WO2020136883A1 - Authentication system - Google Patents

Authentication system Download PDF

Info

Publication number
WO2020136883A1
WO2020136883A1 PCT/JP2018/048527 JP2018048527W WO2020136883A1 WO 2020136883 A1 WO2020136883 A1 WO 2020136883A1 JP 2018048527 W JP2018048527 W JP 2018048527W WO 2020136883 A1 WO2020136883 A1 WO 2020136883A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
terminal
biometric
biometric authentication
data
Prior art date
Application number
PCT/JP2018/048527
Other languages
French (fr)
Japanese (ja)
Inventor
貴 渡辺
康介 古賀
肇 松浦
Original Assignee
株式会社ジェーシービー
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社ジェーシービー filed Critical 株式会社ジェーシービー
Priority to TW107147850A priority Critical patent/TWI797227B/en
Priority to PCT/JP2018/048527 priority patent/WO2020136883A1/en
Priority to JP2020517399A priority patent/JP6924899B2/en
Publication of WO2020136883A1 publication Critical patent/WO2020136883A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T7/00Image analysis

Definitions

  • the present invention relates to an authentication system.
  • Patent Document 1 discloses a settlement authentication system for electronic commerce using biometrics.
  • the present invention has been made in view of such circumstances, and it is an object of the present invention to provide an authentication system for performing personal authentication by a simple procedure.
  • an authentication system including an authentication terminal and a biometric authentication server, wherein the authentication terminal includes a light source for authentication, an image acquisition unit, a biometric authentication data generation unit, and a data transmission unit,
  • the authentication light source irradiates a part of the human body of the terminal user with light including a wavelength in the visible light region
  • the image acquisition unit is irradiated from the authentication light source and in a part of the human body.
  • the data transmitting unit transmits the generated biometric authentication data to the biometric authentication server
  • the biometric authentication server includes a storage unit, an authentication unit, and a post-authentication processing unit, and the storage unit. Is stored in association with identification information for uniquely identifying a plurality of registered users, and the biometric authentication data of the plurality of registered users, the authentication unit, biometric authentication data transmitted from the data transmission unit.
  • the terminal user is authenticated whether or not it is a registered user, and the post-authentication processing unit, when the terminal user is authenticated as a registered user, a predetermined post-authentication processing.
  • An authentication system is provided.
  • the authentication data is generated based on the image acquired by the image acquisition unit of the authentication terminal, and the user inputs the user ID and the password in order to perform the personal authentication based on the authentication data.
  • the authentication procedure can be performed by a simple procedure.
  • a part of the human body is a palm
  • the biometric authentication data generation unit generates biometric authentication data by extracting a palm print shape and a vein shape of the palm from the acquired reflection image.
  • the system further comprises a payment system, wherein the data transmission unit transmits the product purchase data together with the biometric authentication data to the biometric authentication server, and the identification information is further associated with information regarding a payment means of a registered user.
  • the post-authentication processing unit transmits the product purchase data and information regarding payment means to the payment system.
  • the storage unit further stores predetermined information associated with the registered user as registration information, and the post-authentication processing unit stores at least one of an authentication result of the terminal user and registration information. Send to the authentication terminal.
  • it further comprises a registration information server for storing predetermined information associated with the registered user as registration information, the post-authentication processing unit, at least one of the authentication result and registration information of the terminal user. Send to the authentication terminal.
  • FIG. 6 is a diagram illustrating a flow of user registration processing in the authentication system 100.
  • FIG. 6 is a diagram illustrating a flow of payment processing in the authentication system 100.
  • FIG. 6 is a diagram illustrating an outline of an authentication system 200 according to the second embodiment.
  • FIG. 3 is a functional block diagram of the authentication system 200.
  • FIG. 6 is a diagram illustrating a flow of authentication processing in the authentication system 200.
  • FIG. 8A is a diagram illustrating an outline of an example of the authentication system 300 according to the third embodiment.
  • FIG. 8B is a diagram illustrating the outline of another example of the authentication system 300 according to the third embodiment. It is a functional block diagram of the authentication system 300.
  • FIG. 6 is a diagram illustrating a flow of authentication processing in the authentication system 300. It is a figure explaining an example of the flow of the attestation processing in a modification. It is a figure explaining the other example of the flow of the authentication processing in a modification.
  • the authentication system 100 is implemented as, for example, an authentication system that performs personal authentication and payment of a credit card.
  • the authentication system 100 includes an authentication terminal 10 included in a credit card member store, a biometric authentication server 20 included in a data center, and a credit card payment system 30 included in a payment operator.
  • a credit card user uses the authentication terminal 10 to take an image of the palm when purchasing a product at a member store.
  • the authentication terminal 10 generates biometric authentication data based on the captured image, and transmits the product purchase data (as an example, the payment amount) and the biometric authentication data to the biometric authentication server 20.
  • biometric authentication data and information about a payment method are registered in association with a member ID for uniquely identifying a registered user of a credit card. ..
  • the biometric authentication server 20 performs authentication based on the received authentication data whether or not the user is a registered user registered in advance as a member of the credit card.
  • the biometric authentication server 20 sends information about the payment method and the payment amount (hereinafter, also referred to as payment information) to the payment system 30.
  • payment information information about the payment method and the payment amount (hereinafter, also referred to as payment information)
  • the payment system 30 first, an authorization process is performed for the user based on the received payment information. If the authorization process is approved, the settlement process is started.
  • the user of the credit card simply takes an image of the palm without using the credit card and without inputting information such as the card number and the expiration date. It becomes possible to purchase goods.
  • a functional configuration for realizing the authentication system 100 and a flow of processing will be described.
  • the functional configuration of the authentication system 100 will be described with reference to FIG.
  • the authentication system 100 includes an authentication terminal 10, a biometric authentication server 20, and a payment system 30.
  • the technology for realizing the authentication terminal 10 is based on the technology disclosed in Japanese Patent No. 5509459, and therefore the present disclosure will only outline the content thereof.
  • the authentication terminal 10 includes an authentication light source 11, an image acquisition unit 13, a display unit 14, a biometric authentication data generation unit 15, and a data transmission unit 17.
  • the authentication light source 11 irradiates a part of the human body of the terminal user (the palm in the present embodiment) with light including a wavelength in the visible light region.
  • the image acquisition unit 13 acquires (that is, captures) a reflection image generated by the light emitted from the authentication light source 11 and reflected by a part of the human body of the terminal user.
  • the display unit 14 displays various kinds of information on a display included in the authentication terminal 10.
  • the biometric authentication data generation unit 15 extracts biometric data from the acquired reflection image by extracting the characteristic shape and the vein shape of a part of the human body.
  • the data transmission unit 17 transmits the generated biometric authentication data and the payment amount to the biometric authentication server 20.
  • the authentication terminal 10 captures a part of the human body of the terminal user with light including a wavelength in the visible light region and generates biometric authentication data. In this way, by using visible light, it becomes possible to easily realize by installing software on an existing smartphone, tablet, or the like.
  • the authentication terminal 10 may include a plurality of image acquisition units 13, but when extracting a characteristic shape and a vein shape of a part of the human body from a common human body region (for example, a palm print shape and a vein shape in the same palm). In the case of extracting), the authentication terminal 10 may include only one image acquisition unit 13. When the authentication terminal 10 includes only one image acquisition unit 13, a plurality of reflection images may be acquired and the characteristic shape and the vein shape in a part of the human body may be extracted from different reflection images. The feature shape and the vein shape in a part of the human body may be extracted from the reflection image of 1. When extracting the feature shape and the vein shape in a part of the human body from one reflection image, one reflection image may be obtained by combining a plurality of reflection images, or the original (that is, combining). It may be a reflection image.
  • the authentication light source 11 can be used even from the reflection image of the palm obtained by light in the visible light region including red light (light having a wavelength of 580 to 750 ⁇ m). Since the palm print shape and the vein shape can be extracted, with such a configuration, the palm print shape and the vein shape can be extracted even from a smartphone equipped with a camera and a flash in which an infrared filter is built.
  • the biometric authentication server 20 has an authentication unit 21, a storage unit 23, and a post-authentication processing unit 25.
  • the storage unit 23 stores a member ID as identification information for uniquely identifying a plurality of registered users and biometric data of the plurality of registered users in association with each other.
  • the storage unit 23 further stores the card number and the expiration date in association with the member ID as information about the payment means of the registered user.
  • the authentication unit 21 authenticates whether or not the terminal user is a registered user who is registered in advance as a member of the credit card, based on the biometric authentication data transmitted from the data transmission unit 17 of the authentication terminal 10.
  • the post-authentication processing unit 25 transmits the payment amount, the card number, and the expiration date to the payment system 30 when the terminal user is authenticated as a registered user (that is, when the authentication is successful).
  • the post-authentication processing unit 25 transmits the authentication result to the display unit 14 of the authentication terminal 10 when the terminal user is not authenticated as a registered user (that is, when the authentication fails).
  • the components described above may be realized by software (including a so-called application) that is appropriately installed in the authentication terminal 10 or the biometric authentication server 20, or may be realized by hardware.
  • software including a so-called application
  • various functions can be realized by the CPU executing a program forming the software.
  • the program may be stored in a storage device (including the storage unit 23 and indicates a memory, HDD, SSD, or the like) built in the authentication terminal 10 or the biometric authentication server 20, and is a computer-readable non-transitory recording medium. May be stored in.
  • a program stored in an external storage unit may be read and realized by so-called cloud computing.
  • cloud computing When it is realized by hardware, it can be realized by various circuits such as ASIC, FPGA, or DRP.
  • the payment system 30 performs an authorization process (a process of confirming the cardholder's available frame) based on the payment amount, the card number, and the expiration date received from the biometric authentication server 20.
  • an authorization process a process of confirming the cardholder's available frame
  • the settlement system 30 starts the settlement process.
  • step S101 the terminal user inputs information about the settlement such as the personal identification information, the card number, and the expiration date into the authentication terminal 10, and photographs the palm.
  • step S 102 the input information and the captured image of the palm are registered in the authentication terminal 10.
  • the authentication terminal 10 When the authentication terminal 10 acquires the information input by the terminal user and the captured image of the palm in step S103, the authentication terminal 10 transmits the personal identification information to the personal identification server 50 in step S104.
  • the personal identification server 50 confirms that the terminal user is the card member who is registered in advance based on the personal identification information received in steps S105 to S107, and sends the result to the authentication terminal 10.
  • the authentication terminal 10 When the authentication terminal 10 receives the personal identification result in step S108, the authentication terminal 10 generates biometric authentication data in step S109, and transmits the biometric authentication data to the biometric authentication server 20 in step S110.
  • the biometric authentication server 20 When the biometric authentication server 20 receives the biometric authentication data in step S111, the biometric authentication server 20 registers the biometric authentication data in the storage unit 23 in association with the identification information for uniquely identifying the registered user in step S112, and the registration result in step S113. Is transmitted to the authentication terminal 10.
  • the authentication terminal 10 Upon receiving the registration result in step S114, the authentication terminal 10 displays the registration result in step S115. The terminal user confirms the registration result in step S116.
  • step S121 the terminal user inputs the payment amount into the authentication terminal 10 and photographs the palm.
  • step S122 the input payment amount and the captured image of the palm are registered in the authentication terminal 10.
  • the authentication terminal 10 acquires the payment amount input by the terminal user and the captured image of the palm in step S123, and generates biometric authentication data in step S124.
  • the authentication terminal 10 transmits the biometric authentication data to the biometric authentication server 20 in step S125.
  • the biometric authentication server 20 receives the biometric authentication data in step S126, and in step S127 performs authentication processing as to whether or not the received biometric authentication data is registered in the storage unit 23.
  • the biometric authentication server 20 determines that the authentication has failed in step S128a and transmits the result to the authentication terminal 10.
  • the authentication terminal 10 When the authentication terminal 10 receives the authentication failure result in step S129, the authentication terminal 10 displays the authentication failure result in step S130. The terminal user confirms that the authentication has failed in step S131.
  • the biometric authentication server 20 transmits the payment information to the payment system 30 in step S128b.
  • the payment system 30 When the payment system 30 receives the payment information in step S132, the payment system 30 executes the authorization process in step S133, and transmits the authorization result to the authentication terminal 10 in step S134.
  • the authentication terminal 10 When the authentication terminal 10 receives the authorization result in step S135, the authentication terminal 10 displays the authorization result in step S136. The terminal user confirms the authorization result in step S137.
  • step S133 If the card payment is approved by the authorization process (step S133), the payment system 30 further starts the payment process in step S138.
  • the authentication system 100 includes the authentication terminal 10, the biometric authentication server 20, and the payment system 30.
  • the authentication terminal 10 irradiates a part of the human body with visible light to capture an image, and generates biometric authentication data based on the captured image.
  • the biometric authentication server 20 performs the terminal user authentication process based on only the biometric authentication data.
  • the payment system 30 performs credit card payment processing.
  • the terminal user can use the credit card without using the credit card and without inputting information about the payment method such as the card number and the personal identification information for identifying the person. Payment processing can be performed. Therefore, it is possible to perform personal authentication with a simple configuration.
  • Second Embodiment> (2.1. Overview of Authentication System 200) An outline of the authentication system 200 according to the second embodiment will be described with reference to FIG. In the following description, the same components as those in the first embodiment are designated by the same reference numerals, and the description will not be repeated.
  • the authentication system 200 is realized as an authentication system for managing entry/exit of a terminal user's work facility, for example.
  • the authentication system 200 includes an authentication terminal 10 provided in a work facility, a biometric authentication server 20 included in a data center, and a facility management server 60 for managing the work facility.
  • the facility management server 60 can lock and unlock the facility entrance.
  • the terminal user uses the authentication terminal 10 to take an image of the palm.
  • the authentication terminal 10 generates biometric authentication data based on the captured image and transmits the biometric authentication data to the biometric authentication server 20.
  • biometric authentication data is registered in association with identification information (an employee ID, for example) for uniquely identifying an employee of a work facility.
  • identification information an employee ID, for example
  • the biometric authentication server 20 authenticates whether the terminal user is a registered user registered in advance as an employee based on the received biometric authentication data.
  • the biometric authentication server 20 sends the authentication result to the authentication terminal 10.
  • the authentication terminal 10 that has received the authentication result transmits a key release instruction to the facility management server 60 when the terminal user is authenticated as a registered user.
