JP5243926B2 - Authentication system - Google Patents

Description

  The present invention relates to a personal authentication technique.

With the progress of network technology, non-face-to-face services via networks are appearing one after another. Services provided via a network (simply referred to as “services” in this specification) can be roughly divided into three types.
A. A service that does not restrict the other party (hereinafter referred to as "open service"). For example, there are dictionary sites and news sites that anyone can use.
B. Services provided after confirming the other party's identity (hereinafter referred to as "closed service"). For example, you can list Internet securities and membership-based matchmaking sites.
C. A service that anyone can receive if certain conditions are cleared (hereinafter referred to as “qualified service”). For example, a site for adults, an electronic bulletin board where only residents in a specific area can participate, and a questionnaire site for adults only.
JP 2006-155264 A

  Of these, there are generally two types of methods for certifying that a user who wants to receive a qualification service has the qualification to receive the qualification service (hereinafter, such proof is referred to as “qualification authentication”). Can be broadly divided.

  The first is a method based on user self-reporting. For example, an adult-oriented site that encourages access only to adults (qualified persons) by placing a notice “Please access only for adults” on a web page falls under this category. However, since it is authentication based on the good-natured theory, it cannot prevent minors from accessing.

  The second is a method in which the service provider registers the user ID and the user attribute in advance as in the closed service. First, the user inputs a user ID before receiving the service for adults. If the user attribute “adult” is associated with the input user ID, the service is provided to this user. In this case, the service provider can uniquely identify the individual by the user ID. Users often feel psychological resistance to the fact that anonymity may not be guaranteed. Also, the troublesome task of registering and inputting a user ID is likely to cause service refusal.

  The present invention has been completed based on the above-mentioned problem recognition by the present inventor, and its main object is to provide a user-friendly authentication technique for qualified services.

An aspect of the present invention relates to an authentication system.
This system effectively obtains only some user attributes from a portable information recording medium on which a plurality of types of user attributes are recorded, and the predetermined user attributes satisfy a predetermined authentication condition. Allow the provision of services.

Another aspect of the invention also relates to an authentication system.
This system effectively obtains only a user attribute from a portable information recording medium in which both a user ID and a user attribute are recorded, and provides a predetermined service when the user attribute satisfies a predetermined authentication condition. To give permission.

  It should be noted that any combination of the above-described components, and the present invention expressed by a method, system, recording medium, and computer program are also effective as an aspect of the present invention.

  ADVANTAGE OF THE INVENTION According to this invention, the psychological resistance of a user accompanying qualification authentication can be suppressed.

FIG. 1 is a hardware configuration diagram for qualification authentication in this embodiment.
A notebook personal computer 200 as a client terminal is connected to a server 204 via the Internet 202. A user of the notebook computer 200 can receive a qualifying service from the server 204.

  In the present embodiment, description will be made assuming that the server 204 provides a qualified service of “a web page (hereinafter referred to as an“ adult site ”) that assumes only adults as browsing targets”. According to the qualified service shown in the present embodiment, access to a site harmful to minors can be easily suppressed. When the notebook computer 200 accesses the server 204, the server 204 causes the notebook computer 200 to display the entry page on the screen. The user can access each page of the adult site from this entrance page if it is an adult.

  A card reader 300 is connected to the notebook computer 200 by USB (Universal Serial Bus). This card reader is available from various cards such as credit card, driver's license, insurance card, ETC (Electronic Toll Collection) card (registered trademark), Taspo (registered trademark), SUICA (registered trademark), PASMO (registered trademark) Can read various information. In the present embodiment, a description will be given for a taspo.

  Taspo is a card issued only to adults by presenting a personal identification document or facial photo to the Japan Tobacco Association. To buy cigarettes from a vending machine, you have to hold a taspo over the vending machine. Taspo is a highly reliable card for publicly proving that you are an adult. If the user inserts a taskpo into the card reader 300, the card reader 300 or the notebook computer 200 determines that the user is an adult and notifies the server 204 to that effect. The server 204 grants the right to enter the adult site only to users who can prove that they are adults by possessing Taspo. Since adult authentication is performed by the card reader 300 and the notebook computer 200, communication with the server 204 and other databases is unnecessary. Further, the calculation resources of devices other than the card reader 300 and the notebook personal computer 200 are also unnecessary. For this reason, easy and fast adult authentication is possible.

