includes the business phone number, the personal ID code, and the input face image data. It is a processing unit that generates request data and transmits it to the certificate authority 30. Actually, the authentication request data is encrypted, but the description thereof is omitted here.

  The authentication result display control unit 15 b is a control unit that controls the display of the authentication result on the display unit 13 when the authentication result is received from the certificate authority 30. Although detailed description thereof is omitted here, it is possible not only to display and control the authentication result, but also to perform the lock / unlock control of the door 21 together with the judgment of the householder.

  Next, the configuration of the certificate authority 30 will be described. The certificate authority 30 includes an input unit 31, a display unit 32, a storage unit 33, and a control unit 34. The input unit 31 is an input device such as a keyboard or a mouse, and the display unit 32 is a display device such as a display or a liquid crystal panel.

  The storage unit 33 is a storage device including a nonvolatile memory, a hard disk drive, and the like. The storage unit 33 is used when temporarily storing input face image data and storing log of authentication results.

  The control unit 34 is a control unit that performs overall control of the certificate authority 30, and includes a reference face image data acquisition unit 34a, an authentication processing unit 34b, and an authentication result notification unit 34c. When the reference face image data acquisition unit 34a receives the authentication request data from the authentication terminal 10, the reference face image data acquisition unit 34a specifies the company server 40 from the company telephone number included in the authentication request data, and identifies the personal ID for the specified company server 40. A processing unit that transmits a code and requests reference face image data. There are various measures for specifying the company server 40, such as a method for holding the correspondence between the IP address of the company server and the company telephone number in a table, and a method for calling the company telephone number directly to connect the line. However, when the correspondence is held in a table, this table is stored in the storage unit 33. When the business phone number is the personal phone number of the house 20, the reference face image data is requested from the authentication terminal 10.

  The authentication processing unit 34b is a processing unit that authenticates whether or not the face image is the same person by collating the input face image data and the reference face image data. As this authentication process, various conventional techniques known at the time of filing the present application can be used. The authentication result notifying unit 34c is a processing unit for notifying the authentication request source authentication terminal 10 of the authentication result by the authentication processing unit 34b.

  Next, the configuration of the company server 40 will be described. As illustrated in FIG. 2, the company server 40 includes an input unit 41, a display unit 42, a reference face image DB 43, and a control unit 44.

  The input unit 41 is an input device such as a keyboard or a mouse, and the display unit 42 is a display device such as a display or a liquid crystal panel. The reference face image DB 43 is a database in which reference face image data of members belonging to a company is stored in association with personal ID codes.

  The control unit 44 is a control unit that performs overall control of the company server 44, and includes a face image management unit 44a. The face image management unit 44a manages the reference face image data of the members belonging to the company using the reference face image DB 43. When the personal ID code is received from the certificate authority 30, the face image management unit 44a corresponds to the personal ID code. Reference face image data is searched from the reference face image DB 43, and the searched reference face image data is transmitted to the certificate authority 30.

  Here, the functional configurations of the authentication terminal 10, the certification authority 30, and the enterprise server 40 have been described. However, when these are implemented on a computer, a program corresponding to a functional unit provided in each control unit is stored in a ROM or a flash memory. The program stored in the memory and read from the memory is executed on the CPU to exhibit the functions of the functional units of the control units.

  Next, an authentication processing procedure by the authentication terminal 10, the certificate authority 30, and the company server 40 shown in FIGS. 1 and 2 will be described. FIG. 3 is a flowchart showing an authentication processing procedure by the authentication terminal 10, the certificate authority 30, and the company server 40 shown in FIGS.

  As shown in FIG. 3, when a visitor visits the vicinity of the door 21 of the house 20, the presence of a person near the door 21 is detected by a separately provided human body detection sensor or the like (Yes in step S201), and the input unit 31 The visitor is prompted to enter a telephone number and personal ID code.

  In response to this, if the visitor inputs the business phone number and the personal ID code, the entered business phone number and personal ID code are accepted (steps S202 to S203), and the camera 12 displays the visitor's face. An image is taken and input face image data is acquired (step S204).