  • the facility management server unlocks the facility entrance so that the terminal user can enter the facility.
  • the terminal user does not need to use an ID card or the like, and does not input information such as an employee ID or a password, and only enters the palm of the room to authenticate the room. It becomes possible to do.
  • an ID card or the like does not input information such as an employee ID or a password, and only enters the palm of the room to authenticate the room. It becomes possible to do.
  • a functional configuration for realizing the authentication system 200 and a flow of processing will be described.
  • the authentication system 200 includes an authentication terminal 10, a biometric authentication server 20, and a facility management server 60.
  • the authentication terminal 10 further includes a key release instruction unit 18 in addition to the above-mentioned configuration. Based on the authentication result received from the post-authentication processing unit 25 of the biometric authentication server 20, the key release instruction unit 18 instructs the facility management server 60 to unlock the key when the authentication of the biometric authentication server 20 is successful. To do.
  • the storage unit 23 stores employee IDs of a plurality of registered users and biometric authentication data in association with each other.
  • the authentication unit 21 authenticates whether the terminal user is a registered user, based on the biometric authentication data transmitted from the data transmission unit 17 of the authentication terminal 10.
  • the post-authentication processing unit 25 transmits the authentication result to the key release instruction unit 18 of the authentication terminal 10.
  • the flow of user authentication processing in the authentication system 200 will be described with reference to FIG. 7.
  • the terminal user photographs the palm using the authentication terminal 10 in step S201, and registers the photographed image in the authentication terminal 10 in step S202.
  • the authentication terminal 10 acquires the image taken by the terminal user in step S203, and generates biometric authentication data in step S204.
  • the authentication terminal 10 transmits the biometric authentication data to the biometric authentication server 20 in step S205.
  • the biometric authentication server 20 receives the biometric authentication data in step S206, and performs an authentication process as to whether the biometric authentication data received in step S207 is registered in the storage unit 23.
  • the biometric authentication server 20 transmits the authentication result to the authentication terminal 10 in step S208.
  • the authentication terminal 10 receives the authentication result in step S209.
  • the authentication terminal 10 displays that the authentication has failed in step S210a.
  • the terminal user confirms that the authentication has failed in step S140.
  • the authentication terminal 10 transmits a key release instruction to the facility management server 60 in step S210b.
  • the facility management server 60 receives the key release instruction in step S212, and unlocks the facility entrance in step S213.
  • the authentication system 200 includes the authentication terminal 10, the biometric authentication server 20, and the facility management server 60.
  • the authentication terminal 10 instructs the facility management server 60 to unlock.
  • the terminal user can authenticate the entry/exit only by photographing the palm without using an ID card or the like and without inputting information such as an employee ID or a password. it can. That is, it is possible to perform personal authentication with a simple configuration.
  • the authentication system 300 is realized, for example, as an authentication system that manages entrance at an event site or the like.
  • the authentication system 300 includes an authentication terminal 10 provided in an event venue, a biometric authentication server 20 included in a data center, and a registration information server 70 included in a ticket company.
  • the registration information server 70 information for uniquely identifying the ticket purchaser (address and name in the example shown in FIG. 8) and ticket information are registered.
  • the authentication terminal 10 When entering the venue, visitors to the event venue use the authentication terminal 10 to take an image of the palm.
  • the authentication terminal 10 generates biometric authentication data based on the captured image and transmits the biometric authentication data to the biometric authentication server 20.
  • biometric authentication data is registered in association with an address and a name for uniquely identifying a registered user registered in advance.
  • the biometric authentication server 20 authenticates whether the terminal user is a registered user based on the received biometric authentication data.
  • the biometric authentication server 20 transmits identification information for uniquely identifying the registered user to the registration information server 70 when the terminal user is authenticated as the registered user.
  • the registration information server 70 transmits the registration information associated with the received identification information (ticket information in this example) to the biometric authentication server 20.
  • the biometric authentication server 20 transmits the received ticket information to the authentication terminal 10. By displaying the ticket information received by the authentication terminal 10, the terminal user can enter the event site.
  • the authentication system 300 may be realized as an authentication system used when acquiring a medical examination result managed by a hospital.
  • the authentication system 300 includes an authentication terminal 10 owned by a terminal user, a biometric authentication server 20 included in a data center, and a registration information server 70 installed in a hospital.
  • the registration information server 70 identification information for uniquely identifying the health checker and the health check result are registered.
  • a person who confirms the result of the health examination takes an image of the palm using the authentication terminal 10.
  • the authentication terminal 10 generates biometric authentication data based on the captured image and transmits the biometric authentication data and the biometric authentication server 20.
  • the biometric authentication server 20 authenticates whether the terminal user is a registered user registered in advance in the authentication server based on the received biometric authentication data.
  • the identification information for uniquely identifying the registered user is transmitted to the registered information server 70.
  • the registration information server 70 transmits the registration information associated with the received identification information (in this example, the health check result) to the biometric authentication server 20.
  • the biometric authentication server 20 transmits the received health check result to the authentication terminal 10. By displaying the health check result received by the authentication terminal 10, the terminal user can confirm the content.
  • the terminal user does not need to use the information for identifying an individual or the history information such as the ticket purchase history or the medical examination consultation history, and only needs to photograph the palm. It becomes possible to obtain the necessary information.
  • the terminal user does not need to use the information for identifying an individual or the history information such as the ticket purchase history or the medical examination consultation history, and only needs to photograph the palm. It becomes possible to obtain the necessary information.
  • a functional configuration for realizing the authentication system 300 and a flow of processing will be described.
  • the functional configuration of the authentication system 300 will be described with reference to FIG. 9.
  • the authentication system 300 includes an authentication terminal 10, a biometric authentication server 20, and a registration information server 70. (3.2.1. Authentication terminal 10)
  • the display unit 14 included in the authentication terminal 10 displays the registration information received from the post-authentication processing unit 25 of the biometric authentication server 20.
  • the storage unit 23 included in the biometric authentication server 20 stores addresses and names as identification information for uniquely identifying a plurality of registered users and biometric data of the plurality of registered users in association with each other.
  • the authentication unit 21 authenticates whether the terminal user is a registered user, based on the biometric authentication data transmitted from the data transmission unit 17 of the authentication terminal 10.
  • the post-authentication processing unit 25 transmits the identification information stored in the storage unit 23 to the registration information server 70 when the authentication is successful.
  • the post-authentication processing unit 25 further transmits the registration information received from the registration information server 70 to the display unit 14 of the authentication terminal 10.
  • the registration information server 70 includes a storage unit 71 that stores identification information and registration information that is registered in advance.
  • the registration information server 70 transmits the registration information associated with the identification information received from the post-authentication processing unit 25 to the post-authentication processing unit 25.
  • the flow of user authentication processing in the authentication system 300 will be described with reference to FIG. 10.
  • the terminal user photographs the palm using the authentication terminal 10 in step S301, and registers the photographed image in the authentication terminal 10 in step S302.
  • the authentication terminal 10 acquires the image taken by the terminal user in step S303, and generates biometric authentication data in step S304.
  • the authentication terminal 10 transmits the biometric authentication data to the biometric authentication server 20 in step S305.
  • the biometric authentication server 20 receives the biometric authentication data in step S306 and performs an authentication process as to whether the biometric authentication data received in step S307 is registered in the storage unit 23. If the authentication process is successful, the biometric authentication server 20 transmits the identification number to the registration information server 70 in step S308. Note that when the authentication process fails, the process is the same as that of the first embodiment (steps S128a to S131 in FIG. 4), and thus the description thereof is omitted.
  • the registration information server 70 receives the identification number in step S309, and transmits the registration information registered in the storage unit 71 associated with the identification number received in step S310 to the biometric authentication server 20.
  • the biometric authentication server 20 receives the registration record information in step S311, and transmits the registration information to the authentication terminal 10 in step S312.
  • the authentication terminal 10 receives the registration information in step S313 and displays the registration information in step S314.
  • the terminal user confirms the registration information in step S315.
  • the authentication system 300 includes the authentication terminal 10, the biometric authentication server 20, and the registration information server 70.
  • the post-authentication processing unit 25 acquires registration information registered in advance in the registration information server 70 and sends it to the authentication terminal 10.
  • the terminal user can obtain the necessary information only by photographing the palm without using the information for identifying the individual or the history information such as the ticket purchase history and the medical examination history. It becomes possible to do. That is, it is possible to perform personal authentication with a simple configuration.
  • the identification information of the registered user is registered in advance in the personal identification server 80 used for the personal identification when performing the registration processing of the registered user, and the registered identification information is stored in advance. It is acquired and registered in the biometric authentication server 20.
  • the terminal user inputs the ID and password for verifying the identity into the authentication terminal 10.
  • the authentication terminal 10 transmits the ID and password to the identity verification server 80, and the identity verification server 80 verifies the identity of the terminal user.
  • the identity verification server 80 transmits the identification information associated with the terminal user to the authentication terminal 10.
  • the authentication terminal 10 transmits the acquired identification information to the biometric authentication server 20, and the biometric authentication server 20 performs the registration process using the identification information.
  • the terminal user can use the identification information registered in advance in the personal identification server 80 in the registration processing in the biometric authentication server 20, and thus saves the time and effort of inputting the information.
  • the convenience of the person is improved.
  • the identification information registered in the identity verification server 80 (that is, the identification information registered in the biometric authentication server 20) is used in accordance with the certainty. You can also set the possible authentication services. Table 1 shows that the higher the security level number, the higher the security requirement.
  • the employee ID (or telephone number) corresponding to level 2 is registered in the identity verification server 80
  • only the authentication service in room entry/exit management can be used.
  • the driver's license number corresponding to level 4 is registered in the identity verification server 80
  • the credit card number (or bank account number) corresponding to level 3 is registered in the identity verification server 80.
  • Can use all authentication services such as card payment (corresponding to the first embodiment), acquisition of registration information (corresponding to the third embodiment), and entry/exit management.
  • the security level, identification information, and available authentication service settings in Table 1 above are merely examples.
  • the security level may be set to a value other than 1 to 4.
  • the identification information may be any combination of the data in Table 1 above, or may be data not listed in Table 1.
  • a flow of user authentication processing in the authentication system 400 will be described with reference to FIGS. 11 and 12. Note that, when the authentication process by the biometric authentication server 20 fails, the process is the same as that of the first embodiment (steps S128a to S131 in FIG. 4), and thus the description thereof is omitted.
  • steps S401 to S406 the ID and password input by the terminal user are transmitted to the identity verification server 80, and identity verification processing is performed.
  • the identity verification server 80 transmits the identification information registered in the identity verification server 80 to the authentication terminal 10 in step S407a.
  • the authentication terminal 10 generates generation authentication data based on the palm image taken by the terminal user in steps S412 to S415.
  • the authentication terminal 10 transmits the identification information acquired from the identity verification server 80 and the biometric authentication data to the biometric authentication server 20 in step S416.
  • the biometric authentication server 20 receives the identification information and the biometric authentication data in step S417, and performs registration processing in step S418.
  • step S406 if the personal identification processing (step S406) fails, the personal identification server 80 transmits to the authentication terminal 10 that the personal identification failed in step S407a.
  • the authentication terminal 10 displays that the identity verification has failed in step S410.
  • the authentication system 400 in the modified example as shown in FIG. 12, even if the function of the authentication terminal 10 is realized by different applications for the application 10a for performing biometric authentication processing and the application 10b for performing identity verification processing. Good. With this configuration, it is possible to implement the authentication system 500 by diverting an existing application for performing identity verification processing.
  • the image acquisition unit 13 included in the authentication terminal 10 acquires the image of the palm as a part of the human body, but the embodiment is not limited to this example.
  • Iris, retina or ear image may be acquired.
  • the biometric authentication data generation unit 15 generates biometric authentication data based on the characteristic shape and vein shape of the face.
  • the authentication terminal 10 is provided in, for example, a credit card member store, but the present invention is not limited to this example.
  • an application for realizing the function of the authentication terminal 10 may be installed in a mobile terminal (a so-called smartphone or the like) of a credit card user. In such a case, for example, the present invention can be carried out even in online shopping at home.
  • the payment system 30 includes a credit card payment system provided by a payment operator as an example, but the payment system is not limited to this example.
  • the present invention can be applied to other payment cards such as a David card and a prepaid card instead of a credit card.
  • the terminal user authenticates himself using only biometric authentication data without inputting information for identifying an individual such as a member ID.
  • a part of the identification number or It may be configured to input all. In this case, it is possible to narrow down the collation target when performing collation with biometric information based on the input information, and it is possible to improve the accuracy and speed of authentication.
  • the personal identification server 80 transmits the personal identification result to the authentication terminal 10, but the present invention is not limited to this example.
  • the authentication terminal 10 transmits the personal identification data and the biometric authentication data to the personal identification server 80, and if the personal identification is successful, the personal identification server 80 transmits the biometric authentication data to the biometric authentication server 20. You may comprise.
  • the present invention can also be realized as a program that causes the authentication terminal 10 and the biometric authentication server 20 to function in order to realize the above system.
  • the present invention can be realized as a computer-readable non-transitory recording medium that stores the above program.
  • 10 authentication terminal, 10a, 10b: application, 11: light source for authentication, 13: image acquisition unit, 14: display unit, 15: biometric authentication data generation unit, 17: data transmission unit, 18: key release instruction unit, 20 : Biometric authentication server, 21: authentication unit, 23: storage unit, 25: post-authentication processing unit, 30: payment system, 50: identity verification server, 60: facility management server, 70: registration information server, 71: storage unit, 80: identity verification server, 100, 200, 300, 400: authentication system