In the taspo, in addition to information for identifying the taspo, information (hereinafter referred to as “user ID”) for identifying an individual such as an individual name, a membership number, and a face photograph is also registered. The card reader 300 sends only information indicating that it is a taspo, in other words, an adult, to the notebook computer 200, but does not send the user ID itself. For this reason, the server 204 can know whether or not the accessing user is an adult, but cannot identify the user, so that anonymity is maintained.
Depending on the card, user attributes and user IDs may be recorded together, such as company name + employee number or gender + employee number. In this case, only a user attribute part such as a company name or gender may be extracted and used for authentication.
A card in which a user ID is not recorded but a plurality of user attributes are recorded is also conceivable. When authenticating such a card, only user attributes necessary for authentication may be acquired. For example, when performing adult authentication using a card in which sex, age, and residential area are recorded, it is only necessary to acquire “age” among the three user attributes.

FIG. 2 is a perspective view of the card reader 300.
The user inserts the card 350 on hand into the insertion slot 312. The depth indicator 302 indicates the insertion depth of the card 350, and details of the depth indicator 302 will be described later with reference to FIG. A reading area (see FIG. 6) is provided inside the insertion port 312 and reads information on the card 350 from the reading area. The card reader 300 can read print information on the surface of the card 350 not only by an electronic reading method such as RFID (Radio Frequency IDentification) but also by an OCR (Optical Character Recognition) method.

  The reading screen 308 displays information read by the card reader 300 (hereinafter referred to as “reading information”). When the Y button 304 is pressed, the read information is formally captured and transmitted to the notebook computer 200 as “capture information”. In addition, the acquisition area 310 displays capture information. On the other hand, when the N button 306 is pressed, the read information is discarded without being taken in. In this way, the user can also control whether or not the reading information read by the card reader 300 from the card 350 on hand may actually be transmitted to the notebook computer 200 or the server 204 as acquisition information.

FIG. 3 is a functional block diagram of the authentication system 100.
The authentication system 100 includes an acquisition module 110, a determination module 150, and a control module 160. The acquisition module 110 is a functional module mounted on the card reader 300 and functions as a “personal information acquisition device”. The determination module 150 is a functional module installed in the notebook computer 200 and is a device driver for the card reader 300. The control module 160 is a functional module mounted on the server 204, and determines whether or not a qualified service can be provided. It is not related to the essence of the invention whether each functional block and further each part in the functional block is realized by the card reader 300, the notebook personal computer 200, or the server 204. In constructing the entire system, how to share the various functions between the card reader 300, the notebook computer 200, and the server 204 is determined in consideration of the operating environment of the authentication system 100 such as the communication environment and the calculation function. Should be designed.

Acquisition module 110:
The acquisition module 110 includes an input unit 112, a display control unit 114, a transmission unit 116, and a data holding unit 118. The input unit 112 acquires information from the card 350 and receives various inputs from the user.

The input unit 112 includes an attribute acquisition unit 120, a partial ID acquisition unit 122, and a confirmation input unit 124. Information registered in the card 350 inserted into the card reader 300 is roughly divided into “user ID” and “user attribute”.
The user ID is information that uniquely identifies the user, such as a name, a membership number, and a face photograph image. On the other hand, a user attribute is information which shows a user's attribute, without specifying a user uniquely, such as sex, a residence, and age. The “user attribute” of each person does not need to be registered in a predetermined database based on the prior application, and may be information indicating the owner's attribute in a portable information recording medium such as a card. The user ID and the user attribute have a relationship of n: 1 (n is a natural number). That is, there can be a plurality of users corresponding to a certain user attribute. In other words, it is impossible in principle to specify one of the n persons corresponding to the user attribute only by specifying the user attribute. The attribute acquisition unit 120 acquires only user attributes from the card 350. Therefore, the user ID does not leak from the card 350 to the Internet 202 via the card reader 300. The attribute acquisition unit 120 can also acquire only user attributes necessary for authentication from among a plurality of types of user attributes. The partial ID acquisition unit 122 acquires a part of the user ID as a “partial ID”. For example, if the member number of Taspo is “5678-9902-3456”, the last four digits “3456” may be acquired as the partial ID. In the case of a face photo image, a part of the image may be acquired as a partial ID. In any case, the partial ID may be an incomplete ID such as a user ID that cannot uniquely identify an individual. The use case of the partial ID will be described later with reference to FIG. Note that the card reader 300 may not acquire the user ID from the beginning, or may acquire the user ID once and delete (invalidate) it from the internal memory. The confirmation input unit 124 detects pressing of the Y button 304 or the N button 306.

