CN102299796A

CN102299796A - Authentication card, card authentication terminal, card authentication server and card authentication system

Info

Publication number: CN102299796A
Application number: CN2011101440931A
Authority: CN
Inventors: 赵强福
Original assignee: University of Aizu
Current assignee: University of Aizu
Priority date: 2010-06-25
Filing date: 2011-05-30
Publication date: 2011-12-28
Also published as: JP2012008816A

Abstract

The invention relates to an authentication card, a card authentication terminal, a card authentication server and a card authentication system. An operator of an operation terminal can easily and precisely judge whether or not a user of the authentication card is a possessor of the authentication card. The card authentication terminal (3) is provided with an image recording unit (12) which records a basic image collection composed of a plurality of basic images, coefficient information acquiring units (11, 13) which acquire the coefficient information from the authentication card recording the coefficient information corresponding to the basic images or the card authentication server connected with a network (5), and an image processing unit (14) which carries out the synthesis processing of an authentication image based on the basic image collection and the coefficient information. The authentication image is used for judging whether or not the user of the card is the possessor of the card.

Description

Authentication card, card authentication terminal, card certificate server and card authentication system

Technical field

The present invention relates to a kind of authentication card, card authentication terminal, card certificate server and card authentication system, in more detail, relate to and a kind ofly can judge easily that whether the user who uses authentication card is holder (the legal card owner's) authentication card, card authentication terminal, card certificate server and card authentication system.

Background technology

Current, have a lot of following systems: the ISP provides the card of regulation to specific user (for example member etc.), can judge that (identification) card release user is under the situation of the legal card owner (accepting the real user of card), provides specific service to the card user.As the card that in above-mentioned service, uses, the basic account card of resident that adopts of known safe card, Japan etc. for example.In addition, can also be applied to the certificate of identity etc. of driving license etc.

As one of card that provides like this, well-known credit card (credit card) is arranged.Now, the user is in when shopping, uses credit card and situation is in cash increased gradually.Use credit card, can not carry cash, and can freely buy extensive stock (perhaps service).At present, issued and be extensive use of a large amount of credits card.

As the comparatively general type of card of credit card, known magnetic card and IC-card.Magnetic card and IC-card have a great difference on aspect these two of the recording capacity of data and operation processing function.The recording capacity of IC-card is greater than the recording capacity of magnetic card, and is provided with operation processing function in the IC-card.

When using magnetic card to do shopping, the card information of magnetic card (be used to card authentication etc. information) is read by terminal, and the card information that reads out is passed to server from terminal via network.This server has the authentication function to credit card, according to the card information via network delivery, can judge the legitimacy (authentication processing) of magnetic card.In server, according to the card information of being transmitted, judge the legitimacy of magnetic card, if be judged as legally, then allow to use the information of credit card to the terminal foldback from server.

In addition, it is to judge whether magnetic card itself is legal card that the legitimacy of carrying out in server is judged, is not to judge to utilize whether the user of magnetic card is the legal owner of card.In addition, the legal owner of card, the people that promptly formally is registered in card company as the owner of card are called as holder (holder).

Legitimacy at magnetic card is allowed to use under the situation of card by approval, also requiring the user to sign by the operator of operating terminal (for example can use the salesman etc. in the shop of credit card) waits the legitimacy (whether the user is the holder) of judging the user, can utilize credit card to do shopping under the situation of the legitimacy of having been approved the user by the operator (user is the holder).

When judging the legitimacy of magnetic card like this, therefore, might the third party steal card information via network card feeding-discharging information when server transmits card information.If magnetic card then can easily duplicate card according to the card information of stealing, so the third party just can use duplicated card unlawfully to do shopping by certain means acquisition holder's signature.It is the so-called illegal act of reading (skimming) that is called as surreptitiously that this card duplicates.

Read in order to prevent that card is stolen, what current use was more is the credit card of IC-card type.IC-card possesses operation processing function and bigger recording capacity (memory) as mentioned above, can handle (for example, with reference to patent documentation 1) as minicom.Therefore, the authentication informations such as password of legitimacy that information, the expression holder of the legitimacy of expression credit card are arranged at the internal record of IC-card, need not in server, to confirm the operation of the legitimacy of card, by the mutual authentication (authentication processing) between IC-card and the terminal, just can judge the legitimacy of card release.

In addition, owing in IC-card, be provided with operation processing function,, can also judge the legitimacy of terminal by IC-card therefore by carrying out the mutual authentication between IC-card and the terminal.Therefore in the mutual authentication between this IC-card and terminal, be to judge in the IC-card side, rather than read the information of IC-card, can prevent to be recorded in personal information in the IC-card etc. effectively and be revealed according to required information.

Under the approved situation of the legitimacy of IC-card and terminal, the operator requires the user to enter password and waits the authentication of carrying out the user.Carrying out the user when authenticating, be sent to IC-card, judging that in the inside of IC-card whether the user is holder's authentication determination, and only authentication result is outputed to terminal by the password of user's input.Using like this under the situation of IC-card, the third party is difficult to steal etc., therefore can prevent from effectively to be recorded in leakage, the IC-card of the information in the IC-card forgery, duplicate etc.

Yet,, also can't guarantee to be perfectly safe even use IC-card.For example, carry out the user when authenticating accessing to your password, the third party just can pretend to be the holder by stealing a glance at password.The holder confirms that the situation that does not have the peeper to input password afterwards fully is fewer on every side when using credit card and will input password.Comparatively speaking, the situation of just inputing password around the holder does not note is many, therefore, we can say that also the possibility of being stolen a glance at password is than higher.The third party steals a glance at the password of such input, just can obtain password, by utilizing this password, can pretend to be the holder when using card.Thereby even be difficult to from blocking under the situation itself that steal card information as the credit card of IC-card type, the third party also can do shopping with others' credit card simply by stealing a glance at password.

Like this, even whether the protection of using IC-card to improve card information is holder's legitimacy if can not strictly judge the user, can not guarantee as credit card, need to carry out the fail safe of the card that the user authenticates fully.In light of this situation, use at present mostly following method: by the facial photo of printing holder on credit card etc., the operator of operating terminal compares user's face with the facial photo that is printed on the holder on the credit card, judge whether the user is holder's legitimacy judgement.

Yet, if will being printed on the lip-deep facial photo of card, the third party replaces with the facial photo of oneself, causing being judged as the third party is exactly the holder.And even do not carry out the replacement of photo, if third party and holder are alike, then also might be judged as the third party according to facial photo is the holder.Especially, because the size of credit card is defined as given size, therefore the facial photo that is printed on the credit card also becomes smaller image, might make trickle part become unintelligible.Therefore, if the third party relatively as the holder, even then the operator has confirmed facial photo, also might regard as the third party is the holder, is difficult to fully guarantee fail safe in this case.

In addition, at present, method as the legitimacy of judging the holder, also adopted following method: with holders such as finger print information, venous information intrinsic Biont information record in the IC-card, will use the people's of card Biont information to compare with the Biont information that is recorded in the holder in the IC-card.Yet, when using Biont information to judge the user, need will be used for being arranged on shop etc., thereby produced problems such as cost is set according to the device that Biont information authenticates whether as the holder.

In addition, also consider by in holder's legitimacy is judged, using a plurality of authentication methods such as signature, password, Biont information to improve the judgement accuracy of legitimacy simultaneously and guaranteeing the method for fail safe, but when using a plurality of authentication method simultaneously, authentication burden in the time of might causing with sales slip increases, thus the convenience of breach of confidence card.

Therefore, following a kind of method (for example, with reference to patent documentation 2) has been proposed: under the situation of the convenience that does not destroy the card user, use holder's facial photo to judge whether the user is the holder.

In patent documentation 2 disclosed methods, by according to the authentication image that is used to prove the holder and by the target image of the image construction that is different from authentication image, use anamorphose (morphing) technology, generate the distortion authentication image, this distortion authentication image is the image that authentication image is obtained towards the target image distortion.Then, the distortion authentication image that is generated is printed onto the surface of card, perhaps will be out of shape authentication image information and records in the card.

When the authentication holder, at first be printed on the lip-deep distortion authentication image of card, perhaps the distortion authentication image information of playback record in card by terminal installation scanning.Then, according to distortion authentication image information, deformation rate, target image, the deformation behaviour information (characteristic vector) of target image feature and the characteristic vector of deformation pattern can partly be described, use the inverse metamorphism technology to generate and be used to prove holder's self authentication image, and make and be arranged at the display demonstration authentication image of card authentication with terminal.The operator compares by the user's of the authentication image that will generate like this and card face, can judge whether the user of card is the holder.

Patent documentation 1: TOHKEMY 2008-181225

Patent documentation 2: TOHKEMY 2011-002938 (Japanese Patent Application 2009-144420)

Summary of the invention

The problem that invention will solve

Yet, shown in patent documentation 2, like that, record in the card in order to be out of shape authentication image information, the bigger recording capacity of Capacity Ratio (memory span) need be set in card.Therefore, there are the following problems: generally Liu Tong credit card etc. is difficult to guarantee enough recording capacities.

On the other hand, to be out of shape authentication image and be printed under the situation of method on surface of credit card using, because the picture size of printing on the credit card is less, even therefore read the distortion authentication image by scanner, the resolution of the image that scans sometimes is not high yet.And also there are the following problems: if be attached with stain or image was rubbed on printed distortion authentication image, obtain the distortion authentication image with then being difficult to pinpoint accuracy.

The present invention finishes in view of aforesaid problem, its purpose be can by the operator of operating terminal easily and pinpoint accuracy ground judge whether the user of card is holder's authentication card, card authentication terminal, card certificate server and card authentication system.

The scheme that is used to deal with problems

In order to address the above problem, the first authentication card involved in the present invention is the authentication card that uses in card authentication terminal, this card authentication terminal according to by the basic image set of a plurality of basic image constructions and with the corresponding coefficient information of each above-mentioned basic image, whether the synthetic processing of carrying out authentication image is the holder with the user who judges card, this authentication card is characterised in that, records above-mentioned coefficient information in this authentication card.

Like this, by utilizing the first authentication card involved in the present invention, can carry out the synthetic processing of authentication image according to basic image and coefficient information, therefore can be simply and pinpoint accuracy synthesize holder's facial photo (perhaps, alike facial photo) with the holder.

In addition, the basic image that only is used for synthetic authentication image is the synthetic processing that can't carry out authentication image, if the coefficient information corresponding with basic image just can't do not synthesized authentication image.Therefore, the third party is not easy to carry out the synthetic processing of holder's authentication image, thereby can improve fail safe.

And, to compare with authentication image, basic image, the data volume of coefficient information is very little, therefore coefficient information itself can be recorded in the authentication card.Therefore, record by the required coefficient information of synthetic processing that will carry out authentication image and to manage in the authentication card and at the basic image of card authentication terminal keeping, therefore information dispersion management that can synthetic processing that carry out authentication image is required can improve fail safe.

In addition, holder herein is meant the legal owner of card.In general, only allow the holder to use the situation of card more, if but use card as non-holder's third party, then might bring the loss that is difficult to predict to the holder.Whether the user who therefore, blocks is that holder's judgement becomes particularly important.

In addition, authentication card is meant following card: the information of using in the time of can writing down the authentication of carrying out the holder, and according to the information of record etc. can be used in authentication and wants to accept whether the user of regulation service is real holder.Thereby the authentication card can present shape, form arbitrarily.For example, the authentication card comprises as credit card, such cards that present the card shape such as office worker's card of company, and (comprise functional mobile phone (Feature phone) as portable phone, smart mobile phone etc.), PDA (Personal Digital Assistant (personal digital assistant), Personal Data Assistance (personal digital assistant)), tablet terminal (tablet terminal), portable with computer etc. like that the user hold separately and the portable information device that uses etc. and the equipment that may not present the card release shape are also contained in the related authentication card of the present application.

In addition, the second authentication card involved in the present invention is the authentication card that uses in card authentication terminal, this card authentication terminal is by utilizing basic image collection, index information and coefficient information are used to judge the synthetic processing of authentication image of holder's legitimacy, this base image collection combines the mutually different a plurality of basic image sets of feature, this base image set is by a plurality of basic image construction with same characteristic features, this index information is used for determining from above-mentioned basic image collection the basic image of the synthetic processing that is used for above-mentioned authentication image, this coefficient information is corresponding with each the basic image in a plurality of basic image of determining according to this index information, above-mentioned authentication card is characterised in that, records at least one information in above-mentioned index information and the above-mentioned coefficient information in this authentication card.

In the second authentication card involved in the present invention, by utilizing index information, the basic image that uses in the time of can from basic image collection, determining synthetic processing of carrying out authentication image.Thereby, even the basic image that uses when comprising synthetic processing of carrying out authentication image and the basic image collection of image are in addition stolen by the third party, short of index information, therefore the basic image that uses in the time of just can't determining synthetic processing of carrying out authentication image can prevent that the third party from easily carrying out the synthetic processing of authentication image.

And, in the second authentication card involved in the present invention, by synthesize authentication image according to basic image and the coefficient information determined by index information, can be simply and pinpoint accuracy synthesize holder's facial photo (perhaps, alike facial photo) with the holder.

In addition, in the second authentication card involved in the present invention, the basic image that uses when only using synthetic processing of carrying out authentication image is the synthetic processing that can't carry out authentication image, need with the corresponding coefficient information of determining according to index information of basic image.Therefore, the third party is not easy to carry out the synthetic processing of holder's authentication image, thereby can improve fail safe.

And, to compare with authentication image, basic image, the data volume of index information and coefficient information is very little, therefore, in index information and the coefficient information at least one can be recorded in the authentication card.Therefore, record in the authentication card by required index information of the synthetic processing that will carry out authentication image or coefficient information and take care of, information dispersion that can synthetic processing that carry out authentication image is required is managed, thereby can improve fail safe.

In addition, first card authentication terminal involved in the present invention is characterised in that to possess: image recording unit, and its record is by the basic image set of a plurality of basic image constructions; The coefficient information acquiring unit, it obtains the coefficient information corresponding with each basic image from the card certificate server that authentication blocks or connects via network; And graphics processing unit, it carries out the synthetic processing of authentication image according to above-mentioned basic image set and above-mentioned coefficient information, and this authentication image is used to judge whether the user of card is the holder.

Like this, in first card authentication terminal involved in the present invention, owing to carry out the synthetic processing of authentication image according to basic image and coefficient information, therefore can be simply and pinpoint accuracy synthesize holder's facial photo (perhaps, alike facial photo) with the holder.

In addition, the basic image that only is used for synthetic authentication image is the synthetic processing that can't carry out authentication image, and the corresponding coefficient information of short of and basic image just can't be synthesized authentication image.Therefore, the third party is not easy to carry out the synthetic processing of holder's authentication image, thereby can improve fail safe.

And, to compare with authentication image, basic image, the data volume of coefficient information is very little, therefore coefficient information itself can be recorded in the authentication card.In addition, similarly, because the data volume of coefficient information is very little, even obtain coefficient information from the card certificate server that connects via network, the possibility that receives and send required time of data, burden increase is also low.

Therefore, carry out the required coefficient information of the synthetic processing of authentication image and by the basic image of card authentication terminal keeping by making authentication card or card certificate server record and keeping, information dispersion management that can synthetic processing that carry out authentication image is required, thus fail safe can be improved.

And, second card authentication terminal involved in the present invention is characterised in that to possess: image recording unit, and it writes down basic image collection, this base image collection combines the mutually different a plurality of basic image sets of feature, and this base image set is by a plurality of basic image construction with same characteristic features; The index information acquiring unit, it obtains index information from the card certificate server that authentication blocks or connects via network, this index information is used for determining from above-mentioned basic image collection the basic image of the synthetic processing that is used for authentication image, and this authentication image is used to judge holder's legitimacy; The coefficient information acquiring unit, it obtains coefficient information from above-mentioned authentication card or the above-mentioned card certificate server that connects via above-mentioned network, and this coefficient information is corresponding with each the basic image in a plurality of basic image of determining according to above-mentioned index information; Base image determining unit, it determines a plurality of basic image of the synthetic processing that is used for above-mentioned authentication image according to the above-mentioned index information that is got access to by above-mentioned index information acquiring unit; And graphics processing unit, its according to a plurality of basic image of determining by this base image determining unit and with these a plurality of basic images in the corresponding coefficient information of each basic image, carry out the synthetic processing of above-mentioned authentication image.

In second card authentication terminal involved in the present invention, by utilizing index information, the basic image that uses in the time of can from basic image collection, determining synthetic processing of carrying out authentication image.Thereby, even the basic image that uses when comprising synthetic processing of carrying out authentication image and the basic image collection of image are in addition stolen by the third party, short of index information, therefore the basic image that uses in the time of just can't determining synthetic processing of carrying out authentication image can prevent that the third party from easily carrying out the synthetic processing of authentication image.

And, in second card authentication terminal involved in the present invention, by synthesize authentication image according to basic image and the coefficient information determined by index information, can be simply and pinpoint accuracy synthesize holder's facial photo (perhaps, alike facial photo) with the holder.