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Collating Specific Patterns (AREA)
  • Lock And Its Accessories (AREA)

Abstract

This authentication system performs personal identification with a simple procedure. An authentication terminal includes: an authentication light source that projects, toward a body part of a terminal user, light including a wavelength in a visible light region; an image acquisition unit that acquires a reflection image generated by the light that was projected from the authentication light source and that was reflected by the body part; a biometric authentication data generation unit that generates biometric authentication data by extracting, from the acquired reflection image, a feature shape and a vein shape in the body part; and a data transmission unit that transmits the generated biometric authentication data to a biometric authentication server. The biometric authentication server includes: a storage unit that stores identification information for uniquely identifying a plurality of registered users in association with biometric authentication data of the plurality of registered users; an authentication unit that authenticates whether the terminal user is a registered user on the basis of the biometric authentication data transmitted from the data transmission unit; and a post-authentication processing unit that performs a predetermined post-authentication process if the terminal user was authenticated as a registered user.

Description

認証システムAuthentication system
 本発明は、認証システムに関する。 The present invention relates to an authentication system.
 近年、クレジットカードの決済や、ビルの入退室などにおける本人認証において、生体認証を用いる事例が増加している。生体認証を用いることにより、より確実に本人認証を行うことが可能となる。例えば、特許文献1には、生体認証を用いた電子商取引の決済認証システムが開示されている。 In recent years, biometric authentication is increasingly being used for credit card payments and personal authentication in entering and leaving a building. By using biometric authentication, it becomes possible to perform personal authentication more reliably. For example, Patent Document 1 discloses a settlement authentication system for electronic commerce using biometrics.
特許6159840号公報Japanese Patent No. 6159840
 しかし、上記特許文献1における技術では、ユーザーIDおよびパスワードでの認証をした後に、生体認証を行うため、利用者はユーザーIDおよびパスワードを入力する必要があり、認証の手続きが煩雑となっていた。 However, in the technique of the above-mentioned Patent Document 1, since biometric authentication is performed after authentication with a user ID and password, the user has to input the user ID and password, which makes the authentication procedure complicated. ..
 本発明は、このような事情を鑑みてなされたものであり、簡便な手続きで本人認証を行う認証システムを提供することである。 The present invention has been made in view of such circumstances, and it is an object of the present invention to provide an authentication system for performing personal authentication by a simple procedure.
 本発明によれば、認証端末と生体認証サーバを備える認証システムであって、前記認証端末は、認証用光源と、画像取得部と、生体認証データ生成部と、データ送信部を有し、前記認証用光源は、可視光領域での波長を含む光を端末利用者の人体の一部に向けて照射し、前記画像取得部は、前記認証用光源から照射され、かつ前記人体の一部において反射した光によって生成される反射画像を取得し、前記生体認証データ生成部は、取得された前記反射画像から、前記人体の一部における特徴形状と静脈形状をそれぞれ抽出して、生体認証データを生成し、前記データ送信部は、生成された前記生体認証データを前記生体認証サーバへ送信し、前記生体認証サーバは、記憶部と、認証部と、認証後処理部を有し、前記記憶部は、複数の登録ユーザーを一意に識別するための識別情報と、前記複数の登録ユーザーの生体認証データとを対応づけて記憶し、前記認証部は、前記データ送信部から送信された生体認証データに基づいて、前記端末利用者が登録ユーザーであるか否かを認証し、前記認証後処理部は、前記端末利用者が登録ユーザーであると認証された場合に、予め定められた認証後処理を行う、認証システムが提供される。 According to the present invention, there is provided an authentication system including an authentication terminal and a biometric authentication server, wherein the authentication terminal includes a light source for authentication, an image acquisition unit, a biometric authentication data generation unit, and a data transmission unit, The authentication light source irradiates a part of the human body of the terminal user with light including a wavelength in the visible light region, and the image acquisition unit is irradiated from the authentication light source and in a part of the human body. Acquiring a reflection image generated by the reflected light, the biometric authentication data generation unit, from the acquired reflection image, to extract the characteristic shape and vein shape in the part of the human body, respectively, biometric authentication data. And the data transmitting unit transmits the generated biometric authentication data to the biometric authentication server, and the biometric authentication server includes a storage unit, an authentication unit, and a post-authentication processing unit, and the storage unit. Is stored in association with identification information for uniquely identifying a plurality of registered users, and the biometric authentication data of the plurality of registered users, the authentication unit, biometric authentication data transmitted from the data transmission unit. On the basis of the above, the terminal user is authenticated whether or not it is a registered user, and the post-authentication processing unit, when the terminal user is authenticated as a registered user, a predetermined post-authentication processing. An authentication system is provided.
 このような構成とすることにより、認証端末の画像取得部が取得した画像に基づいて認証データが生成され、当該認証データに基づいて本人認証を行うため、利用者がユーザーIDおよびパスワードを入力する必要がなく、簡便な手続きにより認証手続きを行うことが可能となる。 With such a configuration, the authentication data is generated based on the image acquired by the image acquisition unit of the authentication terminal, and the user inputs the user ID and the password in order to perform the personal authentication based on the authentication data. There is no need, and the authentication procedure can be performed by a simple procedure.
 以下、本発明の種々の実施形態を例示する。以下に示す実施形態は、互いに組み合わせ可能である。また、各特徴が独立に発明を構成する。 Hereinafter, various embodiments of the present invention will be exemplified. The embodiments described below can be combined with each other. Further, each feature independently constitutes an invention.
 好ましくは、前記人体の一部は掌であり、前記生体認証データ生成部は、取得された前記反射画像から、前記掌における掌紋形状と静脈形状をそれぞれ抽出して、生体認証データを生成する。
 好ましくは、決済システムをさらに備え、前記データ送信部は、前記生体認証データとともに商品購買データを前記生体認証サーバへ送信し、前記識別情報には、登録ユーザーの決済手段に関する情報がさらに紐付いており、前記認証後処理部は、前記商品購買データと決済手段に関する情報を前記決済システムへ送信する。
 好ましくは、前記記憶部は、さらに、前記登録ユーザーに紐づく予め定められた情報を登録情報として記憶し、前記認証後処理部は、当該端末利用者の認証結果および登録情報の少なくとも一方を前記認証端末へ送信する。
 好ましくは、前記登録ユーザーに紐づく予め定められた情報を登録情報として記憶するための登録情報サーバを更に備え、前記認証後処理部は、当該端末利用者の認証結果および登録情報の少なくとも一方を前記認証端末へ送信する。 Preferably, a part of the human body is a palm, and the biometric authentication data generation unit generates biometric authentication data by extracting a palm print shape and a vein shape of the palm from the acquired reflection image.
Preferably, the system further comprises a payment system, wherein the data transmission unit transmits the product purchase data together with the biometric authentication data to the biometric authentication server, and the identification information is further associated with information regarding a payment means of a registered user. The post-authentication processing unit transmits the product purchase data and information regarding payment means to the payment system.
Preferably, the storage unit further stores predetermined information associated with the registered user as registration information, and the post-authentication processing unit stores at least one of an authentication result of the terminal user and registration information. Send to the authentication terminal.
Preferably, it further comprises a registration information server for storing predetermined information associated with the registered user as registration information, the post-authentication processing unit, at least one of the authentication result and registration information of the terminal user. Send to the authentication terminal.
本発明の実施形態1に係る認証システム100の概要を説明する図である。It is a figure explaining the outline of the authentication system 100 which concerns on Embodiment 1 of this invention. 認証システム100の機能ブロック図である。3 is a functional block diagram of the authentication system 100. FIG. 認証システム100におけるユーザー登録処理の流れを説明する図である。6 is a diagram illustrating a flow of user registration processing in the authentication system 100. FIG. 認証システム100における決済処理の流れを説明する図である。6 is a diagram illustrating a flow of payment processing in the authentication system 100. FIG. 実施形態2に係る認証システム200の概要を説明する図である。6 is a diagram illustrating an outline of an authentication system 200 according to the second embodiment. FIG. 認証システム200の機能ブロック図である。3 is a functional block diagram of the authentication system 200. FIG. 認証システム200における認証処理の流れを説明する図である。FIG. 6 is a diagram illustrating a flow of authentication processing in the authentication system 200. 図8Aは、実施形態3に係る認証システム300の一例の概要を説明する図である。図8Bは、実施形態3に係る認証システム300の他の例の概要を説明する図である。FIG. 8A is a diagram illustrating an outline of an example of the authentication system 300 according to the third embodiment. FIG. 8B is a diagram illustrating the outline of another example of the authentication system 300 according to the third embodiment. 認証システム300の機能ブロック図である。It is a functional block diagram of the authentication system 300. 認証システム300における認証処理の流れを説明する図である。FIG. 6 is a diagram illustrating a flow of authentication processing in the authentication system 300. 変形例における認証処理の流れの一例を説明する図である。It is a figure explaining an example of the flow of the attestation processing in a modification. 変形例における認証処理の流れの他の例を説明する図である。It is a figure explaining the other example of the flow of the authentication processing in a modification.
<1.第1実施形態>
 (1.1.認証システム100の概要)
 図1を参照し、第1実施形態における認証システム100の概要を説明する。認証システム100は、一例として、クレジットカードの本人認証および決済を行う認証システムとして実現される。認証システム100は、クレジットカードの加盟店が備える認証端末10と、データセンタが備える生体認証サーバ20と、決済事業者が備えるクレジットカードの決済システム30とを備える。 <1. First Embodiment>
(1.1. Overview of authentication system 100)
An outline of the authentication system 100 according to the first embodiment will be described with reference to FIG. The authentication system 100 is implemented as, for example, an authentication system that performs personal authentication and payment of a credit card. The authentication system 100 includes an authentication terminal 10 included in a credit card member store, a biometric authentication server 20 included in a data center, and a credit card payment system 30 included in a payment operator.
 クレジットカードの利用者(特許請求の範囲における「端末利用者」に相当)は、加盟店において商品を購買する際、認証端末10を用いて掌の画像を撮影する。認証端末10は、撮影した画像をもとに生体認証データを生成し、商品購買データ(一例として、決済金額)と生体認証データとを生体認証サーバ20へ送信する。 A credit card user (corresponding to “terminal user” in the claims) uses the authentication terminal 10 to take an image of the palm when purchasing a product at a member store. The authentication terminal 10 generates biometric authentication data based on the captured image, and transmits the product purchase data (as an example, the payment amount) and the biometric authentication data to the biometric authentication server 20.
 生体認証サーバ20には、クレジットカードの登録ユーザーを一意に識別するための会員IDに紐づけて、生体認証データと決済手段に関する情報(一例として、カード番号および有効期限)とが登録されている。生体認証サーバ20は、受信した認証データに基づいて、当該利用者がクレジットカードの会員として予め登録された登録ユーザーであるか否かの認証を行う。 In the biometric authentication server 20, biometric authentication data and information about a payment method (as an example, a card number and an expiration date) are registered in association with a member ID for uniquely identifying a registered user of a credit card. .. The biometric authentication server 20 performs authentication based on the received authentication data whether or not the user is a registered user registered in advance as a member of the credit card.
 生体認証サーバ20は、当該端末利用者が登録ユーザーであると認証された場合に、決済手段に関する情報と決済金額(以下、決済情報ともいう)を決済システム30へ送信する。決済システム30では、まず、受信した決済情報に基づいて、当該利用者についてオーソリ処理を行う。オーソリ処理が承認された場合、決済処理が開始される。 When the terminal user is authenticated as a registered user, the biometric authentication server 20 sends information about the payment method and the payment amount (hereinafter, also referred to as payment information) to the payment system 30. In the payment system 30, first, an authorization process is performed for the user based on the received payment information. If the authorization process is approved, the settlement process is started.
 以上のように、本実施形態における認証システム100では、クレジットカードの利用者は、クレジットカードを用いることなく、また、カード番号、有効期限などの情報を入力することなく、掌を撮影するだけで商品を購買することが可能となる。以下、認証システム100を実現する機能構成および処理の流れを説明する。 As described above, in the authentication system 100 according to the present embodiment, the user of the credit card simply takes an image of the palm without using the credit card and without inputting information such as the card number and the expiration date. It becomes possible to purchase goods. Hereinafter, a functional configuration for realizing the authentication system 100 and a flow of processing will be described.
 (1.2.認証システム100の機能構成)
 図2を参照し、認証システム100の機能構成を説明する。認証システム100は、認証端末10と、生体認証サーバ20と、決済システム30とを備える。 (1.2. Functional configuration of authentication system 100)
The functional configuration of the authentication system 100 will be described with reference to FIG. The authentication system 100 includes an authentication terminal 10, a biometric authentication server 20, and a payment system 30.
 (1.2.1.認証端末10)
 認証端末10を実現するための技術は、特許5509459号公報に開示された技術に依拠しているため、本開示はその内容を概説するに留める。 (1.2.1. Authentication terminal 10)
The technology for realizing the authentication terminal 10 is based on the technology disclosed in Japanese Patent No. 5509459, and therefore the present disclosure will only outline the content thereof.
 認証端末10は、認証用光源11と、画像取得部13と、表示部14と、生体認証データ生成部15と、データ送信部17とを備える。認証用光源11は、可視光領域での波長を含む光を端末利用者の人体の一部(本実施形態では掌)に向けて照射する。 The authentication terminal 10 includes an authentication light source 11, an image acquisition unit 13, a display unit 14, a biometric authentication data generation unit 15, and a data transmission unit 17. The authentication light source 11 irradiates a part of the human body of the terminal user (the palm in the present embodiment) with light including a wavelength in the visible light region.
 画像取得部13は、認証用光源11から照射され、端末利用者の人体の一部において反射した光によって生成される反射画像を取得(すなわち撮影)する。表示部14は、各種情報を認証端末10が備えるディスプレイに表示する。生体認証データ生成部15は、取得された反射画像から、人体の一部における特徴形状と静脈形状をそれぞれ抽出して、生体認証データを生成する。データ送信部17は、生成された生体認証データと決済金額を生体認証サーバ20へ送信する。 The image acquisition unit 13 acquires (that is, captures) a reflection image generated by the light emitted from the authentication light source 11 and reflected by a part of the human body of the terminal user. The display unit 14 displays various kinds of information on a display included in the authentication terminal 10. The biometric authentication data generation unit 15 extracts biometric data from the acquired reflection image by extracting the characteristic shape and the vein shape of a part of the human body. The data transmission unit 17 transmits the generated biometric authentication data and the payment amount to the biometric authentication server 20.
 以上のように、認証端末10では、可視光領域での波長を含む光によって、端末利用者の人体の一部を撮影し、生体認証データを生成する。このように可視光による撮影とすることにより、既存のスマートフォンやタブレットなどにソフトウェアをインストールすることにより、容易に実現することが可能となる。 As described above, the authentication terminal 10 captures a part of the human body of the terminal user with light including a wavelength in the visible light region and generates biometric authentication data. In this way, by using visible light, it becomes possible to easily realize by installing software on an existing smartphone, tablet, or the like.