  The data holding unit 118 temporarily holds the acquired user attribute and partial ID as read information. The display control unit 114 controls the reading screen 308, the acquisition area 310, the depth indicator 302, or the screen display of the notebook computer 200 as necessary. The transmission unit 116 transmits the read information to the determination module 150. The “read information” sent to the determination module 150 becomes “capture information”.

Determination module 150:
The determination module 150 includes a reception unit 152 and an authentication unit 154. The receiving unit 152 acquires capture information from the acquisition module 110. The server 204 notifies the “authentication condition” to the notebook computer 200 in advance. For example, the authentication condition for an adult site is “must be an adult”. The authentication unit 154 determines whether the user attribute obtained by the reception unit 152 satisfies the authentication condition, and notifies the service control unit 156 of the control module 160 of the determination result.

Control module 160:
The control module 160 includes a service control unit 156. The service control unit 156 permits provision of the qualified service when the authentication condition is satisfied, that is, when the user can prove that the user is an adult by using Taspo. If it is an adult site, the right to enter the site is granted to the user of the notebook computer 200. When the authentication condition is not satisfied, that is, when the user cannot be proved to be an adult, the qualified service is not provided.

  The acquisition module 110 may include a personal information input unit (not shown) and a personal authentication unit (not shown). The personal authentication unit holds biometric information such as fingerprints and vein patterns, or information such as a password (hereinafter referred to as “personal identification information”). When using the card reader 300, the user first inputs personal identification information to the card reader 300. The personal information input unit of the acquisition module 110 acquires personal identification information. The personal authentication unit compares the acquired personal identification information with the registered personal identification information, and determines whether the input person of the personal identification information is the true owner of the card 350. The attribute acquisition unit 120 may acquire a user attribute on the condition that the user is an intrinsic owner. However, the acquisition module 110 does not send the input personal identification information to the determination module 150 or the notebook computer 200. According to such an aspect, it can be confirmed by the card reader 300 whether the user who inserted the card 350 has illegally acquired the card 350. Such personal authentication by the card reader 300 is referred to as “local personal authentication”.

  Personal identification information may be registered in the card 350 itself, not in the personal authentication unit. In this case, the personal authentication unit may perform local personal authentication by comparing the personal identification information registered in the card 350 with the personal identification information input to the card reader 300. Alternatively, local personal authentication may be executed by a dedicated device other than the card reader 300 to notify the card reader 300 that the local personal authentication has been successful. The card reader 300 may be able to acquire user attributes and the like on condition that this notification is received.

FIG. 4 is a flowchart showing a process of authenticating answer qualifications for an adult-only questionnaire site.
Hereinafter, as an example of the qualified service, a “questionnaire that only adults can answer (hereinafter referred to as“ adult-only questionnaire ”)” will be described. Here, in order to simplify the description, it is assumed that local personal authentication has been completed or is not executed. The authentication unit 154 determines whether the user attribute acquired by the attribute acquisition unit 120 satisfies the authentication condition (S10). If the card 350 is a taspo, the attribute acquisition unit 120 acquires card identification information for identifying the taspo. This proves that the user is an adult.

  When the authentication condition is satisfied (Y in S10), the partial ID acquisition unit 122 acquires a partial ID. The partial ID is acquired in order to control the same person so that the same service is not provided more than a predetermined number of times. In the case of an adult-only questionnaire, a partial ID is acquired in order to observe the principle of one user and one answer. When answering the questionnaire, the partial ID is also transmitted to the server 204. The service control unit 156 of the server 204 records the partial ID of the questionnaire respondent.