  Thereafter, authentication request data including the company telephone number, personal ID code and input face image data is generated (step S205), and the generated authentication request data is transmitted to the certificate authority 30 (step S206). It is to be noted that data leakage can be prevented by encrypting authentication request data in the authentication terminal 10 and decrypting it in the certificate authority 30.

  If the certificate authority 30 receives this authentication request data (Yes at Step S207), the corresponding company server 40 is identified from the company telephone number included in the authentication request data, and the authentication request data is sent to the identified company server 40. The personal ID code included in the message is transmitted to make a reference face image request (step S208). The certificate authority 30 temporarily stores the input face image data included in the authentication request data in the storage unit 33 in preparation for an authentication process to be performed thereafter.

  If the company server 40 receives this reference face image request (Yes at step S209), the reference face image data corresponding to the personal ID code is searched from the reference face image DB 43 (step S210), and the searched reference face image data is retrieved. Is returned to the certificate authority 30 (step S211).

  If the authentication station 30 receives the reference face image data (Yes at step S212), the reference face image data is compared with the input face image data temporarily stored in the storage unit 33 to perform authentication processing (step S213). Then, the authentication data including the authentication result is transmitted to the authentication terminal 10 as the authentication request source (step S214).

  If the authentication terminal 10 receives this authentication data (Yes at Step S215), the authentication result included in the authentication data is displayed on the display unit 13 (Step S216). Thereby, the householder who exists in the house 20 can recognize whether a visitor is certainly a member of the company of a company telephone number.

  As described above, in the first embodiment, the reference face image data of the members belonging to the organization is distributed and managed by a plurality of server devices provided for each organization, and the authentication station 30 issues an authentication request from the authentication terminal 10. The corresponding company server 40 is identified in response to authentication, authentication processing is performed based on the reference face image data and the input face image data managed by the identified company server 40, and the authentication result is authenticated as the authentication request source. Since it is configured to display on the display unit 13 connected to the terminal 10, it is possible to efficiently check the legitimacy of the visitor in the house 20 without causing each user to carry a special confirmation recording medium. be able to.

  Here, in the above series of explanations, a case where a member of a company visits the house 20 is shown, but in reality, a person who is not related to the company such as a neighboring resident or a friend visits the house 20. There is also. Therefore, processing when such a neighboring resident visits the house 20 will be described.

  FIG. 4 is an explanatory diagram for explaining the concept in the case of authenticating the validity of neighbors and the like in the first embodiment. Here, instead of requesting the reference face image data from the company server 40 shown in FIG. 1, reference face image data is requested from the authentication terminal 51 disposed in the visitor's house 50. As already explained, since the reference face image data of the householders are stored in the storage units 14 and 52 in the authentication terminals 10 and 51 arranged in each house, acquisition of such reference face image data is possible. It becomes possible.

  Specifically, when a resident living in the house 50 visits the house 20, the inhabitant is informed of the visit by an interphone (not shown) provided on the door 21, and himself / herself lives using the operation unit 11. The home phone number and personal ID code are input (step S301). Then, the camera 12 provided on the front surface of the door 21 is activated to take a face image of a visitor who is a visitor (step S302), and authentication request data including a telephone number, a personal ID code, and input face image data is obtained. It is transmitted to the certificate authority 30 (step S303).

  Upon receiving this authentication request data, the certificate authority 30 identifies the authentication terminal 51 using the telephone number included in the authentication request data, and transmits a personal ID code to the identified authentication terminal 51 to obtain reference face image data. A request is made (step S304). On the other hand, the authentication terminal 51 that has received this request searches the storage unit using this personal ID code, acquires the corresponding reference face image data, and transmits it to the certificate authority 30 (step S305).

  Upon receiving this reference face image data, the certificate authority 30 collates the input face image data included in the authentication request data with this reference face image data, and this visitor has a personal ID code managed by the authentication terminal 51. It is authenticated whether or not it is a family member (step S306), and the authentication result is transmitted to the authentication terminal 10 (step S307). And the authentication terminal 10 which received this authentication result displays the authentication result on the display part which is not shown in figure (step S308).