In addition, in second card authentication terminal involved in the present invention, the basic image that only is used for synthetic authentication image is the synthetic processing that can't carry out authentication image, need with the corresponding coefficient information of determining according to index information of basic image.Therefore, the third party is not easy to carry out the synthetic processing of holder's authentication image, thereby can improve fail safe.

And, to compare with authentication image, basic image, the data volume of coefficient information and index information is very little, therefore information itself can be recorded in the authentication card.In addition, similarly, because the data volume of coefficient information and index information is very little, even therefore obtain coefficient information, index information from the card certificate server that connects via network, it is also low to receive and send the possibility that required time of data, burden increases.

Therefore, by making authentication card or card certificate server record and keeping be used for determining the index information of basic image, the coefficient information of using when carrying out synthetic processing of authentication image and by the basic image of card authentication terminal keeping, information dispersion management that can synthetic processing that carry out authentication image is required, thus fail safe can be improved.

On the other hand, in the first and second above-mentioned card authentication terminals, also can have following feature: be recorded in a plurality of basic image in the above-mentioned image recording unit and be with the state recording that changed of putting in order that should the base image by implementing displacement transformation to handle, it is according to the difference of card authentication terminal and different that this displacement transformation is handled, and the displacement transformation that above-mentioned index information was implemented and was recorded in the basic image in the above-mentioned image recording unit is handled corresponding displacement transformation and handled.

Like this, in first and second card authentication terminals involved in the present invention, the basic image that uses when carrying out synthetic handle of authentication image is implemented displacement transformation and is handled, basic image with the state recording that put in order by change in image recording unit.Therefore, even the basic image that the third party used when getting access to synthetic handle of carrying out authentication image because putting in order of basic image change, is can't judge to utilize which basic image to carry out the synthetic processing of authentication image with this state therefore.

And, because it is to carry out making the different processing of putting in order of basic image according to the difference of card authentication terminal that displacement transformation is handled, therefore even the third party gets access to the basic image that has been implemented after displacement transformation is handled, also be difficult to judgement and need carry out which kind of displacement transformation processing, thereby can improve fail safe.

In addition, changing under the situation about putting in order of basic image, if still use original index information, the basic image that uses in the time of then can't determining synthetic processing of carrying out authentication image.Therefore,, handles the index information that uses in the card authentication terminal involved in the present invention the basic image that uses in the time of can from be implemented the basic image after displacement transformation is handled, determining synthetic processing of carrying out authentication image by being implemented the displacement transformation corresponding with basic image.

In addition, the first card certificate server involved in the present invention is connected with card authentication terminal via network, this card authentication terminal is according to carrying out the synthetic processing of authentication image by the basic image set of a plurality of basic image constructions and the coefficient information corresponding with each above-mentioned basic image, this authentication image is used to judge whether the user of card is the holder, this card certificate server is characterised in that, possess: basic image recording unit, its record constitutes a plurality of basic image of above-mentioned basic image set; Base image update unit, it upgrades a part of basic image in a plurality of basic image that is recorded in this base image recording unit termly; And basic image transmission unit, its new basic image set that will comprise by the basic image after this base image update unit renewal is sent to above-mentioned card authentication terminal via above-mentioned network.

In the first card certificate server involved in the present invention owing to carry out the synthetic processing of authentication image according to basic image and coefficient information, therefore can be simply and pinpoint accuracy synthesize holder's facial photo (perhaps, alike facial photo) with the holder.

And the basic image that only is used for synthetic authentication image is the synthetic processing that can't carry out authentication image, and the corresponding coefficient information of short of and basic image just can't be synthesized authentication image.Therefore, the third party is not easy to carry out the synthetic processing of holder's authentication image, thereby can improve fail safe.

On the other hand, compare with coefficient information, the data volume of the basic image set that uses when carrying out synthetic handle of authentication image is bigger, and therefore expectation should be recorded in the card authentication terminal by the base image set in advance.Yet, if in card authentication terminal, write down identical basic image set all the time and carry out the synthetic processing of authentication image all the time according to identical basic image set, cause synthesizing the required basic image of processing and be fixed, might cause fail safe to reduce.Therefore, in the first card certificate server involved in the present invention, a part of basic image of the basic image set that might use when upgrading synthetic processing of carrying out authentication image termly can prevent that basic image is fixed, and can keep the fail safe of height.

And, all to compare during with synthetic handle of in card authentication terminal, carrying out authentication image at every turn via the method that network obtains basic image set, adopt the method termly new basic image set is sent to card authentication terminal can more easily realize rapidization of the synthetic processing in the card authentication terminal, and can alleviate the burden of carrying out the network that the data transmission might produce.

In addition, the second card certificate server involved in the present invention is connected with card authentication terminal via network, this card authentication terminal is by utilizing basic image collection, index information and coefficient information are used to judge the synthetic processing of authentication image of holder's legitimacy, this base image collection combines the mutually different a plurality of basic image sets of feature, this base image set is by a plurality of basic image construction with same characteristic features, this index information is used for determining from above-mentioned basic image collection the basic image of the synthetic processing that is used for above-mentioned authentication image, this coefficient information is corresponding with each the basic image in a plurality of basic image of determining according to this index information, this card certificate server is characterised in that, possess: basic image recording unit, it carries out record to a plurality of basic image that constitutes above-mentioned basic image collection; Base image update unit, it upgrades a part of basic image in a plurality of basic image that is recorded in this base image recording unit termly; And basic image transmission unit, its new basic image collection that will comprise by the basic image after this base image update unit renewal is sent to above-mentioned card authentication terminal via above-mentioned network.

In the second card certificate server involved in the present invention, by utilizing index information, the basic image that uses in the time of can from basic image collection, determining synthetic processing of carrying out authentication image.Thereby, even the basic image that uses when comprising synthetic processing of carrying out authentication image and the basic image collection of image are in addition stolen by the third party, short of index information, therefore the basic image that uses in the time of just can't determining synthetic processing of carrying out authentication image can prevent that the third party from easily carrying out the synthetic processing of authentication image.

And, in the second card certificate server involved in the present invention, by synthesize authentication image according to basic image and the coefficient information determined by index information, can be simply and pinpoint accuracy synthesize holder's facial photo (perhaps, alike facial photo) with the holder.

In addition, in the second card certificate server involved in the present invention, the basic image that only is used for synthesizing authentication image is the synthetic processing that can't carry out authentication image, need with the corresponding coefficient information of determining according to index information of basic image.Therefore, the third party is not easy to carry out the synthetic processing of holder's authentication image, thereby can improve fail safe.

And in the second card certificate server involved in the present invention, a part of basic image of the basic image set that might use when upgrading synthetic processing of carrying out authentication image termly can prevent that basic image is fixed, and can keep the fail safe of height.

In addition, all to compare during with synthetic handle of in card authentication terminal, carrying out authentication image at every turn via the method that network obtains basic image set, adopt the method termly new basic image set is sent to card authentication terminal more can easily realize rapidization of the synthetic processing in the card authentication terminal, and can alleviate the burden of carrying out the network that the data transmission might produce.

Then, the above-mentioned first and second card certificate servers also can have following feature: above-mentioned basic image update unit has: taxon, and its great amount of images that will prepare in order to generate basic image is a plurality of groups according to the tagsort of image; The base image generation unit, its basis is to belong to the higher-dimension distribution that is characterized as benchmark of each a plurality of image organized that is sorted out by this taxon, and generation can show this higher-dimension distribution well and present a plurality of basic image of low-dimensional distribution; The authentication image synthesis unit, it utilizes a plurality of basic image that belongs to each group that is generated by this base image generation unit, comes the corresponding authentication image of each image in synthetic and the above-mentioned great amount of images; And resultant error judging unit, it is obtained by the authentication image of synthetic each group that obtains of this authentication image synthesis unit and the resultant error between the respective image in the above-mentioned great amount of images, and judge to utilize the group that respective image is categorized into by above-mentioned taxon the synthetic authentication image that obtains of basic image resultant error whether Billy use the resultant error of synthetic all authentication image that obtain of basic image of the group that respective image is not categorized into by above-mentioned taxon all little, wherein, be that to utilize the resultant error of the synthetic authentication image that obtains of basic image of group respective image is categorized into by above-mentioned taxon be not under the minimum situation by above-mentioned resultant error judgment unit judges, above-mentioned taxon reclassifies respective image the group of resultant error minimum once more, above-mentioned basic image generation unit utilization by this taxon again the generation of carrying out basic image once more of a plurality of images of subseries handle, the a plurality of basic image that the utilization of above-mentioned authentication image synthesis unit is generated once more by this base image generation unit, come the corresponding authentication image of each image in synthetic and the above-mentioned great amount of images, above-mentioned resultant error judging unit is by obtaining by the authentication image of synthetic once more each group that obtains of above-mentioned authentication image synthesis unit and the resultant error between the respective image in the above-mentioned great amount of images, judge repeatedly the group that utilization is categorized into respective image once more by above-mentioned taxon the synthetic authentication image that obtains of basic image resultant error whether Billy use the resultant error of synthetic all authentication image that obtain of basic image of the group that respective image is not categorized into once more by above-mentioned taxon all little, be to utilize under the situation of resultant error minimum of the synthetic authentication image that obtains of basic image of group respective image is categorized into by this taxon by above-mentioned resultant error judgment unit judges, above-mentioned basic image transmission unit will be sent to above-mentioned card authentication terminal by a plurality of basic image that above-mentioned basic image generation unit generates.

In the first and second card certificate servers involved in the present invention, be that to utilize the resultant error of the synthetic authentication image that obtains of basic image of the group sort images into by taxon be not under the minimum situation by the resultant error judgment unit judges in the basic image update unit, taxon reclassifies corresponding image the group of resultant error minimum once more, regenerates basic image.Like this, compare with the image that is classified by the synthetic authentication image that obtains of the basic image that will utilize the group that sorts images into by taxon, till resultant error becomes minimum, generate basic image repeatedly, can improve the synthetic accuracy of utilizing the synthetic authentication image of basic image thus.

And, the similar basic image of feature by utilizing image and holder's facial photo carries out the synthetic processing of authentication image, even reduce the quantity synthesize required basic image of processing and the data volume of coefficient information, also can generate the authentication image of the accuracy of the authentication processing that is enough to carry out the holder.Thereby, the data volume of coefficient information, index information etc. can be reduced effectively, and the authentication card can be consciously coefficient information, index information etc. be recorded in.

In addition, the first and second above-mentioned card certificate servers also can also possess the displacement transformation unit, this displacement transformation unit is by the set of having been upgraded the new basic image behind a part of basic image by above-mentioned basic image update unit being implemented according to the difference of card authentication terminal and different displacement transformations is handled, change putting in order of basic image, above-mentioned basic image transmission unit will be sent to above-mentioned card authentication terminal by the set that above-mentioned displacement transformation unit has carried out the basic image after displacement transformation is handled.

Like this, in the first and second card certificate servers involved in the present invention, by the displacement transformation unit basic image is implemented displacement transformation and handle, therefore put in order and changed.Therefore, even a plurality of basic image that the third party used when getting access to synthetic processing of carrying out authentication image because putting in order of basic image changed, also can't judged to utilize which basic image to carry out the synthetic processing of authentication image by under the state that changes.

And, because the displacement transformation unit carries out making the different processing of putting in order of basic image according to the difference of card authentication terminal, even therefore the third party gets access to the basic image that is implemented after displacement transformation is handled, also be difficult to judgement and need carry out which kind of displacement transformation processing, thereby can improve fail safe.

In addition, changing under the situation about putting in order of basic image,, then can't determine the basic image that is used for synthetic authentication image if still use original index information.Therefore,, handles the index information that uses in the card authentication system involved in the present invention the basic image that uses in the time of can from be implemented the basic image after displacement transformation is handled, determining synthetic processing of carrying out authentication image by being implemented the displacement transformation corresponding with basic image.

In addition, as generating the method that can show this higher-dimension distribution well and present a plurality of basic images of low-dimensional distribution according to the higher-dimension distribution that is characterized as benchmark with a plurality of images, for example can utilize PCA, perhaps utilize proximity search method.

On the other hand, first card authentication system involved in the present invention according to by the basic image set of a plurality of basic image constructions and with the corresponding coefficient information of each above-mentioned basic image, whether the synthetic processing of carrying out authentication image is the holder with the user who judges card, this card authentication system is characterised in that, possess: the authentication card, it records above-mentioned coefficient information; Card authentication terminal, it carries out the synthetic processing of above-mentioned authentication image; And the card certificate server, it is connected with above-mentioned card authentication terminal via network, and wherein, this card authentication terminal has: image recording unit, it writes down above-mentioned basic image set; The coefficient information acquiring unit, it obtains above-mentioned coefficient information from above-mentioned authentication card; And graphics processing unit, it carries out the synthetic processing of above-mentioned authentication image according to above-mentioned basic image set and above-mentioned coefficient information.

In addition, second card authentication system involved in the present invention according to by the basic image set of a plurality of basic image constructions and with the corresponding coefficient information of each above-mentioned basic image, whether the synthetic processing of carrying out authentication image is the holder with the user who judges card, this card authentication system is characterised in that, possess: the card certificate server, it records above-mentioned coefficient information; And card authentication terminal, it carries out the synthetic processing of above-mentioned authentication image, and wherein, this card authentication terminal has: image recording unit, it writes down above-mentioned basic image set; The coefficient information acquiring unit, it obtains above-mentioned coefficient information from the above-mentioned card certificate server that is connected via network; And graphics processing unit, it carries out the synthetic processing of above-mentioned authentication image according to above-mentioned basic image set and above-mentioned coefficient information.

Like this, in first and second card authentication systems involved in the present invention, can carry out the synthetic processing of authentication image according to basic image set and coefficient information, therefore can be simply and pinpoint accuracy synthesize holder's facial photo (perhaps, alike facial photo) with the holder.

And, to compare with authentication image, basic image, the data volume of coefficient information is very little, therefore can shown in first card authentication system like that coefficient information itself be recorded in the authentication card.In addition, compare with authentication image, basic image, the data volume of coefficient information is very little, therefore, such shown in second card authentication system, even obtain coefficient information from the card certificate server that connects via network, the possibility that receives and send required time of data, burden increase is also low.

Particularly coefficient information is being recorded in the card certificate server rather than recording under the situation about authenticating in the card, do not needing to make authentication card record to carry out the required coefficient information of synthetic processing of authentication image.Therefore, even the inadequate magnetic card of service recorder capacity etc. utilize card authentication system involved in the present invention as the authentication card, can judge also by the synthetic processing of carrying out authentication image whether the user of card is the holder.

In addition, in above-mentioned first and second card authentication systems, also can have following feature: above-mentioned card certificate server has: basic image recording unit, and its record constitutes a plurality of basic image of above-mentioned basic image set; Base image update unit, it upgrades a part of basic image in a plurality of basic image that is recorded in this base image recording unit termly; And basic image transmission unit, its new basic image set that will comprise by the basic image after this base image update unit renewal is sent to above-mentioned card authentication terminal via above-mentioned network, wherein, above-mentioned card authentication terminal makes the new basic image set that above-mentioned image recording unit record is transmitted.

In first and second card authentication systems involved in the present invention, because a part of basic image of the basic image set that might use when in the card certificate server, upgrading synthetic processing of carrying out authentication image termly, therefore can prevent that basic image is fixed, thereby can keep the fail safe of height.

And, all to compare during with synthetic handle of in card authentication terminal, carrying out authentication image at every turn via the method that network obtains basic image set, adopt the method termly new basic image set is sent to card authentication terminal more can easily realize rapidization of the synthetic processing in the card authentication terminal, and can alleviate the burden of carrying out the network that the data transmission might produce.

In addition, the 3rd card authentication system involved in the present invention is by utilizing basic image collection, index information and coefficient information are used to judge the synthetic processing of authentication image of holder's legitimacy, this base image collection combines the mutually different a plurality of basic image sets of feature, this base image set is by a plurality of basic image construction with same characteristic features, this index information is used for determining from above-mentioned basic image collection the basic image of the synthetic processing that is used for above-mentioned authentication image, this coefficient information is corresponding with each the basic image in a plurality of basic image of determining according to this index information, this card authentication system is characterised in that, possess: authentication card and card certificate server, this authentication card and card certificate server can write down above-mentioned index information and above-mentioned coefficient information; And card authentication terminal, it carries out the synthetic processing of above-mentioned authentication image, wherein, above-mentioned index information is recorded in above-mentioned authentication card or the above-mentioned card certificate server, and above-mentioned coefficient information is recorded in above-mentioned authentication card or the above-mentioned card certificate server, above-mentioned card authentication terminal has: image recording unit, and it writes down above-mentioned basic image collection; The index information acquiring unit, it obtains above-mentioned index information from above-mentioned authentication card or the above-mentioned card certificate server that is connected with network; The coefficient information acquiring unit, it obtains above-mentioned coefficient information from above-mentioned authentication card or the above-mentioned card certificate server that is connected with network; Base image determining unit, it determines a plurality of basic image of the synthetic processing that is used for above-mentioned authentication image according to the above-mentioned index information that is got access to by above-mentioned index information acquiring unit; And graphics processing unit, its according to a plurality of basic image of determining by this base image determining unit and with these a plurality of basic images in the corresponding coefficient information of each basic image, carry out the synthetic processing of above-mentioned authentication image.

