JPH1069463A - Personal identification confirmation system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To confirm a qualified person himself truly capable of utilizing a credit under high security and to cut the illegal utilization by a third person. SOLUTION: The retina patterns PatA, PatB... of respective credit members A, B... are registered in the file F of a management company H along with identifiers IDA, IDB... recorded on a card CD. At the utilization of the credit, a user makes the retina pattern be read from a reader 20 at a member shop R and receives collation with a registered pattern. When the inputted pattern matches with the already registered pattern corresponding to the identifier read from the card CD, personal identification is confirmed and the credit is not admitted as illegal utilization in the other case.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION The present invention relates to a method for confirming the identity of a qualifying person when a certain qualification such as membership is required when using a service such as the use of a credit card or electronic money. The present invention relates to an identity verification system capable of effectively cutting off unauthorized use by a user.

[0002]

2. Description of the Related Art Conventionally, a credit card user has been able to make purchases and receive loans within a certain limit by presenting his / her card to a member store or the like and signing it. .

[0003]

However, if the card is genuine, there is a problem that the card can be used even if it is not the person himself, and there is a problem that members who use the card without permission due to loss or theft may be damaged. Further, if the card is forged and the card checker is cleared, there is a problem that the use of an illegal person is allowed as it is, and there is also a problem that a credit card company or the like is damaged by a fictitious name card.

As a preventive measure, there is a proposal to put a photograph of the person's face on the card at the time of joining, updating, etc. However, there is a feeling of resistance to taking a picture or always attaching a photograph of oneself to the card. There are concerns that the number of people is small and that the owner of the photo can quickly identify who the owner is and to promote abuse aimed at that person.

It has also been proposed that, apart from a credit card, fingerprint information is digitized and recorded on a personal identification LSI card, and this LSI card is compared with a personal finger when using a service. However, if the card is always 2
Forgery in that it is complicated to operate with carrying a single card, and even if the credit card and the LSI card are integrated into one, the personal information is always attached to the card that contacts the outside at the end of the user at all times. The concerns of the above cannot be dispelled, and the pretend play with the counterfeiters is inevitable, and there is a fatal drawback that security cannot be guaranteed.

[0006] The main object of the present invention is to confirm that a person who can truly use a service can be confirmed under high security, and that a loss of property due to unauthorized use by a third party can be prevented beforehand. The point is to provide a confirmation system.

[0007]

According to the first aspect of the present invention,
In order to achieve the above-mentioned main purpose, as shown in FIGS. 1 to 7, a service user intervenes between a provider S providing a service to a qualified person and a user R using the service, and An identity verification system for confirming whether or not a person is an individual, comprising a person's physical personal information PatA, PatB,.
.. together with identifiers IDA, IDB,.
Personal information registering means 1 to be registered above, collating means 2 for comparing physical personal information entered by a person who declares being a qualified person and using a service with registered personal information, physical information of the entered user A configuration is provided in which the result output means 3 is provided which outputs a distinction output for discriminating between the case where the personal information and the registered personal information of the qualified person corresponding to the declaration match to confirm the qualified person and the other cases.

[0008] Here, the physical personal information is a blood vessel pattern (retinal pattern) of the retina, which is the innermost layer of the eyeball of the human eye.
In addition to eyeball information such as an iris pattern and the like, the concept includes all unique information such as fingerprints that vary depending on individuals. Identifier ID
A, IDB ... are physical personal information Pa to be registered in large numbers.
tA, PatB... are distinguished from each other, and are composed of several digits, characters, symbols, combinations thereof, etc., and include passwords, personal identification numbers, ID numbers, names, birth dates, and general subscriptions. It is a concept including a telephone number, a mobile phone number, a credit card number, and the like. The declaration of being a qualified person at the time of using the service can be made by presenting a credit card, reading a subsequent card, or using a keyboard K
This concept includes actions such as manually inputting a password from B or TK, filling in necessary items in application documents, and reporting oral statements such as membership numbers and names.

[0010] The invention according to claim 2 is to eliminate the use of services by those who cannot confirm their identity more clearly.
As shown in 2, 4, and 5, the result output means 3 is the inadequately-confirmed-user rejection means 31 that issues a service rejection output when the qualified person cannot be confirmed. As shown in the figure, the rejection means 31 includes a service providing side S,
In the information transmission path including the user R and the line L connecting the two, the access signal in the transaction normally exchanged between the user R and the provider S is automatically turned off or not accepted. A printer P or Pr installed at any part (for example, the user side R) of the information transmission path,
The output means such as the display D, the lamp E, and the buzzer may output a use rejection signal.