  As described above, according to the first embodiment, reference face image data of a member belonging to a company or a family member of a general household is registered in the company server 40 or the authentication terminals 10 and 51, respectively, and a visitor is registered. When the company visits the house 20, the authentication request data including the telephone number, the personal ID code, and the input face image data is transmitted to the certificate authority 30. The authentication terminal 51 is specified, the reference face image data is requested, the acquired reference face image data and the input face image data are collated, authentication processing is performed, and the authentication result is displayed on the display unit provided in the house 20 Since it is configured to display on the screen 13, a house resident in the house 20 can prevent a malicious visitor from impersonating a courier.

  In particular, the problem of spoofing burglary is becoming more serious in houses where disabled people and elderly people live. However, since this example 1 allows a householder to obtain a judgment index when accepting a visitor, the above impersonation is performed. It becomes possible to efficiently cope with crimes such as robberies.

  In the first embodiment, in principle, the company server 40 or the authentication terminal 51 always accepts the request for the reference face image data from the certificate authority 30, but a specific company or a specific individual (a disadvantageous company, It is also possible to provide a mode in which the visit of the other party) can be rejected, and it can be configured to be switched and set by the operation of the administrator.

  In the first embodiment, the authentication process is performed in the certificate authority 30, but the present invention is not limited to this, and the authentication process can be performed in the company server 40 or the authentication terminal 51. . Therefore, in the second embodiment, a case where authentication processing is performed in the company server 40 or the authentication terminal 51 will be described. Here, the description will focus on the differences from the first embodiment.

  First, the concept of the validity authentication system according to the second embodiment will be described. FIG. 5 is an explanatory diagram for explaining the concept of the legitimacy authentication system according to the second embodiment, and shows a case where an employee such as a delivery company visits a house where an individual resides.

  When an employee of a certain company visits the house 20, the home phone is informed of the visit by an interphone (not shown) provided on the door 21, and the company telephone number of the company to which the user belongs and the individual using the operation unit 11. An ID code is input (step S401). Then, the camera 12 provided on the front surface of the door 21 is activated to take a face image of the employee who is a visitor (step S402), and authentication request data including a business phone number, a personal ID code, and input face image data is obtained. It is transmitted to the certificate authority 60 (step S403).

  The certificate authority 60 that has received the authentication request data specifies the corresponding company server 70 from among various company servers using the company telephone number included in the authentication request data, and a personal ID code for the specified company server 70. Then, the input face image data is transmitted to make an authentication request (step S404).

  The company server 70 that has received this authentication request searches the reference face image DB 43 using this personal ID code, and performs authentication processing by comparing the searched reference face image data with the input face image data received from the certificate authority 60. In step S405, authentication data including the authentication result is transmitted to the certificate authority 60 (step S406).

  The certificate authority 60 that received the authentication data transfers the received authentication data to the authentication terminal 10 (step S407), and the authentication terminal 10 that has received the authentication data displays the authentication result on a display unit (not shown) ( Step S408).

  As described above, the second embodiment is different from the first embodiment in that authentication processing is performed on the company server 70. As described above, the reason why the authentication process is performed on the company server 70 is that the reference face image data is relatively highly confidential information and should not be output to the outside in many cases.

  Next, the configuration of the authentication terminal 10, the certificate authority 60, and the company server 70 illustrated in FIG. 5 will be described. FIG. 6 is a functional block diagram illustrating configurations of the authentication terminal 10, the certificate authority 60, and the enterprise server 70 illustrated in FIG. In addition, about the function part similar to what was shown in Example 1, the same code | symbol is attached | subjected and the detailed description is abbreviate | omitted.

  As shown in the figure, the authentication terminal 10 has the same configuration as that of the first embodiment shown in FIG. 2, and there is no particular difference. As for the certificate authority 60, the function unit corresponding mainly to the authentication processing unit 34b shown in FIG. 2 is deleted, and an authentication request processing unit 61a and an authentication result notification unit 61b are provided.