In the 3rd card authentication system involved in the present invention, by utilizing index information, the basic image that uses in the time of can from basic image collection, determining synthetic processing of carrying out authentication image.Thereby, even the basic image that uses when comprising synthetic processing of carrying out authentication image and the basic image collection of image are in addition stolen by the third party, short of index information, therefore the basic image that uses in the time of just can't determining synthetic processing of carrying out authentication image can prevent that the third party from easily carrying out the synthetic processing of authentication image.

And, in the 3rd card authentication system involved in the present invention, by synthesize authentication image according to basic image and the coefficient information determined by index information, can be simply and pinpoint accuracy synthesize holder's facial photo (perhaps, alike facial photo) with the holder.

In addition, in the 3rd card authentication system involved in the present invention, the basic image that only is used for synthetic authentication image is the synthetic processing that can't carry out authentication image, need with the corresponding coefficient information of determining according to index information of basic image.Therefore, the third party is not easy to carry out the synthetic processing of holder's authentication image, thereby can improve fail safe.

And, to compare with authentication image, basic image, the data volume of coefficient information and index information is very little, therefore coefficient information itself can be recorded in the authentication card.In addition, because the data volume of coefficient information and index information is very little, even therefore obtain coefficient information, index information from the card certificate server that connects via network, it is also low to receive and send the possibility that required time of data, burden increases.

Especially under the situation that makes card certificate server recording indexes information and coefficient information, do not make authentication card recording indexes information, coefficient information can carry out the synthetic processing of authentication image yet.Therefore, whether even use the less authentication card in the past of the recording capacity of data as magnetic card, also can block the user according to authentication image is holder's authentication processing.

In addition, in the 3rd above-mentioned card authentication system, also can have following feature: above-mentioned card certificate server has: basic image recording unit, and its record constitutes a plurality of basic image of above-mentioned basic image collection; Base image update unit, it upgrades a part of basic image in a plurality of basic image that is recorded in this base image recording unit termly; And basic image transmission unit, its new basic image collection that will comprise by the basic image after this base image update unit renewal is sent to above-mentioned card authentication terminal via above-mentioned network, wherein, above-mentioned card authentication terminal makes the new basic image collection that above-mentioned image recording unit record is transmitted.

In the 3rd card authentication system involved in the present invention, a part of basic image of the basic image set that might use when upgrading synthetic processing the carry out authentication image termly can prevent that basic image is fixed, and can keep the fail safe of height.

In addition, in above-mentioned card authentication system, also can have following feature: the above-mentioned basic image update unit of above-mentioned card certificate server has: taxon, and its great amount of images that will prepare in order to generate basic image is a plurality of groups according to the tagsort of image; The base image generation unit, its basis is to belong to the higher-dimension distribution that is characterized as benchmark of each a plurality of image organized that is sorted out by this taxon, and generation can show this higher-dimension distribution well and present a plurality of basic image of low-dimensional distribution; The authentication image synthesis unit, it utilizes a plurality of basic image that belongs to each group that is generated by this base image generation unit, comes the corresponding authentication image of each image in synthetic and the above-mentioned great amount of images; And resultant error judging unit, it is obtained by the authentication image of synthetic each group that obtains of this authentication image synthesis unit and the resultant error between the respective image in the above-mentioned great amount of images, and judge to utilize the group that respective image is categorized into by above-mentioned taxon the synthetic authentication image that obtains of basic image resultant error whether Billy use the resultant error of synthetic all authentication image that obtain of basic image of the group that respective image is not categorized into by above-mentioned taxon all little, wherein, be that to utilize the resultant error of the synthetic authentication image that obtains of basic image of group respective image is categorized into by above-mentioned taxon be not under the minimum situation by above-mentioned resultant error judgment unit judges, above-mentioned taxon reclassifies respective image the group of resultant error minimum once more, above-mentioned basic image generation unit utilization by this taxon again the generation of carrying out basic image once more of a plurality of images of subseries handle, the a plurality of basic image that the utilization of above-mentioned authentication image synthesis unit is generated once more by this base image generation unit, come the corresponding authentication image of each image in synthetic and the above-mentioned great amount of images, above-mentioned resultant error judging unit is by obtaining by the authentication image of synthetic once more each group that obtains of above-mentioned authentication image synthesis unit and the resultant error between the respective image in the above-mentioned great amount of images, judge repeatedly the group that utilization is categorized into respective image once more by above-mentioned taxon the synthetic authentication image that obtains of basic image resultant error whether Billy use the resultant error of synthetic all authentication image that obtain of basic image of the group that respective image is not categorized into once more by above-mentioned taxon all little, be to utilize under the situation of resultant error minimum of the synthetic authentication image that obtains of basic image of group respective image is categorized into by this taxon by above-mentioned resultant error judgment unit judges, above-mentioned basic image transmission unit will be sent to above-mentioned card authentication terminal by a plurality of basic image that above-mentioned basic image generation unit generates.

In card authentication system involved in the present invention, be that to utilize the resultant error of the synthetic authentication image that obtains of basic image of the group sort images into by taxon be not under the minimum situation by the resultant error judgment unit judges in the basic image update unit of card certificate server, taxon reclassifies corresponding image the group of resultant error minimum once more, regenerates basic image.Like this, compare with the image that is classified by the synthetic authentication image that obtains of the basic image that will utilize the group that sorts images into by taxon, till resultant error becomes minimum, generate basic image repeatedly, can improve the synthetic accuracy of utilizing the synthetic authentication image of basic image thus.

And, the similar basic image of feature by utilizing image and holder's facial photo carries out the synthetic processing of authentication image, even reduce the quantity synthesize required basic image of processing and the data volume of coefficient information, also can generate the authentication image of the accuracy of the authentication processing that is enough to carry out the holder.Thereby, can reduce the data volume of coefficient information, index information etc. effectively, and can make authentication card etc. initiatively write down coefficient information, index information etc.

And, in above-mentioned card authentication system, also can have following feature: above-mentioned card certificate server has the displacement transformation unit, this displacement transformation unit is by the set of having been upgraded the new basic image behind a part of basic image by above-mentioned basic image update unit being implemented according to the difference of card authentication terminal and different displacement transformations is handled, change putting in order of basic image, above-mentioned basic image transmission unit will be sent to above-mentioned card authentication terminal by the set that above-mentioned displacement transformation unit has carried out the basic image after displacement transformation is handled.

Like this, in card authentication system involved in the present invention, by the displacement transformation unit of card certificate server displacement transformation is implemented in the set of basic image and handled to change and put in order.Therefore, even a plurality of basic image that the third party used when getting access to synthetic handle of carrying out authentication image because putting in order of basic image changed, is can't judge to utilize which basic image to carry out the synthetic processing of authentication image with this state therefore.

The effect of invention

According to authentication card involved in the present invention, card authentication terminal, card certificate server and card authentication system, can synthesize according to basic image set, index information and coefficient information and be used to judge whether the card user is holder's authentication image.Therefore, by contrast user's of synthetic authentication image and card in card authentication terminal face, whether the operator can carry out the user according to more strict benchmark is holder's authentication.

Description of drawings

Fig. 1 is the figure of the summary structure of the related card authentication system of expression present embodiment.

Fig. 2 is illustrated in the credit card that uses in the related card authentication system of present embodiment and according to the figure that is recorded in synthetic authentication image such as information in the credit card.

Fig. 3 is the figure of the summary structure of the related terminal of expression present embodiment.

Fig. 4 is the figure of the summary structure of the related server of expression present embodiment.

Fig. 5 is illustrated in the flow chart that generates basic treatment of picture in the related server of present embodiment.

Fig. 6 is the process chart that the control and treatment portion of the related terminal of expression present embodiment carries out according to card authentication method (1).

Fig. 7 is the process chart that the control and treatment portion of the related terminal of expression present embodiment carries out according to card authentication method (2).

Fig. 8 is the process chart that the control and treatment portion of the related terminal of expression present embodiment carries out according to card authentication method (3).

Fig. 9 is the process chart that the control and treatment portion of the related terminal of expression present embodiment carries out according to card authentication method (4).

Figure 10 is expression compares the holder's who illustrates authentication method by the kind of kind of blocking and terminal a table.

Description of reference numerals

1: card authentication system; 2: server (card certificate server); 3: terminal (card authentication terminal); 4: credit card (authentication card); 5: network; 6: authentication image; The 9:(credit card) recording portion; The 11:(terminal) card-reading part (coefficient information acquiring unit, index information acquiring unit); The 12:(terminal) image recording portion (image recording unit); The 13:(terminal) Department of Communication Force (coefficient information acquiring unit, index information acquiring unit); The 14:(terminal) control and treatment portion (graphics processing unit, basic image determining unit); The 15:(terminal) image displaying part; The 20:(server) Department of Communication Force (basic image transmission unit); The 21:(server) control part (basic image generation unit, basic image update unit, authentication image synthesis unit, resultant error judging unit, displacement transformation unit, taxon, basic image transmission unit); The 22:(server) the end message recording portion; The 23:(server) basic image recording portion (basic image recording unit); The 24:(server) holder's information recording part; The 25:(server) the normal image recording portion.

Embodiment

Below, the card authentication system as an example of technical scheme involved in the present invention is shown, describe by the reference accompanying drawing.

At first, describe at the method for in the related card authentication system of present embodiment, the authentication image of the legitimacy that is used to judge the card user being synthesized.At this, judge that card user's legitimacy is meant, judge whether the card user is the legal owner (the perhaps legal user who is registered as card.The holder) people.For common card, the situation that the user of card is defined as the holder is more by the distributing and releasing corporation etc. of card.Yet the people beyond the holder pretends to be the holder to use legal card (without the card of forging) sometimes, if card is used as such, might waits to the holder and bring the loss that is difficult to expect.Therefore, the user who judges card whether to be that the holder becomes extremely important.

At this, the card of the object of judging as legitimacy is meant that card or proof (identification) that the card user can accept certain service are the cards that has satisfied the party of certain condition.For example, various cards such as the safety card of the basic account card of resident, intra-company's use, driving license can be equivalent to the card as the object of legitimacy judgement.In the related card authentication system of present embodiment, be that example describes with the credit card.

[about the synthetic processing method of authentication image]

1. basic image and coefficient

In order to judge that whether the card user is the legal possessory people who is registered as card, can make in all sorts of ways.Yet, according to the difference of authentication method, destroy the convenience that card uses sometimes, perhaps be difficult to carry out the legitimacy judgement of pinpoint accuracy.

Therefore, in the related card authentication system of present embodiment, adopt following method: the operator in the shop that service is provided utilizes sticking into of card user to go when paying a bill processing etc., the facial photo that is registered in the holder of card company is read on the terminal picture, face by will blocking the user compares with being presented at facial photo on the terminal picture (following this facial photo is called authentication image), judges whether the card user is the holder.Like this, the operator in fact with the naked eye judges holder's authentication image (facial photo) and card user's face, even the edema situation of holder's hair style, beard, face, the fat or thin situation of face etc. change thus, also can judge whether to be the legal owner with pinpoint accuracy.

Be presented at method on the terminal picture as authentication image with the holder, consider following method: all possessory facial photo of legal card are recorded in the terminal in shop or the server of card company etc. in advance as authentication image, according to the holder's who obtains by the card request of showing identifying information, extract and show the holder's who conforms to authentication image out from terminal or server.Yet, if like this with holder's facial photo with original state (not carrying out the distortion, encryption of image etc.) as authentication image, cause forgery, replacement etc. to become easily, thereby might cause fail safe to reduce holder's authentication image.

Therefore, following a kind of method (with reference to aforesaid patent documentation 2) has been proposed also:, utilize the synthetic holder's of morphing authentication image according to the information of the facial photo that is recorded in information in the card and non-holder.In this synthetic processing that utilizes the authentication image that deformation technology carries out, for example need the overall distribution relevant with the component part of faces such as eye, nose, mouth, the shape of component part etc. are extracted out as characteristic point.Then,, holder and other peoples' facial photo is deformed towards same characteristic point, can synthesize thus with holder's appearance picture but different deformation pattern by utilizing morphing etc.

Yet characteristic point varies with each individual, so pinpoint accuracy ground and extract characteristic point effectively out and be not easy.In addition, in order to utilize morphing pinpoint accuracy ground to synthesize holder's authentication image, except the facial photo of using other people, also need to use after holder's the distortion facial photo (for example, alike but be not the image of holder's facial photo itself with the holder) etc., the required data volume of synthetic processing of therefore carrying out holder's authentication image has the trend of increase.

Therefore, in the related card authentication system of present embodiment, do not use the method for the component part of extracting face especially out, and be to use following method: by a plurality of facial photo being considered as itself a plurality of image models, the applied statistics mode identification method synthesizes holder's authentication image.In general, if use the method for a plurality of facial photo medellings being synthesized authentication image, the needed data volume of synthetic processing that then causes carrying out authentication image becomes huge.Therefore, in the related card authentication system of present embodiment,, carry out the synthetic processing of authentication image utilizing principal component analysis (PCA:Principal Component Analysis) method to reduce on the basis of data volume.

The related employed principal component analytical method of card authentication system of present embodiment is meant, according to the method for using the basic image that can present the low-dimensional distribution that can show this higher-dimension distribution well with the higher-dimension distribution that is characterized as benchmark of a plurality of images.Specifically, be following a kind of method: according to a large amount of facial photo, a for example M facial photo (variable { Z _mM=1,2 ..., M}), obtain at separate N (the individual basic image { P of N＜M) that the loss of information is suppressed to show well the feature of facial photo for the minimal while _n.

Specifically, M facial photo is treated to vector respectively based on the feature of each image.Then, will be made as average vector,, make up the image space of M dimension according to deducting the vector that average vector obtains from the vector of representing each image according to the average image that M image obtained.The vector of representing basic image constitutes the axle of the principal component in the image space of M dimension.Can carry out linear combination (once combination) with the vectorial corresponding coefficient (scalar) of basic image by the vector sum that will represent basic image and obtain the coordinate that is positioned at this M dimension space approx.

Specifically, the set of the vector of main shaft is made as P, is expressed as P={p ₁, p ₂..., p _N.

The image x that is present in the facial photo in the image space can be expressed as.

x = Σ_{n = 1}^{N} y_{n} p_{n} + ϵ

Formula 1

Thereby, can be with p _nAs basic image.

In addition, Y={y ₁, y ₂, y ₃... y _NIt is the set of the coefficient corresponding with basic image.

Because basic image is the vector as the main shaft of the feature of each image of expression as mentioned above like that, therefore by carrying out linear combination, can synthesize image x (being holder's authentication image in the present embodiment) arbitrarily with pinpoint accuracy with the suitable coefficient pair vector corresponding with basic image.

In addition, when utilizing principal component analytical method to ask basic image, come the design of graphics image space according to from the vector of representing each image, deducting the vector that average vector obtains.That is to say, by from the vector of representing each image, deducting the vector of the average image, come the vector of representing each image feel relieved (centering).Therefore, though need obtain at the average image of all images and store, has following advantage: be used as one of basic image if will become the average image at center, then the coefficient of correspondence can be made as 1 all the time.

In addition, the ε in the formula 1 is based on the error (hereinafter referred to as resultant error) between synthetic image x (authentication image) of basic image and holder's the facial photo.Under the situation of the authentication image of synthesizing the holder according to basic image, the identical possibility of face in authentication image after synthesizing and real holder's the facial photo is lower, can produce certain error (resultant error).Yet under the less situation of resultant error, even authentication image x after will synthesizing and holder's facial photo is compared by visual observation, also can be judged as both is about equally images.Obtaining and can being judged as both like this is that the scope of error of image about equally is as allowed band, by carrying out the synthetic processing of holder's authentication image, can reproduce holder's facial photo with the data volume when utilizing anamorphose processing method etc. in the mode that converges on this allowed band.

In addition, being that P and resultant error ε are small enough under the situation that converges on the value in the allowed band, by authentication image x and basic image p with the set of the basic image of the synthetic authentication image x of pinpoint accuracy _nInner product, can obtain coefficient row y simply _n

y _n=＜x, p _nWherein, and n=1,2,3 ... formula 2

2. the reduction of resultant error

As mentioned above, in order to compare holder's face and the legitimacy that authentication image is judged the holder, resultant error ε is converged in the allowed band by the operator.Because the quantity (number of=basic image) of the coefficient of resultant error ε and use is inversely proportional to,, then might cause resultant error to exceed allowed band and become bigger value if therefore reduce data volume by the quantity that reduces coefficient.