 認証端末10は、複数の画像取得部13を備えてもよいが、人体の一部における特徴形状と静脈形状とを互いに共通する人体領域から抽出する場合(例えば、同じ掌における掌紋形状と静脈形状を抽出する場合)は、認証端末10は、画像取得部13を1つだけ備えていてもよい。認証端末10が画像取得部13を1つだけ備える場合、複数枚の反射画像を取得して別々の反射画像から人体の一部における特徴形状と静脈形状をそれぞれ抽出してもよいが、1枚の反射画像から人体の一部における特徴形状と静脈形状を抽出してもよい。1枚の反射画像から人体の一部における特徴形状と静脈形状を抽出する場合、1枚の反射画像は、複数の反射画像を合成して取得してもよく、オリジナルの(すなわち、合成していない)反射画像であってもよい。 The authentication terminal 10 may include a plurality of image acquisition units 13, but when extracting a characteristic shape and a vein shape of a part of the human body from a common human body region (for example, a palm print shape and a vein shape in the same palm). In the case of extracting), the authentication terminal 10 may include only one image acquisition unit 13. When the authentication terminal 10 includes only one image acquisition unit 13, a plurality of reflection images may be acquired and the characteristic shape and the vein shape in a part of the human body may be extracted from different reflection images. The feature shape and the vein shape in a part of the human body may be extracted from the reflection image of 1. When extracting the feature shape and the vein shape in a part of the human body from one reflection image, one reflection image may be obtained by combining a plurality of reflection images, or the original (that is, combining). It may be a reflection image.
 また、上記反射画像から掌紋形状と静脈形状を抽出する場合、認証用光源11は、赤色光(580~750μmの波長の光)を含む可視光領域の光によって得られた掌の反射画像からでも掌紋形状と静脈形状を抽出することができるため、かかる構成であれば、赤外線フィルターが内蔵されているカメラとフラッシュを搭載するスマートフォンからでも、掌紋形状と静脈形状を抽出することができる。 Further, when extracting the palm print shape and the vein shape from the reflection image, the authentication light source 11 can be used even from the reflection image of the palm obtained by light in the visible light region including red light (light having a wavelength of 580 to 750 μm). Since the palm print shape and the vein shape can be extracted, with such a configuration, the palm print shape and the vein shape can be extracted even from a smartphone equipped with a camera and a flash in which an infrared filter is built.
 (1.2.2.生体認証サーバ20)
 生体認証サーバ20は、認証部21と、記憶部23と、認証後処理部25を有する。記憶部23は、複数の登録ユーザーを一意に識別するための識別情報としての会員IDと、複数の登録ユーザーの生体認証データとを対応づけて記憶している。記憶部23は、さらに、登録ユーザーの決済手段に関する情報として、カード番号および有効期限を、会員IDに紐づけて記憶している。 (1.2.2. biometric authentication server 20)
The biometric authentication server 20 has an authentication unit 21, a storage unit 23, and a post-authentication processing unit 25. The storage unit 23 stores a member ID as identification information for uniquely identifying a plurality of registered users and biometric data of the plurality of registered users in association with each other. The storage unit 23 further stores the card number and the expiration date in association with the member ID as information about the payment means of the registered user.
 認証部21は、認証端末10のデータ送信部17から送信された生体認証データに基づいて、端末利用者がクレジットカードの会員として予め登録された登録ユーザーであるか否かを認証する。認証後処理部25は、端末利用者が登録ユーザーであると認証された場合(すなわち、認証に成功した場合)に、決済金額、カード番号、有効期限を決済システム30へ送信する。また、認証後処理部25は、端末利用者が登録ユーザーであると認証されなかった場合(すなわち、認証に失敗した場合)に、認証結果を認証端末10の表示部14へ送信する。 The authentication unit 21 authenticates whether or not the terminal user is a registered user who is registered in advance as a member of the credit card, based on the biometric authentication data transmitted from the data transmission unit 17 of the authentication terminal 10. The post-authentication processing unit 25 transmits the payment amount, the card number, and the expiration date to the payment system 30 when the terminal user is authenticated as a registered user (that is, when the authentication is successful). In addition, the post-authentication processing unit 25 transmits the authentication result to the display unit 14 of the authentication terminal 10 when the terminal user is not authenticated as a registered user (that is, when the authentication fails).
 上述した構成要素は、認証端末10または生体認証サーバ20に適宜インストールされるソフトウェア(いわゆるアプリを含む)によって実現してもよく、ハードウェアによって実現してもよい。ソフトウェアによって実現する場合、CPUがソフトウェアを構成するプログラムを実行することによって各種機能を実現することができる。 The components described above may be realized by software (including a so-called application) that is appropriately installed in the authentication terminal 10 or the biometric authentication server 20, or may be realized by hardware. When realized by software, various functions can be realized by the CPU executing a program forming the software.
 プログラムは、認証端末10または生体認証サーバ20が内蔵する記憶装置(記憶部23を含み、メモリ、HDDまたはSSDなどを指す)に格納してもよく、コンピューターが読み取り可能な非一時的な記録媒体に格納してもよい。また、外部の記憶部に格納されたプログラムを読み出し、いわゆるクラウドコンピューティングにより実現してもよい。ハードウェアによって実現する場合、ASIC、FPGA、またはDRPなどの種々の回路によって実現することができる。 The program may be stored in a storage device (including the storage unit 23 and indicates a memory, HDD, SSD, or the like) built in the authentication terminal 10 or the biometric authentication server 20, and is a computer-readable non-transitory recording medium. May be stored in. Alternatively, a program stored in an external storage unit may be read and realized by so-called cloud computing. When it is realized by hardware, it can be realized by various circuits such as ASIC, FPGA, or DRP.
 (1.2.3.決済システム30)
 決済システム30は、生体認証サーバ20から受信した決済金額、カード番号、有効期限に基づいて、オーソリ処理(カード会員の利用可能枠の確認処理)を行う。オーソリ処理により当該決済が承認された場合、決済システム30は、決済処理を開始する。 (1.2.3. Payment system 30)
The payment system 30 performs an authorization process (a process of confirming the cardholder's available frame) based on the payment amount, the card number, and the expiration date received from the biometric authentication server 20. When the settlement is approved by the authorization process, the settlement system 30 starts the settlement process.
 (1.3.ユーザー登録処理の流れ)
 図3を参照し、認証システム100におけるユーザー登録処理を説明する。ステップS101において、端末利用者は、認証端末10に本人確認情報、カード番号、有効期限などの決済に関する情報を入力し、掌の撮影を行う。ステップS102において、入力した情報と撮影した掌の画像を認証端末10へ登録する。 (1.3. Flow of user registration process)
The user registration process in the authentication system 100 will be described with reference to FIG. In step S101, the terminal user inputs information about the settlement such as the personal identification information, the card number, and the expiration date into the authentication terminal 10, and photographs the palm. In step S 102, the input information and the captured image of the palm are registered in the authentication terminal 10.
 認証端末10は、ステップS103において端末利用者が入力した情報と撮影した掌の画像を取得すると、ステップS104において本人確認情報を本人確認サーバ50へ送信する。 When the authentication terminal 10 acquires the information input by the terminal user and the captured image of the palm in step S103, the authentication terminal 10 transmits the personal identification information to the personal identification server 50 in step S104.
 本人確認サーバ50は、ステップS105~ステップS107において受信した本人確認情報に基づいて、端末利用者が予め登録されているカード会員本人であることを確認し、その結果を認証端末10へ送信する。 The personal identification server 50 confirms that the terminal user is the card member who is registered in advance based on the personal identification information received in steps S105 to S107, and sends the result to the authentication terminal 10.
 このように、ユーザー登録処理において、本人確認サーバ50を用いて本人確認を行うことにより、クレジットカードの契約者以外の第三者が、契約者になりすましてユーザー登録することを防ぐことができる。 In this way, in the user registration process, by performing identity verification using the identity verification server 50, it is possible to prevent a third party other than the credit card contractor from impersonating the contractor and performing user registration.
 認証端末10は、ステップS108において本人確認結果を受信すると、ステップS109において生体認証データを生成し、ステップS110において生体認証データを生体認証サーバ20へ送信する。 When the authentication terminal 10 receives the personal identification result in step S108, the authentication terminal 10 generates biometric authentication data in step S109, and transmits the biometric authentication data to the biometric authentication server 20 in step S110.
 生体認証サーバ20は、ステップS111において生体認証データを受信すると、ステップS112において登録ユーザーを一意に識別するための識別情報と対応づけて生体認証データを記憶部23へ登録し、ステップS113において登録結果を認証端末10へ送信する。 When the biometric authentication server 20 receives the biometric authentication data in step S111, the biometric authentication server 20 registers the biometric authentication data in the storage unit 23 in association with the identification information for uniquely identifying the registered user in step S112, and the registration result in step S113. Is transmitted to the authentication terminal 10.
 認証端末10は、ステップS114において登録結果を受信すると、ステップS115において登録結果を表示する。端末利用者は、ステップS116において登録結果を確認する。 Upon receiving the registration result in step S114, the authentication terminal 10 displays the registration result in step S115. The terminal user confirms the registration result in step S116.
 (1.5.決済処理の流れ)
 図4を参照し、認証システム100におけるユーザーの認証および決済処理の流れを説明する。ステップS121において、端末利用者は、認証端末10に決済金額を入力し、掌の撮影を行う。ステップS122において、入力した決済金額と撮影した掌の画像を認証端末10へ登録する。 (1.5. Payment process flow)
The flow of user authentication and payment processing in the authentication system 100 will be described with reference to FIG. In step S121, the terminal user inputs the payment amount into the authentication terminal 10 and photographs the palm. In step S122, the input payment amount and the captured image of the palm are registered in the authentication terminal 10.
 認証端末10は、ステップS123において端末利用者が入力した決済金額と撮影した掌の画像を取得し、ステップS124において生体認証データを生成する。認証端末10は、ステップS125において生体認証データを生体認証サーバ20へ送信する。 The authentication terminal 10 acquires the payment amount input by the terminal user and the captured image of the palm in step S123, and generates biometric authentication data in step S124. The authentication terminal 10 transmits the biometric authentication data to the biometric authentication server 20 in step S125.
 生体認証サーバ20は、ステップS126において生体認証データを受信し、ステップS127において、受信した生体認証データが記憶部23に登録されているか否かの認証処理を行う。 The biometric authentication server 20 receives the biometric authentication data in step S126, and in step S127 performs authentication processing as to whether or not the received biometric authentication data is registered in the storage unit 23.
 受信した生体認証データが記憶部23に登録されていない場合、生体認証サーバ20は、ステップS128aにおいて、認証が失敗であったとして、その結果を認証端末10へ送信する。 If the received biometric authentication data is not registered in the storage unit 23, the biometric authentication server 20 determines that the authentication has failed in step S128a and transmits the result to the authentication terminal 10.
 認証端末10は、ステップS129において認証失敗の結果を受信すると、ステップS130において認証失敗の結果を表示する。端末利用者は、ステップS131において認証が失敗であることを確認する。 When the authentication terminal 10 receives the authentication failure result in step S129, the authentication terminal 10 displays the authentication failure result in step S130. The terminal user confirms that the authentication has failed in step S131.
 一方、受信した生体認証データが記憶部23に登録されている場合、生体認証サーバ20は、ステップS128bにおいて決済情報を決済システム30へ送信する。 On the other hand, when the received biometric authentication data is registered in the storage unit 23, the biometric authentication server 20 transmits the payment information to the payment system 30 in step S128b.
 決済システム30は、ステップS132において決済情報を受信すると、ステップS133においてオーソリ処理を実施し、ステップS134においてオーソリ結果を認証端末10へ送信する。 When the payment system 30 receives the payment information in step S132, the payment system 30 executes the authorization process in step S133, and transmits the authorization result to the authentication terminal 10 in step S134.
 認証端末10は、ステップS135においてオーソリ結果を受信すると、ステップS136においてオーソリ結果を表示する。端末利用者は、ステップS137においてオーソリ結果を確認する。 When the authentication terminal 10 receives the authorization result in step S135, the authentication terminal 10 displays the authorization result in step S136. The terminal user confirms the authorization result in step S137.
 オーソリ処理(ステップS133)により当該カード決済が承認された場合、決済システム30は、さらに、ステップS138において決済処理を開始する。 If the card payment is approved by the authorization process (step S133), the payment system 30 further starts the payment process in step S138.
 以上のようにして、本実施形態に係る認証システム100は、認証端末10と生体認証サーバ20と決済システム30を備える。認証端末10は、可視光を人体の一部に照射して撮影し、当該撮影画像に基づいて生体認証データを生成する。そして、生体認証サーバ20は、当該生体認証データのみに基づいて、端末利用者の認証処理を行う。端末利用者が登録ユーザーとして認証された場合、決済システム30は、クレジットカードの決済処理を行う。 As described above, the authentication system 100 according to the present embodiment includes the authentication terminal 10, the biometric authentication server 20, and the payment system 30. The authentication terminal 10 irradiates a part of the human body with visible light to capture an image, and generates biometric authentication data based on the captured image. Then, the biometric authentication server 20 performs the terminal user authentication process based on only the biometric authentication data. When the terminal user is authenticated as a registered user, the payment system 30 performs credit card payment processing.
 このような構成とすることにより、端末利用者は、クレジットカードを用いることなく、また、カード番号などの決済手段に関する情報、および本人を特定する本人確認情報を何ら入力することなく、クレジットカードの決済処理を行うことができる。したがって、簡便な構成での本人認証が可能となる。 With such a configuration, the terminal user can use the credit card without using the credit card and without inputting information about the payment method such as the card number and the personal identification information for identifying the person. Payment processing can be performed. Therefore, it is possible to perform personal authentication with a simple configuration.
<2.第2実施形態>
 (2.1.認証システム200の概要)
 図5を参照して、第2実施形態に係る認証システム200の概要を説明する。なお、以下の説明においては、第1実施形態と同一の構成については同一の符号を付しており、説明は繰り返さない。 <2. Second Embodiment>
(2.1. Overview of Authentication System 200)
An outline of the authentication system 200 according to the second embodiment will be described with reference to FIG. In the following description, the same components as those in the first embodiment are designated by the same reference numerals, and the description will not be repeated.
 図5に示すように、第2実施形態に係る認証システム200は、一例として、端末利用者の勤務先施設などにおける入退室を管理する認証システムとして実現される。認証システム200は、勤務先施設に備えられた認証端末10と、データセンタが備える生体認証サーバ20と、勤務先施設を管理するための施設管理サーバ60を備える。施設管理サーバ60は、施設入り口の施錠・および解錠を行うことができる。 As shown in FIG. 5, the authentication system 200 according to the second embodiment is realized as an authentication system for managing entry/exit of a terminal user's work facility, for example. The authentication system 200 includes an authentication terminal 10 provided in a work facility, a biometric authentication server 20 included in a data center, and a facility management server 60 for managing the work facility. The facility management server 60 can lock and unlock the facility entrance.
 端末利用者は、施設において入退室する際、認証端末10を用いて掌の画像を撮影する。認証端末10は、撮影した画像をもとに生体認証データを生成し、生体認証データを生体認証サーバ20へ送信する。 When a user enters or leaves the facility, the terminal user uses the authentication terminal 10 to take an image of the palm. The authentication terminal 10 generates biometric authentication data based on the captured image and transmits the biometric authentication data to the biometric authentication server 20.
 生体認証サーバ20には、勤務先施設の社員を一意に識別するための識別情報(一例として、社員ID)に対応づけて、生体認証データが登録されている。生体認証サーバ20は、受信した生体認証データに基づいて、端末利用者が社員として予め登録された登録ユーザーであるか否かの認証を行う。 In the biometric authentication server 20, biometric authentication data is registered in association with identification information (an employee ID, for example) for uniquely identifying an employee of a work facility. The biometric authentication server 20 authenticates whether the terminal user is a registered user registered in advance as an employee based on the received biometric authentication data.
 生体認証サーバ20は、認証結果を認証端末10へ送信する。認証結果を受信した認証端末10は、当該端末利用者が登録ユーザーであると認証された場合に、鍵解除指示を施設管理サーバ60へ送信する。施設管理サーバは、施設入り口の解錠を行い、端末利用者が施設へ入ることが可能となる。 The biometric authentication server 20 sends the authentication result to the authentication terminal 10. The authentication terminal 10 that has received the authentication result transmits a key release instruction to the facility management server 60 when the terminal user is authenticated as a registered user. The facility management server unlocks the facility entrance so that the terminal user can enter the facility.
