JP7363982B2 - Authentication terminal, authentication terminal control method and program - Google Patents

Description

The present invention relates to a system, a server device, an authentication method, and a storage medium.

In recent years, services using biometric authentication have begun to spread.

For example, Patent Document 1 describes that it is possible to improve the accuracy of specifying identification information of a store visitor used for predetermined processing in a store (such as payment processing for product purchase). The store management device described in Patent Document 1 communicates with a terminal device carried by a visitor when the visitor to the store authenticates the identity of the visitor through facial recognition. The store management device selects the registered customer corresponding to the store visitor from among the plurality of registered customers, collects the biometric information of the registered customer corresponding to the store visitor, and collects new information at the timing of execution of predetermined processing in the store. Authentication is performed using the visitor's biometric information obtained in the past. Through the authentication, the store management device identifies the visitor as a target for predetermined processing (such as payment processing when purchasing a product).

Patent Document 2 states that the security and convenience of electronic money payments for purchasing products and services are compatible. The biometric authentication device described in Patent Document 2 acquires a CID that identifies a user and a facial image. The biometric authentication device authenticates users by downloading in advance a group of facial images of people in the store and comparing these facial images with the obtained facial images. When the authentication is successful, the biometric authentication device requests the payment device to pay the fee for the product purchased by the user, and when the payment device allows the payment, the biometric authentication device allows the user to purchase the product.

International Publication No. 2019/181364 JP2019-067075A

As mentioned above, various services using biometric authentication have begun to be provided. In such a system using biometric authentication, a terminal for biometric authentication is installed in a retail store or the like, and biometric information is transmitted from the terminal to a server. The server performs a matching process using the acquired biometric information and the biometric information stored in the database to identify the user.

Here, as the scale of services using biometric authentication increases, a large number of similar biometric information (for example, facial images or feature amounts generated from facial images) will be registered in the database. As the number of biometric information registered in the database (that is, biometric information to be verified) increases, authentication accuracy decreases.

The main object of the present invention is to provide a system, a server device, an authentication method, and a storage medium that contribute to improving the accuracy of biometric authentication.

According to a first aspect of the present invention, the at least one authentication terminal includes a server device that stores IDs and biometric information of each of a plurality of users in association with each other, and at least one or more authentication terminal. maintains an ID list that stores the IDs of at least one person staying in a predetermined area, and when authentication of a person to be authenticated is required, an authentication request including biometric information of the person to be authenticated and the ID list is sent. to the server device, and the server device extracts the IDs included in the ID list from the IDs of each of the plurality of users, and the biometric information corresponding to the extracted IDs and the information included in the authentication request. A system is provided that performs biometric authentication using biometric information.

According to a second aspect of the present invention, there is provided a first server device that stores IDs and biometric information of each of a plurality of users in association with each other; The first server device includes a device and at least one authentication terminal that notifies the device, and the first server device sends biometric information corresponding to the notified ID out of the IDs of the plurality of users to the at least one authentication terminal. The at least one authentication terminal stores the notified biometric information in a biometric information list, and when authentication of the person to be authenticated becomes necessary, the at least one authentication terminal stores the biometric information of the person to be authenticated and the biometric information of the person to be authenticated. A system is provided that performs biometric authentication using biometric information stored in a biometric information list.

According to a third aspect of the present invention, there is provided a storage unit that stores IDs and biometric information of each of a plurality of users in association with each other, and an ID list that stores IDs of at least one visitor staying in a predetermined area. a receiving unit that receives an authentication request including biometric information of a person to be authenticated and the ID list from an authentication terminal holding the ID list; A server device is provided that includes an authentication unit that performs biometric authentication using biometric information corresponding to the extracted ID and biometric information included in the authentication request.

According to a fourth aspect of the present invention, in a server device that stores IDs and biometric information of each of a plurality of users in association with each other, an ID list that stores IDs of at least one visitor staying in a predetermined area. receives an authentication request including the biometric information of the person to be authenticated and the ID list from an authentication terminal holding the authentication terminal, extracts the IDs included in the ID list from the IDs of each of the plurality of users, and extracts the IDs included in the ID list from the IDs of each of the plurality of users; An authentication method is provided that performs biometric authentication using biometric information corresponding to the authentication request and biometric information included in the authentication request.

According to the fifth aspect of the present invention, the ID of at least one visitor staying in a predetermined area is stored in a computer installed in a server device that stores IDs and biometric information of each of a plurality of users in association with each other. a process of receiving an authentication request including biometric information of a person to be authenticated and the ID list from an authentication terminal that stores an ID list storing the ID list; and extracting IDs included in the ID list from the IDs of each of the plurality of users. and a process of performing biometric authentication using biometric information corresponding to the extracted ID and biometric information included in the authentication request. is provided.

According to each aspect of the present invention, a system, a server device, an authentication method, and a storage medium are provided that contribute to improving the accuracy of biometric authentication. Note that the effects of the present invention are not limited to the above. According to the present invention, other effects may be achieved instead of or in addition to the above effects.

FIG. 1 is a diagram for explaining an overview of one embodiment. FIG. 2 is a diagram showing an example of a schematic configuration of the authentication system according to the first embodiment. FIG. 3 is a diagram for explaining the arrangement of signage and authentication terminals according to the first embodiment. FIG. 4 is a diagram for explaining the operation of the authentication system according to the first embodiment. FIG. 5 is a diagram for explaining the operation of the authentication system according to the first embodiment. FIG. 6 is a diagram illustrating an example of the processing configuration of the server device according to the first embodiment. FIG. 7 is a diagram showing an example of the member information database according to the first embodiment. FIG. 8 is a flowchart illustrating an example of the operation of the authentication unit according to the first embodiment. FIG. 9 is a diagram illustrating an example of a processing configuration of signage according to the first embodiment. FIG. 10 is a diagram illustrating an example of the processing configuration of the authentication terminal according to the first embodiment. FIG. 11 is a diagram showing an example of a list of people entering the store according to the first embodiment. FIG. 12 is a diagram illustrating an example of a processing configuration of a terminal according to the first embodiment. FIG. 13 is a sequence diagram showing an example of the operation of the authentication system according to the first embodiment. FIG. 14 is a diagram illustrating an example of a processing configuration of an authentication terminal according to a modification of the first embodiment. FIG. 15 is a diagram illustrating an example of a processing configuration of a server device according to the second embodiment. FIG. 16 is a diagram illustrating an example of a processing configuration of an authentication terminal according to the second embodiment. FIG. 17 is a diagram showing an example of a list of people entering the store according to the second embodiment. FIG. 18 is a sequence diagram illustrating an example of the operation of the authentication system according to the second embodiment. FIG. 19 is a diagram illustrating an example of a schematic configuration of an authentication system according to modification 2 according to the second embodiment. FIG. 20 is a diagram illustrating an example of a processing configuration of an authentication terminal according to modification 2 according to the second embodiment. FIG. 21 is a diagram illustrating an example of a processing configuration of a store server according to modification 2 according to the second embodiment. FIG. 22 is a diagram illustrating an example of the hardware configuration of a server device according to the present disclosure. FIG. 23 is a diagram for explaining the operation of the authentication terminal according to the modified example of the disclosure of the present application. FIG. 24 is a diagram for explaining the operation of the authentication terminal according to the modified example of the disclosure of the present application. FIG. 25 is a diagram for explaining the operation of the authentication terminal according to the modified example of the disclosure of the present application. FIG. 26 is a diagram for explaining the arrangement of signage according to a modification example of the disclosure of the present application. FIG. 27 is a diagram illustrating an example of a processing configuration of a store server according to a modified example of the disclosure of the present application. FIG. 28 is a diagram for explaining the operation of the analysis section according to the modification example disclosed in the present application. FIG. 29 is a diagram for explaining the operation of the analysis section according to the modification example disclosed in the present application. FIG. 30 is a diagram illustrating an example of a store entry list according to a modification of the disclosure of the present application. FIG. 31 is a diagram illustrating an example of a processing configuration of a store server according to a modified example of the disclosure of the present application. FIG. 32 is a diagram for explaining the operation of the flow line information providing unit according to the modified example of the disclosure of the present application. FIG. 33 is a diagram for explaining the operation of the flow line information providing unit according to the modified example of the disclosure of the present application. FIG. 34 is a diagram for explaining the operation of the authentication terminal according to the modified example of the disclosure of the present application.

First, an overview of one embodiment will be explained. Note that the drawing reference numerals added to this summary are added to each element for convenience as an example to aid understanding, and the description of this summary is not intended to be limiting in any way. Furthermore, unless otherwise specified, the blocks depicted in each drawing represent the configuration of functional units rather than the configuration of hardware units. Connection lines between blocks in each figure include both bidirectional and unidirectional connections. The unidirectional arrows schematically indicate the main signal (data) flow, and do not exclude bidirectionality. Note that, in this specification and the drawings, elements that can be explained in the same manner may be designated by the same reference numerals, so that redundant explanation can be omitted.

The system according to one embodiment includes a server device 101 and at least one authentication terminal 102 (see FIG. 1). The server device 101 stores IDs and biometric information of each of a plurality of users in association with each other. At least one authentication terminal 102 maintains an ID list that stores IDs of at least one visitor staying in a predetermined area. When at least one authentication terminal 102 needs to authenticate a person to be authenticated, the authentication terminal 102 transmits an authentication request including biometric information of the person to be authenticated and an ID list to the server device 101. The server device 101 extracts an ID included in the ID list from the IDs of each of a plurality of users, and performs biometric authentication using the biometric information corresponding to the extracted ID and the biometric information included in the authentication request.

As described above, when the number of biometric information on the registration side increases due to biometric authentication, the authentication accuracy deteriorates. In particular, when the number of registered users reaches tens of millions, there is a possibility that erroneous authentication (rejection of the user, acceptance of another person) may occur. Furthermore, if the number of users becomes large, there is a concern that the authentication center will run out of resources, and the number of servers will need to be increased. Alternatively, if the server is not reinforced, it may take a long time to obtain the biometric authentication results.