  Next time, when the same user accesses the same adult-only questionnaire site again, the notebook computer 200 transmits the partial ID of the user to the server 204, and the server 204 can confirm whether or not the partial ID has been registered. For example, it is determined whether or not the user having the partial ID has already answered the questionnaire. If not answered (Y in S12), the questionnaire answer is permitted (S14).

When the user attribute does not satisfy the authentication condition (N in S10), or when the same partial ID as the partial ID of the questionnaire respondent is input (N in S12), the questionnaire response is not permitted.
According to such a method, it is possible to prevent the same user from repeatedly answering the same adult-only questionnaire. Moreover, since an individual does not specify by partial ID, anonymity can be ensured.

FIG. 5 is an external view of a card 350 that records a plurality of types of user attributes in a distributed manner.
Qualification authentication may be executed not only by existing cards such as a taspo or a driver's license, but also by a card that records a plurality of types of user attributes in a distributed manner (hereinafter also referred to as “step authentication type card”). In FIG. 5 and subsequent figures, the relationship between this type of card 350 and the card reader 300 will be described.

The card 350 has seven recording areas 352 called recording areas 352a, 352b,..., 352g (hereinafter simply referred to as “recording area 352”). The upward direction in the figure is the insertion direction of the card 350.
The recording area 352a is the card type, the recording area 352b is the residential area, the recording area 352c is gender, the recording area 352d is the age, the recording area 352e is the name part of the name, and the recording area 352f is 1 The product purchased within a week, and the place of work is recorded in the recording area 352g. As described above, seven types of user attributes are distributed and recorded in each of the seven recording areas 352. It is desirable to register user attributes that are less likely to affect user privacy in the recording area 352 on the insertion side, and user attributes that are deeply related to user privacy in the non-insertion side.

FIG. 6 is a diagram showing an aspect when the step authentication type card is inserted into the card reader 300.
When the user inserts the card 350 into the insertion slot 312, the insertion depth can be adjusted. The display control unit 114 causes the depth indicator 302 to display the insertion depth. The depth indicator 302 is composed of a plurality of LEDs (Light Emitting Diodes), and more LEDs are lit as the insertion depth is deeper. The user can visually recognize the depth of insertion through the depth indicator 302.

  The reading area 314 inside the insertion port 312 reads the user attribute from the recording area 352 located immediately below. The attribute acquisition unit 120 of the card reader 300 acquires a user attribute via the reading area 314, and the display control unit 114 displays the user attribute on the reading screen 308. In the case of the figure, the user attribute “gender” is read from the recording area 352 c immediately below the reading area 314, and information “male” is displayed on the reading screen 308. When the user presses the Y button 304, the read information “male” is sent to the determination module 150 of the notebook computer 200 as capture information. Further, the capture information is displayed on the screen in the acquisition area 310. According to the figure, the card type “WIZA card” from the recording area 352a and the residential area “Yokohama City” from the recording area 352b have already been acquired as acquisition information.

  When the card 350 is inserted further deeply, the recording area 352d and the recording area 352e also pass under the reading area 314. Therefore, the “age” of the recording area 352d and the “name” of the recording area 352e can also be read. In addition, the number of LEDs that are turned on in the depth indicator 302 also increases. The user can control how much personal information is provided depending on how deep the card 350 is inserted. Furthermore, by checking on the reading screen 308, it can be confirmed whether the read user attribute may actually be provided.

When the card 350 is inserted shallowly, it is apparent that the card reader 300 cannot acquire information from the recording area 352f, the recording area 352g, etc., so that the user can use the card reader 300 with peace of mind. .
For example, a seal may indicate to the user that the reading area 314 located inside the insertion port 312 reads information from the card 350. When the user inserts the card 350 to the position of the reading area 314, the user can recognize that the information on the card 350 is read therefrom. That is, the user can recognize how much information is being read by the card reader 300 from a physical aspect. According to such an aspect, it is possible to give the user a sense of security that the amount of information to be provided can be controlled.