On the other hand, for synthetic authentication image, need a plurality of basic images and the coefficient corresponding as mentioned above like that with each basic image.At this, prepare a plurality of basic image that is used for synthetic authentication image (set (combination) of a plurality of basic images that the following synthetic processing that will carry out authentication image is required is called basic image set) (only preparing one group of base image set) in advance, the basic image set (that is to say and use this group of base image set all the time) that uses when not changing synthetic handle of carrying out authentication image and coefficient and authentication image are correspondingly changed can also synthesize various authentication image thus.Yet, under synthesizing the situation of set that a plurality of basic image that uses when handling is identical image all the time (under the situation of only using one group of base image set),, need to increase the quantity of coefficient in order to improve the synthetic accuracy of authentication image.If the quantity of coefficient (quantity of basic image) becomes many like this, then cause increasing for the required data volume of synthetic authentication image.

Therefore, when using basic image and coefficient to come actual synthetic holder's authentication image, need consider that the data volume of the information (quantity of coefficient, basic image etc.) that resultant error and synthetic authentication image are required is adjusted.In the related card authentication system of present embodiment, increase and the method for reduction resultant error as the data volume that does not make the required information of synthetic authentication image, adopt according to the method that suitably changes the set of basic image as the authentication image of synthetic object.Specifically,

(1) a large amount of basic images is many groups (for example K group) (by the basic image set that is classified to a kind of a plurality of basic image construction of same group, so basic image set is formed a plurality of groups (for example K groups) according to the feature of its basic image set) according to the tagsort of basic image.

(2) organize the group of selecting the group of basic image set with as the approximate the best of the feature of the authentication image of synthetic object from K.

(3) according to belonging to selecteed group a plurality of basic image (basic image set) and inner product, obtain the coefficient corresponding with basic image as the authentication image of synthetic object.

By carry out the classification of basic image like this according to the feature of basic image, the feature that belongs to same group basic image is identical.Therefore, the coefficient that uses when obtaining synthetic processing of carrying out authentication image by the basic image set of the most close group of the feature of use characteristic and authentication image, obtain the situation of coefficient with the basic image set of use characteristic group fully inequality and compare, can reduce resultant error effectively with the coefficient of negligible amounts.In addition, synthesize authentication image, can synthesize the high authentication image of accuracy, therefore can improve the judgement accuracy that holder's legitimacy is judged by using the coefficient obtained like this and the basic image set of respective sets.

In addition, in the related card authentication system of present embodiment, obtain the method for basic image according to sorted image by each group after a plurality of image classifications that use when employing will be obtained basic image, record and narrate this method after a while in detail.

3. the displacement transformation of basic image collection is handled

When also gathering of the basic image set that will be classified as the K group is made as basic image collection, can the basic image collection of following expression.

P = {p_{11}, p_{12}, \cdot \cdot \cdot, p_{{1 N}_{1}}, p_{21}, p_{22}, \cdot \cdot \cdot, p_{{2 N}_{2}}, p_{31}, p_{32}, \cdot \cdot \cdot

\cdot \cdot \cdot, p_{{3 N}_{3}}, \cdot \cdot \cdot, p_{K 1}, p_{K 2}, \cdot \cdot \cdot, p_{{KN}_{K}}}

Formula 3

In formula 3, p ₁₁Represent first the basic image in the basic image set of first group,

p_{1 N_{1}}

Represent the N in the basic image set of first group ₁Individual basic image.Thereby the basic image set of first group is by N ₁Individual basic image construction.

In addition, similarly, p ₂₁First basic image in the basic image set of second group of expression,

p_{{2 N}_{2}}

N in the basic image set of second group of expression ₂Individual basic image.

And, p _K1Represent K first basic image in the basic image set of organizing.In addition,

p_{{KN}_{K}}

Represent K the N in the basic image set of organizing _KIndividual basic image, the basic image set of K group is by N _KIndividual basic image construction.

To can organize by each, be to arrange regularly furtherly by a plurality of groups of basic images that constitute like this by the order of the basic image in each group.In the basic image collection of arranging like that as shown in Equation 3, the basic image that uses when carrying out synthetic handle of authentication image only is to belong to a certain group basic image set.For convenience of explanation, suppose that the basic image set of k group (k group) is used in the synthetic processing of authentication image, then the basic image set P of k group _kCan be expressed as

P_{k} = {p_{k 1}, p_{k 2}, \cdot \cdot \cdot, p_{{kN}_{k}}}

Formula 4.

In addition, if the coefficient row that the basic image set that will use this k to organize used when synthesizing authentication image are made as

Y_{k} = {y_{k 1}, y_{k 2}, \cdot \cdot \cdot, y_{{kN}_{k}}}

Formula 5,

Then can utilize by the basic image of above-mentioned formula 4 expression with by the coefficient row of formula 5 expressions, by as shown in the formula obtaining the authentication image x that will synthesize.

x = Σ_{n = 1}^{N_{k}} y_{kn} p_{kn} + ϵ

Formula 6

Like this, in the related card authentication system of present embodiment, from the represented basic image collection of formula 3, obtain the basic image sets suc as formula 4 expressions of the group of the synthetic processing that is suitable for carrying out authentication image, utilize the basic image set obtained and be listed as the synthetic processing of carrying out authentication image as shown in Equation 6 like that suc as formula the coefficients of 5 expressions.

At this, formula 3 represented basic image collections are used as the requisite information of synthetic processing of carrying out authentication image, but basic image collection is like that to arrange K in order as mentioned above to organize the set that basic image set obtains, and is furtherly to arrange in order and obtain constituting a plurality of basic image of respectively organizing basic image set.Therefore, if basic image set is in statu quo used, the sequential scheduling of basic image that then basic image set is equivalent in the basic image set of which group, each group might easily be known by the third party.Under the situation that may easily be known with the image-related information of base, there is the danger of easily forging basic image etc., thereby might causes fail safe to reduce by the third party.

Therefore, in the related card authentication system of present embodiment, by implementing displacement transformation processing, the processing of changing the order (putting in order) of basic image to constituting suc as formula each basic image of the 3 basic image collections of representing.By the order of the basic image in the basic image collection of such change, be difficult to determine to carry out the group of the required basic image set of the synthetic processing of authentication image, and be not easy to be identified for the coefficient row of synthetic authentication image and the corresponding relation (combination) between the basic image.

At this, displacement transformation is handled and is meant for example with ordered series of numbers I ⁰=[1,2 ..., M] be transformed to

I^{j} = [i_{1}^{j}, i_{2}^{j}, \cdot \cdot \cdot, i_{M}^{j}]

Formula 7

Processing.At this, the number of the basic image that M uses when representing to carry out synthetic processing of authentication image.In addition, j is the constant of setting under the situation that displacement transformation handles carrying out, and in the related card authentication system of present embodiment, j represents the ID (identiflication number information) of terminal that the synthetic authentication image that obtains is shown.

I ^jEach element

i_{m}^{j} (m = 1,2, \cdot \cdot \cdot, M)

Formula 8

Be 1 to the integer of M, I ^jElement do not repeat.In addition, I ^jM element representation displacement transformation basic image collection before handling in the position (in proper order) of basic image.Thereby m basic image handled by displacement transformation and is transformed to I ^j _mThe position.

For example, suppose when synthesizing certain authentication image, to have used from k ₁To k _NN basic image.When the basic image set of employed basic image is stored in the terminal j with the state after carrying out the displacement transformation processing when comprising synthetic processing of carrying out authentication image, by using the displacement transformation I corresponding with this terminal j ^jInformation can obtain simply and synthesize the position of employed basic image in basic image collection when handling.

In addition, because the basic image set that uses when carrying out synthetic handle of authentication image is a plurality of basic image that constitutes the part of basic image collection, therefore need a kind of information of the basic image that will use from basic image collection, determine synthetic processing of carrying out authentication image the time.In the related card authentication system of present embodiment, the index information of order of each basic image that expression is constituted basic image collection is with the information that acts on synthetic authentication image.For example, can be expressed as carrying out the order that the k of displacement transformation before handling organize the basic image of basic image set according to index information.

k_{1}, k_{2}, \cdot \cdot \cdot, k_{N_{k}}

Formula 9

Thereby, under from basic image collection, obtaining the situation of synthesizing the basic image (for example k organizes the basic image of basic image set) that uses when handling,, can obtain suitable basic image with suitable order by the index information shown in the use formula 9.

In addition, under the situation of like that basic image collection having been implemented the displacement transformation processing as mentioned above, handle the fail safe that can improve index information by the displacement transformation of index information also being implemented obtain according to the ID (identiflication number information) that carries out the terminal of authentication processing.In terminal, carry out under the situation of synthetic processing of authentication image, obtain the index information that has carried out after displacement transformation is handled by terminal, can from implemented the basic image collection after displacement transformation is handled, obtain according to the index information that is obtained and synthesize the required a plurality of basic image of processing.

Like this, in the related card authentication system of present embodiment, the basic image collection that will carry out after displacement transformation is handled is made as Key1, and the index information that will carry out after displacement transformation is handled is made as Key2, and the information of the coefficient row that use in the time of will carrying out synthetic processing of authentication image is made as Key3.

Key 1 : p_{11}, p_{12}, \cdot \cdot \cdot, p_{{1 N}_{1}}, p_{21}, p_{22}, \cdot \cdot \cdot

\cdot \cdot \cdot, p_{{2 N}_{2}}, \cdot \cdot \cdot, p_{k 1}, p_{k 2}, \cdot \cdot \cdot, p_{{KN}_{K}}

Key 2 : k_{1}, k_{2}, \cdot \cdot \cdot, k_{N_{k}}

Key 3 : y_{k 1}, y_{k 2}, \cdot \cdot \cdot, y_{{kN}_{k}}

In the related card authentication system of present embodiment,, carry out the synthetic processing of holder's authentication image by the Key2 that uses the Key1 that forms by basic image collection, form by index information and by these three kinds of information of Key3 that coefficient information forms.

[overall structure of card authentication system]

Fig. 1 is the figure of the summary structure of the related card authentication system of expression present embodiment.The related card authentication system 1 of present embodiment roughly comprises server (card certificate server) 2, terminal (card authentication terminal) 3 and credit card (authentication card) 4, and server 2 is connected via network 5 with terminal 3.Server 2 and terminal 3 send and receive the required data (for example above-mentioned Key1～Key3 etc.) of the synthetic processing of carrying out authentication image via network 5, be used to judge the information (card information) etc. of the legitimacy of credit card 4.This network 5 both can be a special circuit, also can be disclosed communication lines such as internet.

Use encryption technology more when between server 2 and terminal 3, transmitting and receive data to prevent that its data content from leaking simply to third-party situation.As encryption technology, can use various methods, in the related card authentication system 1 of present embodiment, in order to carry out the encryption of data, and for the legitimacy of carrying out server 2 and terminal 3 is judged, and adopt public key cryptography mode (Gong Open Key secret signal mode).

The public key cryptography mode is following structure: the key that uses when data are encrypted key of use when data deciphers separates, utilize the key identical to be decrypted, also be not easy to calculate another key according to one of them key with encrypting employed key.The owner of key is as long as manage the key of use when deciphering in order to avoid other people know (key that is decrypted=private key (Mi Mi Key)), the key that uses during encryption (carrying out encrypted secret key=PKI (Gong Open Key)) be can be disclosed widely.In addition, PKI not necessarily will disclose, and also can use covert method according to using method.Data are being encrypted under the situation that sends and receive, the sender obtains to be gone forward side by side by the disclosed PKI of recipient and sends data after the encryption of line data.Because data encrypted can only be decrypted with the private key that the recipient held, even therefore data encrypted is stolen by the third party halfway, the content that also can not be decrypted out, thus can prevent information leakage.

In addition, when between related terminal 3 of present embodiment and server 2, transmitting and receive data, use above-mentioned public key cryptography mode, but method of encrypting is not limited to the public key cryptography mode, also can adopts other cipher mode.For example, also can be that key that uses when encrypting and the key that uses when being decrypted are the universal key pin mode (Gong Tong Key secret signal mode of same key), under the situation that adopts the universal key pin mode, also can suppress the leakage of data by the strict control key information.

And the key that uses when encrypting also can utilize one time key (one time key).One time key is meant can only expendable key.Under the situation of using one time key, to generate similarly be to enumerate the password (one time key) that numeral obtains randomly by holder's password and time information (minute information) are made up, after the password that utilization generates by this process is encrypted data, between terminal 3 and server 2, transmit and receive data.In server 2, the password that the user that can utilize identical algorithm to confirm whether password serves as reasons real generates.One time key has every the short time, for example every one minute changed features, if one time key (password) is stolen, the valid period maximum also is illustrative one minute.And,, do not reuse (that is to say, used promptly and cancel) because one time key only uses once, therefore can guarantee high security.

Therefore in addition, thereby the information that above-mentioned cipher mode prevents to be recorded in the credit card 4 is stolen the situation that content is leaked simply by the third party, also can utilize above-mentioned cipher mode when the information in the credit card 4 of will recording is encrypted.For example, before distribution credit card 4, after carrying out information encryption, the information after encrypting is recorded in the credit card 4.By making the information after credit card 4 records are encrypted like this,, also be difficult to know simply its content even the third party steals the information that is recorded in the credit card 4.

Under situation about need confirm to the content that is recorded in the information in the credit card 4, carry out the mutual authentication between credit card 4 and the terminal 3 as described later, and by the mutual certification and accreditation between terminal 3 and the server 2 after the legitimacy of credit card 4 and terminal 3, server 2 utilizes the PKI of terminal 3 that decruption key is encrypted, and the decruption key after will encrypting sends to terminal 3, and this decruption key is used for the information that is recorded in credit card 4 is decrypted.

The decruption key that terminal 3 receives from server 2 uses the private key corresponding with employed PKI in the server 2 that the decruption key that gets access to is decrypted, and the decruption key that utilizes this deciphering to obtain can be decrypted the information of reading from credit card 4.

Can use magnetic card and these two kinds of cards of IC-card as credit card 4.Magnetic card is compared with IC-card, and difference is that the data record capacity in the card is less, and the operation processing function of credit card is not set.In the present embodiment, mainly the situation of using IC-card is described, complementally the situation of using magnetic card is described simultaneously, but no matter use which kind of card, can both play the characteristic structure of the present invention and the effect of carrying out holder's authentication according to the synthetic authentication image that obtains.

In addition, as shown in Figure 2, credit card 4 is provided with recording portion 9, and this recording portion 9 can write down the required information (for example Key2, Key3 etc.) of synthetic authentication image 6.Recording portion 9 is made of common memory, can write down a certain amount of data.In addition, the detailed after a while information that is recorded in the recording portion 9.

[structure of terminal]

As shown in Figure 3, terminal 3 has card-reading part (coefficient information acquiring unit, index information acquiring unit) 11, image recording portion (image recording unit) 12, Department of Communication Force (coefficient information acquiring unit, index information acquiring unit) 13, control and treatment portion (graphics processing unit, basic image determining unit) 14 and image displaying part 15.

Card-reading part 11 has the function of the data (information such as Key2, Key3) of reading and recording in the recording portion 9 of credit card 4.In addition, IC-card is being used as under the situation of credit card 4, card-reading part 11 is the data of reading and recording in IC-card not only, can also be to the information of IC-card input needs.IC-card can carry out the authentication processing of information according to the information of being imported, and by reading authentication result by card-reading part 11 from IC-card, can carry out the authentication between credit card 4 and the terminal 3.

Solid state hard disc) etc. (Solid State Drive: common storage device constitutes image recording portion 12 by hard disk, SSD.In image recording portion 12, can write down basic image collection (a plurality of basic image set) that obtains from server 2 etc.Department of Communication Force 13 by common network interface unit (formation such as LAN (Local Area Network: local area network (LAN)) card), be used for and server 2 between carry out the transmission of data and reception etc.

CPU), (Read-Only Memory: such as the ROM of the record program relevant with holder's authentication processing etc. read-only memory), as the RAM of service area (Random Access Memory: formation such as random access memory) control and treatment portion 14 has the function of carrying out the various processing in the terminal 3, by the CPU that carries out calculation process (Central Processing Unit:.This RAM can temporarily write down data that card-reading part 11 reads from credit card 4 etc.

Control and treatment portion 14 has the effect according to the synthetic authentication image 6 such as information of Key1～Key3.In addition, with IC-card as under the situation of credit card 4, control and treatment portion 14 has by operation card-reading part 11 and carries out the effect of the authentication processing between credit card 4 and the terminal 3.And, magnetic card is being used as under the situation of credit card 4, control and treatment portion 14 has following effect: send card informations by Department of Communication Force 13 to server 2, and obtain the authentication information that returns from server 2 by Department of Communication Force 13, carry out the authentication processing of magnetic card thus.

In addition, control and treatment portion 14 has following function: the authentication information that sends terminal 3 that can identification terminal 3 by Department of Communication Force 13 to server 2, and receive at the authentication information of the terminal 3 that is sent by Department of Communication Force 13 and, to carry out the authentication processing between terminal 3 and the server 2 thus from the foldback authentication result that server 2 returns.In addition, control and treatment portion 14 also has following effect: and server 2 between send and receive information processing the time, utilize that above-mentioned public key cryptography mode is encrypted, decryption processing.