To deal with such problems, a system according to one embodiment provides information to users (users who will become authenticated persons in the future; potential authenticated persons) staying in a predetermined area (for example, inside a store). The assigned ID is stored inside the authentication terminal 102. The authentication terminal 102 acquires biometric information of users who require biometric authentication among users staying in a predetermined area, and also uses the biometric information and an internally stored ID (at least one ID). list) is sent to the server device 101. The server device 101 extracts the IDs listed in the ID list from among the user IDs registered in advance. That is, the server device 101 extracts the IDs of users staying in a predetermined area from among users registered in advance. The server device 101 sets the biometric information corresponding to the extracted ID as the biometric information on the registration side and the biometric information included in the authentication request as the biometric information on the verification side, and executes biometric authentication (verification processing).

With the system configuration and operation as described above, the number of biometric authentications on the registration side in biometric authentication is reduced, and the occurrence of false authentication can be prevented. In other words, the number of users entering (staying in) the store during the same time period (number of visitors) is significantly smaller than the number of users (number of members) registered in advance, and one-to-N matching ( (N is a positive integer, the same applies hereinafter) becomes smaller. As a result, erroneous authentication is prevented from occurring. Furthermore, by reducing the number N of biometric information on the registration side, resource requests to the authentication center do not increase, and the cost required for biometric authentication can be reduced. Furthermore, by reducing the above-mentioned N, the time required to obtain the biometric authentication result does not become long (the throughput of the system does not decrease).

Further, the authentication terminal 102 transmits an authentication request including a visitor's ID list to the server device 101 at the timing when biometric authentication of a user staying in a predetermined area (inside the store) becomes necessary. This operation of the authentication terminal 102 prevents the server device 101 from executing unnecessary processing (resources of the server device 101 are not wasted). Here, not all users who enter the store perform some kind of consumption behavior (actions that require biometric authentication). Processing for users who do not engage in such consumption behavior is unnecessary. In the system according to one embodiment, even when a user enters a predetermined area, the authentication center (server device 101) does not perform any operation, only acquiring an ID from the terminal of the user. In this system, when it becomes necessary to authenticate a visitor, the authentication center (server device 101) is requested to perform biometric authentication. As a result, unnecessary operations by the server device 101 are suppressed, and the resources of the server device 101 are not wasted or the processing speed is reduced.

Specific embodiments will be described in more detail below with reference to the drawings.

[First embodiment]
The first embodiment will be described in more detail using the drawings.

[System configuration]
FIG. 2 is a diagram showing an example of a schematic configuration of the authentication system according to the first embodiment. As shown in FIG. 2, the authentication system includes an authentication center and a service provider.

The authentication center provides biometric authentication services to service providers. The authentication center includes a server device 10. The server device 10 is a server that performs biometric authentication. The server device 10 realizes the main functions of the authentication center. The server device 10 stores at least the ID and biometric information of each of a plurality of users in association with each other.

A service provider provides a service using biometric authentication. An example of a service using biometric authentication provided by a service provider is a payment service at a retail store or the like. Alternatively, biometric authentication may be used for payment at a video rental store. In the first embodiment, the explanation will be given assuming that the service business is a business that operates a rental video store.

As shown in FIG. 2, the service provider includes a signage 20 and a plurality of authentication terminals 30-1 and 30-2. In the following description, if there is no particular reason to distinguish between the plurality of authentication terminals 30-1 and 30-2, they will simply be referred to as "authentication terminal 30."

As shown in FIG. 2, terminals (signage 20, authentication terminal 30) installed at the service provider are configured to be able to communicate with each other, and each terminal is configured to be able to communicate with the server device 10. For example, the server device 10 and the authentication terminal 30 are connected by wired or wireless communication means.

FIG. 2 is an example, and is not intended to limit the configuration of the authentication system disclosed herein. For example, the authentication center may include two or more server devices 10. Further, the service provider only needs to include at least one authentication terminal 30.

As shown in FIG. 3, the signage 20 is a device installed near the entrance of a store (video rental store). The signage 20 displays messages such as welcoming customers visiting the store and messages such as event information.

Authentication terminals 30 are installed at various locations in the store. For example, the authentication terminal 30 is installed between product display shelves. The user uses the authentication terminal 30 to make payment. Payments are mainly made using biometric authentication (facial recognition). The authentication terminal 30 operates as a so-called self-register.

Examples of the user's biometric information include data (feature amounts) calculated from physical characteristics unique to the individual, such as the face, fingerprints, voiceprints, veins, retinas, and iris patterns. Alternatively, the user's biometric information may be image data such as a face image or a fingerprint image. The user's biometric information may be any information that includes the user's physical characteristics. In the first embodiment, the biometric information is a face image of a person or a feature quantity generated from a face image.

[Operation overview]
Next, an outline of the operation of the authentication system according to the first embodiment will be explained.

<User registration>
Users who wish to use the store (video rental store) must register (membership registration, user registration) in advance.

A user operates a terminal 40 that he or she owns to access the server device 10. Users store their own biometric information (e.g. facial image), personal information (e.g. name, age, gender, address, etc.), and account information for payment (e.g. bank account, credit card information, etc.) on the server. input into the device 10 (see FIG. 4).

The terminal 40 transmits a "user registration request" including biometric information, personal information, account information, etc. to the server device 10.

Upon acquiring the biometric information, the server device 10 generates a member ID (IDentifier) for identifying the user (member). The server device 10 associates the generated member ID, the acquired biometric information, personal information, and account information and stores them in a member information database.

Further, the server device 10 issues the generated member ID to the user. Specifically, the server device 10 transmits a response (response to the user registration request) including the member ID to the terminal 40.

The terminal 40 stores the received member ID.

<Store visit>
A user (member) carries a terminal 40 and visits a store. A signage 20 installed at the entrance/exit of a store communicates with a terminal 40. For example, the terminal 40 and the signage 20 communicate with each other through wireless communication (especially short-range wireless communication) such as ZigBee (registered trademark) and Bluetooth (registered trademark) (see FIG. 5).

The signage 20 transmits a "member ID transmission request" periodically or at a predetermined timing. When the user (terminal 40) reaches a predetermined range centered on the signage 20, the terminal 40 receives a member ID transmission request.

In response to the request, the terminal 40 transmits the member ID issued by the server device 10 to the signage 20.

Upon acquiring the member ID from the terminal 40, the signage 20 transmits a "member entry notification" including the acquired member ID to each authentication terminal 30 in the store. Although FIG. 5 shows that the member entry notification is sent to the authentication terminals 30-1 to 30-3, in reality, the notification is also sent to the authentication terminals 30-4 to 30-6. Sent.

Each authentication terminal 30 retrieves the member ID included in the member entry notification. Each authentication terminal 30 adds the retrieved member ID to the "store visitor list". The store visitor list is a list (ID list) consisting of member IDs of users (members) staying in the store. For example, if three users have entered the store, three member IDs will be written in the list of visitors.

The user moves around the store and selects the product he or she wishes to rent. The user moves in front of the authentication terminal 30 with the selected product in hand. Note that the authentication terminal 30 to which the user heads may be any one of the authentication terminals 30-1 to 30-6. In the example of FIG. 5, the user is moving in front of the authentication terminal 30-3 with the product.

When the authentication terminal 30 detects a user (person), it executes processing related to payment of the product price. The authentication terminal 30 acquires biometric information (facial image) of the user in front of the user. The authentication terminal 30 generates feature amounts from the acquired facial image.

The authentication terminal 30 transmits an “authentication request” including the generated feature amount (biometric information) and the store visitor list to the server device 10.

Upon receiving the authentication request, the server device 10 performs biometric authentication.

First, the server device 10 searches the member information database using the member ID listed in the store visitor list as a key. As a result of the search, entries of users who have entered the store are extracted. For example, if 30,000 members have registered as users and three members are staying in the store, three entries are extracted from the member IDs corresponding to the three members.

Next, the server device 10 executes biometric authentication (verification processing) using the biometric information included in the authentication request and the biometric information included in the extracted entry. More specifically, the server device 10 performs one-to-N matching.

When the biometric authentication is successful, the server device 10 sends an affirmative response including the member ID of the user who succeeded in the biometric authentication (authenticated person who was determined to be authenticated successfully; authenticated successful person) to the authentication terminal that is the source of the authentication request. Send to 30.

When the biometric authentication fails, the server device 10 transmits a negative response indicating the failure to the authentication terminal 30.

The authentication terminal 30 receives the authentication result (authentication success, authentication failure) and performs processing according to the authentication result.

When receiving an authentication failure, the authentication terminal 30 notifies the user in front of the user (person to be authenticated) that the user is not registered as a member. Alternatively, the authentication terminal 30 may display a message directing the user to an information desk where a store clerk is waiting.

When receiving successful authentication, the authentication terminal 30 performs processing for payment. Specifically, the authentication terminal 30 identifies the product (such as a rental video) by reading a barcode, two-dimensional code, etc. attached to the product.

The authentication terminal 30 calculates the price from the specified product and sends a "payment request" including payment information including information such as the product name (rental video title) and price, and the member ID of the user (successfully authenticated person) to the server. to the device 10.

The server device 10 searches the member information database using the member ID included in the payment request as a key, and reads account information from the corresponding entry. The server device 10 performs payment processing using the read account information (bank account, credit card information, etc.) and the product price included in the payment information.

The server device 10 transmits the result of the payment process (successful payment, failed payment) to the authentication terminal 30.

The authentication terminal 30 performs processing according to the result of the approval processing. For example, if the payment fails, the authentication terminal 30 may output a message directing the customer to an information desk where a store clerk is waiting, or may prompt the customer to make payment in cash. If the payment is successful, the authentication terminal 30 may notify the user that the payment has been completed.

Next, details of each device included in the authentication system according to the first embodiment will be explained.

[Server device]
FIG. 6 is a diagram illustrating an example of a processing configuration (processing module) of the server device 10 according to the first embodiment. Referring to FIG. 6, the server device 10 includes a communication control section 201, a user registration section 202, an authentication section 203, a payment section 204, and a storage section 205.

The communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the authentication terminal 30. Furthermore, the communication control unit 201 transmits data to the authentication terminal 30. The communication control unit 201 passes data received from other devices to other processing modules. The communication control unit 201 transmits data acquired from other processing modules to other devices. In this way, other processing modules transmit and receive data to and from other devices via the communication control unit 201. The communication control unit 201 has a function as a reception unit that receives data from another device, and a function as a transmission unit that transmits data to the other device.

The user registration unit 202 is a means for realizing the above-mentioned user registration. The user registration unit 202 receives a “user registration request” from the terminal 40. The user registration unit 202 generates feature quantities (feature vectors made up of a plurality of feature quantities) from the facial image (biometric information) acquired from the terminal 40.

Existing techniques can be used for feature quantity generation processing, so detailed explanation thereof will be omitted. For example, the user registration unit 202 extracts eyes, nose, mouth, etc. from the face image as feature points. Thereafter, the user registration unit 202 calculates the positions of each feature point and the distance between each feature point as feature quantities, and generates a feature vector (vector information characterizing the face image) consisting of a plurality of feature quantities.

Further, the user registration unit 202 generates a member ID for identifying a user (member). The member ID may be any information as long as it can uniquely identify a user who is registered as a member. For example, the user registration unit 202 may assign a unique value to the member ID each time it processes a user registration request.

The user registration unit 202 associates the generated member ID, feature amount (biometric information), personal information, and account information and stores them in the member information database (see FIG. 7). Note that the member information database shown in FIG. 7 is an example, and is not intended to limit the items to be stored. For example, a "face image" may be registered as biometric information in the member information database.

After storing the biometric information and the like in the member information database, the user registration unit 202 notifies the user of the generated member ID. Specifically, the user registration unit 202 transmits a response (response to the user registration request) including the member ID to the terminal 40.

The authentication unit 203 is a means for processing an authentication request sent from a service provider (authentication terminal 30). The operation of the authentication unit 203 will be explained with reference to FIG. 8.

Upon receiving the authentication request, the authentication unit 203 takes out the "store visitor list" included in the authentication request (step S101).

The authentication unit 203 searches the member information database using at least one member ID listed in the store visitor list as a key, and identifies the corresponding entry (step S102).

The authentication unit 203 sets the biometric information (feature amount) included in the authentication request as a matching target, and performs a matching process with the biometric information registered in the at least one entry identified above (step S103). . More specifically, the authentication unit 203 sets the feature extracted from the authentication request as a matching target, and compares it with some of the features registered in the member information database. Perform pair-to-N matching.

Note that since the number of users entering the store during the same time period is small, "N" in the above verification process is also a small number. For example, if information on 30,000 members is registered in the member information database but the number of members staying at the store is "3", the above N will be "3".

In the above matching process, the authentication unit 203 calculates the degree of similarity between the feature quantity (feature vector) to be matched and each of the plurality of feature quantities on the registration side. Chi-square distance, Euclidean distance, etc. can be used for the similarity. Note that the farther the distance, the lower the degree of similarity, and the closer the distance, the higher the degree of similarity.

If there is no feature amount with a degree of similarity equal to or higher than a predetermined value (step S104, No branch), the authentication unit 203 sets the authentication result to "authentication failure" (step S105).

If there is a feature amount with a degree of similarity equal to or higher than a predetermined value (step S104, Yes branch), the authentication unit 203 sets the authentication result to "authentication success" (step S106).

The authentication unit 203 transmits the authentication result (authentication success, authentication failure) to the authentication terminal 30 (step S107).

In the case of authentication failure, authentication section 203 transmits a negative response indicating that to authentication terminal 30.

If the authentication is successful, the authentication unit 203 transmits an affirmative response indicating that to the authentication terminal 30. When transmitting a positive response, the authentication unit 203 transmits to the authentication terminal 30 a positive response that includes the member ID of the entry having the biometric information with the highest degree of similarity to the verification target among the entries narrowed down by the member ID. Alternatively, the authentication unit 203 may transmit to the authentication terminal 30 an affirmative response that further includes personal information (for example, name) of the entry having biometric information with the highest degree of similarity.

In this way, the authentication unit 203 extracts IDs included in the list of people entering the store (ID list) from the IDs of each of a plurality of users (members). The authentication unit 203 performs biometric authentication using the biometric information corresponding to the extracted ID and the biometric information included in the authentication request. Further, when the biometric authentication is successful, the authentication unit 203 notifies the authentication terminal 30, which is the source of the authentication request, of the ID of the person who was successfully authenticated.

The payment unit 204 is a means for processing a “payment request” received from the authentication terminal 30. The payment unit 204 extracts the member ID from the payment request. The payment unit 204 searches the member information database using the member ID as a key and identifies the corresponding entry.

The payment unit 204 reads account information from the specified entry. The payment unit 204 performs payment processing using the account information and payment information included in the payment request. The payment unit 204 requests the bank account or credit card account listed in the account information to withdraw the amount included in the payment information.

The payment processing by the payment unit 204 is obvious to those skilled in the art and is different from the purpose of the present disclosure, so further detailed explanation will be omitted.

The storage unit 205 is a means for storing information necessary for the operation of the server device 10. A member information database is constructed in the storage unit 205.

[signage]
The signage 20 is a device that acquires the ID of at least one visitor from a terminal 40 carried by at least one visitor (a visitor staying in a predetermined area; a person entering a store).

FIG. 9 is a diagram illustrating an example of a processing configuration (processing module) of the signage 20 according to the first embodiment. Referring to FIG. 9, the signage 20 includes a communication control section 301, a member detection section 302, a message output section 303, and a storage section 304.

The communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packets) from the authentication terminal 30. Furthermore, the communication control unit 301 transmits data to the authentication terminal 30. The communication control unit 301 passes data received from other devices to other processing modules. The communication control unit 301 transmits data acquired from other processing modules to other devices. In this way, other processing modules transmit and receive data to and from other devices via the communication control unit 301.

The communication control unit 301 also communicates with the terminal 40 owned by the user by short-range wireless communication.

The member detection unit 302 is a means for detecting members (users) near the signage 20. The member detection unit 302 transmits a "member ID transmission request" periodically or at a predetermined timing by short-range wireless communication.

Since the member ID transmission request is transmitted by short-range wireless communication, if the distance between the user holding the terminal 40 and the signage 20 is long, the terminal 40 cannot receive the request. In the example of FIG. 5, the signage 20 is placed at a position where the terminal 40 of the user who has entered the store can receive the member ID transmission request.

The member detection unit 302 receives a response including the member ID (response to the member ID transmission request) from the terminal 40 that received the request.

Upon acquiring the member ID from the terminal 40, the member detection unit 302 transmits (broadcast) a "member entry notification" including the member ID to each authentication terminal 30 in the store.

In this way, the member detection unit 302 acquires the member ID of the visitor (stayer at the store) by communicating with the terminal 40 owned by the user who has visited the store by short-range wireless communication. The member detection unit 302 notifies each of the plurality of authentication terminals 30 installed in the store (predetermined area) of the acquired member ID of the at least one visitor.

The message output unit 303 is a means for outputting various messages. For example, when the member detection section 302 detects a member (detects the member's entry into the store), the message output section 303 outputs a message etc. welcoming the member to the store.

The message output unit 303 may display the message on a display device such as a liquid crystal panel, or may output the message using an acoustic device such as a speaker.

The storage unit 304 is a means for storing information necessary for the operation of the signage 20.

[Authentication terminal]
The authentication terminal 30 is a terminal (apparatus, device) that acquires biometric information of a person to be authenticated.

FIG. 10 is a diagram illustrating an example of a processing configuration (processing module) of the authentication terminal 30 according to the first embodiment. Referring to FIG. 10, the authentication terminal 30 includes a communication control section 401, a store visitor list management section 402, a biometric information acquisition section 403, an authentication request section 404, a payment request section 405, a storage section 406, Equipped with

The communication control unit 401 is means for controlling communication with other devices. For example, the communication control unit 401 receives data (packets) from the server device 10. Furthermore, the communication control unit 401 transmits data to the server device 10. Communication control unit 401 passes data received from other devices to other processing modules. The communication control unit 401 transmits data acquired from other processing modules to other devices. In this way, other processing modules transmit and receive data to and from other devices via the communication control unit 401.

The store visitor list management unit 402 is a means for managing a store visitor list. Upon receiving the member entry notification from the signage 20, the store visitor list management unit 402 adds the member ID included in the notification to the store entry list.

FIG. 11 is a diagram showing an example of a list of people entering the store according to the first embodiment. As shown in FIG. 11, the store entry list stores the member's entry date and time and member ID in association with each other. In this way, the authentication terminal 30 placed in the store (predetermined area) maintains a store visitor list (ID list) that stores member IDs of visitors staying at the store.

The biometric information acquisition unit 403 is a means for controlling a camera and acquiring biometric information (facial image) of the user. The biological information acquisition unit 403 images the front of its own device periodically or at predetermined timing. The biometric information acquisition unit 403 determines whether or not the acquired image includes a human face image, and if a face image is included, extracts the facial image from the acquired image data.

Note that existing techniques can be used for the face image detection processing and the face image extraction processing by the biometric information acquisition unit 403, so a detailed explanation will be omitted. For example, the biological information acquisition unit 403 may extract a face image (face region) from the image data using a learning model learned by a CNN (Convolutional Neural Network). Alternatively, the biometric information acquisition unit 403 may extract the facial image using a method such as template matching.

The biometric information acquisition unit 403 delivers the extracted facial image to the authentication requesting unit 404.

The authentication requesting unit 404 is a means for requesting the server device 10 to authenticate the user. When authentication of a person to be authenticated is required, the authentication requesting unit 404 transmits an authentication request including biometric information of the person to be authenticated (the user in front of the authentication terminal 30) and a list of people entering the store to the server device 10.

Upon acquiring the biometric information (facial image) from the biometric information acquisition unit 403, the authentication requesting unit 404 generates a feature amount from the facial image. The authentication request unit 404 transmits an authentication request including the generated feature amount, store visitor list, and terminal ID to the server device 10.

The terminal ID is an ID for identifying the authentication terminal 30 of each store. The MAC (Media Access Control) address or IP (Internet Protocol) address of the authentication terminal 30 can be used as the terminal ID.