 以上のように、本実施形態における認証システム200では、端末利用者はIDカードなどを用いることなく、また、社員IDやパスワードなどの情報を入力することなく、掌を撮影するだけ入退室の認証を行うことが可能となる。以下、認証システム200を実現する機能構成および処理の流れを説明する。 As described above, in the authentication system 200 according to the present embodiment, the terminal user does not need to use an ID card or the like, and does not input information such as an employee ID or a password, and only enters the palm of the room to authenticate the room. It becomes possible to do. Hereinafter, a functional configuration for realizing the authentication system 200 and a flow of processing will be described.
 (2.2.認証システム200の機能構成)
 図6を参照し、認証システム200の機能構成を説明する。認証システム200は、認証端末10と、生体認証サーバ20と、施設管理サーバ60とを備える。 (2.2. Functional configuration of authentication system 200)
The functional configuration of the authentication system 200 will be described with reference to FIG. The authentication system 200 includes an authentication terminal 10, a biometric authentication server 20, and a facility management server 60.
 (2.2.1.認証端末10)
 認証端末10は、上述した構成に加えて、鍵解除指示部18をさらに備える。鍵解除指示部18は、生体認証サーバ20の認証後処理部25から受信する認証結果に基づいて、生体認証サーバ20での認証が成功した場合に、施設管理サーバ60へ鍵の解錠を指示する。 (2.2.1. Authentication terminal 10)
The authentication terminal 10 further includes a key release instruction unit 18 in addition to the above-mentioned configuration. Based on the authentication result received from the post-authentication processing unit 25 of the biometric authentication server 20, the key release instruction unit 18 instructs the facility management server 60 to unlock the key when the authentication of the biometric authentication server 20 is successful. To do.
 (2.2.2.生体認証サーバ20)
 記憶部23は、複数の登録ユーザーの社員IDと生体認証データとを対応づけて記憶する。認証部21は、認証端末10のデータ送信部17から送信された生体認証データに基づいて、端末利用者が登録ユーザーであるか否かを認証する。認証後処理部25は、認証端末10の鍵解除指示部18へ認証結果を送信する。 (2.2.2. biometric authentication server 20)
The storage unit 23 stores employee IDs of a plurality of registered users and biometric authentication data in association with each other. The authentication unit 21 authenticates whether the terminal user is a registered user, based on the biometric authentication data transmitted from the data transmission unit 17 of the authentication terminal 10. The post-authentication processing unit 25 transmits the authentication result to the key release instruction unit 18 of the authentication terminal 10.
 (2.3.認証処理の流れ)
 図7を参照し、認証システム200におけるユーザーの認証処理の流れを説明する。端末利用者は、ステップS201において認証端末10を用いて掌の撮影を行い、ステップS202において撮影した画像を認証端末10へ登録する。 (2.3. Flow of authentication process)
The flow of user authentication processing in the authentication system 200 will be described with reference to FIG. 7. The terminal user photographs the palm using the authentication terminal 10 in step S201, and registers the photographed image in the authentication terminal 10 in step S202.
 認証端末10は、ステップS203において端末利用者が撮影した画像を取得し、ステップS204において生体認証データを生成する。認証端末10は、ステップS205において生体認証データを生体認証サーバ20へ送信する。 The authentication terminal 10 acquires the image taken by the terminal user in step S203, and generates biometric authentication data in step S204. The authentication terminal 10 transmits the biometric authentication data to the biometric authentication server 20 in step S205.
 生体認証サーバ20は、ステップS206において生体認証データを受信し、ステップS207において受信した生体認証データが記憶部23に登録されているか否かの認証処理を行う。生体認証サーバ20は、ステップS208において認証結果を認証端末10へ送信する。 The biometric authentication server 20 receives the biometric authentication data in step S206, and performs an authentication process as to whether the biometric authentication data received in step S207 is registered in the storage unit 23. The biometric authentication server 20 transmits the authentication result to the authentication terminal 10 in step S208.
 認証端末10は、ステップS209において認証結果を受信する。ここで、認証結果が失敗であった場合、認証端末10は、ステップS210aにおいて認証が失敗であったことを表示する。端末利用者は、ステップS140において認証が失敗であったことを確認する。一方、認証結果が成功であった場合、認証端末10は、ステップS210bにおいて施設管理サーバ60へ鍵解除指示を送信する。 The authentication terminal 10 receives the authentication result in step S209. Here, if the authentication result is unsuccessful, the authentication terminal 10 displays that the authentication has failed in step S210a. The terminal user confirms that the authentication has failed in step S140. On the other hand, if the authentication result is successful, the authentication terminal 10 transmits a key release instruction to the facility management server 60 in step S210b.
 施設管理サーバ60は、ステップS212において鍵解除指示を受信し、ステップS213において施設入り口を解錠する。 The facility management server 60 receives the key release instruction in step S212, and unlocks the facility entrance in step S213.
 以上のようにして、本実施形態に係る認証システム200は、認証端末10と生体認証サーバ20と施設管理サーバ60を備える。端末利用者が登録ユーザーとして認証された場合、認証端末10は施設管理サーバ60へ解錠を指示する。 As described above, the authentication system 200 according to this embodiment includes the authentication terminal 10, the biometric authentication server 20, and the facility management server 60. When the terminal user is authenticated as a registered user, the authentication terminal 10 instructs the facility management server 60 to unlock.
 このような構成とすることにより、端末利用者は、IDカードなどを用いることなく、また、社員IDやパスワードなどの情報を入力することなく、掌を撮影するだけ入退室の認証を行うことができる。すなわち、簡便な構成での本人認証が可能となる。 With such a configuration, the terminal user can authenticate the entry/exit only by photographing the palm without using an ID card or the like and without inputting information such as an employee ID or a password. it can. That is, it is possible to perform personal authentication with a simple configuration.
<3.第3実施形態>
 (3.1.認証システム300の概要)
 図8Aおよび図8Bを参照して、第3実施形態に係る認証システム300の概要を説明する。 <3. Third Embodiment>
(3.1. Overview of authentication system 300)
An outline of the authentication system 300 according to the third embodiment will be described with reference to FIGS. 8A and 8B.
 図8Aに示すように、第3実施形態に係る認証システム300は、一例として、イベント会場などにおける入場を管理する認証システムとして実現される。認証システム300は、イベント会場に備えられた認証端末10と、データセンタが備える生体認証サーバ20と、チケット会社が備える登録情報サーバ70とを備える。登録情報サーバ70には、チケット購買者を一意に識別するための情報(図8に示す例では住所および氏名)と、チケット情報が登録されている。 As shown in FIG. 8A, the authentication system 300 according to the third embodiment is realized, for example, as an authentication system that manages entrance at an event site or the like. The authentication system 300 includes an authentication terminal 10 provided in an event venue, a biometric authentication server 20 included in a data center, and a registration information server 70 included in a ticket company. In the registration information server 70, information for uniquely identifying the ticket purchaser (address and name in the example shown in FIG. 8) and ticket information are registered.
 イベント会場への入場者は、会場内に入場する際、認証端末10を用いて掌の画像を撮影する。認証端末10は、撮影した画像をもとに生体認証データを生成し、生体認証データを生体認証サーバ20へ送信する。 When entering the venue, visitors to the event venue use the authentication terminal 10 to take an image of the palm. The authentication terminal 10 generates biometric authentication data based on the captured image and transmits the biometric authentication data to the biometric authentication server 20.
 生体認証サーバ20には、予め登録された登録ユーザーを一意に識別するための住所および氏名に対応づけて、生体認証データが登録されている。生体認証サーバ20は、受信した生体認証データに基づいて、端末利用者が登録ユーザーであるか否かの認証を行う。 In the biometric authentication server 20, biometric authentication data is registered in association with an address and a name for uniquely identifying a registered user registered in advance. The biometric authentication server 20 authenticates whether the terminal user is a registered user based on the received biometric authentication data.
 生体認証サーバ20は、当該端末利用者が登録ユーザーであると認証された場合に、登録ユーザーを一意に識別するための識別情報を登録情報サーバ70へ送信する。登録情報サーバ70は、受信した識別情報に紐づく登録情報(この例では、チケット情報)を生体認証サーバ20へ送信する。 The biometric authentication server 20 transmits identification information for uniquely identifying the registered user to the registration information server 70 when the terminal user is authenticated as the registered user. The registration information server 70 transmits the registration information associated with the received identification information (ticket information in this example) to the biometric authentication server 20.
 生体認証サーバ20は、受信したチケット情報を認証端末10へ送信する。認証端末10が受信したチケット情報を表示することにより、端末利用者はイベント会場内へ入場することが可能となる。 The biometric authentication server 20 transmits the received ticket information to the authentication terminal 10. By displaying the ticket information received by the authentication terminal 10, the terminal user can enter the event site.
 または、認証システム300は、図8Bに示すように、病院に管理されている健康診断結果を取得する際に利用される認証システムとして実現してもよい。認証システム300は、端末利用者が保有する認証端末10と、データセンタが備える生体認証サーバ20と、病院内に設けられた登録情報サーバ70とを備える。登録情報サーバ70には、健康診断実施者を一意に識別するための識別情報と、健康診断結果とが登録されている。 Alternatively, as shown in FIG. 8B, the authentication system 300 may be realized as an authentication system used when acquiring a medical examination result managed by a hospital. The authentication system 300 includes an authentication terminal 10 owned by a terminal user, a biometric authentication server 20 included in a data center, and a registration information server 70 installed in a hospital. In the registration information server 70, identification information for uniquely identifying the health checker and the health check result are registered.
 健康診断結果を確認する者は、認証端末10を用いて掌の画像を撮影する。認証端末10は、撮影した画像をもとに生体認証データを生成し、生体認証データと生体認証サーバ20へ送信する。 A person who confirms the result of the health examination takes an image of the palm using the authentication terminal 10. The authentication terminal 10 generates biometric authentication data based on the captured image and transmits the biometric authentication data and the biometric authentication server 20.
 生体認証サーバ20は、受信した生体認証データに基づいて、端末利用者が認証サーバに予め登録された登録ユーザーであるか否かの認証を行う。当該端末利用者が登録ユーザーであると認証された場合に、登録ユーザーを一意に識別するための識別情報を登録情報サーバ70へ送信する。 The biometric authentication server 20 authenticates whether the terminal user is a registered user registered in advance in the authentication server based on the received biometric authentication data. When the terminal user is authenticated as a registered user, the identification information for uniquely identifying the registered user is transmitted to the registered information server 70.
 登録情報サーバ70は、受信した識別情報に紐づく登録情報(この例では、健康診断結果)を生体認証サーバ20へ送信する。生体認証サーバ20は、受信した健康診断結果を認証端末10へ送信する。認証端末10が受信した健康診断結果を表示することにより、端末利用者はその内容を確認することが可能となる。 The registration information server 70 transmits the registration information associated with the received identification information (in this example, the health check result) to the biometric authentication server 20. The biometric authentication server 20 transmits the received health check result to the authentication terminal 10. By displaying the health check result received by the authentication terminal 10, the terminal user can confirm the content.
 以上のように、本実施形態における認証システム300では、端末利用者は、個人を特定するための情報や、チケット購買履歴や健康診断受診履歴といった履歴情報を用いることなく、掌を撮影するだけで必要な情報を入手することが可能となる。以下、認証システム300を実現する機能構成および処理の流れを説明する。 As described above, in the authentication system 300 according to the present embodiment, the terminal user does not need to use the information for identifying an individual or the history information such as the ticket purchase history or the medical examination consultation history, and only needs to photograph the palm. It becomes possible to obtain the necessary information. Hereinafter, a functional configuration for realizing the authentication system 300 and a flow of processing will be described.
 (3.2.認証システム300の機能構成)
 図9を参照し、認証システム300の機能構成を説明する。認証システム300は、認証端末10と、生体認証サーバ20と、登録情報サーバ70とを備える。
 (3.2.1.認証端末10)
 認証端末10の備える表示部14は、生体認証サーバ20の認証後処理部25から受信した登録情報を表示する。 (3.2. Functional configuration of authentication system 300)
The functional configuration of the authentication system 300 will be described with reference to FIG. 9. The authentication system 300 includes an authentication terminal 10, a biometric authentication server 20, and a registration information server 70.
(3.2.1. Authentication terminal 10)
The display unit 14 included in the authentication terminal 10 displays the registration information received from the post-authentication processing unit 25 of the biometric authentication server 20.
 (3.2.2.生体認証サーバ20)
 生体認証サーバ20の備える記憶部23は、複数の登録ユーザーを一意に識別するための識別情報としての住所および氏名と、複数の登録ユーザーの生体認証データとを対応づけて記憶する。認証部21は、認証端末10のデータ送信部17から送信された生体認証データに基づいて、端末利用者が登録ユーザーであるか否かを認証する。認証後処理部25は、認証が成功した場合に、記憶部23に記憶された識別情報を登録情報サーバ70へ送信する。認証後処理部25は、さらに、登録情報サーバ70から受信した登録情報を、認証端末10の表示部14へ送信する。 (3.2.2. biometrics server 20)
The storage unit 23 included in the biometric authentication server 20 stores addresses and names as identification information for uniquely identifying a plurality of registered users and biometric data of the plurality of registered users in association with each other. The authentication unit 21 authenticates whether the terminal user is a registered user, based on the biometric authentication data transmitted from the data transmission unit 17 of the authentication terminal 10. The post-authentication processing unit 25 transmits the identification information stored in the storage unit 23 to the registration information server 70 when the authentication is successful. The post-authentication processing unit 25 further transmits the registration information received from the registration information server 70 to the display unit 14 of the authentication terminal 10.
 (3.2.3.登録情報サーバ70)
 登録情報サーバ70は、識別情報と、予め登録された登録情報とが記憶された記憶部71を備える。登録情報サーバ70は、認証後処理部25から受信した識別情報に紐づく登録情報を、認証後処理部25へ送信する。 (3.2.3. Registration information server 70)
The registration information server 70 includes a storage unit 71 that stores identification information and registration information that is registered in advance. The registration information server 70 transmits the registration information associated with the identification information received from the post-authentication processing unit 25 to the post-authentication processing unit 25.
 (3.3.認証処理の流れ)
 図10を参照し、認証システム300におけるユーザーの認証処理の流れを説明する。端末利用者は、ステップS301において認証端末10を用いて掌の撮影を行い、ステップS302において撮影した画像を認証端末10へ登録する。 (3.3. Flow of authentication process)
The flow of user authentication processing in the authentication system 300 will be described with reference to FIG. 10. The terminal user photographs the palm using the authentication terminal 10 in step S301, and registers the photographed image in the authentication terminal 10 in step S302.
 認証端末10は、ステップS303において端末利用者が撮影した画像を取得し、ステップS304において生体認証データを生成する。認証端末10は、ステップS305において生体認証データを生体認証サーバ20へ送信する。 The authentication terminal 10 acquires the image taken by the terminal user in step S303, and generates biometric authentication data in step S304. The authentication terminal 10 transmits the biometric authentication data to the biometric authentication server 20 in step S305.
 生体認証サーバ20は、ステップS306において生体認証データを受信し、ステップS307において受信した生体認証データが記憶部23に登録されているか否かの認証処理を行う。認証処理が成功の場合、生体認証サーバ20は、ステップS308において識別番号を登録情報サーバ70へ送信する。なお、認証処理が失敗の場合については、実施形態1と同様の処理(図4におけるステップS128a~ステップS131)となるため記載を省略している。 The biometric authentication server 20 receives the biometric authentication data in step S306 and performs an authentication process as to whether the biometric authentication data received in step S307 is registered in the storage unit 23. If the authentication process is successful, the biometric authentication server 20 transmits the identification number to the registration information server 70 in step S308. Note that when the authentication process fails, the process is the same as that of the first embodiment (steps S128a to S131 in FIG. 4), and thus the description thereof is omitted.