[0010] The invention according to claim 3 is the service using side R
It is necessary to judge to some extent whether or not the store is eligible for use, but in order to simplify the system configuration,
As shown in FIG. 7, the identifiers IDA, IDB,... Are information that can be recognized when using the service for declaring qualification, and the result output means 3 matches the input physical and personal information of the user. The identifier notifying unit 32 notifies the user R of the service of the identifier attached to the registered personal information. The identifiers IDA, IDB... Are not necessarily unique information of the credit card CD (however, also include those used for card information), for example, ID numbers,
It may be a name, date of birth, a general subscriber telephone number, a mobile phone number, or the like. Even if it is card information, surface record information such as a card number and a name (including those that are also internal record information) ), The concept includes internal record information that is exclusively recognized by the card reader CR or the like. However, from the viewpoint of the reliability of operation, it is particularly preferable to use the surface record information in order to speed up the determination at the card information and the member stores.

According to the invention described in claim 4, in order to shorten the search time of the registered personal information of the user at the time of using the service and to increase the efficiency at the time of using the service, as shown in FIGS. , Which are input together with physical personal information when using the service, are provided with a search means 4 for searching registered personal information PatA, PatB. Identifiers IDA, IDB
May be secret information such as a personal identification number of the card CD as long as the input is made by the user himself and the secret is kept.

According to a fifth aspect of the present invention, the service using side R
The invention according to claim 3, wherein the eligibility of the service is determined by the method described in claim 3, in order to maximize the efficiency in using the service, to cover the input error of the identifier, and to enhance the convenience of the authorized user. As shown in FIG. 7, identifiers IDA and ID which are input together with physical personal information when using the service
The registered personal information PatA, P to be collated by B ...
.., and recovery means 40 for collating the entered personal information with other registered personal information if the retrieved registered personal information does not match the entered personal information. It was configured.

According to the invention of claim 6, in order to increase the processing efficiency when registering personal information or using a service, FIG.
, Identifiers IDA, IDB,... Consist of card information recorded on a card CD, which is a service use credential. The card information may be either the surface recording information or the internal recording information. However, in order to facilitate the machine reading and improve the processing efficiency, the internal recording information (including the surface recording information at the same time) is used. Is preferred.

The invention according to claim 7 enables provision of various services in addition to identity verification.
As shown in the figure, physical personal information PatA, PatB ...
・ Private data PDA, PD corresponding to the registrant
B. Data access means 5 for accessing B ... is provided. Private data PDA, PDB
.. Includes a wide range of names, dates of birth, gender, addresses, telephone numbers, occupations, property information, etc., and also includes those that can be used as identifiers (such as names).

The invention according to claim 8 is shown in FIGS. 4 to 7 so that even if the person is a qualified person, a person with inferior property information is not permitted to use the actual service. So, private data PDA, PDB ...
Include the registrant's property information MDA, MDB,..., And have second result output means 6 for issuing a distinction output for discriminating the propriety of use of the service based on the record of the property information MDA, MDB,. It was configured. Property information MDA, MD
B... Include all information for evaluating the payment ability of the card CD, including the expiration date of the card CD, the loan limit, the deposit account / balance, the presence or absence of bankruptcy (so-called blacklist), and the like.

According to the ninth aspect of the present invention, the second result output means 6 uses the service when the property information is defective, as shown in FIGS. The property rejecting means 61 is a means for rejecting use of a property bad person, which outputs a rejection output. As shown in the figure, the property poor person use refusal means 61 also has a service providing side S, a use side R, and a line L connecting the both, as in the case of the above-described poorly-confirmed person use rejection means 31.
In the information transmission path including the above, in addition to automatically rejecting or not accepting the access signal in the transaction normally exchanged between the user side R and the provider side S, any part of the information transmission path It is also possible to output a use rejection signal to output means such as a printer P or Pr, a display D, a lamp E, and a buzzer installed at (for example, the use side R).

According to the tenth aspect of the present invention, it is necessary to judge to some extent whether or not a member is a bad property in a member store of the service using side R. However, in order to simplify the system configuration, it is shown in FIGS. As described above, the second result output means 6 provides the property information notifying means 62 for notifying the service use side R of the property information.
It was assumed that. It is preferable that the property information notified here is clear, such as a loan limit and the presence or absence of bankruptcy, in order to facilitate judgment at the member store or the like.