The authentication request unit 404 receives authentication results (authentication success, authentication failure) from the server device 10.

If the response from the server device 10 is a "negative response" (in the case of authentication failure), the authentication request unit 404 notifies the user (person to be authenticated) to that effect. For example, the authentication requesting unit 404 notifies the person to be authenticated (the user standing in front of the authentication terminal 30) that the user is not registered as a member. Alternatively, the authentication requesting unit 404 notifies the person to be authenticated to go to an information center or the like where a store clerk is located. Alternatively, the authentication requesting unit 404 may output a message or the like urging the person who failed the authentication (the person to be authenticated who was determined to have failed in authentication) to register as a member.

If the response from the server device 10 is an "affirmative response" (if the authentication is successful), the authentication request unit 404 extracts the member ID included in the response. The authentication requesting unit 404 hands over the retrieved member ID to the payment requesting unit 405.

The payment requesting unit 405 is a means for making a request regarding payment for a person who is successfully authenticated. The payment requesting unit 405 specifies the product (for example, a rental video) by any means. For example, the payment requesting unit 405 identifies the product based on the tag, barcode, or two-dimensional code attached to the rental video.

The payment requesting unit 405 calculates the price to be charged to the user based on the specified product and generates payment information. The payment request unit 405 transmits a “payment request” including the generated payment information, member ID, and terminal ID to the server device 10.

The payment request unit 405 obtains the payment result (successful payment, failed payment) from the server device 10. The payment request unit 405 performs processing according to the payment result.

For example, if the payment is successful, the payment request unit 405 notifies the user that the payment has been completed. If the payment has failed, the payment request unit 405 notifies the user to that effect and instructs the user to go to the store clerk.

In this way, the payment requesting unit 405 provides a service (commodity payment service) to the successful authentication person using the member ID of the successful authentication person.

The storage unit 406 stores information necessary for the operation of the authentication terminal 30.

[Terminal]
The terminal 40 is a mobile terminal device such as a smartphone, a mobile phone, a game machine, or a tablet. However, this does not mean to limit the terminal 40 to these examples. A "terminal" in the present disclosure can be any device that can be carried by a person.

FIG. 12 is a diagram illustrating an example of a processing configuration (processing module) of the terminal 40 according to the first embodiment. Referring to FIG. 12, the terminal 40 includes a communication control section 501, a user registration request section 502, a member ID transmission section 503, and a storage section 504.

The communication control unit 501 is a means for controlling communication with other devices. For example, the communication control unit 501 receives data (packets) from the server device 10. Furthermore, the communication control unit 501 transmits data to the server device 10. Communication control unit 501 passes data received from other devices to other processing modules. The communication control unit 501 transmits data acquired from other processing modules to other devices. In this way, other processing modules transmit and receive data to and from other devices via the communication control unit 501.

Furthermore, the communication control unit 501 also communicates with the signage 20 installed at the entrance/exit of the store, etc., by short-range wireless communication.

The user registration request unit 502 is a means for realizing membership registration of a user. In response to a user's operation, the user registration requesting unit 502 obtains biometric information (facial image), personal information (name, etc.), and account information (bank account, etc.).

The user registration request unit 502 transmits a user registration request including the acquired biometric information, personal information, and account information to the server device 10.

When the user registration request unit 502 receives a response including the member ID, the user registration request unit 502 stores the member ID in the storage unit 504.

The member ID transmitter 503 is a means for transmitting a member ID to the signage 20. Upon receiving the “membership ID transmission request”, the member ID transmission unit 503 transmits a response including the member ID stored in the storage unit 504 to the signage 20. For example, the member ID transmitting unit 503 transmits a response to the member ID transmission request using short-range wireless communication means such as Bluetooth (registered trademark).

The storage unit 504 is a means for storing information necessary for the operation of the terminal 40.

[System operation]
Next, the operation of the authentication system according to the first embodiment will be explained. Note that a description of operations related to user registration will be omitted. FIG. 13 is a sequence diagram showing an example of the operation of the authentication system according to the first embodiment.

The signage 20 acquires the member ID from the response to the member ID transmission request (step S01).

The signage 20 transmits a member entry notification including the acquired member ID to each authentication terminal 30 (step S02).

Each authentication terminal 30 writes the acquired member ID in the store entry list (member ID is written in the list; step S03).

When the authentication terminal 30 detects the user (person to be authenticated) in front of the user, the authentication terminal 30 acquires biometric information (step S04).

The authentication terminal 30 transmits an authentication request including biometric information, a list of people entering the store, and a terminal ID to the server device 10 (step S05).

The server device 10 extracts the entry of the member ID listed in the store visitor list from the member information database (step S06).

The server device 10 performs biometric authentication using the biometric information included in the authentication request and the biometric information of the extracted entry (step S07).

The server device 10 transmits the authentication result to the authentication terminal 30 (step S08).

The authentication terminal 30 performs processing according to the authentication result (step S09). If the authentication fails, the authentication terminal 30 notifies the user to that effect. If the authentication is successful, the authentication terminal 30 executes processing related to payment (sends a payment request).

[Modification according to the first embodiment]
In the first embodiment, the signage 20 acquires the member ID from the user's terminal 40. However, the signage 20 may not be installed in the store. Instead of the signage 20, authentication terminals 30 installed at various locations in the store may acquire the member ID from the terminal 40.

Specifically, the authentication terminal 30 only needs to include the member detection function of the signage 20. In this case, the authentication terminal 30 only needs to include a member detection section 407, as shown in FIG. The basic operation of the member detection section 407 can be the same as the operation of the member detection section 302 of the signage 20, so a detailed explanation will be omitted.

Further, the communication control unit 401 included in the authentication terminal 30 of the modification according to the first embodiment may be compatible with short-range wireless communication such as Bluetooth (registered trademark).

When the member detection unit 407 acquires the member ID in response to the member ID transmission request, it hands over the acquired member ID to the store visitor list management unit 402 of its own device. Further, the member detection unit 407 transmits a “member entry notification” including the member ID to other authentication terminals 30.

For example, in FIG. 5, consider a case where the signage 20 is not installed at the storefront (entrance/exit). In this case, for example, when the authentication terminal 30-1 acquires a member ID, it transmits a member entry notification including the member ID to the other authentication terminals 30-2 to 30-6.

In this way, even if the signage 20 is not installed in the store, each authentication terminal 30 obtains a member ID through short-range wireless communication, thereby creating a list of people staying in the store. Since a list of people entering the store can be created, the server device 10 can narrow down the authentication targets using member IDs.

As described above, in the authentication system according to the first embodiment, the member ID is transmitted from the terminal 40 to the edge devices (signage 20, authentication terminal 30) of the store. Furthermore, when biometric authentication is required, the authentication terminal 30 transmits the biometric information of the person to be authenticated to the cloud side (authentication center; server device 10) along with a list including the member IDs of users staying in the store. Request biometric authentication. The server device 10 narrows down the users staying in the store using the acquired list, sets the narrowed down users as the registration side, and performs biometric authentication. Since users are narrowed down by member ID, highly accurate biometric authentication can be achieved. In addition, in the authentication system according to the first embodiment, the target is not narrowed down when the user enters the store, but the target is narrowed down at the timing when biometric authentication is required (that is, when the payment is required). . By taking such measures, the server device 10 does not need to perform processing regarding users who have left the store without taking any consumption action. As a result, resources of the server device 10 are not wasted and biometric authentication throughput is not reduced.

Additionally, from the user's perspective, there is an advantage in that they can enjoy the convenience of biometric authentication without having to carry around biometric information, which is difficult-to-handle personal information. Furthermore, since payments can be made using biometric authentication, complicated operations such as entering a password, which are required during normal payments, are no longer necessary. Furthermore, when the user enters the store, the user can increase the number of points of contact between the user and the terminal 40, such as by enabling the short-range wireless communication function of the terminal 40 that the user owns.

Furthermore, from the perspective of a service provider that uses biometric authentication, it is sufficient for the signage 20 to acquire the member ID from the terminal 40 and for the authentication terminal 30 to share the member ID, and there is no need for more equipment or complicated processing. It has the advantage of being That is, the authentication system according to the first embodiment has the advantage that there are fewer burdens and considerations on the service provider side.

[Second embodiment]
Next, a second embodiment will be described in detail with reference to the drawings.

In the first embodiment, it has been described that the cloud side (authentication center; server device 10) executes biometric authentication. However, the biometric authentication may be performed locally (edge side; store side).

Note that the configuration of the authentication system according to the second embodiment can be the same as that of the first embodiment, so a description corresponding to FIG. 2 will be omitted. Further, the processing configuration of the signage 20 according to the second embodiment can be the same as that of the first embodiment, and the explanation thereof will be omitted.

Hereinafter, differences between the first embodiment and the second embodiment will be mainly described.

Upon acquiring the member ID from the user's terminal 40, the signage 20 according to the second embodiment transmits the member ID to the server device 10 instead of transmitting it to the authentication terminal 30 in the store. That is, the signage 20 notifies the server device 10 of the member ID of the visitor staying at the store (predetermined area).

More specifically, upon acquiring the member ID from the terminal 40, the member detection unit 302 of the signage 20 transmits a member entry notification including the member ID and store ID to the server device 10.

Note that the store ID is information for uniquely identifying a service provider participating in the authentication system. For example, in FIG. 2, different store IDs are set for service provider A and service provider B.

Further, the terminal ID and store ID are shared between the server device 10 and the terminals (signage 20, authentication terminal 30) by any method. For example, a system administrator determines a terminal ID and a store ID, and sets the determined terminal ID in the server device 10. Further, the system administrator notifies the service provider of the determined terminal ID. The service provider sets the notified terminal ID in the terminal (signage 20, authentication terminal 30).

FIG. 15 is a diagram illustrating an example of a processing configuration (processing module) of the server device 10 according to the second embodiment. Referring to FIG. 15, the server device 10 according to the second embodiment includes a biometric information notification section 206 in place of the authentication section 203 of the server device 10 according to the first embodiment.