Image displaying part 15 is made of LCD, CRT monitor etc., has the effect of operator's visual identity by the control and treatment portion 14 synthetic authentication image 6 that obtain that make.Image displaying part 15 shown authentication image 6 are authentication image 6 that the information reverting according to Key1～Key3 goes out, the roughly the same photo (resultant error converges on the situation in the allowed band) of the holder's of application facial photo in the time of can being judged as this authentication image 6 and being with the card registration, so the actual user's that the operator can be by facial photo that image displaying part 15 is shown and credit card 4 face compares the authentication of carrying out the holder.

In addition, expectation shows image displaying part 15 shown authentication image 6 in the mode of having only the operator to see.Therefore, also can utilize following Display Technique etc., this Display Technique angle of image displaying part 15 according to the observation changes and can see that authentication image 6 maybe can not see authentication image 6.And authentication image 6 is not limited to plane picture, therefore also authentication image 6 can be made as stereo-picture, and image displaying part 15 is made as the display of stereovision stereo-picture with the naked eye, can improve holder's authentication accuracy thus.

[structure of server]

As shown in Figure 4, server 2 has Department of Communication Force (basic image transmission unit) 20, control part (basic image generation unit, basic image update unit, authentication image synthesis unit, resultant error judging unit, displacement transformation unit, taxon, basic image transmission unit) 21, end message recording portion 22, basic image recording portion (basic image recording unit) 23, holder's information recording part 24 and normal image recording portion 25.

Department of Communication Force 20 have with the terminal 3 that is connected via network 5 between the function that transmits and receive data.In addition, in Fig. 1, for convenience's sake, will only show 2 via the terminal 3 that network 5 is connected with server 2, but the quantity of the terminal 3 that is connected with server 2 is not limited to 2, in general can connect many station terminals 3.In addition, the related server 2 of present embodiment is connected on the internet, can collect as described later to be used for from extracting the image of basic image out at disclosed image on the internet.

With the image recording portion 12 of terminal 3 similarly, end message recording portion 22, basic image recording portion 23, holder's information recording part 24 and normal image recording portion 25 are made of common storage device such as hard disk, SSD (Solid State Drive).

The information that the terminal that records in end message recording portion 22 and connect via network 53 is relevant.By utilizing the information of each terminal 3 that this end message recording portion 22 write down, server 2 can carry out the authentication of terminal 3.The information of each terminal 3 (hereinafter referred to as end message) for example be meant the kind of ID (identiflication number information), the terminal of terminal, the information relevant with the user of terminal or manager, with the relevant information in place etc. that is provided with of terminal.

In addition, record the PKI of each terminal 3 in end message recording portion 22, this PKI is to use when under the situation about sending and receiving information between server 2 and terminal 3 information that will send being encrypted or the information after encrypting being decrypted.Sending under the situation of information to terminal 3 to information encryption and from server 2, to come information is encrypted by the PKI that utilizes relevant terminal 3, the legal terminal 3 that only has corresponding private key thus could be decrypted information.

In addition, under the situation of the PKI that can easily obtain relevant terminal 3 by network 5, also the PKI placeholder record of obtaining via network 5 can be carried out encryption in end message recording portion 22, rather than in end message recording portion 22, write down the PKI of each terminal 3 all the time in advance.

In basic image recording portion 23, record basic image collection by a large amount of basic image constructions.As Key1 was represented, basic image collection was recorded with the state (state that basic image is configured by the order that is determined) that the basic image set by a plurality of basic image constructions has been undertaken arranging by each group.In addition, sometimes by control part 21 during fixing to be recorded in basic image collection in the basic image recording portion 23 carry out basic image deletion, append, renewal etc., along with the renewal of this base image etc., also can improve the synthetic accuracy of authentication image 6 etc.Under the situation of renewal of having carried out basic image collection like this etc., control part 21 carries out displacement transformation and handles being recorded in basic image collection in the basic image recording portion 23 according to the id information of terminal 3 etc., and the basic image collection that has carried out after displacement transformation is handled is sent to relevant terminal 3.

In holder's information recording part 24, record holder's ID (identiflication number information), the kind of credit card 4, holder's the personal information various information relevant such as (residence, names etc.) with the holder.Therefore, in the control part 21 of server 2, can be according to the information (card information) and the information relevant that is recorded in holder's information recording part 24 that are used for determining card that receive from terminal 3 with the holder, determine the kind, holder of credit card 4 etc.

In addition, under the information in the recording portion 9 that is recorded in credit card 4 having been carried out the situation of encrypting, the decruption key of information that is used for the credit card 4 of decrypt encrypted is recorded in holder's information recording part 24.For example, under the situation that records the information of Key2, Key3 and in order to improve fail safe the information of Key2, Key3 has been carried out encrypting in credit card 4, and the mutual authentication between the credit card 4 approved terminal 3 can be used for decruption key that the information that is recorded in credit card 4 is decrypted to server 2 requests.In terminal 3,, can the information of Key2, Key3 be decrypted by using from the decruption key of the credit card 4 of server 2 transmissions.

And, in holder's information recording part 24, can write down the information of Key2, Key3 etc. as required.Key2 and Key3 are the different and different information according to the holder, are the information that is associated with relevant holder's information.Therefore, in server 2, can be according to the request that comes self terminal 3, the holder's that the PKI that uses terminal 3 obtains the request according to card information Key2, the information of Key3 are encrypted, and the information of the Key2 after will encrypting, Key3 sends to terminal 3.

In addition, Key2 is an index information, and is the information of the basic image that uses when being used to determine to carry out synthetic processing of authentication image 6.In the related card authentication system 1 of present embodiment, adopt following structure: control part 21 transmits basic image collection from server 2 to terminal 3 during fixing.In terminal 3, under the situation of synthetic authentication image 6, need from the basic image collection that transmits by server 2, determine the basic image that is used for synthetic authentication image 6.The information of using when determining this base image is index information (Key2).

The great amount of images that will use when placeholder record is carried out the generation of basic image and renewal etc. by control part 21 in normal image recording portion 25.

Control part 21 has the function of carrying out various processing.For example carry out and above-mentioned terminal 3 between authentication processing, with the authentication processing of the magnetic card of magnetic card when the credit card 4, with terminal 3 between utilize when transmitting and receive data encryption, back processing to terminal 3 transmission etc. such as compress to being recorded in basic image collection in the basic image recording portion 23.And control part 21 carries out following processing etc.: collect the image of facial photo etc. via network, generate basic image after the image of collecting having been carried out classification.

Fig. 5 is expression is generated basic treatment of picture by control part 21 a flow chart.At first, control part 21 is collected a large amount of facial photo (image) (step S.1) that are used to generate basic image.

For example can realize the collection and treatment of the image in the control part 21 by the facial photo image that is collected in disclosed people on the internet.Usually having eye, nose, mouth, ear as the image of the facial photo of intelligence-collecting object is positioned at same position and possesses this feature of similar contouring head, therefore coming the distinctive allocation position with these images by the image analysis according to collected image is that benchmark is judged, can automatically only collect facial photo thus.Collected under the situation of image by server 2 like this, control part 21 is collected the image of facial photo by Department of Communication Force 20 search internets and is recorded in the normal image recording portion 25.

In addition, under situation, when handling member's procedure for admission, require the user to submit the facial photo data to sometimes by credit card company's management server 2.Therefore,, allow to utilize facial photo to generate the facial photo data of basic image by utilizing the user in the facial photo data stored in credit card company, can be easily and promptly collect a lot of images.Using facial photo with under the data conditions, control part 21 will as the facial photo of using object with data record in normal image recording portion 25.

Then, 21 pairs of images that are recorded in the normal image recording portion 25 of control part processing (step S.2) of classifying.Generating under the situation of basic image according to the great amount of images of collecting, to become and the similar image of holder's facial photo in order making, and resultant error to be converged in the allowed band according to the synthetic authentication image 6 of basic image.And, be desirably in when converging on resultant error in the allowed band, reduce the data volume of the required information (Key2, Key3) of the synthetic processing carry out authentication image 6.Therefore, adopt following method in the related card authentication system 1 of present embodiment: the image that will use in the time of will generating basic image collection is a plurality of patterns according to the tagsort of facial photo, by the feature corresponding basic image set of each the group generation that sorts out with its image.

Specifically, be under women's the situation of facial photo in the authentication image 6 that will synthesize, the basic image set that uses when being desirably in synthetic this authentication image 6 also is the basic image set that possesses femaleness.In addition, be under white man's the situation of facial photo in the authentication image 6 that will synthesize, the basic image set that uses when being desirably in synthetic this authentication image 6 also is the basic image set that possesses white man's feature.And, be under child's the situation of facial photo in the authentication image 6 that will synthesize, the basic image set that uses when being desirably in synthetic this authentication image 6 also is the basic image set that possesses child's feature.Like this, the basic image set that is used to the to generate authentication image 6 basic image that preferably uses the feature that possesses authentication image 6 carries out the data volume of the required information (mainly being coefficient information) of the synthetic processing of authentication image with minimizing.Therefore, control part 21 generates basic image set by sorted image after according to the feature of image the image that is used to generate basic image being classified.

As the method for automated graphics classification, can use various clusters (Clustering) method that in the field of pattern analysis, proposes.For example, Chang Yong clustering method has the k-means method.This k-means method is the typical example of the clustering method of non-stratification, bunch (cluster) to predetermined quantity (for example k) gives the cluster centre as its representative (prototype) respectively, carries out cluster by each individuality is respectively allocated to the most close cluster centre.After individuality having been carried out distribution, then calculate new cluster centre according to the individuality after distributing, by repeating such processing till the distribution convergence of calculating that makes cluster centre and individuality, estimate suitable cluster centre and carry out suitable data to cut apart with this.As a rule, under the situation of multivariable numeric data, as bunch cluster centre, use mean value (mean), therefore a so-called k mean just is called as the k-means method.

Yet the sorting technique of image (method of cluster) is not only limited to such method.Also can utilize the sorting technique that draws based on experience to classify according to the characteristic of image.For example, obtain by a plurality of facial photo are synthesized as basic image by the related card authentication system 1 synthetic authentication image 6 of present embodiment.Therefore, by will being ten multilayers according to the appearance character classification by age in order to generate the image (facial photo) that basic image set collects, color classification according to skin is 3～5 kinds, also be categorized as tens kinds according to shape of face, classify according to sex more simultaneously, facial photo can be divided into hundreds of～several thousand classes (group).By carrying out the classification of image like this, can with the image classification that possesses same characteristic features identical group.

In control part 21, divide by the situation of the sex that picks out according to the profile of the color of the skin of facial photo, face, from facial photo as described above etc., divide into groups by image with similar characteristics.

Then, control part 21 utilizes a plurality of images after the grouping, and each group is generated basic image (step S.3).In the related card authentication system 1 of present embodiment, utilize principal component analytical method as already described like that, obtain a plurality of basic images (basic image set) by group.The basic image set of each group of obtaining like this is identical image in the identical group of the feature of basic image.Therefore, synthesize authentication image 6, can use the index information of the coefficient information of fewer number and fewer amount to synthesize the authentication image 6 of pinpoint accuracy by the basic image set that utilizes the feature group identical with the feature of holder's facial photo.

In addition, coming already present basic image carried out more under the news,, can't be new basic image then with corresponding basic image changing if the coefficient information of basic image before changing is recorded in the credit card 4 by generating new basic image.Therefore, in the time will changing basic image set, only will not be used for the synthetic basic image of handling and change processing as the change object.

Then, control part 21 carries out following processing: according to the basic image set of all groups that mark off, employed all images (facial photo) synthesizes (step S.4) by each group in the time of will carrying out the grouping of basic image.Then, control part 21 according to all images obtain step S.4 in the synthetic composograph that obtains resultant error between the employed image when dividing into groups.Then, control part 21 judges that at all images whether the group of the basic image set of resultant error minimum is to handle the group (step S.5) that is classified by the image classification of step in S.2.

In the group that the image that the group of the basic image set of resultant error minimum is used during with the grouping of carrying out basic image is assigned to is under the situation (step S.5 in the situation of "No") of different group, and the group that the group that control part 21 is assigned to this image changes to the resultant error minimum is carried out the classification of image again and handled (step S.6).

Then, the image that control part 21 utilizes after reclassifying generates basic image (step S.3) by each group once more, and employed all images synthesizes (step S.4) according to the basic image set of all groups that mark off in the time of will carrying out the grouping of basic image.Then, control part 21 judges that repeatedly whether the group of the basic image set of resultant error minimum is the group (step S.5) that sorts images in S.6 in step.

In the group of the basic image set of the resultant error minimum group that employed image is assigned to during with the grouping of carrying out basic image all is under the situation (step S.5 in the situation of "Yes") of identical group in all images, the basic image set of each group that control part 21 will be obtained records (step S.7) in the basic image recording portion 23 as basic image collection, and finishes to generate basic treatment of picture.

Like this, basic image set according to each group, carry out the synthetic processing of authentication image 6 by each group, and obtain basic image set repeatedly again till the group of the basic image of resultant error minimum and image is classified in order to generate basic image group are all consistent in all images, can make the feature of each basic image set more remarkable thus, and can make the resultant error minimum of utilizing the synthetic authentication image 6 of corresponding basic image set.

In addition, in the related card authentication system 1 of present embodiment, employing is handled the structure of (step of Fig. 5 S.2 shown in processing) by the classification that the control part 21 of server 2 automatically carries out a plurality of images, and (automatic classification method: Automatic Classification), but the sorting technique of image is not limited to the automatic classification method that is undertaken by control part 21.For example, when the classification of carrying out image by the judgment processing (automatic classification method) of the complete mechanical of being undertaken by control part 21 is handled, might be the classification that the people is difficult to judge based on the classification of the feature of image.

That is, are similar (feature is identical) even the judgement by the people is judged as two images, but in control part 21, might are different groups these two image classifications.Thereby, also can utilize manual classification method (Manual Classification), semi-automatic sorting technique (Semi-Automatic Classification) to become situation according to people's judgment standard, this manual classification method is the method that the human eyes carry out the classification of image when confirming, this semi-automatic sorting technique is that the people divides into groups to a part of image manually, and by control part 21 according to the image after the manual classification, the processing of automatically classifying.

In addition, in the manual classification method, owing to be that the human eyes are classified when confirming image, therefore under the many situations of the quantity of the image of collecting, exist and handle burden and become big trend.Especially under the situation of upgrading basic image collection termly, think in fact to be difficult to only use the manual classification method to carry out the classification of image.

On the other hand, semi-automatic sorting technique is to extract several images as sample from a large amount of images out, according to the image of extracting out, carries out the classification of image by the manual classification method and handles.Afterwards, the sorting result by the sample image that will carry out based on the manual classification method utilizes automatic classification method to carry out the classification of remaining all images as known information.

That is to say, under the situation of (machinery classification) of classifying automatically by control part 21, can use the semi-supervised learning (Semi-Supe rvised Learning) that has utilized known classified information.Method about this semi-automatic classification has also been developed various algorithms.In the related card authentication system 1 of present embodiment, can utilize TSVM (Transductive Support Vector Machine: the algorithm direct-push SVMs) (with reference to " T.Joachims; ' Transductive Inference for Text Classification using Support Vector Machines '; 16th ICML, p.200-209 (1999) ").In addition, NNC-Tree (Nearest Neighbor Classification Tree: the algorithm nearest neighbour classification tree) (with reference to “ Zhao Strong good fortune, ' Duo Bian Shuo Decision decides Mu Agencies Building システ system, Duo Bian Shuo Decision decides Mu Agencies Building method and the fixed wooden を Agencies Building The Ru めプログラ system of び Duo Bian Shuo Decision ', TOHKEMY 2007-213441 communique (Japanese Patent Application 2006-34343) ") be to be the algorithm that prerequisite proposes with the supervised learning, handle but also can be applied to semi-automatic classification.

In addition, the control part 21 of server 2 has the function that is recorded in the basic image collection in the basic image recording portion 23 to terminal 3 transmissions.When sending this base image collection, server 2 is carrying out displacement transformation processing (shuffle) afterwards to the basic image that constitutes basic image collection, sends basic image collection to each terminal 3.It is the processing of carrying out different conversion according to the difference of terminal 3 that this displacement transformation is handled.Thereby in the basic image collection that has carried out after displacement transformation is handled, which position (which position) that the basic image that uses when carrying out synthetic processing of authentication image 6 is present in basic image collection is according to the difference of terminal 3 and different.The basic image that terminal 3 is used when processing is synthesized in judgement according to index information (Key2) is present in which position of basic image collection.

Under index information (Key2) is recorded in situation in holder's information recording part 24 of server 2,, need carry out the authentication processing between server 2 and the terminal 3 for the control and treatment portion 14 by terminal 3 obtains index information (Key2) from server 2.By strictly carrying out the authentication processing between server 2 and the terminal 3, can be only send index informations (Key2) from server 2 to terminal 3 being judged as under the situation of having carried out visit from real terminal 3.Therefore, the basic image leakage of using during synthetic processing that can prevent to carry out authentication image 6 is given illegal terminal, and can prevent that holder's authentication image 6 from easily being restored.