  When receiving the authentication request data from the authentication terminal 10, the authentication request processing unit 61 a specifies the company server 70 from the company telephone number included in the authentication request data, and identifies the personal ID code and the specified company server 70. A processing unit that transmits input face image data and requests authentication.

  The authentication result notification unit 61b is a processing unit that, when receiving authentication data from the company server 70, transfers this authentication data to the authentication terminal 10 that is the authentication request source.

  As for the company server 70, not only the face image management unit 71a corresponding to the face image management unit 44a shown in FIG. 2, but also an authentication processing unit 71b that is not provided in the company server 40 of FIG. Yes.

  This authentication processing unit 71b is a processing unit that functions in the same manner as the authentication processing unit 34b of the certificate authority 30 shown in FIG. 2, and specifically, the input face image data and the reference face image data are collated and the same. It is authenticated whether or not it is a human face image. As this authentication process, various conventional techniques known at the time of filing the present application can be used.

  Next, an authentication processing procedure performed by the authentication terminal 10, the certificate authority 60, and the company server 70 illustrated in FIGS. 5 and 6 will be described. FIG. 7 is a flowchart showing an authentication processing procedure performed by the authentication terminal 10, the certificate authority 60, and the company server 70 shown in FIGS.

  As shown in FIG. 7, when a visitor visits the vicinity of the door 21 of the house 20, the presence of a person near the door 21 is detected by a human body detection sensor or the like provided separately (Yes in step S <b> 501), and the input unit 31. The visitor is prompted to enter a telephone number and personal ID code.

  In response to this, if the visitor inputs the company phone number and personal ID code, the entered company phone number and personal ID code are accepted (steps S502 to S503), and the camera 12 displays the visitor's face. An image is taken and input face image data is acquired (step S504).

  Thereafter, authentication request data including the company telephone number, personal ID code, and input face image data is generated (step S505), and the generated authentication request data is transmitted to the certificate authority 60 (step S506).

  If the certificate authority 60 receives this authentication request data (Yes at step S507), the corresponding company server 70 is specified from the company telephone number included in the authentication request data, and the authentication request data is sent to the specified company server 70. The personal ID code and the input face image data included in the ID are transmitted to request authentication (step S508).

  If the company server 70 receives this authentication request (Yes at step S509), the reference face image data corresponding to the personal ID code is searched from the reference face image DB 43 (step S510), and the searched reference face image data is input. The face image data is collated to perform authentication processing (step S511), and authentication data including the authentication result is transmitted to the certificate authority 60 (step S512). If the authentication station 60 receives this authentication data (Yes at Step S513), it transmits this authentication data to the authentication terminal 10 that is the authentication request source (Step S514).

  If the authentication terminal 10 receives the authentication data (Yes at Step S515), the authentication result included in the authentication data is displayed on the display unit 13 (Step S516). Thereby, the householder who exists in the house 20 can recognize whether a visitor is certainly a member of the company of a company telephone number.

  Thus, in the second embodiment, unlike the first embodiment, the authentication processing is performed on the company server 70 side, and the reference face image data, which is a kind of personal information, is prevented from being leaked while being compared with the first embodiment. Similar effects can be achieved.

  Further, similarly to FIG. 4 of the first embodiment, not only when a member of a company visits the house 20 but also when a neighboring resident visits the house 20 can be dealt with. FIG. 8 is an explanatory diagram for explaining the concept in the case of authenticating the validity of neighboring residents and the like in the second embodiment.

  When a resident living in the house 50 visits the house 20, he / she informs the resident of the visit by an interphone (not shown) provided on the door 21, and uses the operation unit 11 and the telephone number of the house where he / she lives. A personal ID code is input (step S601). Then, the camera 12 provided on the front surface of the door 21 is activated to take a face image of the visitor who is a visitor (step S602), and authentication request data including a telephone number, a personal ID code, and input face image data is obtained. It is transmitted to the certificate authority 60 (step S603).