The biometric information notification unit 206 is a means for notifying the authentication terminal 30 of biometric information corresponding to the member ID notified from the signage 20 among the IDs of a plurality of users.

Upon receiving the member entry notification, the biometric information notification unit 206 searches the member information database using the member ID included in the member entry notification as a key, and identifies the corresponding entry. The biometric information notifying unit 206 notifies each authentication terminal 30 of the store where the signage 20 is installed of the biometric information of the specified entry (biometric information corresponding to the acquired member ID).

Specifically, the biometric information notification unit 206 transmits a “biometric information notification” including the biometric information (feature amount) of the specified entry and the member ID to each authentication terminal 30.

Note that the biometric information notification unit 206 identifies the store that is the source of the member entry notification and the plurality of authentication terminals 30 installed in the store based on the store ID. Specifically, the biometric information notification unit 206 identifies the authentication terminal 30 to which the biometric information notification is to be sent by referring to table information that stores the store ID and the terminal ID of the authentication terminal 30 in association with each other.

The biometric information notification unit 206 transmits a "biometric information notification" to each authentication terminal 30 specified as a destination. That is, in response to receiving the member entry notification, the server device 10 transmits the corresponding member's biometric information to at least one authentication terminal 30.

FIG. 16 is a diagram illustrating an example of a processing configuration (processing module) of the authentication terminal 30 according to the second embodiment. Referring to FIG. 16, the authentication terminal 30 according to the second embodiment includes an authentication section 408 in place of the authentication request section 404 of the authentication terminal 30 according to the first embodiment.

Upon receiving the biometric information notification, the store visitor list management unit 402 writes the member ID and biometric information written in the notification in the store visitor list (see FIG. 17). In this way, each authentication terminal 30 stores therein the biometric information (biometric information of the person entering the store) acquired from the server device 10. In other words, the authentication terminal 30 stores the biometric information notified from the server device 10 in a store visitor list (biometric information list), and accumulates biometric information of users staying in the store.

The authentication terminal 30 acquires the user's biometric information and performs biometric authentication during payment. Specifically, upon acquiring the biometric information of the person to be authenticated from the biometric information acquisition unit 403, the authentication unit 408 uses the biometric information listed in the store visitor list and the biometric information acquired from the biometric information acquisition unit 403. Perform biometric authentication. That is, when authentication of the person to be authenticated is required, the authentication unit 408 executes biometric authentication using the biometric information acquired by the biometric information acquisition unit 403 and the biometric information stored in the list (entering person list). .

Note that the basic operation of the authentication section 408 can be the same as the operation of the authentication section 203 described in the first embodiment, so a more detailed explanation regarding the authentication section 408 will be omitted.

When the authentication section 408 succeeds in biometric authentication, the authentication section 408 hands over the member ID of the person who was successfully authenticated to the payment request section 405 . The payment request unit 405 transmits a payment request including the member ID and payment information to the server device 10.

For example, in the example of FIG. 5, the signage 20 transmits a member entry notification including the member ID of the user who owns the terminal 40 to the server device 10. The server device 10 reads the biometric information corresponding to the member ID from the member information database, and notifies the authentication terminals 30-1 to 30-6 (sends a biometric information notification).

Each authentication terminal 30 stores the notified biometric information and member ID in association with each other.

As shown in FIG. 5, when a user makes a payment using the authentication terminal 30-3, the authentication terminal 30-3 performs biometric authentication using the biometric information stored inside the user. Specify the member ID of. The authentication terminal 30 transmits a payment request including the specified member ID and payment information to the server device 10.

[System operation]
Next, the operation of the authentication system according to the second embodiment will be explained. FIG. 18 is a sequence diagram illustrating an example of the operation of the authentication system according to the second embodiment.

The signage 20 acquires the member ID from the response to the member ID transmission request (step S11).

The signage 20 transmits a member entry notification including the acquired member ID to the server device 10 (step S12).

The server device 10 identifies the member's biometric information corresponding to the member ID included in the member entry notification (step S13).

The server device 10 transmits a biometric information notification including the identified biometric information and member ID to each authentication terminal 30 (step S14).

Each authentication terminal 30 writes the acquired member ID and biometric information in the store visitor list (step S15).

When the authentication terminal 30 detects the user (person to be authenticated) in front of him, the authentication terminal 30 performs biometric authentication (step S16). The authentication terminal 30 performs biometric authentication using the stored biometric information of the person entering the store.

When the authentication terminal 30 succeeds in biometric authentication, it transmits a payment request including the member ID of the person to be authenticated to the server device 10 (step S17).

The server device 10 executes payment processing using the payment information and account information (step S18).

[Modification 1 according to the second embodiment]
In the second embodiment, the member ID is transmitted to the server device 10 at the timing when the member enters the store, and the server device 10 notifies each authentication terminal 30 of the biometric information corresponding to the member ID. However, the member ID may be transmitted to the server device 10 at the timing when biometric authentication is required at the authentication terminal 30 (timing of payment). For example, when the signage 20 acquires a member ID from the terminal 40, the signage 20 manages the acquired member ID using a "store visitor list."

When the authentication terminal 30 requires payment (when it becomes necessary to perform biometric authentication), the authentication terminal 30 transmits a "request to send a list of people entering the store" to the signage 20. Upon receiving the request, the signage 20 transmits the list of people entering the store to the server device 10.

The server device 10 reads biometric information corresponding to the member ID listed in the store visitor list from the member information database, and transmits a biometric information notification including the member ID and biometric information to the authentication terminal 30.

The authentication terminal 30 specifies the user in front of the user by setting the biometric information written in the biometric information notification as the biometric information on the registration side and performing biometric authentication. The authentication terminal 30 transmits a payment request including the member ID of the specified user to the server device 10.

In this way, even when biometric authentication is performed on the edge side (store side, service provider side), the member ID is sent to the server device 10 at the timing when biometric authentication is required, that is, at the timing of payment. It's okay. The server device 10 may narrow down the members staying in the store based on the member ID, and notify the authentication terminal 30 of the biometric information of the narrowed down members.

[Modification 2 according to the second embodiment]
In the second embodiment, the biometric information of the member who has entered the store is stored in the authentication terminal 30, and the authentication terminal 30 performs biometric authentication. Here, the biometric information transmitted from the server device 10 (cloud side) to the store side (edge side) may be stored not by each authentication terminal 30 but by a store server installed at each store. .

Specifically, as shown in FIG. 19, a store server 50 may be installed in each store, and store-side terminals (signage 20, authentication terminal 30) and store server 50 may be connected. Store server 50 is connected to server device 10 . Note that the store server 50 becomes a "second server device" if the server device 10 is a "first server device."

Upon receiving the member entry notification, the server device 10 transmits a “biometric information notification” including the biometric information and the member ID corresponding to the received member ID to the store server 50.

The store server 50 stores the received member ID and biometric information in the store visitor list.

If biometric authentication is required, the authentication terminal 30 transmits the biometric information of the person to be authenticated to the store server 50. More specifically, when payment is required, the authentication terminal 30 transmits an authentication request including the biometric information of the person to be authenticated to the store server 50. The store server 50 performs biometric authentication using the accumulated biometric information (biometric information listed in the store visitor list) and the biometric information acquired from the authentication terminal 30.

When the biometric authentication is successful, the store server 50 transmits the member ID of the person who was successfully authenticated to the authentication terminal 30. The authentication terminal 30 transmits a payment request including the member ID and payment information to the server device 10. The authentication terminal 30 may transmit the payment request to the server device 10 via the store server 50, or directly to the server device 10.

In the second modification of the second embodiment, the signage 20 transmits the terminal ID to the server device 10, and the biometric information corresponding to the terminal ID is transmitted to the store server 50 at the time of payment by the user. It may be.

The processing configuration of each device of Modification 2 according to the second embodiment will be described.

Regarding the server device 10, the processing configuration can be the same as that described with reference to FIG. 15. The biometric information notification unit 206 may transmit biometric information notification to the store server 50.

Regarding the signage 20, the processing configuration can be the same as that described with reference to FIG. The member detection unit 302 may transmit a member entry notification to the server device 10 via the store server 50, or may directly transmit the notification to the server device 10.

The authentication terminal 30 may have a configuration as shown in FIG. 20. As shown in FIG. 20, the authentication terminal 30 of Modification 2 according to the second embodiment does not need to include the store visitor list management section 402. The authentication request unit 404 transmits an authentication request including biometric information of the person to be authenticated to the store server 50 and obtains the member ID of the person who was successfully authenticated from the store server 50 .

FIG. 21 is a diagram illustrating an example of the processing configuration (processing module) of the store server 50 of Modification 2 according to the second embodiment. As shown in FIG. 21, the store server 50 includes a communication control section 601, a store visitor list management section 602, an authentication section 603, and a storage section 604.

Note that the basic operation of each processing module included in the store server 50 can be the same as the operation of the processing module with the same name that has already been explained, so a detailed explanation will be omitted.

For example, the store visitor list management unit 602 receives a biometric information notification from the server device 10, and adds the member ID and biometric information of the user (member) staying in the store to the store visitor list. Further, the authentication unit 603 processes an authentication request from the authentication terminal 30, and when biometric authentication is successful, notifies the authentication terminal 30 of the member ID of the person who was successfully authenticated.

In this way, the authentication system may further include the store server 50 that receives biometric information from the server device 10 instead of the authentication terminal 30. In this case, the authentication terminal 30 transmits an authentication request including the biometric information of the person to be authenticated to the store server 50. The store server 50 performs biometric authentication using the biometric information received from the server device 10 and the biometric information included in the authentication request.

Note that in the second embodiment as well, the authentication terminal 30 may have the function of the signage 20. Also in the second embodiment, instead of the signage 20, the authentication terminal 30 may acquire the member ID from the user's terminal 40. The authentication terminal 30 may transmit the acquired member ID to the server device 10.

As described above, in the system according to the second embodiment, the member ID of the user who enters the store is transmitted to the server device 10. The server device 10 specifies the biometric information of the corresponding user from the member ID, and notifies the edge side (service provider side) of the specified biometric information. On the edge side, the notified biometric information is stored internally and used for biometric authentication. According to the second embodiment as well, the targets of biometric authentication are narrowed down based on the member ID, so the accuracy of biometric authentication is improved.