FIG. 7 is a diagram showing another example of the step authentication type card 360.
Here, it is assumed that the stage authentication type card 360 can be inserted into the card reader 300 in either the direction A from the bottom to the top of the figure or the direction B from the right to the left of the figure. To do. The recording area 352h is an IC chip, in which all user information carried on the stage authentication type card 360 is recorded. A card number as a user ID is stamped in the recording area 352i. This card number is a 12-digit number, and the rightmost four digits indicate the year of issue. The recording area 352j is a hologram indicating the type of card. The recording area 352k is a printing area indicating the type of credit card company. The recording area 352l indicates the expiration date of the card. In the case of the step authentication type card 360 in the figure, it is valid until October 2011. The recording area 352m is the name of the cardholder and is stamped in the order of first name / last name. By reading the hologram from the recording area 352j, the authenticity of the card can be determined. For this reason, the risk of reading the user attribute from the counterfeit card can be reduced.

  When the step authentication type card 360 is inserted from the direction A, that is, from the bottom of the figure, first, the recording area 352m and the recording area 352k are read. At this time, the name “KATSUJI TAKAI” and the credit card company type “BISA” are read. When the card is further inserted, the expiration date of the card is read from the recording area 352l. When further inserted, the card number and the card type are read from the recording area 352i and the recording area 352j. When the card is further inserted, all the information of the step authentication type card 360 is read from the recording area 352h.

  When the step authentication type card 360 is inserted from the direction B, that is, from the right in the figure, first, from the recording area 352j and the recording area 352k and a part of the recording area 352i, the card type, the type of credit card company, and the card issuance The year is read. When further inserted, a 4-digit number “2335” is read as a partial ID from the recording area 352i. When further inserted, the expiration date is read from the recording area 352l, and the surname is read from the recording area 352m. Finally, the entire card number is read from the recording area 352i, the entire first and last name is read from the recording area 352m, and all the information of the stage authentication type card 360 is also read from the recording area 352h.

In the above, the qualification authentication method was demonstrated based on the Example.
The card reader 300 acquires only the user attribute from the card 350 in which both the user ID and the user attribute are registered, and uses it for qualification authentication. The attribute acquisition unit 120 may acquire the user attribute only from a certain card 350 whose user ID is recorded. Among the various cards in the world, there are many anonymous cards issued without including a user ID. Anonymous cards are generally easier to handle than the cards that are listed. If the owner and occupant of the anonymous card are different people, the accuracy of qualification authentication will be reduced. Therefore, if the user attribute is acquired effectively only from the name card, the accuracy of qualification authentication can be easily maintained. Of course, only user attributes necessary for authentication may be selectively acquired from the card 350 in which a plurality of types of user attributes are registered.
In the authentication system 100 according to the present embodiment, since the card reader 300 and the notebook personal computer 200 have an authentication function, it is not necessary to access a database for authentication. Further, communication with the server 204 is not required for authentication. For this reason, it is possible to reduce development man-hours and system resources for constructing the system, and it can be introduced at low cost.

  In this embodiment, Taspo is used for qualification authentication of adult sites and adult-only questionnaires. A taspo is not a card originally issued for an adult-only questionnaire or the like, but a card issued for a cigarette vending machine. By using the credit of a card issued for another service such as cigarette vending, and realizing qualification authentication such as an adult-only questionnaire, user convenience can be enhanced.

  In addition, the partial ID can prevent duplicate answers by the same person without specifying the individual as much as possible. In addition, local personal authentication can realize highly accurate qualification authentication while preventing personal identification information from leaking.

  Further, in the case of a step authentication type card, the amount of information that can be provided can be controlled by the depth of insertion of the card 350. The user may be able to select information that can be provided from a plurality of types of user attributes recorded on the card 350. For example, the display control unit 114 may display a list of all user attributes held by the card 350 on the screen of the card reader 300. The user may select a user attribute that can be provided by operating an input interface such as a touch panel.