  Upon receiving this authentication request data, the certificate authority 60 identifies the authentication terminal 51 using the telephone number included in the authentication request data, and transmits a personal ID code and input face image data to the identified authentication terminal 51. An authentication request is made (step S604). On the other hand, the authentication terminal 51 that has received the authentication request searches the storage unit using the personal ID code, acquires the corresponding reference face image data, performs authentication processing (step S605), and includes the authentication result. Authentication data is transmitted to the certificate authority 60 (step S606).

  The certificate authority 60 that has received the authentication data transfers the authentication data to the authentication terminal 10 (step S607), and the authentication terminal 10 that has received the authentication data displays the authentication result on a display unit (not shown). (Step S608). As described above, when performing authentication processing including neighbors in the second embodiment, it is necessary to add an authentication processing function to the authentication terminal 51 like the company server 70.

  As described above, according to the second embodiment, reference face image data of a member belonging to a company or a family member of a general household is registered in the company server 70 or the authentication terminals 10 and 51 respectively, and a visitor is registered. When visiting the house 20, the authentication request data including the telephone number, the personal ID code and the input face image data is transmitted to the certificate authority 60, and the certificate authority 60 uses the appropriate company server 70, the authentication terminal 10, or the authentication. Authentication is performed by identifying the terminal 51 and transmitting the personal ID code and the input face image data to request authentication, and comparing the reference face image data with the input face image data in the enterprise server 70, the authentication terminal 10 or the authentication terminal 51. And the authentication result is displayed on the display unit 13 provided in the house 20, so that a house resident in the house 20 can receive a malicious visitor from a courier, etc. Impersonate a situation can be prevented in advance.

  In the second embodiment, the terminal device 10 transmits authentication request data including a telephone number, a personal ID code, and input face image data to the certificate authority 60, and the personal ID code and input from the certificate authority 60 to the company server 70. Although the face image data is transmitted and the company server 70 acquires the reference face image data corresponding to the personal ID code on a one-to-one basis, the present invention is not limited to this. Authentication request data not including the personal ID code is transmitted to the certificate authority 60, and only the input face image data is transmitted from the certificate authority 60 to the company server 70. The company server 70 receives a large number of reference face image data and input face image data. One-to-many matching with data can also be performed.

  In the first and second embodiments, the case where the authentication process is performed using the face image data itself is shown. However, the present invention is not limited to this, and a face image obtained by extracting feature values from the face image data. Authentication processing can also be performed using feature data. Further, instead of using a face image, other biometric data indicating personal characteristics such as fingerprints and palm prints can be used.

  Further, in the first and second embodiments, the detailed description is omitted for convenience of explanation, but the personal ID code and the reference face image data held in each authentication terminal and each company server must always be updated to the latest state. is there.

  Further, in the first and second embodiments, the case where the company telephone number of the company to which the company belongs is input is shown. However, the present invention is not limited to this, and the affiliation destination of the company or the like is uniquely specified. A company identification code that can be used can also be used. Furthermore, in the first and second embodiments, the case where a personal ID code is input has been shown. However, the present invention is not limited to this, and other mobile phone numbers, IDm, and the like of mobile phones carried by affiliated members. Information identifying the individual can also be used.

  In addition, the first and second embodiments can be combined, for example, the first embodiment is applied when visiting neighboring residents, and the second embodiment is applied when visiting a company member, or vice versa. Cases can be considered.

  Moreover, in the said Example 1 and 2, although the case where a customer visits the house of a general household was shown, this invention is not limited to this, A customer visited an apartment, a nursing home, a public institution, etc. The same applies to the case. For example, when the present invention is applied to an apartment, the authentication terminal 10 is disposed near the entrance door of the entrance of the apartment, and the authentication result is displayed on the display unit of each room. At this time, it is also possible to automatically perform opening / closing control of the entrance door of the entrance in accordance with the judgment of the householder in response to the authentication result. In addition, after the first authentication process is performed in the certificate authority 30, the reference face image data may be transferred to the condominium server, and the second and subsequent authentication processes may be performed in the condominium server. However, in this case, it is necessary to confirm whether the inquiring company has affiliation.