Next, the hardware of each device making up the authentication system will be explained. FIG. 22 is a diagram illustrating an example of the hardware configuration of the server device 10.

The server device 10 can be configured by an information processing device (so-called computer), and has a configuration illustrated in FIG. 22. For example, the server device 10 includes a processor 311, a memory 312, an input/output interface 313, a communication interface 314, and the like. The components such as the processor 311 are connected by an internal bus or the like and are configured to be able to communicate with each other.

However, the configuration shown in FIG. 22 is not intended to limit the hardware configuration of the server device 10. The server device 10 may include hardware that is not shown, and may not include the input/output interface 313 if necessary. Furthermore, the number of processors 311 and the like included in the server device 10 is not limited to the example shown in FIG. 22; for example, a plurality of processors 311 may be included in the server device 10.

The processor 311 is, for example, a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), or a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).

The memory 312 is a RAM (Random Access Memory), a ROM (Read Only Memory), an HDD (Hard Disk Drive), an SSD (Solid State Drive), or the like. The memory 312 stores OS programs, application programs, and various data.

The input/output interface 313 is an interface for a display device or input device (not shown). The display device is, for example, a liquid crystal display. The input device is, for example, a device such as a keyboard or a mouse that receives user operations.

The communication interface 314 is a circuit, module, or the like that communicates with other devices. For example, the communication interface 314 includes a NIC (Network Interface Card).

The functions of the server device 10 are realized by various processing modules. The processing module is realized, for example, by the processor 311 executing a program stored in the memory 312. Further, the program can be recorded on a computer-readable storage medium. The storage medium can be non-transitory, such as a semiconductor memory, a hard disk, a magnetic recording medium, an optical recording medium, etc. That is, the present invention can also be implemented as a computer program product. Furthermore, the above program can be updated via a network or by using a storage medium that stores the program. Furthermore, the processing module may be realized by a semiconductor chip.

Note that the signage 20, authentication terminal 30, terminal 40, and store server 50 can also be configured by an information processing device in the same way as the server device 10, and the basic hardware configuration thereof is not different from the server device 10, so it will be explained. omitted. For example, the authentication terminal 30 may include a camera device for photographing the person to be authenticated.

The server device 10, which is an information processing device, is equipped with a computer, and the functions of the server device 10 can be realized by having the computer execute a program. Furthermore, the server device 10 executes the authentication method using the program.

[Modified example]
Note that the configuration, operation, etc. of the authentication system described in the above embodiments are merely examples, and are not intended to limit the configuration, etc. of the system.

In the above embodiment, it has been explained that the terminal 40 notifies the signage 20 or the like of the member ID in response to a request from the signage 20 or the like. However, the information that the terminal 40 reports to the signage 20 and the like by short-range wireless communication is not limited to the member ID. For example, the terminal 40 may notify the store terminal (signage 20, authentication terminal 30) of biometric information (for example, a facial image) in addition to the member ID. In this case, for example, the authentication terminal 30 stores the member ID and biometric information in association with each other. The authentication terminal 30 executes biometric authentication using the biometric information acquired from the terminal 40 and the biometric information of the person to be authenticated in front of the user, and identifies the corresponding member ID. The authentication terminal 30 may transmit the specified member ID to the server device 10 and request payment processing.

In addition to member IDs, biometric information, personal information, account information, etc., the server device 10 stores coupons (for example, discounts on product prices) and benefits (for example, points that can be used in the month of your birthday) issued to each user. (hereinafter referred to as benefit information) may be stored. When the server device 10 identifies a user through biometric authentication, the server device 10 may automatically apply the privilege information of the identified user to perform payment processing. Alternatively, the server device 10 may notify the authentication terminal 30 of the privilege information of the user identified through biometric authentication. The authentication terminal 30 may inquire of the person who was successfully authenticated (the person to be authenticated who was determined to be successfully authenticated) whether or not the benefit information notified from the server device 10 needs to be applied (see FIG. 23). Alternatively, if the user has multiple types of benefit information (multiple types of benefit information), the authentication terminal 30 may ask the successful authentication person which benefit information to select and apply. (See Figure 24). The authentication terminal 30 may apply a coupon or the like when the user indicates an intention to use the coupon or benefit. In this way, the authentication system disclosed herein may provide a personalized service for utilizing coupons and benefits.

Alternatively, instead of specific information regarding coupons and benefits being stored in the server device 10, benefit information may be stored in the user's terminal 40. The terminal 40 may transmit the benefit information along with the member ID to the signage 20 or the authentication terminal 30. The authentication terminal 30 may automatically apply the coupon, etc. if the user identified by biometric authentication holds the coupon or benefit, or may apply the coupon or the like automatically based on the user's intention (coupon use, coupon non-use). You may process accordingly. In this way, the authentication system disclosed in the present application can prevent forgetting to use coupons and benefits, and by making users feel the convenience, it encourages continuous repeat use of the store.

The store visitor list management section 402 of the authentication terminal 30 and the store visitor list management section 602 of the store server 50 may delete entries that have been registered in the store visitor list for a predetermined period of time. Specifically, the store visitor list management unit 402 deletes the entry (member ID, biometric information) of a user who is determined to have been in the store for a sufficient amount of time to select a product, etc. You may want to keep the merchant list size appropriate. Alternatively, the store visitor list management unit 402 may delete entries (member IDs, biometric information) of users who have successfully completed biometric authentication. When an entry is deleted in response to successful biometric authentication, the store visitor list management unit 402 may send an "entry deletion notification" including the deleted entry (member ID) to other authentication terminals 30. . The authentication terminal 30 that has received the notification deletes the deleted entry from the store visitor list managed by itself.

The authentication terminal 30 may take measures in consideration of a user whose entry is deleted from the store entry list after a predetermined period of time has passed since entering the store. For example, if the biometric authentication result is an authentication failure, the authentication terminal 30 will display a message such as "Your entry record may have been deleted because it has been a long time since you entered the store. Please enter your member ID and password." A GUI (Graphical User Interface) may be displayed (see FIG. 25). In this way, when a user whose entry has been deleted after a certain period of time has passed since entering the store, when the user pays for the product (receives biometric authentication), the authentication terminal 30 provides the user with the member ID and password. (passcode) etc. may be requested. In addition, when identity authentication is performed using a password, the member information database of the server device 10 stores the member ID and password in association with each other.

Alternatively, if the entrance and exit of the store are different, the member ID of the user detected at the exit may be deleted from the list of people entering the store. In this case, as shown in FIG. 26, a signage 21 is installed at the exit of the store. When the member detection unit 302 of the signage 21 acquires the member ID from the user's terminal 40 through near field communication, it determines that the user has left the store. The member detection unit 302 transmits a “member exit notification” including the acquired member ID to the authentication terminal 30. The authentication terminal 30 that has received the member exit notification deletes the entry in the store entry list that corresponds to the member ID written in the notification.

When the signage 21 is installed as shown in FIG. 26, for example, the store server 50 can accurately grasp the situation inside the store. More specifically, in the configuration shown in FIG. 26, the signage 20 installed at the entrance transmits a member entry notification to the store server 50. On the other hand, the signage 21 installed at the exit transmits a member exit notification to the store server 50. The store visitor list management unit 602 of the store server 50 can accurately grasp the users staying at the store based on the two notifications.

Furthermore, by using the authentication request from the authentication terminal 30, the store server 50 can also determine whether a user has consumed in the store or a user has not consumed. Specifically, the store server 50 stores information about users who are the target of the authentication request who have engaged in consumption behavior, and who are not the target of the authentication request and who have left the store (users with the member ID included in the member exit notification). ) can be judged as users who are not engaged in consumption behavior. Alternatively, the store server 50 may identify a user whose member ID has been deleted as a user who has not engaged in consumption behavior after a predetermined period of time has elapsed.

The store server 50 may calculate the opportunity loss rate using the determined user type (a user who has engaged in consumption behavior, a user who has not engaged in consumption behavior). In this case, the store server 50 includes an analysis section 605, as shown in FIG. The analysis unit 605 is a means for calculating various indicators and the like by analyzing the store visitor list and the authentication request (or the result of authentication processing) from the authentication terminal 30. For example, the analysis unit 605 may calculate the ratio of users who did not engage in consumption behavior to the total number of people entering the store in a day. Specifically, the analysis unit 605 calculates the ratio of the number of users who do not engage in consumption behavior to the number of visitors to the store (number of people entering the store) as an "opportunity loss rate." The analysis unit 605 of the store server 50 calculates the percentage of users whose biometric authentication results were not successful among the users who entered the store as an opportunity loss rate. In this manner, the store server 50 calculates the number of visitors whose biometric authentication results were not successful with respect to the number of visitors who stayed in a predetermined area during a predetermined period as an opportunity loss rate. For example, if the number of users who visited the store in one day (total number of visitors) is 100, and the number of users who did not succeed in biometric authentication (number of users who did not engage in consumption behavior) was 30, it would be an opportunity loss. The rate is calculated to be 30%. The analysis unit 605 presents the calculated opportunity loss rate to the store operator or the like. For example, the analysis unit 605 presents the opportunity loss rate per day as shown in FIG. 28 to the store operator or the like.

Additionally, the store server 50 may calculate the opportunity loss rate for each user attribute (eg, gender, age). In this case, the analysis unit 605 transmits the member ID of the user who has entered the store to the server device 10, and obtains personal information (gender, age, etc.) of the user corresponding to the member ID. The analysis unit 605 can calculate the opportunity loss rate for each age group and the opportunity loss rate for each gender by associating and managing the acquired personal information (attribute information; gender, age) and member ID. In this way, the store server 50 may calculate the opportunity loss rate for each attribute information that can be derived from the user's member ID (see FIG. 29). Note that, in FIG. 29, the opportunity loss rate by age group is shown. In addition to the gender and age mentioned above, various attributes of the user can be considered when calculating the opportunity loss rate. For example, the store server 50 may calculate the opportunity loss rate for each membership grade and product purchase amount within a predetermined period (for example, one week, one month).