According to the eleventh aspect of the present invention, in order to improve the reliability and accuracy in registering and collating physical personal information, and to reduce the psychological resistance given to a person unlike a fingerprint, etc. As shown in 1 to 7, the physical personal information was eyeball information of a person. For example, in the case of a retinal pattern, the eyeball information is read using infrared rays or the like from the eyes of the retinal pattern readers 10 and 20 looking into the viewfinders 11 and 21.

[0019]

According to the first aspect of the present invention, FIGS.
As shown in FIG. 1, the person who intends to use the service firstly registers his / her physical personal information (P
atA) is registered in the management file F. A large number of registered physical personal information PatA, PatB... Are distinguished from each other by identifiers IDA, IDB.

When using services at each member store, etc.,
The matching means 2 checks the personal information input at the time of use with registered personal information. If there is no registered personal information that matches with the collation (it is said that it is a member, but the user is not actually a member, etc.), and there is registered personal information that matches the entered personal information, ,
In both the case where the registered personal information of the qualified person pertaining to the declaration is different (for example, it is said that the member is A but the user is actually another member B), the result output means 3 , The entered personal information matches the registered personal information of the qualifying person pertaining to the declaration and confirms the qualifying person. This is distinct from the legitimate case (when the user who says that he is A is really A). Will be done.

As a result, only a person who is confirmed to be a qualified person can use the service properly, and a non-registered person such as a non-member or an unfair person who is a member but falsely qualifies another person as his / her own. Use is excluded. In this system, since the physical personal information PatA, PatB... Of each person is managed inside the management file F without being opened to the end, there is no fear of forgery and the like, and high security is ensured. Can be secured.

According to the second aspect of the present invention, FIGS.
As shown in FIG. 5, when the qualified person cannot be confirmed, a use rejection output for directly rejecting the use of the service is issued from the inadequately-confirmed person use rejecting means 31, so that the use of the unqualified person is more clearly excluded. be able to.

According to the third aspect of the present invention, as shown in FIGS. 3, 6, and 7, the identifier (IDA or the like) assigned to the registered personal information that matches the input physical personal information of the user is an identifier. The notification means 32 notifies the service use side R. The service use side R can determine whether the service is qualified or not by judging the identity between the identifier recognizable with the use of the service and the notified identifier. Confirmation processing is somewhat required at member stores, etc.
The use of the service can be distinguished only by the notification of the above, and the system configuration can be simplified.

According to the fourth aspect of the present invention, FIGS.
As shown in FIGS. 6 and 7, when the service is used, by inputting an identifier (IDA or the like) in combination with physical personal information, it is possible to correspond to the identifier instead of collating with a large number of registered personal information one by one. It is sufficient to search for the registered personal information PatA in advance and to match the registered personal information with the input personal information, so that the processing time can be reduced.

According to the fifth aspect of the present invention, as shown in FIGS. 3, 6, and 7, the processing time can be reduced by the search means 4 in the same manner as described above. On the other hand, if the identifier (for example, IDA) to be used in combination with the service is shifted to another one (for example, IDB) due to a reading error or a manual input error, the registered personal information (Pat) retrieved by the retrieval unit 4 is retrieved.
The personal information (PatA) input as B) does not match.
However, subsequently, the input personal information (PatA) and other registered personal information (PatA, PatC...) Are collated by the recovery means 40, and the same collation processing as when there is no search by the identifier from the beginning is performed. Transfer automatically.

The person who can use the service normally can use his / her own registered personal information (PatA).
The corresponding identifier (IDA) is notified to the user of the service. This notified identifier (IDA)
Is different from the error identifier (IDB) input together,
The user of the service can confirm the legitimate identifier (IDA) which should have been originally declared by checking the card or the like, and thus can determine that the user is qualified to use the service.

Note that the identifier (for example, IDC, and thus the user is actually C) notified by the recovery means 40 is an identifier (IDA) originally intended to be declared by the user himself.
If it is different from the above, it is of course judged that the user is not qualified to use the service (C which is false as A but erroneously inputs the identifier as B). By the way, this person does not make an input error and the identifier of A (ID
Even if A) is entered, it is still determined that the user is not qualified to use the service as described in claim 1 (another member C impersonating member A).

In the invention according to claim 6, as shown in FIGS. 1 to 6, the identifiers IDA, IDB... Are card information recorded on the card CD. There is no need to input from the keyboard KB or TK, the processing efficiency can be improved, and the operation does not need to be memorized by the user, and the operation can be simplified.