  The present invention can also be applied to identity verification at a bank counter. For example, when an account opening applicant A comes to a bank window, the authentication terminal 10 disposed near the bank window receives the telephone number, personal ID data and face image data of the account opening applicant A, and the certificate authority 30 The authentication station obtains the reference face image data from the authentication terminal 51 disposed at the home of the account opening applicant A, performs the authentication process, and displays the authentication result on the authentication terminal 10. Accordingly, even a person who does not bring an identification card can allow an account to be opened based on the result of the validity confirmation by the validity authentication system.

  The application of the present invention is not only for opening an account at a bank, but also for verifying the identity at the settlement, verifying the identity at the rental store, verifying the identity at the reception of the hotel, verifying the identity at the reception of the company, identity in the door-to-door sales It can be applied widely such as confirmation. By applying the present invention to these, even if the user does not carry an identification card, it is possible to receive a conventional service.

  INDUSTRIAL APPLICABILITY The validity authentication system and the validity authentication method according to the present invention are useful for allowing a third party to efficiently confirm the validity of each user without having each user carry a special confirmation recording medium. is there.

It is explanatory drawing for demonstrating the concept of the authenticity authentication system which concerns on the present Example 1. FIG. It is a functional block diagram which shows the structure of the authentication terminal shown in FIG. 1, a certification authority, and a company server. It is a flowchart which shows the authentication process procedure by the authentication terminal, certificate authority, and company server which were shown in FIG.1 and FIG.2. It is explanatory drawing for demonstrating the concept in the case of authenticating the legitimacy of a neighborhood resident etc. in the present Example 1. FIG. It is explanatory drawing for demonstrating the concept of the correctness authentication system which concerns on the present Example 2. FIG. It is a functional block diagram which shows the structure of the authentication terminal shown in FIG. 5, a certification authority, and a company server. It is a flowchart which shows the authentication process procedure by the authentication terminal, certificate authority, and company server which were shown in FIG.5 and FIG.6. It is explanatory drawing for demonstrating the concept in the case of authenticating the legitimacy of a neighborhood resident etc. in the present Example 2. FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Authentication terminal 11 Operation part 12 Camera 13 Display part 14 Storage part 15 Control part 15a Authentication request process part 15b Authentication result display control part 20 House 21 Door 30 Authentication station 31 Input part 32 Display part 33 Storage part 34 Control part 34a Reference face Image data acquisition unit 34b Authentication processing unit 34c Authentication result notification unit 40 Corporate server 41 Input unit 42 Display unit 43 Reference face image database (DB)
44 control unit 44a face image management unit 50 house 51 authentication terminal 52 storage unit 60 authentication station 61 control unit 61a authentication request processing unit 61b authentication result notification unit 70 company server 71 control unit 71a face image management unit 71b authentication processing unit

Claims (7)