Note that the calculation of the opportunity loss rate and the calculation of the opportunity loss rate for each attribute may be performed by the server device 10. In this way, the authentication system disclosed herein may calculate the store usage rate (opportunity loss rate) of the user and provide information useful to the service provider.

The server device 10 and the store server 50 can calculate the user's flow line by managing the performance (history) of the authentication terminal 30 that successfully communicated with the user's terminal 40 by short-range wireless communication. In order to calculate the user's flow line, each of the authentication terminals 30 needs to be compatible with short-range wireless communication. When the authentication terminal 30 detects a user by short-range wireless communication, the authentication terminal 30 transmits the member ID acquired from the user's terminal 40 to the store server 50.

The store visitor list management section 602 of the store server 50 manages the authentication terminals 30, which are the transmission sources of member IDs, in chronological order. For example, the store server 50 maintains a list of people entering the store as shown in FIG. The store visitor list management unit 602 adds the terminal ID of the authentication terminal 30 that is the transmission source of the member ID to the flow line field. In addition, in FIG. 30, for ease of understanding, the reference numeral of the authentication terminal 30 is shown as a terminal ID. Referring to FIG. 30, since the user listed second in the store entry list has member IDs acquired in the order of authentication terminals 30-1, 30-2, 30-5, and 30-6, It can be seen that the customer does not go to the back of the store layout shown in Figure 3, but instead goes through the middle aisle toward the entrance. In this way, by placing multiple authentication terminals 30 (edge devices) that support short-range wireless communication in the store, it is possible to identify the route (golden route) and display shelves that contribute most to purchases, and to make it difficult for users to approach. I can pinpoint the location. By analyzing such results, service providers that operate stores can review their store layouts.

Note that when providing information regarding the flow line to the service provider, the store server 50 includes a flow line information providing unit 606, as shown in FIG. The flow line information providing unit 606 reads the flow line from the flow line field of the store visitor list and provides the flow line in response to a request from the administrator of the service provider or the like. More specifically, the flow line information providing unit 606 totals the number of each route (flow line) and presents the results. In the example in Figure 30, the number of clockwise flow lines that go through the center aisle (corresponding to the second and third entries) is "2", and the number of flow lines that go through the upper aisle and reach the back (the first The results are presented such that the number of flow lines (the fourth entry) is "1" and the number of flow lines that reach the back through the lower passage (the fourth entry) is "1".

The server device 10 and the store server 50 may use user attribute information (personal information) when providing flow line information. For example, the flow line information providing unit 606 may calculate flow lines for each gender and age. In this case, the store server 50 acquires personal information (attribute information; age, gender, etc.) of the person entering the store from the server device 10. Utilizing the acquired personal information, the flow line information providing unit 606 may provide information on flow lines by gender (number of flow lines) and by age to the administrator. For example, the flow line information providing unit 606 presents information regarding flow lines for each attribute to a store operator or the like, as shown in FIG. 32. Note that the flow line ID shown in FIG. 32 is an ID for identifying the flow line that the user can take. For example, an ID such as "flow line 1" is assigned to a flow line that passes through reception terminal 30-1, reception terminal 30-2, and reception terminal 30-3.

Alternatively, the flow line information providing unit 606 may calculate the opportunity loss rate for each flow line. The flow line information providing unit 606 calculates the number of people entering the store for each flow line, and also calculates the number of people who have not been successfully authenticated for each flow line. The flow line information providing unit 606 calculates the opportunity loss rate by calculating the ratio of the number of people who are not successfully authenticated to the number of people entering the store. In this case, for example, the flow line information providing unit 606 presents information regarding the opportunity loss rate for each flow line to the store operator, as shown in FIG. 33.

For example, the flow line information providing unit 606 presents information to store operators etc. that women in their 20s to 30s often move on "flow line 1", but the opportunity loss rate is as high as "50%". can. Further, the flow line information providing unit 606 can propose that the opportunity loss rate may be reduced by changing the products placed on flow line 1 for women in their 20s to 30s. Alternatively, the flow line information providing unit 606 can present information such as that although there are few men in their 50s who move along "flow line 3", the opportunity loss rate is as low as "5%" to the store operator. Therefore, for example, the flow line information providing unit 606 suggests that while maintaining the products for men in their fifties in flow line 3, it would be better to replace the products for other generations.

In this way, the authentication system according to the present disclosure may provide a flow line analysis service. That is, each of the plurality of authentication terminals 30 installed in the store notifies the store server 50 of the member ID when acquiring the member ID from the terminal 40 owned by the user (the person staying at the store). The store server 50 calculates the visitor's flow line based on the notified member ID and the terminal ID of the authentication terminal 30 that is the source of the member ID. At this time, the store server 50 may calculate flow line information for each attribute of the user.

The server device 10 and the store server 50 may analyze the user's attribute information and purchase information. For example, the server device 10 may calculate best-selling products by gender or age as analysis results.

In this way, in the modified example disclosed in the present application, the member ID and attributes, movement line (travel route), time zone at the time of entering the store, presence or absence of member information, etc., of the member who was deleted after being unsuccessfully authenticated for a long time are analyzed. By doing so, useful information can be provided to store operators and the like.

In the above embodiment, it has been explained that the member ID is transmitted and received between each device. However, instead of the member ID, a terminal number may be transmitted and received between each device (signage 20, terminal 40, authentication terminal 30, server device 10). That is, the server device 10 may treat the terminal number as a member ID. In this case, the server device 10 may store the terminal number, biometric information, account information, etc. in association with each other.

Measures are taken in consideration of users who enter the store without a terminal 40 and users who have a terminal 40 that does not support near field communication (terminal 40 that does not have the near field communication function enabled). It's okay. For example, if biometric authentication fails, the authentication terminal 30 may display a GUI such as "It is possible that the member ID could not be obtained. Please enter the member ID and date of birth or phone number." (See Figure 34). That is, if it is not possible to narrow down the authentication targets based on the member ID (narrow down the entries in the database), password authentication may be performed instead of biometric authentication. Alternatively, a user who does not have the terminal 40 may report this to the store clerk (report forgetting the device) and, based on the clerk's instructions, create a member ID and password (similar to a password such as date of birth, telephone number, etc.). information) may be input to the server device 10.

Alternatively, the signage 20 may detect surrounding users using a human sensor or the like. If the signage 20 is unable to receive a response to the member ID transmission request despite being able to detect the user using the human sensor, the signage 20 enables the short-range wireless communication function of the terminal 40 for the user. You may also encourage them to do so. That is, if the short-range wireless communication function (for example, Bluetooth (registered trademark)) is turned off even when approaching a predetermined area (inside the store), the short-range wireless communication function of the user's terminal 40 may be enabled. A prompting message may be output. Alternatively, the signage 20 may display on its own device a message urging the user to enable the short-range wireless communication.

In the above embodiment, a video rental store was used as an example of the service provider. However, it goes without saying that the authentication system disclosed herein can also be applied to other industries. For example, the present disclosure can also be applied to the accommodation industry. In this case, the hotel or the hotel grounds are set as the "predetermined area", and the authentication terminal 30 corresponds to a check-in terminal installed at a check-in counter or the like. Alternatively, a station or an airport may be set as the "predetermined area." In this case, a ticket inspection machine or a gate device corresponds to the authentication terminal 30. For example, a signage 20 may be installed near the entrance/exit of a station, and the signage 20 may acquire an ID from a passenger's terminal 40. Alternatively, an event venue such as a stadium (baseball field, soccer field), a building, or the like may be set as the "predetermined area." A signage 20 or a tablet with the same functions as the signage 20 is installed near the entrances and exits of the stadium or building, and the signage 20 or the like acquires the member ID of the visitor or the ID of the employee (employee number, etc.) from the terminal 40. It's okay. A list (a list of spectators near the event venue, a list of employees who are about to go to work) corresponding to the above store list may be generated using the ID acquired by the signage 20 or the like.

In the second embodiment, a case has been described in which biometric authentication is performed on the edge side (store side). In other words, a case has been described in which the server device 10 does not perform biometric authentication. However, even in the second embodiment, the server device 10 may perform biometric authentication. For example, the server device 10 according to the second embodiment may decide whether to perform biometric authentication depending on the service provider. For example, in FIG. 2, the server device 10 executes biometric authentication when receiving an authentication request from service provider A, and performs biometric authentication when receiving a member entry notification from service provider B. Service provider B may also be notified.

In the above embodiment, it has been explained that the signage 20 is installed near the entrance of the store. However, the signage 20 may be installed elsewhere in the store (for example, in the center of the store). The signage 20 may be installed near a place where visitors to the store pass through. Further, the number of signage 20 installed in a store is not limited to "1", and a plurality of signage 20 may be installed in a store.

In the embodiment described above, the signage 20 notifies the authentication terminal 30 of the member ID. However, the signage 20 may generate a list of people entering the store and distribute the list to the authentication terminal 30. That is, the signage 20 may update the store visitor list every time a user enters the store, and transmit the updated store visitor list to the authentication terminal 30.

In the above embodiment, the case where the signage 20 detects a member's entry into the store has been described. However, the detection of the member may be performed by other devices. For example, a surveillance camera installed near the entrance may be provided with a communication function (a communication function using short-range wireless communication), and the surveillance camera may notify the authentication terminal 30 of the member ID.

In the above embodiment, a case has been described in which the terminal 40 and the signage 20 transmit and receive the member ID using short-range wireless communication such as Bluetooth (registered trademark). However, the transmission and reception of the member ID may be performed by other methods. For example, the member ID may be transmitted and received using RFID (Radio Frequency Identification) technology, such as that used in transportation IC (Integrated Circuit) cards. Alternatively, the user may transmit the member ID to the store by having the signage 20 read a two-dimensional code or the like in which the member ID is encoded.

In the above embodiment, a case has been described in which the terminal 40 transmits the member ID to the signage 20 in response to a member ID transmission request. However, the terminal 40 may transmit the terminal ID to the signage 20 periodically or at a predetermined timing using short-range wireless communication. Specifically, the user starts the application installed on the terminal 40 (an application for transmitting the terminal ID and performing facial payment), sets the terminal ID to be sent periodically, and enters the store. good. In this way, the signage 20 can acquire the terminal ID through short-range wireless communication without transmitting a member ID transmission request.