  According to the card reader 300 shown in the present embodiment, easy qualification authentication using a hand-held card 350 is possible, and personal identification information is stored in an external device such as the Internet 202 or the server 204, that is, the server 204. It is possible to prevent leakage to a device that is not under the control of the user. Inquiries to the database are also unnecessary for qualification authentication. If only the authentication condition is received from the qualification service, the credential authentication can be executed only by the server 204 and the card reader 300.

  In the present embodiment, the description has been made mainly for taspo, but in addition to this, only user attributes may be read from various cards such as a driver's license, insurance card, SUICA, PASMO, credit card, employee card, and the like. In addition, the user attribute may be acquired by reading type information from a type medium such as a passport or an annuity notebook by OCR. The user attributes may be read not only from the magnetic area or IC chip on the card but also from a user identification code stamped on the card, an identification mark (hologram) of the card itself, stamped characters, printed characters, and the like. With SUICA, user attributes such as student discount information and regular commuting intervals can be acquired. In particular, according to SUICA student discount information, it is possible to specify a user attribute indicating whether or not the student is a student. If it is a driver's license, the user attribute "I have a driver's license" can be acquired. Similarly, even with an ETC card, the user attribute of being a driver or a car owner can be specified. If the barcode is attached to the DVD of movie A, the user attribute “I like movie A the more I buy DVD” can be proved. As described above, various information recording media other than the card can be considered as the user attribute acquisition target.

  In addition to the adult-only questionnaire, various services can be considered as examples of qualified services. For example, in a famous museum, an iaphone for interpretation is given to tourists. The earphones are also voiced in various languages. Qualification authentication can also be applied to such interpreting services. First, the card reader 300 is installed at the entrance of the museum, and the tourist causes the card reader 300 to read an information recording medium that can prove nationality, such as a passport, and conveys the user information of nationality to the museum server. The server may select a language for voice guidance in accordance with the nationality of the tourist and play the voice guidance in an appropriate language for each tourist's earphone.

  The service content may be changed according to the user attribute. For example, even in the case of an adult-only questionnaire, in particular, in the case of a question limited to the thirties, an answer right may be given only to a user who shows the user attribute of the thirties. In the case of an online role-playing game, the game progress method may be changed in accordance with user attributes, such as a room where only children can enter or a bridge where only women can cross.

  A plurality of types of user attributes may be provided by a single card as in the present embodiment, but may be provided by a plurality of cards. For example, you may prove that you are an adult with Taspo and that you have a driver's license with your driver's license. Alternatively, a single user attribute may be proved by a plurality of cards. For example, in order to strictly qualify as a citizen of Kyoto, the current address can be read from both the insurance card and driver's license, and the user attribute `` Kyoto city residence '' can be read from both Good. According to such an aspect, stricter qualification can be achieved.

  If it is a writable credit card, qualification authentication based on action history is also possible. For example, it is assumed that the authentication condition is “purchasing product A”. When the user purchases the product A, the purchase history of the product A is added as “authentication information” to the credit card on hand at the purchase store. Then, if the credit card in which the purchase history of the product A is recorded is inserted into the card reader 300, the authentication condition can be satisfied. If such authentication conditions are set for the review site of the product A, the reliability of the review site can be improved.

  The card reader 300 may have a writing function. For example, when an air ticket reservation site is accessed and air tickets are reserved, the air ticket reservation site transmits a reservation ID to the notebook computer 200. The card reader 300 writes the reservation ID as authentication information on the arbitrary card inserted at this time. At a later date, when the user inserts a card with a reservation ID written into an airport ticketing machine (card reader), the ticketing machine issues a boarding pass on condition that the reservation ID is written.

  The present invention has been described based on the embodiments. The embodiments are exemplifications, and it will be understood by those skilled in the art that various modifications can be made to combinations of the respective constituent elements and processing processes, and such modifications are within the scope of the present invention. .

  Various aspects of the invention ascertained from the above embodiments and modifications will be exemplified below, including those already described in the claims. The following inventions are recognized in connection with the personal information acquisition apparatus.