A plurality of authentication terminals that perform an authentication request including affiliation information of members belonging to a specific organization and input personal characteristic data, and display and control an authentication result in response to the authentication request on a predetermined display unit;
A plurality of server devices provided for each organization distribute and manage the reference personal characteristic data of members belonging to the organization, and identify and identify the corresponding server device in response to an authentication request from the authentication terminal. An authentication system that performs an authentication process based on the reference personal feature data managed by the server device and the input personal feature data, and notifies the authentication terminal of the authentication request source of the authentication result. Legitimacy authentication system.   Each authentication terminal includes at least input means for inputting affiliation information of an affiliation member to be authenticated, personal feature data acquisition means for acquiring input personal characteristic data of the affiliation member, and affiliation destination input by the input means Authentication request means for making an authentication request including information and input personal characteristic data acquired by the personal characteristic data acquisition means, and display control for controlling display of an authentication result returned in response to the authentication request on a predetermined display unit The validity authentication system according to claim 1, further comprising: means. The authentication system includes a certificate authority that receives an authentication request from each authentication terminal, and a plurality of server devices that are provided for each organization and distribute and manage reference personal characteristic data of members belonging to the organization,
Each server device
Storage means for storing the identification information of each member belonging to the organization in association with the reference personal characteristic data of the member, and accepting a request for reference personal characteristic data including the identification information of the member from the certification authority Search means for searching for relevant reference personal feature data from the storage means, and return means for returning the reference personal feature data retrieved by the search means to the certificate authority,
The certificate authority
A reference personal feature data request that specifies any of the plurality of server devices based on affiliation information included in authentication requests received from the plurality of authentication terminals, and requests reference personal feature data from the specified server devices. And authentication processing for authenticating the authenticity based on reference personal feature data returned from a predetermined server device in response to a request from the reference personal feature data requesting unit and input personal feature data included in the authentication request The authenticity authentication system according to claim 1 or 2, further comprising: an authentication result notification unit configured to notify an authentication result of the authentication processing unit to an authentication terminal that is an authentication request source. The authentication system includes a certificate authority that receives an authentication request from each authentication terminal, and a plurality of server devices that are provided for each organization and distribute and manage reference personal characteristic data of members belonging to the organization,
The certificate authority
Transmission means for identifying any of the plurality of server devices based on affiliation information included in an authentication request received from the plurality of authentication terminals, and transmitting identification information and input personal characteristic data to the identified server devices And an authentication result transfer means for transferring an authentication result returned from the server device to an authentication terminal as an authentication request source,
Each server device
Storage means for storing the identification information of each member belonging to the specific organization and the reference personal feature data of the member in association with each other, and predetermined authentication of the member identification information and input personal feature data from the certification authority Search means for retrieving corresponding reference personal feature data from the storage means when received from the terminal, input personal feature data received from the authentication terminal, and validity based on the reference personal feature data retrieved by the search means The authenticity authentication system according to claim 1, further comprising: an authentication processing unit that performs authentication of: and an authentication result notification unit that notifies the authentication terminal of an authentication result by the authentication processing unit.   The personal feature data is face image data obtained by imaging a member's face or face image feature data obtained by extracting a feature value from the face image data. The correctness authentication system described. An acquisition step of acquiring affiliation information of an affiliation member belonging to a specific organization at the authentication terminal, identification information of the affiliation member, and input personal characteristic data;
An authentication request step for making an authentication request including the affiliation information, identification information and input personal characteristic data acquired by the acquisition step to the certificate authority;
In response to the authentication request in the authentication request step, the certificate authority specifies and specifies one of the plurality of server devices based on affiliation information included in the authentication request received from the plurality of authentication terminals. A reference personal feature data requesting process for requesting reference personal feature data from the server device;
In response to the request by the reference personal feature data requesting step, the server device searches for reference personal feature data corresponding to the member identification information from the reference personal feature data of each member stored in the storage unit in advance. Search process;
A returning step of returning the reference personal characteristic data searched in the searching step to the certificate authority;
An authentication processing step for authenticating validity based on the reference personal feature data returned by the certificate authority in the return step and the input personal feature data included in the authentication request;
An authentication result notification step in which the certificate authority notifies the authentication terminal of the authentication request source of the authentication result by the authentication processing step;
A display control step of controlling the display of the authentication result returned from the certificate authority in the authentication result notifying step on a predetermined display unit of the authentication terminal. An acquisition step of acquiring affiliation information of an affiliation member belonging to a specific organization at the authentication terminal, identification information of the affiliation member, and input personal characteristic data;
An authentication request step for making an authentication request including the affiliation information, identification information and input personal characteristic data acquired by the acquisition step to the certificate authority;
In response to the authentication request in the authentication request step, the certificate authority specifies and specifies one of the plurality of server devices based on affiliation information included in the authentication request received from the plurality of authentication terminals. A transmission step of transmitting identification information and input personal characteristic data to the server device;
A search step for searching the reference personal feature data corresponding to the identification information transmitted by the transmission step from the reference personal feature data of each member stored in the storage unit in advance by the server device;
An authentication processing step in which the server device authenticates validity based on the reference personal feature data searched in the search step and the input personal feature data included in the authentication request;
An authentication result notification step in which the server device notifies the authentication terminal of the authentication request source of the authentication result by the authentication processing step via the certificate authority;
A display control step of controlling the display of the authentication result returned from the certificate authority in the authentication result notifying step on a predetermined display unit of the authentication terminal.

Images