In the above embodiment, a case has been described in which the member information database is configured inside the server device 10, but the database may be configured in an external database server or the like. That is, some functions of the server device 10 may be implemented in another server. More specifically, the system includes the "member detection section (member detection means)", "store visitor list management section (enterer list management means)", "authentication section (authentication means)", etc. explained above. It suffices if it is implemented in any device that is installed.

The server device 10 may confirm the user's identity when registering the user. Specifically, the server device 10 acquires the user's biometric information, personal information, etc., as well as an identification document (for example, a passport, driver's license, etc.) in which the biometric information is written. The server device 10 performs one-to-one verification using the biometric information of the identification document and the biometric information obtained from the user. The server device 10 may perform user registration when the verification is successful.

In the above embodiment, a case has been described in which feature amounts generated from facial images are stored in the member information database, but feature amounts may not be stored in the database. A facial image may be registered in the member information database instead of the feature amount, and the server device 10 may generate the feature amount from the registered facial image every time it processes an authentication request.

Although the form of data transmission and reception between each device (server device 10, signage 20, authentication terminal 30, store server 50) is not particularly limited, data transmitted and received between these devices may be encrypted. Biometric information and the like are transmitted and received between these devices, and in order to appropriately protect this information, it is desirable that encrypted data be transmitted and received.

In the flowchart (flowchart, sequence diagram) used in the above description, a plurality of steps (processes) are described in order, but the order in which the steps are executed in the embodiment is not limited to the order in which they are described. In the embodiment, the order of the illustrated steps can be changed within a range that does not affect the content, such as executing each process in parallel, for example.

The above embodiments have been described in detail to facilitate understanding of the present disclosure, and it is not intended that all the configurations described above are necessary. Further, when a plurality of embodiments are described, each embodiment may be used alone or in combination. For example, it is also possible to replace a part of the configuration of the embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of the embodiment. Furthermore, it is possible to add, delete, or replace some of the configurations of the embodiments with other configurations.

The industrial applicability of the present invention is clear from the above description, and the present invention is suitably applicable to an authentication system for authenticating users who have registered as members.

Part or all of the above embodiments may be described as in the following additional notes, but are not limited to the following.
[Additional note 1]
a server device that stores IDs and biometric information of each of a plurality of users in association with each other;
at least one or more authentication terminals,
including;
The at least one authentication terminal maintains an ID list that stores the IDs of at least one visitor staying in a predetermined area, and when authentication of the person to be authenticated is required, the authentication terminal stores the biometric information of the person to be authenticated. transmitting an authentication request including the ID list to the server device;
The server device extracts an ID included in the ID list from the IDs of each of the plurality of users, and performs biometric authentication using biometric information corresponding to the extracted ID and biometric information included in the authentication request. Run, system.
[Additional note 2]
When the biometric authentication is successful, the server device notifies the authentication terminal that is the source of the authentication request of the ID of the person who has succeeded in authentication,
The system according to supplementary note 1, wherein the authentication terminal provides a service to the successful authentication person using the ID of the successful authentication person.
[Additional note 3]
further comprising a device that acquires the ID of the at least one resident from a terminal owned by the at least one resident;
The device notifies the at least one authentication terminal of the acquired ID,
The system according to appendix 1 or 2, wherein the authentication terminal stores the notified ID in the ID list.
[Additional note 4]
The system according to appendix 3, wherein the device acquires the ID of the at least one visitor by communicating with the terminal via near field communication.
[Additional note 5]
The system according to appendix 3 or 4, wherein the device notifies each of the plurality of authentication terminals installed in the predetermined area of the ID of the at least one visitor.
[Additional note 6]
The system according to appendix 1 or 2, wherein the at least one authentication terminal acquires the ID of the at least one visitor by communicating with the terminal by short-range wireless communication.
[Additional note 7]
The server device stores the ID, biometric information, and privilege information of each of the plurality of users in association with each other, and when the biometric authentication is successful, the server device stores the ID of the successful authentication person and the privilege information as the sender of the authentication request. notifying the authentication terminal that is
The system according to appendix 2, wherein the authentication terminal inquires of the successful authentication person whether or not the notified benefit information needs to be applied.
[Additional note 8]
a first server device that stores IDs and biometric information of each of the plurality of users in association with each other;
a device that notifies the first server device of an ID of a visitor staying in a predetermined area;
at least one or more authentication terminals,
including;
The first server device notifies the at least one authentication terminal of biometric information corresponding to the notified ID among the IDs of the plurality of users;
The at least one authentication terminal stores the notified biometric information in a biometric information list, and when it becomes necessary to authenticate the person to be authenticated, the at least one authentication terminal stores the biometric information of the person to be authenticated and the biometric information stored in the biometric information list. A system that performs biometric authentication using information.
[Additional note 9]
The first server device notifies the at least one authentication terminal of the ID notified from the device along with biometric information corresponding to the notified ID;
The system according to appendix 8, wherein the at least one authentication terminal stores the notified ID and biometric information in the biometric information list.
[Additional note 10]
further comprising a second server device that receives the biometric information from the first server device in place of the at least one authentication terminal;
The at least one authentication terminal transmits an authentication request including biometric information of the person to be authenticated to the second server device,
The system according to appendix 8 or 9, wherein the second server device executes biometric authentication using biometric information received from the first server device and biometric information included in the authentication request.
[Additional note 11]
The system according to appendix 10, wherein the second server device calculates, as an opportunity loss rate, the number of visitors for whom the biometric authentication result was not successful with respect to the number of visitors who stayed in the predetermined area during a predetermined period. .
[Additional note 12]
Upon acquiring the ID of the resident, the authentication terminal notifies the second server device of the acquired ID;
The system according to appendix 10, wherein the second server device calculates the flow line of the visitor based on the terminal ID of the sender of the notified ID.
[Additional note 13]
a storage unit that stores IDs and biometric information of each of the plurality of users in association with each other;
a receiving unit that receives an authentication request including biometric information of a person to be authenticated and the ID list from an authentication terminal that holds an ID list storing IDs of at least one person staying in a predetermined area;
an authentication unit that extracts an ID included in the ID list from the IDs of each of the plurality of users and executes biometric authentication using biometric information corresponding to the extracted ID and biometric information included in the authentication request; and,
A server device comprising:
[Additional note 14]
In a server device that stores IDs and biometric information of each of a plurality of users in association with each other,
receiving an authentication request including biometric information of a person to be authenticated and the ID list from an authentication terminal holding an ID list storing IDs of at least one person staying in a predetermined area;
Extracting IDs included in the ID list from the IDs of each of the plurality of users,
An authentication method that performs biometric authentication using biometric information corresponding to the extracted ID and biometric information included in the authentication request.
[Additional note 15]
A computer installed in a server device stores IDs and biometric information of multiple users in association with each other.
A process of receiving an authentication request including biometric information of a person to be authenticated and the ID list from an authentication terminal that holds an ID list storing IDs of at least one person staying in a predetermined area;
a process of extracting IDs included in the ID list from the IDs of each of the plurality of users;
a process of performing biometric authentication using biometric information corresponding to the extracted ID and biometric information included in the authentication request;
A computer-readable storage medium that stores a program for executing.

In addition, each disclosure of the cited prior art documents mentioned above shall be incorporated into this document by reference. Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments. It will be understood by those skilled in the art that these embodiments are illustrative only and that various modifications can be made without departing from the scope and spirit of the invention. That is, it goes without saying that the present invention includes the entire disclosure including the claims and various modifications and modifications that can be made by those skilled in the art in accordance with the technical idea.

10 Server device 20 Signage 21 Signage 30 Authentication terminal 30-1 Authentication terminal 30-2 Authentication terminal 30-3 Authentication terminal 30-4 Authentication terminal 30-5 Authentication terminal 30-6 Authentication terminal 40 Terminal 50 Store server 101 Server device 102 Authentication Terminal 201 Communication control section 202 User registration section 203 Authentication section 204 Payment section 205 Storage section 206 Biometric information notification section 301 Communication control section 302 Member detection section 303 Message output section 304 Storage section 311 Processor 312 Memory 313 Input/output interface 314 Communication interface 401 Communication control section 402 Store visitor list management section 403 Biometric information acquisition section 404 Authentication request section 405 Payment request section 406 Storage section 407 Member detection section 408 Authentication section 501 Communication control section 502 User registration request section 503 Member ID transmission section 504 Storage unit 601 Communication control unit 602 Store visitor list management unit 603 Authentication unit 604 Storage unit 605 Analysis unit 606 Flow line information provision unit

Claims (4)

an acquisition unit that acquires IDs of each of the plurality of stayers from each of a plurality of terminals owned by the plurality of stayers staying in a predetermined area;
a biometric information acquisition unit that obtains biometric information of the person to be authenticated;
an authentication request unit that transmits an authentication request including biometric information of the person to be authenticated and IDs of each of the plurality of residents to a server device that stores the IDs and biometric information of each of the plurality of users in association with each other;
An authentication terminal equipped with The authentication terminal according to claim 1, wherein the authentication request unit transmits the authentication request to the server device in response to acquisition of biometric information of the person to be authenticated. The computer is
Obtaining the IDs of each of the plurality of stayers from each of the plurality of terminals owned by the plurality of stayers staying in a predetermined area,
Obtain biometric information of the person to be authenticated,
A method for controlling an authentication terminal, comprising transmitting an authentication request including biometric information of the person to be authenticated and IDs of each of the plurality of visitors to a server device that stores the IDs and biometric information of each of the plurality of users in association with each other. . On the computer installed in the authentication terminal,
A process of acquiring IDs of each of the plurality of stayers from each of a plurality of terminals owned by the plurality of stayers staying in a predetermined area;
A process of acquiring biometric information of a person to be authenticated;
a process of transmitting an authentication request including biometric information of the person to be authenticated and IDs of each of the plurality of residents to a server device that stores the IDs and biometric information of each of the plurality of users in association with each other;
A program to run.

Images