According to the seventh aspect of the present invention, as shown in FIGS. 4 to 7, by accessing the private data PD by the data access means 5, management of the registrant's use status, notification of an event to the registrant, and the like are performed. Various services can be provided, and serviceability can be improved.

According to the invention of claim 8, as shown in FIGS. 4 to 7, even if a person who can confirm the identity of a qualified person can be determined to be a person with bad property information MDA, MDB,. On the other hand, the actual use of the service can be excluded by the second result output means 6, so that more appropriate operation can be ensured.

According to the ninth aspect of the present invention, as shown in FIGS. 4 and 5, when the property information is defective, a use rejection output for directly rejecting the use of the service is issued from the property bad person use rejection means 61. Therefore, troubles such as inability to pay can be more clearly eliminated.

According to the tenth aspect, as shown in FIGS. 6 and 7, property information (MDA or the like) is notified to the service use side R by the property information notifying means 62. The service use side R can determine the ability to pay based on the notified property information, and even a person who is confirmed as a qualified person may actually permit the person to use the service. Can be distinguished. Although confirmation processing at a member store or the like is required to some extent, it is possible to discriminate whether service is appropriate or not simply by notifying the property information MDA, thereby simplifying the system configuration.

In the eleventh aspect, as shown in FIGS. 1 to 7, the physical personal information PatA, PatB... Eyeball information such as a human retinal pattern varies greatly from person to person, and unlike fingerprints and the like, high-quality data can be captured from the viewfinders 11 and 21. For this reason, there are few mistakes, and it is possible to improve reliability and accuracy when capturing physical personal information. Moreover, unlike fingerprints and the like, there is almost no psychological resistance during registration and collation. In other words, fingerprints, etc., due to the fact that their traces are used in criminal investigations,
Traditionally, they have a feeling of resistance to being collected, but if it is eye information such as retinal patterns, it will not be attached anywhere, so it cannot be evidence of criminal investigation,
Conversely, there is almost no resistance to registering items.

[0034]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In FIG. 1, H is an identity verification organization such as an identity verification company (hereinafter referred to as a verification company H) which plays a central role in an identity verification system, and S is a service providing organization (hereinafter referred to as a credit card company). Credit company S), R is a plurality of service use organizations such as franchisees (hereinafter referred to as franchise R), and B is a plurality of registration organizations such as banks accepting card member registration (hereinafter bank B). . A host computer HC provided in the confirmation company H;
The computer SC, RC, and BC of the credit company S, the member store R, and the bank B are connected via a communication line L.

The bank B is provided with a retinal pattern reader 10 for reading retinal patterns PatA, PatB... As physical personal information. The registration is performed by the registration key 1 while the member looks into the finder 11 with one of the left and right eyes.
It is activated by pressing 2. Then, in the confirmation company H, the digital information of the read retinal pattern is stored in the management file F of the host computer HC by the personal information registration means 1 composed of software resources in cooperation with the retinal pattern reader 10 with the identifiers IDA, IDB,・
・ Registered with

The identifiers IDA, IDB,.
D is composed of card information such as a card number recorded in D, and the number is input from the control panel 14. When the card is issued on the same day at the bank B or when the card is updated and registered, the identifier can be automatically inputted by passing the card issued on the same day or the old card through the card reader CR.

By the way, the retinal pattern reader 1 of the bank B
0 can perform not only registration but also matching with a registered pattern. By pressing the matching key 13 while looking into the finder 11 with one eye, the corresponding registered pattern is extracted and displayed on the front display 15. The identifier (IDA or the like) of the registrant and the matching rate can be displayed.

The collation rate fluctuates every time collation occurs depending on the angle, posture, and the like of the eyes to look into. When the collation rate with the closest registered pattern is equal to or more than a certain reference value (for example, 70%), the collation rate is the same. It is determined that there is, and the identifier of the closest pattern is displayed together with the matching rate. If a matching rate equal to or higher than the reference value is not obtained, a comment indicating that there is no corresponding registration is displayed on the front display 15.

The member store R is provided with a handy reader 200 type retinal pattern reader 20. The clerk reads the card CD presented by the user from the card reader CR and makes a declaration of being a qualified person,
Have the user look into the finder 21 and press the collation switch 22. As a result, in the checking company H, the input retinal pattern and the registered pattern are collated one by one by the collation means 2 composed of software resources linked with the retinal pattern reader 20, and the collation rate becomes the reference value (70%). The above-mentioned closest pattern is selected, and an identifier (IDB or the like) corresponding to this pattern is extracted.