 登録情報サーバ70は、ステップS309において識別番号を受信し、ステップS310において受信した識別番号に紐づく記憶部71に登録されている登録情報を生体認証サーバ20へ送信する。 The registration information server 70 receives the identification number in step S309, and transmits the registration information registered in the storage unit 71 associated with the identification number received in step S310 to the biometric authentication server 20.
 生体認証サーバ20は、ステップS311において登録録情報を受信し、ステップS312において登録情報を認証端末10へ送信する。 The biometric authentication server 20 receives the registration record information in step S311, and transmits the registration information to the authentication terminal 10 in step S312.
 認証端末10は、ステップS313において登録情報を受信し、ステップS314において登録情報を表示する。端末利用者は、ステップS315において登録情報を確認する。 The authentication terminal 10 receives the registration information in step S313 and displays the registration information in step S314. The terminal user confirms the registration information in step S315.
 以上のようにして、本実施形態に係る認証システム300は、認証端末10と生体認証サーバ20と登録情報サーバ70とを備える。端末利用者が登録ユーザーとして認証された場合、認証後処理部25は、登録情報サーバ70に予め登録されている登録情報を取得し、認証端末10へ送信する。 As described above, the authentication system 300 according to this embodiment includes the authentication terminal 10, the biometric authentication server 20, and the registration information server 70. When the terminal user is authenticated as a registered user, the post-authentication processing unit 25 acquires registration information registered in advance in the registration information server 70 and sends it to the authentication terminal 10.
 このような構成とすることにより、端末利用者は、個人を特定するための情報や、チケット購買履歴や健康診断受診履歴といった履歴情報を用いることなく、掌を撮影するだけで必要な情報を入手することが可能となる。すなわち、簡便な構成での本人認証が可能となる。 With such a configuration, the terminal user can obtain the necessary information only by photographing the palm without using the information for identifying the individual or the history information such as the ticket purchase history and the medical examination history. It becomes possible to do. That is, it is possible to perform personal authentication with a simple configuration.
<4.変形例>
 以下において、上記実施形態の変形例を説明する。以下に述べる変形例は、上記実施形態のいずれにも適用し得るものである。 <4. Modification>
Hereinafter, modified examples of the above embodiment will be described. The modifications described below can be applied to any of the above embodiments.
 (4.1.変形例の概要)
 変形例に係る認証システム400では、登録ユーザーの登録処理を実施する際の本人確認に用いる本人確認サーバ80には、登録ユーザーの識別情報が予め登録されており、当該登録されている識別情報を取得して、生体認証サーバ20への登録を行う。 (4.1. Outline of modification)
In the authentication system 400 according to the modification, the identification information of the registered user is registered in advance in the personal identification server 80 used for the personal identification when performing the registration processing of the registered user, and the registered identification information is stored in advance. It is acquired and registered in the biometric authentication server 20.
 端末利用者は、本人確認を行うためのIDおよびパスワードを認証端末10へ入力する。認証端末10は、IDおよびパスワードを本人確認サーバ80へ送信し、本人確認サーバ80において端末利用者の本人確認が行われる。本人確認が成功した場合、本人確認サーバ80は、端末利用者に紐づく識別情報を認証端末10へ送信する。認証端末10は、取得した識別情報を生体認証サーバ20へ送信し、当該識別情報を用いて生体認証サーバ20での登録処理が行われる。 The terminal user inputs the ID and password for verifying the identity into the authentication terminal 10. The authentication terminal 10 transmits the ID and password to the identity verification server 80, and the identity verification server 80 verifies the identity of the terminal user. When the identity verification is successful, the identity verification server 80 transmits the identification information associated with the terminal user to the authentication terminal 10. The authentication terminal 10 transmits the acquired identification information to the biometric authentication server 20, and the biometric authentication server 20 performs the registration process using the identification information.
 このような構成とすることにより、端末利用者は、生体認証サーバ20への登録処理において、予め本人確認サーバ80へ登録されている識別情報を用いることができるため、入力する手間が省け、利用者の利便性が向上する。 With such a configuration, the terminal user can use the identification information registered in advance in the personal identification server 80 in the registration processing in the biometric authentication server 20, and thus saves the time and effort of inputting the information. The convenience of the person is improved.
 また、このような認証システム400では、表1に示すように、本人確認サーバ80に登録されている識別情報(すなわち、生体認証サーバ20へ登録される識別情報)の確実性に応じて、利用可能な認証サービスを設定することもできる。表1において、セキュリティレベルの数字が大きくなるほど、より安全性が求められることを示している。 Further, in such an authentication system 400, as shown in Table 1, the identification information registered in the identity verification server 80 (that is, the identification information registered in the biometric authentication server 20) is used in accordance with the certainty. You can also set the possible authentication services. Table 1 shows that the higher the security level number, the higher the security requirement.
Figure JPOXMLDOC01-appb-T000001
Figure JPOXMLDOC01-appb-T000001
 たとえば、レベル2に該当する社員ID(または電話番号)が本人確認サーバ80に登録されている場合には、入退室管理における認証サービス(実施形態2に相当)のみを利用することができる。一方、レベル4に該当する運転免許番号が本人確認サーバ80に登録されている場合、または、レベル3に該当するクレジットカード番号(または銀行口座番号)が本人確認サーバ80に登録されている場合には、カード決済(実施形態1に相当)、登録情報取得(実施形態3に相当)、および入退室管理の全ての認証サービスを利用することが可能となる。 For example, when the employee ID (or telephone number) corresponding to level 2 is registered in the identity verification server 80, only the authentication service in room entry/exit management (corresponding to the second embodiment) can be used. On the other hand, when the driver's license number corresponding to level 4 is registered in the identity verification server 80, or when the credit card number (or bank account number) corresponding to level 3 is registered in the identity verification server 80. Can use all authentication services such as card payment (corresponding to the first embodiment), acquisition of registration information (corresponding to the third embodiment), and entry/exit management.
 このようにすることで、予め本人確認サーバ80に登録されている識別情報の確実性に応じて、登録ユーザーの利用できる認証サービスを設定することが可能となり、多様な認証サービスを提供しつつ、各認証サービスのセキュリティを確保することが可能となる。 By doing so, it becomes possible to set an authentication service that can be used by registered users according to the certainty of the identification information registered in advance in the personal identification server 80, and while providing various authentication services, It is possible to ensure the security of each authentication service.
 なお、上記表1におけるセキュリティレベルと識別情報、および利用可能な認証サービスの設定は、一例にすぎないことに留意すべきである。たとえば、セキュリティレベルは、1~4以外の設定としてもよい。また、識別情報は、上記表1のデータを任意に組み合わせてもよいし、表1に記載されていないデータを用いてもよい。 It should be noted that the security level, identification information, and available authentication service settings in Table 1 above are merely examples. For example, the security level may be set to a value other than 1 to 4. The identification information may be any combination of the data in Table 1 above, or may be data not listed in Table 1.
 図11および図12を参照し、認証システム400におけるユーザーの認証処理の流れを説明する。なお、生体認証サーバ20による認証処理が失敗の場合については、実施形態1と同様の処理(図4におけるステップS128a~ステップS131)となるため記載を省略している。 A flow of user authentication processing in the authentication system 400 will be described with reference to FIGS. 11 and 12. Note that, when the authentication process by the biometric authentication server 20 fails, the process is the same as that of the first embodiment (steps S128a to S131 in FIG. 4), and thus the description thereof is omitted.
 図11に示すように、ステップS401~ステップS406において、端末利用者が入力したIDおよびパスワードが、本人確認サーバ80へ送信され、本人確認処理が実施される。本人確認処理(ステップS406)が成功した場合、本人確認サーバ80は、ステップS407aにおいて、本人確認サーバ80に登録されている識別情報を認証端末10へ送信する。 As shown in FIG. 11, in steps S401 to S406, the ID and password input by the terminal user are transmitted to the identity verification server 80, and identity verification processing is performed. When the identity verification processing (step S406) is successful, the identity verification server 80 transmits the identification information registered in the identity verification server 80 to the authentication terminal 10 in step S407a.
 認証端末10は、ステップS412~ステップS415において、端末利用者が撮影した掌画像に基づいて生成認証データを生成する。認証端末10は、ステップS416において、本人確認サーバ80から取得した識別情報と、生体認証データを生体認証サーバ20へ送信する。生体認証サーバ20は、ステップS417において識別情報と生体認証データを受信し、ステップS418において登録処理を行う。 The authentication terminal 10 generates generation authentication data based on the palm image taken by the terminal user in steps S412 to S415. The authentication terminal 10 transmits the identification information acquired from the identity verification server 80 and the biometric authentication data to the biometric authentication server 20 in step S416. The biometric authentication server 20 receives the identification information and the biometric authentication data in step S417, and performs registration processing in step S418.
 一方、本人確認処理(ステップS406)が失敗した場合、本人確認サーバ80は、ステップS407aにおいて、本人確認が失敗したことを認証端末10へ送信する。認証端末10は、ステップS410において本人確認が失敗したことを表示する。 On the other hand, if the personal identification processing (step S406) fails, the personal identification server 80 transmits to the authentication terminal 10 that the personal identification failed in step S407a. The authentication terminal 10 displays that the identity verification has failed in step S410.
 または、変形例における認証システム400では、図12に示すように、認証端末10の機能を、生体認証処理を行うアプリケーション10aと、本人確認処理を行うアプリケーション10bとを異なるアプリケーションとで実現してもよい。このように構成することにより、既存の本人確認処理を行うアプリケーションを流用して、認証システム500を実装することが可能となる。 Alternatively, in the authentication system 400 in the modified example, as shown in FIG. 12, even if the function of the authentication terminal 10 is realized by different applications for the application 10a for performing biometric authentication processing and the application 10b for performing identity verification processing. Good. With this configuration, it is possible to implement the authentication system 500 by diverting an existing application for performing identity verification processing.
<5.その他の実施形態>
 以上、本願発明における実施形態およびその変形例について説明したが、本開示の適用は上述の内容に限定されるものではない。例えば、上記実施形態では、認証端末10の備える画像取得部13は、人体の一部として掌の画像を取得しているが、その例に限定されることはなく、例えば、人体の顔、指紋、虹彩、網膜又は耳の画像を取得してもよい。たとえば顔の画像の場合、生体認証データ生成部15は、顔の特徴形状と静脈形状に基づいて生体認証データを生成する。 <5. Other Embodiments>
Although the embodiment and the modified example thereof in the present invention have been described above, the application of the present disclosure is not limited to the above contents. For example, in the above-described embodiment, the image acquisition unit 13 included in the authentication terminal 10 acquires the image of the palm as a part of the human body, but the embodiment is not limited to this example. , Iris, retina or ear image may be acquired. For example, in the case of a face image, the biometric authentication data generation unit 15 generates biometric authentication data based on the characteristic shape and vein shape of the face.
 また、上記実施形態では、例えばクレジットカードの加盟店に認証端末10が備えられているが、この例に限定されることはない。たとえば、クレジットカードの利用者の有する携帯端末(いわゆるスマートフォン等)に、認証端末10の機能を実現するためのアプリケーションをインストールさせてもよい。このようにした場合、たとえば、自宅におけるネットショッピングなどにおいても、本発明を実施することが可能となる。 Further, in the above embodiment, the authentication terminal 10 is provided in, for example, a credit card member store, but the present invention is not limited to this example. For example, an application for realizing the function of the authentication terminal 10 may be installed in a mobile terminal (a so-called smartphone or the like) of a credit card user. In such a case, for example, the present invention can be carried out even in online shopping at home.
 また、上記実施形態では、決済システム30として、決済事業者が備えるクレジットカードの決済システムを一例として記載したが、この例に限定されることはない。たとえば、クレジットカードではなく、デビッドカード、プリペイドカードなどの他の決済カードにおいても、本願発明を適用することが可能である。 In addition, in the above-described embodiment, the payment system 30 includes a credit card payment system provided by a payment operator as an example, but the payment system is not limited to this example. For example, the present invention can be applied to other payment cards such as a David card and a prepaid card instead of a credit card.
 また、上記実施形態では、端末利用者は会員IDなどの個人を特定する情報を入力することなく、生体認証データのみによる本人認証を行っているが、いわゆる絞り込みキーとして、識別番号の一部または全部を入力する構成としてもよい。この場合、入力された情報に基づいて、生体情報との照合を行う際の照合対象を絞り込む事が可能となり、認証の精度および速度を向上させることが可能となる。 Further, in the above-described embodiment, the terminal user authenticates himself using only biometric authentication data without inputting information for identifying an individual such as a member ID. However, a part of the identification number or It may be configured to input all. In this case, it is possible to narrow down the collation target when performing collation with biometric information based on the input information, and it is possible to improve the accuracy and speed of authentication.
 また、変形例において、本人確認サーバ80は、本人確認結果を認証端末10に送信しているが、この例に限定されることはない。たとえば認証端末10は、本人確認データと生体認証データとを本人確認サーバ80へ送信し、本人確認が成功した場合には、本人確認サーバ80が生体認証データを生体認証サーバ20へ送信するように構成してもよい。 Further, in the modification, the personal identification server 80 transmits the personal identification result to the authentication terminal 10, but the present invention is not limited to this example. For example, the authentication terminal 10 transmits the personal identification data and the biometric authentication data to the personal identification server 80, and if the personal identification is successful, the personal identification server 80 transmits the biometric authentication data to the biometric authentication server 20. You may comprise.
 さらに、本発明は、上述のシステムを実現させるために認証端末10および生体認証サーバ20を機能させるプログラムとして実現することもできる。 Furthermore, the present invention can also be realized as a program that causes the authentication terminal 10 and the biometric authentication server 20 to function in order to realize the above system.
 さらに、本発明は、上述のプログラムを格納する、コンピューター読み取り可能な非一時的な記録媒体として実現することもできる。 Furthermore, the present invention can be realized as a computer-readable non-transitory recording medium that stores the above program.
 本発明に係る種々の実施形態を説明したが、これらは、例として提示したものであり、発明の範囲を限定することは意図していない。当該新規な実施形態は、その他の様々な形態で実施されることが可能であり、発明の要旨を逸脱しない範囲で、種々の省略、置き換え、変更を行うことができる。当該実施形態やその変形は、発明の範囲や要旨に含まれるとともに、特許請求の範囲に記載された発明とその均等の範囲に含まれるものである。 Although various embodiments according to the present invention have been described, these are presented as examples and are not intended to limit the scope of the invention. The novel embodiment can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the spirit of the invention. The embodiment and its modifications are included in the scope and the gist of the invention, and are also included in the invention described in the claims and its equivalent scope.
10:認証端末、10a,10b:アプリケーション、11:認証用光源、13:画像取得部、14:表示部、15:生体認証データ生成部、17:データ送信部、18:鍵解除指示部、20:生体認証サーバ、21:認証部、23:記憶部、25:認証後処理部、30:決済システム、50:本人確認サーバ、60:施設管理サーバ、70:登録情報サーバ、71:記憶部、80:本人確認サーバ、100,200,300,400:認証システム 10: authentication terminal, 10a, 10b: application, 11: light source for authentication, 13: image acquisition unit, 14: display unit, 15: biometric authentication data generation unit, 17: data transmission unit, 18: key release instruction unit, 20 : Biometric authentication server, 21: authentication unit, 23: storage unit, 25: post-authentication processing unit, 30: payment system, 50: identity verification server, 60: facility management server, 70: registration information server, 71: storage unit, 80: identity verification server, 100, 200, 300, 400: authentication system