In addition, such as already described, handling relevant information with displacement transformation is that identiflication number with terminal 3 is recorded in the end message recording portion 22 of server 2 accordingly.Sending and be kept at basic image collection the image recording portion 12 of terminal 3 from server 2 to terminal 3 is the basic image collection that has carried out in server 2 after displacement transformation is handled, and the order of synthesize the basic image of use when handling is changed.Under this situation, can be by utilizing displacement transformation I based on terminal 3 decisions ^j, obtain the required basic image of synthetic processing that carries out authentication image 6 in the basic image collection from be kept at terminal 3 simply.

In addition, the control part 21 of server 2 has the function that is recorded in the basic image collection in the basic image recording portion 23 to terminal 3 transmissions as described above.Yet common view data is compared with other data, and data capacity is bigger, if therefore basic image collection former state is sent, the transmission burden in the communication line is increased.And,, also we can say and preferably implement to send and receive after the encryption about image itself.

Therefore, in the related card authentication system 1 of present embodiment,, adopt the method for before encrypting, basic image collection being compressed as the method that assesses the cost of the encrypt/decrypt of cutting down basic image collection.As the method for the burden that alleviates this encryption and decryption, can use the Image Compression that is called k-PCA.

About the k-PCA method, at " C.F.Lv and Q.F.Zhao; " k-PCA:a semi-universal encoder for image compression, " Internation al Journal of Pervasive Computing and Communications; 2007; Vol.3; No.2; p.205-220 ", " C.F.Lv and Q.F.Zhao, " Integration of Data Compression and Cryptography:Another Way to Increase the Information Security " Proc.Of IEEE 21 ^StInternational Conference on Advanced Information Networking and Applications (AINA07), Niagara Falls, Canada is documented in p.543-547 ", therefore in this description will be omitted in May, 2007.

By utilizing k-PCA like this, can generate the data of the basic image collection after the compression and compress employed image compression key.If can be only with by sending to terminal 3 from server 2 after the image compression secret key encryption in the data of such generation, then do not need especially the basic image collection after the compression is encrypted etc., the basic image collection after can will compressing via disclosed networks 5 such as internets sends to terminal 3.In addition, since the data volume of image compression key, therefore to carry out the required processing burden of the encryption and decryption of basic image collection much smaller than the data volume of basic image collection very little.

Then, the method for carrying out holder's authentication at the authentication image 6 of utilizing above-mentioned card authentication system 1 synthetic holder describes.

As mentioned above, in the related card authentication system 1 of present embodiment, need following information:

The basic image collection (Key1) that uses when (1) carrying out synthetic handle of authentication image 6

(2) be used to determine to carry out the index information (Key2) of the required basic image of the synthetic processing of authentication image 6

The coefficient information of using when (3) carrying out synthetic handle of authentication image 6 (Key3).

In addition, the synthetic processing of authentication image 6 is carried out in terminal 3, and terminal 3 is carried out the synthetic processing of authentication image 6 according to the information of above-mentioned Key1～Key3 after the mutual authentication processing of having carried out between server 2 and the credit card 4.Thereby Key1～Key3 is recorded in in server 2, terminal 3, the credit card 4 any, obtains Key1～Key3 by terminal 3 via network 5 grades as required.

At this, basic image collection Key1 is made of a large amount of image informations.Therefore, if all will obtain the information of basic image collection from server 2 when judging whether the card user is the holder, then exist the synthetic processing of carrying out authentication image 6 to need time-consuming problem via network 5 each.And, if server 2 all sends basic image collection to all terminals 3 of the request of sending by each request when carrying out synthetic handle of authentication image 6 at every turn, then cause the processing burden of server 2 to increase, and might cause the data in the network 5 to send generation delay etc.

Therefore, in the related card authentication system 1 of present embodiment, if the basic image collection that has carried out after displacement transformation is handled is sent to terminal 3 from server 2 in advance, in the time will carrying out the synthetic processing of authentication image 6, the basic image collection of service recorder in the image recording portion 12 of terminal 3.The basic image collection of image recording portion 12 records by making terminal 3 so in advance when the synthetic processing of carrying out authentication image 6, can obtain corresponding basic image set reliably.

On the other hand, index information Key2 and coefficient information Key3 can be described as synthetic authentication image 6 requisite information, and be associated with holder as the synthetic object of authentication image 6, according to holder's different and different information.Therefore, should not make all terminals 3 all write down the information that is associated with this holder in advance.In the related card authentication system 1 of present embodiment, adopt following method: make the recording portion 9 prior record Key2 of credit card 4 or the information of Key3, under the approved situation of mutual authentication between terminal 3 and the credit card 4, read the information of Key2 or Key3 from credit card 4.Perhaps, adopt following method: make holder's information recording part 24 prior record Key2 of server 2 or the information of Key3, under the approved situation of mutual authentication between terminal 3 and the server 2, terminal 3 is according to the information (card authentication information) relevant with the authentication of credit card 4, obtains the Key2 that is associated with the holder or the information of Key3 from server 2.

Thereby, in the related card authentication system 1 of present embodiment, supposed following four methods:

(1) in terminal 3, record in advance basic image collection (Key1), in server 2, record index information (Key2), in credit card 4, record under the situation of coefficient information (Key3), by terminal 3 synthetic authentication image 6;

(2) in terminal 3, record in advance basic image collection (Key1), in server 2, record coefficient information (Key3), in credit card 4, record under the situation of index information (Key2), by terminal 3 synthetic authentication image 6;

(3) in terminal 3, record in advance basic image collection (Key1), in credit card 4, record index information (Key2) and coefficient information (Key3) and among Key1～Key3 any all is not recorded under the situation in the server 2, by terminal 3 synthetic authentication image 6; And

(4) in terminal 3, record in advance basic image collection (Key1), in server 2, record index information (Key2) and coefficient information (Key3) and among Key1～Key3 any all is not recorded under the situation in the credit card 4, by terminal 3 synthetic authentication image 6.

Below, at each situation of (1)～(4), the card authentication method by the control and treatment portion 14 synthetic authentication image 6 of terminal 3 is described.

In addition, be recorded in the information (information of card information, Key2 and Key3) in the credit card 4 if known content by the third party then the possibility of forging card uprises, therefore establishing the information that is recorded in the credit card 4 has been carried out encryption in advance.In addition, establish and be used for the decruption key that the information that is recorded in credit card 4 is decrypted is recorded in the server 2.For the information to credit card 4 in terminal 3 is decrypted, need be after the authentication between credit card 4 and the terminal 3 be approved, terminal 3 is obtained information from credit card 4, and after the authentication success of terminal 3 and server 2, terminal 3 is obtained the decruption key of credit card 4 from server 2.Like this,, can suppress the situation that card information is easily deciphered, thereby improve the fail safe of the information relevant with credit card 4 by making server 2 decruption keys of record credits card 4 in advance.

In addition, as credit card 4, be extensive use of these two kinds of cards of IC-card and magnetic card.Such as already described, owing to compare with IC-card, the recording capacity of magnetic card is less, therefore is difficult to sometimes be implemented on capacity and writes down Key2, Key3 in the magnetic card.Therefore, with magnetic card as under the situation of credit card 4, use above-mentioned (4) method, be that among Key1～Key3 any is not recorded in the method in the credit card 4.

[card authentication method (1)]

At first, in terminal 3, record basic image collection (Key1) in advance, in server 2, record index information (Key2), the card authentication method (1) that records in credit card 4 under the situation of coefficient information (Key3) by terminal 3 synthetic authentication image 6 describes.

In addition, establishing basic image collection (Key1) is to have carried out being sent to terminal 3 after the displacement transformation processing in server 2.And,,, the coefficient information (Key3) after encrypting is recorded in the credit card 4 utilizing encryption key that the coefficient information (Key3) in the recording portion 9 that will record credit card 4 has been carried out on the basis of encryption by server 2 management in order to improve fail safe.

Fig. 6 is the flow chart of card authentication method (1) in the control and treatment portion 14 of expression terminal 3.In control and treatment portion 14, according to the processing shown in the program execution 6 that is recorded among the ROM.

Control and treatment portion 14 at first carry out and credit card 4 between authentication processing (step S.21).Control and treatment portion 14 is by sending the required information that authenticates to credit card 4, utilize the next mutual authentication between credit card 4 sides judgement terminal 3 and credit card 4 of operation processing function of IC-card, according to the authentication result of returning from credit card 4, in terminal 3, carry out the judgement of authentication result.

In the control and treatment portion 14 of the terminal 3 of the authentication result that gets access to credit card 4,, judge credit card 4 whether legal (step S.22) according to the authentication result that gets access to.Under being judged as the illegal situation of authentication result (step S.22 in the situation of "No"), it is illegal that control and treatment portion 14 is judged as credit card 4, thereby demonstration credits card such as image displaying part 15 4 for illegal information giving a warning (step S.23) to the operator, and finish the authentication processing of credit card 4.Like this, the judgement of the legitimacy by carrying out credit card 4 can prevent the illegal use of credit card 4.

On the other hand, under can being judged as the legal situation of authentication result (step S.22 in the situation of "Yes"), control and treatment portion 14 is by card-reading part 11 visit credits card 4, obtains coefficient information (Key3) in the recording portion 9 that is recorded in credit card 4 and the information (card information) (step S.24) relevant with card.In credit card 4, only, allow to read coefficient information (Key3) and card information authenticating out by the authentication processing of step shown in S.21 under the situation that terminal 3 is legal meanings.On the other hand, in the authentication processing of step shown in S.21, be judged as under the situation that terminal 3 is illegal terminals, in credit card 4, by the request that coefficient information (Key3) and card information are read by refusal control and treatment portion 14, prevent to carry out required data of the synthetic processing of authentication image 6 etc. by unauthorized access.

In addition, in the related credit card 4 of card authentication method (1), record coefficient information (Key3).Therefore, under the approved situation of authentication between terminal 3 and the credit card 4, control and treatment portion 14 can obtain one of the required information of the synthetic processing of carrying out authentication image 6 (coefficient information (Key3)).

Then, control and treatment portion 14 comes end message and card information are encrypted the back to server 2 transmissions (step S.25) at the PKI that utilizes server 2.In server 2, the private key that utilizes oneself is to being decrypted with the information behind the public key encryption of server 2 (end message and card information).

Be sent to server 2 with the information behind the public key encryption of server 2 from terminal 3,, then can't the information after encrypting be decrypted therefore if do not have the server 2 of the private key corresponding with PKI.Yet,, can utilize the private key of oneself that the information of sending from terminal 3 is decrypted if possess the legal server 2 of the private key corresponding with PKI.Therefore like this,, then can not the information of sending from terminal 3 be decrypted, can prevent that end message and card information from revealing to the third party if not legal server 2.

In server 2, carry out the authentication processing of terminal 3 according to the end message after the deciphering, and carry out the authentication processing of credit card 4 according to card information.Being judged as terminal 3 and credit card 4 in the authentication processing of authentication processing by terminal 3 and credit card 4 all is that server 2 is extracted corresponding holders' information out under the legal situation from holder's information recording part 24 according to card information.Then, server 2 is obtained synthetic holder's the required index information (Key2) of authentication image 6 according to holder's information of extracting out, and, obtain and be used for key information that the coefficient information (Key3) that is recorded in credit card 4 is decrypted according to holder's information.

And, in server 2,, index information is carried out displacement transformation handles according to the id information of the terminal of in authentication processing, determining 3.Therefore, be sent to terminal 3 after handling,, also can determine the required basic image of synthetic processing that carries out authentication image 6 by with reference to the index information that has carried out after the displacement transformation processing even carried out displacement transformation at configuration sequence to basic image collection.

Afterwards, in server 2, the key information that has carried out the index information (Key2) after displacement transformation is handled and be used to decipher coefficient information (Key3) is being encrypted the information of back after terminal 3 sends these encryptions with the PKI of terminal 3.

In terminal 3, receive by the information (step is S.26) after the encryption of server 2 transmissions, the information that receives is decrypted the key information (step is S.27) that obtains index information and coefficient information by private key with terminal 3.Then, in terminal 3,, the coefficient information (Key3) of reading from credit card 4 is decrypted processing (step S.28) according to the key information of the coefficient information that gets access to.In addition, in terminal 3,, determine to carry out the required basic image (step S.29) of synthetic processing of authentication image 6 according to the index information that has carried out after displacement transformation is handled.

Like this, terminal 3 is by carrying out the decryption processing of coefficient information, the required coefficient information of synthetic processing of carrying out authentication image 6 can be obtained, and, the required basic image of synthetic processing that carries out authentication image 6 can be obtained according to the index information that has carried out after displacement transformation is handled.Then, terminal 3 utilizes the coefficient information of obtaining to obtain the linear combination of basic image, carries out the synthetic processing (step S.30) of authentication image 6 thus.Afterwards, in terminal 3, make the authentication image 6 (step S.31) after image displaying part 15 demonstrations are synthesized, holder's authentication image 6 is provided to the operator.

The authentication image 6 of operator by will being presented at the holder on the image displaying part 15 compares with the user's of credit card 4 face, can confirm that whether the user of credit card 4 is the real owner, is the holder by visual observation.Particularly, because the authentication image 6 that is presented on the image displaying part 15 is than the big and detailed image such as facial photo that can be printed on credit card 4 grades, the judgement accuracy in the time of therefore can improving authentication.And, because the operator can judge with the naked eye directly whether the card user is the holder according to authentication image 6, therefore even under the different situation of holder's hair style, clothes etc. and authentication image 6, also can carry out holder's authentication, can further improve the fail safe of credit card 4 by comprehensive judgement.

[card authentication method (2)]

Then, describe at following card authentication method (2): in terminal 3, record basic image collection (Key1) in advance, in server 2, record coefficient information (Key3), in credit card 4, record under the situation of index information (Key2), by terminal 3 synthetic authentication image.

In addition, under the situation of card authentication method (2), be made as in server 2 and basic image collection (Key1) do not carried out the displacement transformation processing and directly basic image collection (Key1) is sent to terminal 3.Also can as illustrated in the card authentication method (1), be made as the structure that after basic image collection (Key1) having been implemented the displacement transformation processing, is sent to terminal 3.Yet, transmitting to terminal 3 under the situation of having carried out the basic image collection (Key1) after displacement transformation is handled, in server 2, index information also needs is carried out displacement transformation according to the id information of terminal 3 and handle.

Under the situation of card authentication method (2), adopt index information to be recorded in structure in the credit card 4 as mentioned above, therefore for coming that index information is carried out displacement transformation, handles the id information according to terminal 3, after credit card 4 was read index information, terminal 3 need send to the index information of reading server 2 in terminal 3.And, in server 2, the index information that receives is carried out need sending to terminal 3 once more after displacement transformation handles according to the id information of terminal 3.

Yet, carry out like this can causing treatment effeciency to reduce from the processing that credit card 4 sends to server 2 via terminal 3 and carry out being returned to after displacement transformation is handled terminal 3 again server 2 index information.In addition, the transmission of carrying out index information like this unreasonably receives the fail safe that also can cause index information sometimes and reduces, in fact, use the situation of the method that in holder's information recording part 24 of server 2, writes down and manage index information like that shown in card authentication method (1) more.

Therefore, describe:, in server 2, basic image collection (Key1) is not carried out the displacement transformation processing and just be sent to terminal 3 (in that index information is recorded under the situation of the structure in the credit card 4) under the situation of card authentication method (2) at following situation.

In addition, be made as in order to improve fail safe, using the index information (Key2) after encryption key by server 2 management carries out the index information (Key2) in the recording portion 9 that will record credit card 4 will encrypting on the basis of encryption to record in the credit card 4.

Fig. 7 is the flow chart of card authentication method (2) in the control and treatment portion 14 of expression terminal 3.In control and treatment portion 14, according to the processing shown in the program execution 7 that is recorded among the ROM.

Control and treatment portion 14 at first carry out and credit card 4 between authentication processing (step S.41).Control and treatment portion 14 is by sending the required information that authenticates to credit card 4, utilize the next mutual authentication between credit card 4 sides judgement terminal 3 and credit card 4 of operation processing function of IC-card, according to the authentication result of returning from credit card 4, in terminal 3, carry out the judgement of authentication result.

In the control and treatment portion 14 of the terminal 3 of the authentication result that gets access to credit card 4, judge credit card 4 whether legal (step S.42) according to the authentication result of being obtained.Under being judged as the illegal situation of authentication result (step S.42 in the situation of "No"), it is illegal that control and treatment portion 14 is judged as credit card 4, and demonstration credits card such as image displaying part 15 4 for illegal information giving a warning (step S.43) to the operator, and finish the authentication processing of credit card 4.Like this, the judgement of the legitimacy by carrying out credit card 4 can prevent the illegal use of credit card 4.