A1. Users who access only the recording area specified by the user and are recorded in the recording area to be accessed on a card in which multiple types of user attributes are distributed and recorded in multiple recording areas provided on the card surface An attribute acquisition unit that effectively acquires only attributes,
A personal information acquisition device comprising:

A2. When a card in which a plurality of types of user attributes are recorded is inserted into a predetermined slot, one or more users to be acquired among the plurality of types of user attributes according to the insertion depth of the card An attribute acquisition unit that selects an attribute and effectively acquires the selected user attribute;
A personal information acquisition device comprising:

A3. In the card, the plurality of types of user attributes are distributed and recorded in a plurality of recording areas provided on the surface, and the card is inserted into the plurality of recording areas on the card. Juxtaposed in the direction of insertion into the mouth,
When the card is inserted into the insertion slot, the attribute acquisition unit effectively acquires a user attribute only from the recording area that has reached the reading area provided inside the insertion slot. The personal information acquisition apparatus according to claim A2.

A4. The personal information acquisition apparatus according to A2 or A3, further comprising: a display control unit that displays a user attribute that is acquired effectively.

A5. A confirmation input unit that accepts a user input for instructing whether or not to acquire the user attribute that has been acquired effectively;
The personal information acquisition apparatus according to A3, wherein the attribute acquisition unit deletes a user attribute that is rejected by the user from the memory.

It is a hardware block diagram for the qualification authentication in a present Example. It is a perspective view of a card reader. It is a functional block diagram of an authentication system. It is a flowchart which shows the process of authenticating an answer qualification about an adult limited questionnaire site. It is an external view of the card | curd which records multiple types of user attributes in a distributed manner. It is a figure which shows an aspect when a step verification type | mold card | curd is inserted in a card reader. It is a figure which shows another example of a step verification type | mold card | curd.

Explanation of symbols

  100 authentication system, 110 acquisition module, 112 input unit, 114 display control unit, 116 transmission unit, 118 data holding unit, 120 attribute acquisition unit, 122 partial ID acquisition unit, 124 confirmation input unit, 150 determination module, 152 reception unit, 154 Authentication unit, 156 Service control unit, 160 control module, 200 notebook computer, 202 Internet, 204 server, 300 card reader, 302 depth indicator, 304 Y button, 306 N button, 308 reading screen, 310 acquisition area, 312 plug Mouth, 314 reading area, 350 card, 352 recording area.

Claims (6)

When a portable information recording medium on which a plurality of types of user attributes are recorded is inserted into a predetermined insertion slot, the plurality of types of user attributes are selected according to the insertion depth of the information recording medium. An attribute acquisition unit that effectively acquires only some user attributes;
An authentication unit for determining whether the part of user attributes satisfies a predetermined authentication condition;
A service control unit that permits provision of a predetermined service to a user of the information recording medium when the authentication condition is satisfied ,
An authentication system, wherein a user attribute is recorded on the information recording medium by at least one of stamping, hologram, launching, and printing . 2. The authentication system according to claim 1 , wherein the information recording medium is a card issued for receiving a service different from the predetermined service. The information recording medium is a card issued only to an adult when using a cigarette vending machine,
The said attribute acquisition part acquires the information for identifying the said card | curd from the said card | curd as a user attribute which shows that the user of the said card | curd is an adult, The authentication system of Claim 2 characterized by the above-mentioned. A user ID is recorded on the information recording medium,
A partial ID acquisition unit that acquires a part of the user ID as a partial ID;
The service control unit provides the user with the predetermined service on the condition that the number of times the predetermined service is provided to a user whose part of the user ID includes the partial ID is less than the predetermined number of times. 4. The authentication system according to claim 1 , wherein the authentication system is permitted. A plurality of types of user attributes are recorded on the information recording medium,
The attribute acquisition unit effectively acquires one or more user attributes designated by the user among the plurality of types of user attributes,
The service control unit according to the attribute values of the user attributes effectively acquire, according to claims 1, characterized in that to select an available service from among a plurality of types of services to one of the 4 Authentication system. The attribute acquisition unit can acquire a plurality of types of user attributes from a plurality of types of the information recording medium,
The service control unit according to the attribute values of the user attributes effectively acquire, according to claims 1, characterized in that to select an available service from among a plurality of types of services to one of the 4 Authentication system.

Images