It should be noted that how to determine the reference value of the collation rate is as follows.
After all, it depends on how much the false positive rate is tolerated. 70%
If this is the case, the misrecognition rate falls within about 100,000 to 1,000,000 times, and there is no problem in practical use. Of course, a value higher or lower than this numerical value may be selected.

As described above, according to the above collation, if there is no corresponding pattern whose collation rate is equal to or more than the reference value (such as a non-member), and if there is a corresponding pattern, an identifier (IDB) corresponding to the pattern and a card CD If the identifier (for example, IDA) is different from the identifier (for example, the unauthorized member B uses the genuine card of another member A without permission or uses a forged card imitating the card of another member A), The rejection means 31 for use of the inadequately confirmed user constituting the result output means 3 as a software resource cuts off an access signal in a transaction normally exchanged between the member store R and the credit company S, and automatically eliminates unauthorized use. Like that.
At the same time, the member store R and the credit company S are notified of the refusal of use via the communication line L, and displayed on the display D, the printer P or Pr, the lamp E, and the like.

FIG. 2 shows a second embodiment, in which
.. Provided with search means 4 for previously searching for a registered pattern of the user by using the identifiers IDA, IDB,... Taken from the card reader CR at the time of using the service. A check is made to determine whether or not the matching rate is reached, so that the collation processing time can be reduced.

When a non-member or a fraudulent member uses a genuine card of another person without permission or illegally uses a forged card imitating another member's card, based on the input pattern and an identifier as card information of another person. The pattern does not match the searched pattern, and the matching rate is lower than the reference value.

In FIG. 2, the retinal pattern reader 20 of the member store R is of the same type as the retinal pattern reader 10 provided in the bank B, but as in FIG. It is good also as thing of. In FIG. 1, the retinal pattern reader 20 of the member store R may be of the same type as that of the bank B.
The reader 10 of the bank B may be of a handy reader type. Hereinafter, the same applies to FIG.

FIG. 3 shows a third embodiment, in which
The result output means 3 is used as an identifier notifying means 31, which notifies the member store R of an identifier (for example, IDA) attached to a registered pattern that matches the pattern input at the time of using the service, and displays the display D or the printer. P or P
r.

In addition to the search means 4 using the identifier, a recovery means 40 for comparing the input pattern with another registered pattern when the searched registered pattern does not match the inputted pattern is provided. While the processing time is shortened by the means 4, when there is an input error of the identifier, the error is covered by the recovery means 40 so that the convenience of the authorized user can be improved.

By the way, in the examples shown in FIGS. 1 to 3, the confirmation company H only confirms that the service user is a qualified person, and does not judge whether or not the service user is on a so-called blacklist. However, the elimination of such inferior members on property is left to the credit company S. The unique service provided by the checking company H is limited to only the identity verification, but there is an advantage that the management of the private data of the individual can be centrally maintained by the credit company S as it is.

4 to 6 correspond to FIGS. 1 to 3, respectively (FIGS. 4 and 1, FIGS. 5 and 2, FIGS. 6 and 3).
In addition to the basic specifications described above, the confirmation company H can also notify events and eliminate property-deficient persons. That is, a storage area for private data PDA, PDB... Is provided for each registrant in the management file F of the confirmation company H, and the name, date of birth, gender, address, telephone number, occupation, etc. Property information MDA, MDB such as expiration date, loan limit, deposit account / balance, bankruptcy status
... is recorded. The data is accessed by the data access means 5 which is the software resource of the confirmation company H, and the mail can be sent out. The second result output means 6 performs the second stage processing after the identity verification. From the viewpoint of the payment ability based on the record of the property information, it is determined whether or not the person actually provides the service.

In FIGS. 4 and 5, the second result output means 6 is replaced by a property bad person rejection means 61, which corresponds to one of expired card, exceeding the loan limit, insufficient balance, and bankruptcy. If the property information is inferior, a service use rejection output is issued in the information transmission path including the credit company S, the member store R, and the line L connecting the two, as in the case of the above-described deficient user use refusal means 31 described above. In this case, an access signal in a transaction which is usually exchanged is cut off.