Claims (5)

  1.  認証端末と生体認証サーバを備える認証システムであって、
     前記認証端末は、
     認証用光源と、画像取得部と、生体認証データ生成部と、データ送信部を有し、
     前記認証用光源は、可視光領域での波長を含む光を端末利用者の人体の一部に向けて照射し、
     前記画像取得部は、前記認証用光源から照射され、かつ前記人体の一部において反射した光によって生成される反射画像を取得し、
     前記生体認証データ生成部は、取得された前記反射画像から、前記人体の一部における特徴形状と静脈形状をそれぞれ抽出して、生体認証データを生成し、
     前記データ送信部は、生成された前記生体認証データを前記生体認証サーバへ送信し、
     前記生体認証サーバは、
     記憶部と、認証部と、認証後処理部を有し、
     前記記憶部は、複数の登録ユーザーを一意に識別するための識別情報と、前記複数の登録ユーザーの生体認証データとを対応づけて記憶し、
     前記認証部は、前記データ送信部から送信された生体認証データに基づいて、前記端末利用者が登録ユーザーであるか否かを認証し、
     前記認証後処理部は、前記端末利用者が登録ユーザーであると認証された場合に、予め定められた認証後処理を行う、認証システム。     An authentication system comprising an authentication terminal and a biometric authentication server,
    The authentication terminal is
    It has an authentication light source, an image acquisition unit, a biometric authentication data generation unit, and a data transmission unit,
    The authentication light source irradiates a part of the human body of the terminal user with light including a wavelength in the visible light region,
    The image acquisition unit acquires a reflection image generated by the light emitted from the authentication light source and reflected by a part of the human body,
    From the acquired reflection image, the biometric data generation unit extracts the characteristic shape and the vein shape of the part of the human body, respectively, to generate biometric data,
    The data transmission unit transmits the generated biometric authentication data to the biometric authentication server,
    The biometric authentication server is
    It has a storage unit, an authentication unit, and a post-authentication processing unit,
    The storage unit stores identification information for uniquely identifying a plurality of registered users and biometric authentication data of the plurality of registered users in association with each other,
    The authentication unit authenticates whether the terminal user is a registered user, based on the biometric authentication data transmitted from the data transmission unit,
    An authentication system in which the post-authentication processing unit performs predetermined post-authentication processing when the terminal user is authenticated as a registered user.
  2.  請求項1に記載の認証システムであって、
     前記人体の一部は掌であり、
     前記生体認証データ生成部は、取得された前記反射画像から、前記掌における掌紋形状と静脈形状をそれぞれ抽出して、生体認証データを生成する、認証システム。     The authentication system according to claim 1, wherein
    Part of the human body is the palm,
    The biometric authentication data generation unit extracts the palm print shape and the vein shape of the palm from the acquired reflection image, and generates biometric authentication data.
  3.  請求項1または請求項2に記載の認証システムであって、
     決済システムをさらに備え、
     前記データ送信部は、前記生体認証データとともに商品購買データを前記生体認証サーバへ送信し、
     前記識別情報には、登録ユーザーの決済手段に関する情報がさらに紐付いており、
     前記認証後処理部は、前記商品購買データと決済手段に関する情報を前記決済システムへ送信する、認証システム。     The authentication system according to claim 1 or 2, wherein
    Further equipped with a payment system,
    The data transmission unit transmits commodity purchase data together with the biometric authentication data to the biometric authentication server,
    The identification information is further linked to information about payment methods of registered users,
    The post-authentication processing unit is an authentication system, which transmits the product purchase data and information about a payment means to the payment system.
  4.  請求項1または請求項2に記載の認証システムであって、
     前記記憶部は、さらに、前記登録ユーザーに紐づく予め定められた情報を登録情報として記憶し、
     前記認証後処理部は、当該端末利用者の認証結果および登録情報の少なくとも一方を前記認証端末へ送信する、認証システム。     The authentication system according to claim 1 or 2, wherein
    The storage unit further stores predetermined information associated with the registered user as registration information,
    An authentication system in which the post-authentication processing unit transmits at least one of an authentication result and registration information of the terminal user to the authentication terminal.
  5.  請求項1または請求項2に記載の認証システムであって、
     前記登録ユーザーに紐づく予め定められた情報を登録情報として記憶するための登録情報サーバを更に備え、
     前記認証後処理部は、当該端末利用者の認証結果および登録情報の少なくとも一方を前記認証端末へ送信する、認証システム。     The authentication system according to claim 1 or 2, wherein
    Further comprising a registration information server for storing predetermined information associated with the registered user as registration information,
    An authentication system in which the post-authentication processing unit transmits at least one of an authentication result and registration information of the terminal user to the authentication terminal.
PCT/JP2018/048527 2018-12-28 2018-12-28 Authentication system WO2020136883A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
TW107147850A TWI797227B (en) 2018-12-28 2018-12-28 authentication system
PCT/JP2018/048527 WO2020136883A1 (en) 2018-12-28 2018-12-28 Authentication system
JP2020517399A JP6924899B2 (en) 2018-12-28 2018-12-28 Authentication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2018/048527 WO2020136883A1 (en) 2018-12-28 2018-12-28 Authentication system