On the other hand, under can being judged as the legal situation of authentication result (step S.42 in the situation of "Yes"), control and treatment portion 14 is by card-reading part 11 visit credits card 4, obtains index information (Key2) in the recording portion 9 that is recorded in credit card 4 and the information (card information) (step S.44) relevant with card.In credit card 4, only under the situation that authenticates out the legal meaning of terminal 3 by the authentication processing of step shown in S.41, allow to read index information (Key2) and card information.On the other hand, in the authentication processing of step shown in S.41, be judged as under the situation that terminal 3 is illegal terminals, in credit card 4, by the request that index information (Key2) and card information are read by refusal control and treatment portion 14, prevent to carry out required data of the synthetic processing of authentication image 6 etc. by unauthorized access.

In addition, in the related credit card 4 of card authentication method (2), record index information (Key2).Therefore, under the approved situation of authentication between terminal 3 and the credit card 4, control and treatment portion 14 can obtain one of the required information of the synthetic processing of carrying out authentication image 6 (index information (Key2)).

Then, the back is encrypted to server 2 transmissions (step S.45) at the PKI that utilizes server 2 to end message and card information by control and treatment portion 14.In server 2, the private key that utilizes oneself is to being decrypted with the information behind the public key encryption of server 2.

Owing to after with the public key encryption of server 2, information is sent to server 2 from terminal 3,, then can't the information that send from terminal 3 be decrypted therefore if not legal server 2.Therefore can prevent that end message and card information from being revealed to the third party.

In server 2, carry out the authentication processing of terminal 3 according to the end message after the deciphering, and carry out the authentication processing of credit card 4 according to card information.Being judged as terminal 3 and credit card 4 in the authentication processing of authentication processing by terminal 3 and credit card 4 all is that server 2 is extracted corresponding holders' information out under the legal situation from holder's information recording part 24 according to card information.Then, server 2 is according to the holder's who extracts out information, obtain synthetic holder's the required coefficient information (Key3) of authentication image 6, and according to holder's information, obtain and be used for key information that the index information (Key2) that is recorded in credit card 4 is decrypted.

Afterwards, in server 2, with the PKI of terminal 3 to coefficient information (Key3) and the key information that is used to decipher index information (Key2) send to terminal 3 after encrypting.

In terminal 3, receive the enciphered message (step is S.46) that sends by server 2, the information that receives is decrypted the key information (step is S.47) that obtains coefficient information (Key3) and index information by private key with terminal 3.Then, terminal 3 is according to the key information of the index information that gets access to, the index information of reading from credit card 4 (Key2) is decrypted processing (step S.48), and, determines to carry out the required basic image (step S.49) of synthetic processing of authentication image 6 according to the index information after the deciphering.

Like this, terminal 3 is by being decrypted processing to the index information (Key2) that obtains from credit card 4, can obtaining the required index information of synthetic processing that carries out authentication image 6.And terminal 3 can be obtained the required basic image of synthetic processing that carries out authentication image 6 according to the index information of obtaining from basic image collection.And terminal 3 can be obtained coefficient information from server 2, therefore utilizes the coefficient information of obtaining to obtain the linear combination of basic image, can carry out the synthetic processing (step S.50) of authentication image 6 thus.

Then, in terminal 3, make the authentication image 6 (step S.51) after image displaying part 15 demonstrations are synthesized, the authentication image 6 of expression holder's facial photo is provided to the operator.

The authentication image 6 of operator by will being presented at the holder on the image displaying part 15 compares with the user's of credit card 4 face, can confirm whether the user of credit card 4 is the holder by visual observation, therefore holder's authentication accuracy can be improved, and the fail safe of credit card 4 can be further improved.

[card authentication method (3)]

Then, describe at following card authentication method (3): in terminal 3, record basic image collection (Key1) in advance, in credit card 4, record index information (Key2) and coefficient information (Key3) and among Key1～Key3 any all is not recorded under the situation in the server 2, by terminal 3 synthetic authentication image 6.

In addition, under the situation of card authentication method (3), also similarly be made as in server 2 and basic image collection (Key1) is not carried out displacement transformation handle and directly basic image collection (Key1) is sent to terminal 3 with the situation of card authentication method (2).In addition, be made as in order to improve fail safe, index information (Key2) and coefficient information (Key3) after will encrypting on using the basis of the index information (Key2) in the recording portion 9 that will record credit card 4 and coefficient information (Key3) being carried out encryption by the encryption key of server 2 management record in the credit card 4.

Fig. 8 is the flow chart of card authentication method (3) in the control and treatment portion 14 of expression terminal 3.In control and treatment portion 14, according to the processing shown in the program execution 8 that is recorded among the ROM.

Control and treatment portion 14 at first carry out and credit card 4 between authentication processing (step S.61).Control and treatment portion 14 is by sending the required information that authenticates to credit card 4, utilize the next mutual authentication between credit card 4 sides judgement terminal 3 and credit card 4 of operation processing function of IC-card, according to the authentication result of returning from credit card 4, in terminal 3, carry out the judgement of authentication result.

In the control and treatment portion 14 of the terminal 3 of the authentication result that gets access to credit card 4, judge credit card 4 whether legal (step S.62) according to the authentication result of being obtained.Under being judged as the illegal situation of authentication result (step S.62 in the situation of "No"), it is illegal that control and treatment portion 14 is judged as credit card 4, and demonstration credits card such as image displaying part 15 4 for illegal information giving a warning (step S.63) to the operator, and finish the authentication processing of credit card 4.Like this, the judgement of the legitimacy by carrying out credit card 4 can prevent the illegal use of credit card 4.

On the other hand, under can being judged as the legal situation of authentication result (step S.62 in the situation of "Yes"), control and treatment portion 14 obtains index information (Key2), coefficient information (Key3) and the information (card information) (step S.64) relevant with card in the recording portion 9 that is recorded in credit card 4 by card-reading part 11 visit credits card 4.In addition, index information (Key2) and the coefficient information (Key3) obtained from credit card 4 are to use by the key information of server 2 management to encrypt, and therefore under the state of encrypting like this, can't directly utilize in the synthetic processing of authentication image 6.

In credit card 4, only, allow to read index information (Key2), coefficient information (Key3) and card information authenticating out by the authentication processing of step shown in S.61 under the situation that terminal 3 is legal meanings.On the other hand, in the authentication processing of step shown in S.61, be judged as under the situation that terminal 3 is illegal terminals, in credit card 4, by the request that index information (Key2), coefficient information (Key3) and card information are read by refusal control and treatment portion 14, prevent to carry out required data of the synthetic processing of authentication image 6 etc. by unauthorized access.

In addition, in the related credit card 4 of card authentication method (3), record index information (Key2) and coefficient information (Key3), therefore, under the approved situation of authentication between terminal 3 and the credit card 4, control and treatment portion 14 can obtain the part (index information (Key2) and coefficient information (Key3)) of the required information of the synthetic processing of carrying out authentication image 6.

Then, control and treatment portion 14 sends to server 2 (step S.65) after the PKI that utilizes server 2 is encrypted end message and card information.In server 2, the private key that utilizes oneself is to being decrypted with the information behind the public key encryption of server 2.

In server 2, carry out the authentication processing of terminal 3 according to the end message after the deciphering, and carry out the authentication processing of credit card 4 according to card information.Being judged as terminal 3 and credit card 4 in the authentication processing of authentication processing by terminal 3 and credit card 4 all is that server 2 is extracted corresponding holders' information out under the legal situation from holder's information recording part 24 according to card information.Then, server 2 is according to the holder's who extracts out information, obtains to be used for key information that the index information (Key2) that is recorded in credit card 4 and coefficient information (Key3) are decrypted.

Afterwards, in server 2, send to terminal 3 behind the public key encryption of key information with terminal 3 that will be used for index information (Key2) and coefficient information (Key3) are decrypted.

In terminal 3, receive the enciphered message (step is S.66) that sends by server 2, the information that receives is decrypted the key information (step is S.67) that obtains index information (Key2) and coefficient information (Key3) by private key with terminal 3.Then, terminal 3 is according to the coefficient information (Key3) that gets access to and the key information of index information (Key2), the index information of reading from credit card 4 (Key2) is decrypted processing, and the coefficient information (Key3) of reading from credit card 4 is decrypted processing (step S.68).Then, according to the index information after the deciphering, determine to carry out the required basic image (step S.69) of synthetic processing of authentication image 6.

Like this, terminal 3 is decrypted processing by utilizing the key information that obtains from server 2 to index information (Key2), can obtain the required index information of synthetic processing that carries out authentication image 6, and, can from basic image collection, obtain the required basic image of synthetic processing that carries out authentication image 6 according to the index information of obtaining.And terminal 3 is decrypted processing by utilizing the key information that obtains from server 2 to coefficient information (Key3), can obtain the required coefficient information of synthetic processing of carrying out authentication image 6.

Afterwards, terminal 3 is obtained the linear combination of basic image according to coefficient information of being obtained and the basic image obtained, carries out the synthetic processing (step S.70) of authentication image 6 thus.Then, terminal 3 makes the authentication image 6 (step S.71) after image displaying part 15 demonstrations are synthesized, and the authentication image 6 of holder's facial photo is shown to the operator.

[card authentication method (4)]

Then, describe at following card authentication method (4): in terminal 3, record basic image collection (Key1) in advance, in server 2, record index information (Key2) and coefficient information (Key3) and among Key1～Key3 any all is not recorded under the situation in the credit card 4, by terminal 3 synthetic authentication image 6.

In the structure shown in the card authentication method (4), owing in credit card 4, both there be not recording indexes information (Key2) not write down coefficient information (Key3) yet, therefore authentication method that also can application card authentication method (4) in the little magnetic card of the recording capacity of recording portion 9.No matter use IC-card also to be to use magnetic card, all registration card information in the recording portion 9 of credit card 4 to credit card 4.

And, under the situation of card authentication method (4), also similarly be made as in server 2 and basic image collection (Key1) is not carried out displacement transformation handle and directly basic image collection (Key1) is sent to terminal 3 with the situation of card authentication method (2) and card authentication method (3).

Fig. 9 is the flow chart of card authentication method (4) in the control and treatment portion 14 of expression terminal 3.In control and treatment portion 14, according to the processing shown in the program execution 9 that is recorded among the ROM.

Control and treatment portion 14 at first carry out and credit card 4 between authentication processing (step S.81).IC-card is being used as under the situation of credit card 4, control and treatment portion 14 is by sending the required information that authenticates to credit card 4, utilize the next mutual authentication between credit card 4 sides judgement terminal 3 and credit card 4 of operation processing function of IC-card, according to the authentication result of returning from credit card 4, in terminal 3, carry out the judgement of authentication result.

On the other hand, magnetic card is being used as under the situation of credit card 4, can't carrying out the authentication processing of terminal 3 in credit card 4 sides.Therefore, in terminal 3, carry out reading the processing of the card information of credit card 4 by card-reading part 11.Then, terminal 3 utilizes the PKI of server 2 to carry out sending to server 2 after the encryption end message and card information.In server 2, with private key enciphered message has been carried out after the deciphering, authenticate the legitimacy of terminal 3 and credit card 4 according to the end message that obtains from terminal 3 and card information.Under the situation of authentication success, server 2 is to send to terminal 3 after legal authentication result is utilized the public key encryption of terminal 3 with terminal 3 and credit card 4.Terminal 3 utilizes the private key of oneself that the information that receives is decrypted, and judges the authentication result of credit card 4.

Terminal 3 utilizes said method to obtain the authentication result of credit card 4, and card whether legal (step S.82) is judged according to the authentication result of being obtained by the control and treatment portion 14 of terminal 3.Under being judged as the illegal situation of authentication result (step S.82 in the situation of "No"), it is illegal that control and treatment portion 14 is judged as credit card 4, and demonstration credits card such as image displaying part 15 4 for illegal information giving a warning (step S.83) to the operator, and the authentication processing of end-card.Like this, the judgement of the legitimacy by carrying out credit card 4 can prevent the illegal use of card.

On the other hand, under can being judged as the legal situation of authentication result (step S.82 in the situation of "Yes"), control and treatment portion 14 obtains the information (card information) (step S.84) relevant with card in the recording portion 9 that is recorded in credit card 4 by card-reading part 11 visit credits card 4.

With IC-card as under the situation of credit card 4, in credit card 4, only, allow to read card information authenticating out by the authentication processing of step shown in S.81 under the situation that terminal 3 is legal meanings.On the other hand, in the authentication processing of step shown in S.81, be judged as under the situation that terminal 3 is illegal terminals, in credit card 4,, prevent to carry out required data of the synthetic processing of authentication image 6 etc. by unauthorized access by the request that card information is read by refusal control and treatment portion 14.

In addition, with magnetic card as under the situation of credit card 4 because in order to carry out the authentication processing of credit card 4, obtained card information in S.81 from the recording portion 9 of credit card 4 in step, therefore do not need to carry out above-mentioned processing (step S.84).

Then, control and treatment portion 14 sends to server 2 (step S.85) after end message and card information being utilized the public key encryption of server 2.Server 2 utilizes the private key of oneself to being decrypted with the information behind the public key encryption of server 2.

Owing to after with the public key encryption of server 2, information is sent to server 2 from terminal 3,, then can't the information of sending from terminal 3 be decrypted therefore if not legal server 2.Therefore can prevent that end message and card information from being revealed to the third party.

In server 2, carry out the authentication processing of terminal 3 according to the end message after the deciphering, and carry out the authentication processing of credit card 4 according to card information.In addition, under the situation of magnetic card,, therefore also can omit above-mentioned processing (S.85) owing to carried out authentication processing in S.81 in step.

Being judged as terminal 3 and credit card 4 in the authentication processing by terminal 3 and credit card 4 is that server 2 is extracted corresponding holder's information out under the legal situation from holder's information recording part 24 according to card information.Then, server 2 is according to the holder's who extracts out information, obtains synthetic holder's required index information (Key2) and the coefficient information (Key3) of authentication image 6.

Afterwards, in server 2, index information (Key2) and coefficient information (Key3) are sent to terminal 3 behind the public key encryption with terminal 3.

In terminal 3, receive the enciphered message (step is S.86) that sends by server 2, by private key the information that receives is decrypted and obtains index information (Key2) and coefficient information (Key3) (step is S.87) with terminal 3.Then, terminal 3 determines to carry out the required basic image (step S.88) of synthetic processing of authentication image 6 according to the index information that gets access to.

Like this, terminal 3 can be obtained the required basic image of synthetic processing that carries out authentication image 6 according to the index information (Key2) that obtains from server 2 from basic image collection.And terminal 3 is carried out the synthetic processing (step S.89) of authentication image 6 by obtain the linear combination of basic image according to the coefficient information of obtaining from server 2 (Key3) and the basic image obtained.Then, the authentication image 6 (step S.90) that terminal 3 shows after synthesizing image displaying part 15, the next authentication image 6 that holder's facial photo is shown to the operator.

More than, such shown in above-mentioned card authentication method (1)～(4), by adopting following structure, can prevent that the required information of synthetic processing of carrying out authentication image 6 from being stolen in the lump by the third party, and can improve authentication image 6 in the authentication processing process safe: make credit card 4 or server 2 in advance record carry out the synthetic processing of authentication image 6 required index information (Key2) and coefficient information (Key3) and undertaken by terminal 3 under the situation of reduction processing of authentication image 6, carrying out and credit card 4, after the authentication processing of the strictness that terminal 3 and server 2 are relevant, terminal 3 is obtained the required data of the synthetic processing of carrying out authentication image 6 (Key1～Key3) respectively.

In addition, index information (Key2) and coefficient information (Key3) are smaller data volumes, by adopting the card authentication method (4) shown in the present embodiment, can make server 2 recording indexes information and coefficient information.Like this, can make the information that records in the credit card 4 only be card information, therefore can reduce the data volume that will be recorded in the credit card 4.

Thereby, no matter credit card 4 is IC-card or magnetic card, the data volume that is recorded in the credit card 4 is reduced, even therefore utilize the credit card 4 (credit card that recording capacity is less etc.) of current a large amount of distribution can carry out the synthetic processing of the authentication image 6 shown in the present embodiment too.

And, by in more new period of credit card etc. credit card being changed to IC-card and making the prior recording indexes information of recording portion, the coefficient information of IC-card, can realize above-mentioned card authentication method (1)～card authentication method (3), thereby can not bring the burden of introducing native system etc., can successfully improve holder's authentication accuracy to the user.

At last, describe at following situation: credit card in the card authentication system of the credit card 4 that uses in the related card authentication system 1 of present embodiment and terminal 3 and use in the past and the difference between the terminal are studied, in the related card authentication system 1 of the card authentication system that in the past uses and present embodiment, in terminal separately, use credit card separately.

The terminal of in the past using is made as first kind of terminal.First kind of terminal carried out holder's authentication according to holder's the signature or the password of credit card.In first kind of terminal, can't help server to transmit basic image collection, do not carry out the synthetic processing of the authentication image in the terminal yet.Thereby the operator is by requiring the card user and sign or inputing the authentication that password carries out the holder.The such operator of card authentication method of terminal 3 that therefore, can't be shown in present embodiment compares the appearance that is presented at authentication image 6 and card user's face on the image displaying part 15 by visual observation.