In FIG. 6, the second result output means 6 is replaced by a property information notifying means 62, and the person who has been notified of this identifier (confirmed as a qualified person) together with the notification of the identifier. Inform the merchant R of the property information of the merchant R, including those who should not be confirmed as well as those who should not be confirmed). Display D and printer P
Alternatively, it is displayed on Pr.

FIG. 7 shows a seventh embodiment, which is a simple system that does not require the combined use with a card such as reading an identifier from a credit card CD when registering a retinal pattern.
D enables the registration of a retinal pattern, which is personal information, separately from the existence of D.

An identifier (for example, a 5-digit ID number, a name, and a date of birth) is input from the control panel 14 of each of the retinal pattern readers 10 and 20 of the bank B and the member store R, and the retinal pattern Pat is input from the finder 11.
A, PatB... Are read and registered in the management file F.

At the time of use at the member store R, an identifier (for example, name) output to the front display 15 or the printer P through collation accessed from the retinal pattern reader 20, and display and use of the card CD brought in. The identity of the applicant can be confirmed by visually checking the notation on the application form. In addition, it is possible to determine whether or not the bankruptcy is based on the property information notified at the same time.

In FIGS. 1 to 7, the retinal pattern reader 10 of the bank B may be installed in the credit company S, and the credit company S itself may register as a member. Further, the retinal pattern readers 10 and 20 of the bank B and the member store R may be directly connected to the host computer HC without going through the computers BC and RC provided in the respective institutions. Further, the property information notifying means 62 may be adopted as the second result output means 6 in FIGS.
7, the means for rejecting use of the inferior property 61 are output to the second result output means 6
May be adopted.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of a first embodiment of an identity verification system according to the present invention.

FIG. 2 is a configuration diagram of the second embodiment.

FIG. 3 is a configuration diagram of the third embodiment.

FIG. 4 is a configuration diagram of the fourth embodiment.

FIG. 5 is a configuration diagram of the fifth embodiment.

FIG. 6 is a configuration diagram of the sixth embodiment.

FIG. 7 is a configuration diagram of the seventh embodiment.

[Explanation of symbols]

 1; personal information registration means 2; verification means 3; result output means 31; deficient use of confirmation refusing means 32; identifier notification means 4; search means 40; recovery means 5; data access means 6; Means for refusing use of property bad person 62; Means for notifying property information

Claims (11)

. [Claims] Claims: 1. An identity verification system that intervenes between a provider that provides a service to a qualified person and a user that uses the service and checks whether or not the service user is a qualified person. Personal information registration means (1) for registering a person's physical personal information together with an identifier in a management file, physical personal information entered by a person who uses the service by declaring himself as a qualified person, and a registered individual A collation means (2) for collating the information with the user's physical personal information entered and the registered personal information of the qualifying person corresponding to the declaration match to confirm the qualifying person, and to distinguish the case other than this An identity verification system comprising a result output means (3) for generating a distinct output. 2. The identity verification system according to claim 1, wherein the result output means is a use failure rejection means for issuing a service use rejection output when the qualified person cannot be confirmed. 3. The identifier is information that can be recognized when using a service for declaring that the user is a qualified person, and the result output means (3) converts the registered personal information that matches the input physical personal information of the user. 2. The identity verification system according to claim 1, wherein the identification means is an identifier notifying means (32) for notifying an attached identifier to a service user. 4. The system according to claim 1, further comprising: a search unit configured to search for registered personal information to be compared with an identifier input together with physical personal information when using the service. Identity verification system. 5. A search means (4) for searching registered personal information to be collated with an identifier which is input together with physical personal information when using a service, wherein the searched registered personal information and the input personal information are matched. In the case of a mismatch, recovery means (4) for comparing the entered personal information with other registered personal information.
4. The identity verification system according to claim 3, further comprising (0). 6. The identity verification system according to claim 1, wherein the identifier comprises card information recorded on a card which is a service use certificate. 7. The identity verification system according to claim 1, further comprising data access means for accessing private data corresponding to a registrant of physical personal information. 8. The private data includes a registrant's property information, and further includes a second result output means (6) for issuing a distinction output for discriminating whether service use is appropriate based on the record of the property information. Identity verification system described. 9. The identity verification system according to claim 8, wherein the second result output means is a property bad person use rejection means for issuing a service use rejection output when the property information is defective. 10. A property information notifying means (6) for notifying property information to a user of the service.
9. The identity verification system according to claim 8, which is 2). 11. The personal identification system according to claim 1, wherein the physical personal information is eyeball information of a person.