Publications (1)

Publication Number Publication Date
WO2020136883A1 true WO2020136883A1 (en) 2020-07-02

Family

ID=71128872

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/048527 WO2020136883A1 (en) 2018-12-28 2018-12-28 Authentication system

Country Status (3)

Country Link
JP (1) JP6924899B2 (en)
TW (1) TWI797227B (en)
WO (1) WO2020136883A1 (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS559459B2 (en) * 1977-06-20 1980-03-10
JP2009211357A (en) * 2008-03-04 2009-09-17 Fujitsu Ltd Method and apparatus for biometrics authentication information registration and method and apparatus for biometrics authentication
JP2014180435A (en) * 2013-03-19 2014-09-29 Fujitsu Ltd Biological information input device, biological information input program, and biological information input method
WO2015004803A1 (en) * 2013-07-12 2015-01-15 株式会社日立システムズ Payment terminal device and payment system
JP2017123202A (en) * 2017-04-13 2017-07-13 株式会社日立製作所 Settlement support system for traveler and settlement support method for traveler
JP2018041181A (en) * 2016-09-06 2018-03-15 株式会社日立製作所 Car wallet payment system and car wallet payment method
WO2018073335A1 (en) * 2016-10-19 2018-04-26 Smart Secure Id In Sweden Ab System and method for contactless biometric authentication
JP2018133065A (en) * 2017-02-17 2018-08-23 株式会社日本総合研究所 Settlement receiving apparatus, computer system, settlement receiving method, and settlement receiving program

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG11201405394PA (en) * 2012-03-16 2014-11-27 Universal Robot Kabushiki Kaisha Personal authentication method and personal authentication device
JP6774170B2 (en) * 2015-07-13 2020-10-21 株式会社電通グループ Dynamic payment processing system
JP2018018481A (en) * 2015-11-03 2018-02-01 バンクガード株式会社 Server system for electronic authentication, program, electronic authentication method and electronic authentication system
TWI645308B (en) * 2016-10-18 2018-12-21 富邦綜合證券股份有限公司 Electronic transaction authentication method and system using mobile device application

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS559459B2 (en) * 1977-06-20 1980-03-10
JP2009211357A (en) * 2008-03-04 2009-09-17 Fujitsu Ltd Method and apparatus for biometrics authentication information registration and method and apparatus for biometrics authentication
JP2014180435A (en) * 2013-03-19 2014-09-29 Fujitsu Ltd Biological information input device, biological information input program, and biological information input method
WO2015004803A1 (en) * 2013-07-12 2015-01-15 株式会社日立システムズ Payment terminal device and payment system
JP2018041181A (en) * 2016-09-06 2018-03-15 株式会社日立製作所 Car wallet payment system and car wallet payment method
WO2018073335A1 (en) * 2016-10-19 2018-04-26 Smart Secure Id In Sweden Ab System and method for contactless biometric authentication
JP2018133065A (en) * 2017-02-17 2018-08-23 株式会社日本総合研究所 Settlement receiving apparatus, computer system, settlement receiving method, and settlement receiving program
JP2017123202A (en) * 2017-04-13 2017-07-13 株式会社日立製作所 Settlement support system for traveler and settlement support method for traveler

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JCB: "JCB: start the demonstration experiment of "visible light palm authentication" Interested in "palm print", authenticated by the "vein"", CARD WAVE, vol. 31, no. 1, 26 February 2018 (2018-02-26), pages 20 - 21, XP009522246 *

Also Published As

Publication number Publication date
JPWO2020136883A1 (en) 2021-02-18
TW202026981A (en) 2020-07-16
TWI797227B (en) 2023-04-01
JP6924899B2 (en) 2021-08-25

Similar Documents

Publication Publication Date Title
US11228587B2 (en) Method, system, device and software programme product for the remote authorization of a user of digital services
US20210279319A1 (en) Systems and methods for executing electronic transactions using secure identity data
US11843599B2 (en) Systems, methods, and non-transitory computer-readable media for secure biometrically-enhanced data exchanges and data storage
JP2018128970A (en) Non-stop face authentication system
US20190268158A1 (en) Systems and methods for providing mobile identification of individuals
WO2021214970A1 (en) Information processing device, system, facial image updating method, and storage medium
KR20120013881A (en) Loaning method using kiosk system
WO2020152840A1 (en) Certificate recognition system, certificate recognition method, and program
WO2020136883A1 (en) Authentication system
JP2005293172A (en) Identification system
WO2022024281A1 (en) Authentication server, authentication system, authentication request processing method, and storage medium
JP7311300B2 (en) Information processing device, information processing method, and program
JP2007328616A (en) Contract system
JP2020154737A (en) Authentication system
KR102639356B1 (en) Identity Authentication System and Method Using Face Recognition
WO2023170899A1 (en) Terminal, system, method for controlling terminal, and storage medium
JP7158793B1 (en) Authentication devices, vending systems, transit systems, and automated teller machines
US20230308436A1 (en) Systems and methods for authentication and validation based on user credential and biometric data
WO2023007768A1 (en) Information processing system, information processing method, and computer-readable storage medium
JP2019159555A (en) Information processing apparatus and recognition method
WO2024057457A1 (en) Authentication terminal, system, control method of authentication terminal, and recording medium
WO2021192229A1 (en) Passport application device, id photo machine, passport application method, and passport application system
JP2024056417A (en) Personal identification device, personal identification method, and computer program
JP2023054831A (en) Personal authentication system
JP2022531150A (en) Security systems and processes with biometrics

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2020517399

Country of ref document: JP

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18944614

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18944614

Country of ref document: EP

Kind code of ref document: A1