On the other hand, the terminal 3 of the card authentication system 1 that present embodiment is related is made as second kind of terminal.Second kind of terminal can be carried out following processing as already explained like that: terminal 3 is obtained index information and coefficient information from credit card 4 or server 2, utilization is sent to the basic image of obtaining the basic image collection of terminal 3 in advance from server 2, carries out the synthetic processing of authentication image 6.Thereby the operator compares by the appearance that will be presented at authentication image 6 and card user's face on the image displaying part 15, can judge whether the card user is the legal owner (holder).

In addition, the kind of credit card also can be categorized as two kinds accordingly with two kinds of terminals.At first, the credit card that in the past uses is made as first kind of card.First kind of card is meant that the operator requires the holder to sign or the password of input card, carries out holder's authentication according to signature or password.As the example of this first kind of card, can illustration magnetic card or IC-card, but a registration card information in the recording portion of credit card, not writing down basic image set is needless to say, also not recording indexes information and coefficient information.

On the other hand, the credit card 4 of the card authentication system 1 that present embodiment is related is made as second kind of card.Except recording card information, also record in index information and the coefficient information at least one in the recording portion 9 of second kind of card.Therefore, utilizing the related card authentication method of present embodiment to carry out under the situation of synthetic processing of authentication image 6, by index information or the coefficient information of playback record in credit card 4, terminal 3 can be obtained the required information of synthetic processing of carrying out authentication image 6.

In table shown in Figure 10, gathered the authentication method that above-mentioned two kinds of cards is applied to the holder under the situation of above-mentioned two kinds of terminals respectively.

At first, first kind of terminal carried out holder's authentication according to holder's the signature or the password of credit card, do not possess synthetic authentication image and is presented at function on the image displaying part.Therefore, first kind of terminal utilized under the first kind of card or the situation of second kind of card, by requiring the card user to sign or inputing the password of credit card, carried out holder's authentication samely.Therefore, in the terminal in the past (first kind of terminal) of the complex functionality that does not have authentication image 6, even service recorder has second kind of card of the required information of the synthetic processing of carrying out authentication image, also be the authentication processing of utilizing the holder's identical authentication method (signing or password) to block with in the past credit card.

Then, study at the situation that first kind of card or second kind of card are applied to second kind of terminal.

Second kind of terminal is to carry out the terminal 3 that holder's authentication is carried out in the synthetic processing of authentication image by obtain index information or coefficient information from credit card 4 or server 2.At this, owing to do not have recording indexes information or coefficient information fully in first kind of card, so terminal 3 can't obtain carrying out the required information of synthetic processing of authentication image 6 from credit card.Yet, if the user of first kind of card provides holder's information of facial photo etc. and holder's index information and coefficient information to be recorded in the server 2 to credit card company etc., then by utilizing the card authentication method (4) that has illustrated, terminal 3 can be obtained index information and coefficient information from server 2.

Therefore, first kind of card is being applied under the situation of second kind of terminal, if record the required index information and the coefficient information of synthetic processing of carrying out authentication image 6 in the server 2, then second kind of terminal can be carried out the synthetic processing of authentication image 6, thereby the operator can judge whether the card user is the legal owner (holder) according to the authentication image after synthetic 6.

On the other hand, first kind of card is being applied under the situation of second kind of terminal, if do not write down the required index information and the coefficient information of synthetic processing of carrying out authentication image 6 in the server 2, then with the situation of in first kind of terminal, using first kind of card similarly, carry out holder's authentication according to card user's signature or password.

Then, in second kind of terminal, using the situation of second kind of card to describe.In second kind of card, record at least one in index information and the coefficient information.Therefore, second kind of terminal can be obtained index information or coefficient information from second kind of card or server 2, and can be according to the synthetic authentication image 6 of basic image collection.Therefore, the operator can judge whether the card user is the legal owner (holder) according to the authentication image 6 after synthetic.

Like this, introduce under the situation in market, do not need to replace simultaneously the terminal and the credit card that used in the past, can successfully promote the related card authentication system of present embodiment 1 by replacing successively at the card authentication system that present embodiment is related 1.

More than the use of the accompanying drawings illustrate the present invention in detail related card authentication system, but card authentication system involved in the present invention is not limited to the system shown in the execution mode.So long as those skilled in the art just can expect various variation or correction example in the category that claims are put down in writing, this is conspicuous, and these variation or correction example also belong to protection scope of the present invention certainly.

For example, in the related card authentication system 1 of present embodiment, be illustrated at the card authentication system that has used credit card 4, but the card that is to use is not limited to credit card.Credit card is a routine employed card of card that carries out holder's authentication as needs, if need carry out the system that the holder authenticates, then can use card for example office worker's card, the card that safety management is used etc. of company beyond the credit card, can both utilize card authentication system involved in the present invention in the Verification System of the holder in various fields.

And, in the related card authentication system 1 of present embodiment,, show the card that presents the card shape as credit card, but the authentication card might not be defined in the card that presents the card shape as an example as authentication card involved in the present invention.So long as the information of using can write down the authentication of carrying out the holder time and can be used in the card whether user who wants to accept the regulation service according to the information of record etc. is real holder's authentication, present which type of shape, form can.Therefore, authentication card involved in the present invention is not only the card that presents the card shape as the office worker of credit card, company card etc., as portable phone (comprising functional mobile phone (Feature phone), smart mobile phone etc.), PDA (Personal Digital Assistant, Personal Data Assistance), tablet terminal, portable with computer etc. the user hold separately and the portable information device that uses etc. is also contained in the related authentication card of the present application.

In addition, in the related card authentication system 1 of present embodiment, at using the situation of PCA to be illustrated as the method for obtaining basic image, the method for still obtaining basic image is not only limited to PCA.So long as, just can utilize arbitrary method according to the method for obtaining the basic image of the distribution that can show this distribution well and present low-dimensional with the distribution of the higher-dimension that is characterized as benchmark of a plurality of images.For example, also can utilize following method: by utilizing proximity search method, obtain k of the image that will synthesize adjacent image and be made as basic image, obtain least square method and be made as coefficient.

Claims

1. authentication card that in card authentication terminal, uses, this card authentication terminal according to by the basic image set of a plurality of basic image constructions and with the corresponding coefficient information of each above-mentioned basic image, whether the synthetic processing of carrying out authentication image is the holder with the user who judges card, this authentication card is characterised in that

In this authentication card, record above-mentioned coefficient information.

2. authentication card that in card authentication terminal, uses, this card authentication terminal is by utilizing basic image collection, index information and coefficient information are used to judge the synthetic processing of authentication image of holder's legitimacy, this base image collection combines the mutually different a plurality of basic image sets of feature, this base image set is by a plurality of basic image construction with same characteristic features, this index information is used for determining from above-mentioned basic image collection the basic image of the synthetic processing that is used for above-mentioned authentication image, this coefficient information is corresponding with each the basic image in a plurality of basic image of determining according to this index information, above-mentioned authentication card is characterised in that

In this authentication card, record at least one information in above-mentioned index information and the above-mentioned coefficient information.

3. card authentication terminal is characterized in that possessing:

Image recording unit, its record is by the basic image set of a plurality of basic image constructions;

The coefficient information acquiring unit, it obtains the coefficient information corresponding with each basic image from the card certificate server that authentication blocks or connects via network; And

Graphics processing unit, it carries out the synthetic processing of authentication image according to above-mentioned basic image set and above-mentioned coefficient information, and this authentication image is used to judge whether the user of card is the holder.

4. card authentication terminal is characterized in that possessing:

Image recording unit, it writes down basic image collection, and this base image collection combines the mutually different a plurality of basic image sets of feature, and this base image set is by a plurality of basic image construction with same characteristic features;

The index information acquiring unit, it obtains index information from the card certificate server that authentication blocks or connects via network, this index information is used for determining from above-mentioned basic image collection the basic image of the synthetic processing that is used for authentication image, and this authentication image is used to judge holder's legitimacy;

The coefficient information acquiring unit, it obtains coefficient information from above-mentioned authentication card or the above-mentioned card certificate server that connects via above-mentioned network, and this coefficient information is corresponding with each the basic image in a plurality of basic image of determining according to above-mentioned index information;

Base image determining unit, it determines a plurality of basic image of the synthetic processing that is used for above-mentioned authentication image according to the above-mentioned index information that is got access to by above-mentioned index information acquiring unit; And

Graphics processing unit, its according to a plurality of basic image of determining by this base image determining unit and with these a plurality of basic images in the corresponding coefficient information of each basic image, carry out the synthetic processing of above-mentioned authentication image.

5. according to claim 3 or 4 described card authentication terminals, it is characterized in that,

Be recorded in a plurality of basic image in the above-mentioned image recording unit and be with the state recording that changed of putting in order that should the base image by implementing displacement transformation to handle, it is according to the difference of card authentication terminal and different that this displacement transformation is handled,

Above-mentioned index information is implemented and is recorded in the displacement transformation of the basic image in the above-mentioned image recording unit and handles corresponding displacement transformation processing.

6. one kind is blocked certificate server, be connected with card authentication terminal via network, this card authentication terminal is according to carrying out the synthetic processing of authentication image by the basic image set of a plurality of basic image constructions and the coefficient information corresponding with each above-mentioned basic image, this authentication image is used to judge whether the user of card is the holder, this card certificate server is characterised in that to possess:

The base image recording unit, its record constitutes a plurality of basic image of above-mentioned basic image set;

Base image update unit, it upgrades a part of basic image in a plurality of basic image that is recorded in this base image recording unit termly; And

The base image transmission unit, its new basic image set that will comprise by the basic image after this base image update unit renewal is sent to above-mentioned card authentication terminal via above-mentioned network.

7. one kind is blocked certificate server, be connected with card authentication terminal via network, this card authentication terminal is by utilizing basic image collection, index information and coefficient information are used to judge the synthetic processing of authentication image of holder's legitimacy, this base image collection combines the mutually different a plurality of basic image sets of feature, this base image set is by a plurality of basic image construction with same characteristic features, this index information is used for determining from above-mentioned basic image collection the basic image of the synthetic processing that is used for above-mentioned authentication image, this coefficient information is corresponding with each the basic image in a plurality of basic image of determining according to this index information, this card certificate server is characterised in that to possess:

The base image recording unit, its record constitutes a plurality of basic image of above-mentioned basic image collection;

The base image transmission unit, its new basic image collection that will comprise by the basic image after this base image update unit renewal is sent to above-mentioned card authentication terminal via above-mentioned network.

8. according to claim 6 or 7 described card certificate servers, it is characterized in that,

Above-mentioned basic image update unit has:

Taxon, its great amount of images that will prepare in order to generate basic image is a plurality of groups according to the tagsort of image;

The base image generation unit, its basis is to belong to the higher-dimension distribution that is characterized as benchmark of each a plurality of image organized that is sorted out by this taxon, and generation can show this higher-dimension distribution well and present a plurality of basic image of low-dimensional distribution;

The authentication image synthesis unit, it utilizes a plurality of basic image that belongs to each group that is generated by this base image generation unit, comes the corresponding authentication image of each image in synthetic and the above-mentioned great amount of images; And

The resultant error judging unit, it is obtained by the authentication image of synthetic each group that obtains of this authentication image synthesis unit and the resultant error between the respective image in the above-mentioned great amount of images, and judge to utilize the group that respective image is categorized into by above-mentioned taxon the synthetic authentication image that obtains of basic image resultant error whether Billy use the resultant error of synthetic all authentication image that obtain of basic image of the group that respective image is not categorized into by above-mentioned taxon all little

Wherein, be that to utilize the resultant error of the synthetic authentication image that obtains of basic image of group respective image is categorized into by above-mentioned taxon be not under the minimum situation by above-mentioned resultant error judgment unit judges, above-mentioned taxon reclassifies respective image the group of resultant error minimum once more, above-mentioned basic image generation unit utilization by this taxon again the generation of carrying out basic image once more of a plurality of images of subseries handle, the a plurality of basic image that the utilization of above-mentioned authentication image synthesis unit is generated once more by this base image generation unit, come the corresponding authentication image of each image in synthetic and the above-mentioned great amount of images, above-mentioned resultant error judging unit is by obtaining by the authentication image of synthetic once more each group that obtains of above-mentioned authentication image synthesis unit and the resultant error between the respective image in the above-mentioned great amount of images, judge repeatedly the group that utilization is categorized into respective image once more by above-mentioned taxon the synthetic authentication image that obtains of basic image resultant error whether Billy use the resultant error of synthetic all authentication image that obtain of basic image of the group that respective image is not categorized into once more by above-mentioned taxon all little

Be to utilize under the situation of resultant error minimum of the synthetic authentication image that obtains of basic image of group respective image is categorized into by this taxon by above-mentioned resultant error judgment unit judges, above-mentioned basic image transmission unit will be sent to above-mentioned card authentication terminal by a plurality of basic image that above-mentioned basic image generation unit generates.

9. according to each the described card certificate server in the claim 6 to 8, it is characterized in that,

Also possesses the displacement transformation unit, this displacement transformation unit is by to having been upgraded by above-mentioned basic image update unit that new basic image collection behind a part of basic image is implemented according to the difference of card authentication terminal and different displacement transformations is handled, change putting in order of basic image

Above-mentioned basic image transmission unit will be sent to above-mentioned card authentication terminal by the set that above-mentioned displacement transformation unit has carried out the basic image after displacement transformation is handled.

10. card authentication system, according to by the basic image set of a plurality of basic image constructions and with the corresponding coefficient information of each above-mentioned basic image, whether the synthetic processing of carrying out authentication image is the holder with the user who judges card, and this card authentication system is characterised in that to possess:

The authentication card, it records above-mentioned coefficient information;

Card authentication terminal, it carries out the synthetic processing of above-mentioned authentication image; And

The card certificate server, it is connected with above-mentioned card authentication terminal via network,

Wherein, this card authentication terminal has:

Image recording unit, it writes down above-mentioned basic image set;

The coefficient information acquiring unit, it obtains above-mentioned coefficient information from above-mentioned authentication card; And

Graphics processing unit, it carries out the synthetic processing of above-mentioned authentication image according to above-mentioned basic image set and above-mentioned coefficient information.

11. card authentication system, according to by the basic image set of a plurality of basic image constructions and with the corresponding coefficient information of each above-mentioned basic image, whether the synthetic processing of carrying out authentication image is the holder with the user who judges card, and this card authentication system is characterised in that to possess:

The card certificate server, it records above-mentioned coefficient information; And

Card authentication terminal, it carries out the synthetic processing of above-mentioned authentication image,

Wherein, this card authentication terminal has:

Image recording unit, it writes down above-mentioned basic image set;

The coefficient information acquiring unit, it obtains above-mentioned coefficient information from the above-mentioned card certificate server that is connected via network; And

12. according to claim 10 or 11 described card authentication systems, it is characterized in that,

Above-mentioned card certificate server has:

The base image transmission unit, its new basic image set that will comprise by the basic image after this base image update unit renewal is sent to above-mentioned card authentication terminal via above-mentioned network,

Wherein, above-mentioned card authentication terminal makes the new basic image set that above-mentioned image recording unit record is transmitted.

13. card authentication system, by utilizing basic image collection, index information and coefficient information are used to judge the synthetic processing of authentication image of holder's legitimacy, this base image collection combines the mutually different a plurality of basic image sets of feature, this base image set is by a plurality of basic image construction with same characteristic features, this index information is used for determining from above-mentioned basic image collection the basic image of the synthetic processing that is used for above-mentioned authentication image, this coefficient information is corresponding with each the basic image in a plurality of basic image of determining according to this index information, this card authentication system is characterised in that to possess:

Authentication card and card certificate server, this authentication card and card certificate server can write down above-mentioned index information and above-mentioned coefficient information; And

Wherein, above-mentioned index information is recorded in above-mentioned authentication card or the above-mentioned card certificate server, and above-mentioned coefficient information is recorded in above-mentioned authentication card or the above-mentioned card certificate server,

Above-mentioned card authentication terminal has:

Image recording unit, it writes down above-mentioned basic image collection;

The index information acquiring unit, it obtains above-mentioned index information from above-mentioned authentication card or the above-mentioned card certificate server that is connected with network;

The coefficient information acquiring unit, it obtains above-mentioned coefficient information from above-mentioned authentication card or the above-mentioned card certificate server that is connected with network;

14. card authentication system according to claim 13 is characterized in that,

Above-mentioned card certificate server has:

The base image transmission unit, its new basic image collection that will comprise by the basic image after this base image update unit renewal is sent to above-mentioned card authentication terminal via above-mentioned network,

Wherein, above-mentioned card authentication terminal makes the new basic image collection that above-mentioned image recording unit record is transmitted.

15. according to claim 12 or 14 described card authentication systems, it is characterized in that,

The above-mentioned basic image update unit of above-mentioned card certificate server has:

16. according to claim 12,14 or 15 described card authentication systems, it is characterized in that,

Above-mentioned card certificate server has the displacement transformation unit, this displacement transformation unit is by to having been upgraded by above-mentioned basic image update unit that new basic image collection behind a part of basic image is implemented according to the difference of card authentication terminal and different displacement transformations is handled, change putting in order of basic image