JP2002203225A - Authentication auxiliary equipment, device and system for individual authentication and id medium issuing/ individual authentication network system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide authentication auxiliary equipment on which an ID medium with individual authentication information registered therein can be mounted and which is provided with an interface means with an external device, or an individual authentication system composed of an individual authenticating device and an ID medium issuing/individual authentication network system. SOLUTION: In a portable terminal 10, a disk type authentication card 1 provided with a storage area storing authentication data as an ID medium can be mounted from a mounting part 15. When a user presses down a power button 13, the authentication data is transmitted to the external device through an infrared transmitting and receiving part 16. The external device compares the received authentication data with authentication data registered in the external device, makes the external device itself operable as user authentication success when the authentication data coincide with each other, and does not operate as user authentication failure when the authentication data do not coincide. The authentication data are voiceprint data, fingerprint data, etc., with which the user himself/herself can be specified.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a personal authentication ID medium for a personal authentication system such as various card systems (for example, a cash card or a debit card system) which are widely used today, and a personal authentication ID medium.
The present invention relates to a personal authentication device and a personal authentication system comprising hardware capable of mounting media and having an interface with the outside.

[0002]

2. Description of the Related Art A plastic card medium provided with a magnetic stripe in order to authenticate a customer at the time of withdrawal and deposit of a deposit and a deposit using a cash dispenser and purchase of a product by credit, or an IC having an embedded IC. There is a card-type storage medium such as a card from which stored information is read by an electronic reading method.

When the above-mentioned card medium, for example, a cash card or a debit card is inserted into a reading port of a cash dispenser or a card reader of a POS terminal, first, a storage medium on the card is inserted. Is read out. Next, when the user inputs a personal identification code, the identification number and the personal identification code are transmitted to the center via the network, and the authentication processing is performed. In other words, when the identification number and the security code registered in the center machine match the entered identification number and the security code, the user is authenticated and the use of the terminal (withdrawal and deposit of deposits and savings, instant settlement, etc.) )
Becomes possible.

[0004] In addition to the above magnetic stripe and IC,
In recent years, C that can be used as a storage medium for data terminals
A square media card (hereinafter, an authentication card) incorporating a D card (CD (Compact Disc) memory) has been developed.

[0005]

The medium card provided with the magnetic stripe has a limited memory capacity.
Since only the minimum necessary data such as a customer ID number, a bank ID and an account number, and in some cases, a password can be stored, the authentication method is limited.

[0006] Further, the IC card has a larger memory capacity than the magnetic stripe, but also has a limited capacity. Therefore, when the IC card is used as a debit card, the field of use is limited, such as a cash card and an instant settlement card at the time of shopping. .

[0007] Depending on the future development of the card use system by personal authentication, the card type storage medium will be a cash dispenser or P
Not only use at OS terminals, but also payment for use of train ticket gates, toll roads, parking lots, unlocking and locking of houses, condominiums, buildings, etc. instead of door keys, equipment and devices or It can be used as a switch for electric appliances, used for access control and security of these buildings, facilities and equipment, and used for personal authentication when using the network. A wide variety of applications can be expected.

In this case, if the configuration and functions of the external authentication device differ depending on the field of use, depending on the configuration of the external authentication device, the stored contents of the personal authentication medium can be read electronically by inserting a card as in the conventional case. There may be cases where the access method alone cannot cope.

Also, the interface between the authentication media mounting unit and the external authentication device may differ depending on the configuration and functions of the external authentication device. Further, there may be a case where a key other than the password is required or encryption is required due to security requirements.

SUMMARY OF THE INVENTION The present invention has been made to solve the above-mentioned problems. An ID medium in which personal authentication information is registered, an authentication auxiliary device which can be mounted with the ID medium and has an interface with an external device, or an individual personal computer. Personal authentication system composed of authentication devices and ID media issuance /
The purpose is to provide a personal authentication network system.

[0011]

According to a first aspect of the present invention, there is provided an authentication assisting apparatus comprising: an ID medium having a storage area for storing personal authentication data; and an ID medium mounting the ID medium. Unit, transmission instruction means for instructing transmission of personal authentication data, data reading means for detecting the transmission instruction and reading personal authentication data from the storage area of the ID medium, and an individual read by the data reading means. And proximity transmission means for performing proximity transmission of the authentication data.

[0012] The personal authentication system according to the second invention comprises:
The authentication assisting device according to the first aspect of the present invention includes an external device including the following configurations (a) to (d): (a) receiving personal authentication data transmitted in proximity from the authentication assisting device; (B) authentication data storage and storage means in which personal authentication data is registered in advance; (c) personal authentication data received by the proximity reception means and authentication data stored in the authentication data storage and storage means An authentication means for comparing the data with the data to authenticate the user of the authentication auxiliary device;

According to a third aspect of the present invention, there is provided an authentication assisting apparatus comprising: an ID medium having a storage area for storing accessible model authentication data; an ID medium mounting section for mounting the ID medium; , And proximity transmission means for proximately transmitting the model authentication data based on the transmission instruction from the transmission instruction means.

A personal authentication apparatus according to a fourth aspect of the invention is characterized by comprising the authentication assisting apparatus according to the first aspect of the invention and an external device having the following configurations (a) to (d): ) Proximity receiving means for receiving model authentication data transmitted by proximity from the authentication assisting device; (b) Authentication data storage and storage means in which self-identification data is registered in advance; (c) Model authentication data received by the proximity receiving means Authentication means for authenticating the user of the authentication assist device by comparing the identification data stored in the authentication data storage and storage means with the user's own identification data; (d) operation of the own equipment based on the authentication result of the authentication means; Operation determining means for determining the operation. Further, the ID media issuing / personal authentication network system of the fifth invention is connected to the Internet, and a server of a management organization for managing the ID media, and is connected to the Internet. An ID media issuing device that issues an ID medium having a stored storage area to the user, one or more servers that connect to the Internet and manage one or more networks, and the following (a) to (d): A terminal connected to one or a plurality of networks, respectively; (a) authentication for proximity transmission from the authentication assisting device of the first or third invention; Proximity receiving means for receiving data; (b) when ID media is issued from an ID media issuing device, a server of a management organization and Relay data receiving means for receiving the authentication data stored in the issued ID media transmitted via the server managing the network connected to the own device; and (c) authentication received by the relay data receiving means. (D) comparing the authentication data received by the proximity receiver with the authentication data stored in the authentication data storage and storing the authentication data in the authentication auxiliary device. An authentication means for authenticating a user; (d) an operation determining means for determining whether or not the apparatus itself is operating or not, based on an authentication result of the authentication means.

According to a sixth aspect of the present invention, there is provided an authentication assisting apparatus for receiving an ID medium having a storage area for storing personal authentication data, an ID medium mounting section for mounting the ID medium, and a weak signal emitted from an external device. Receiving means,
Data receiving means for reading the personal authentication data from the storage area of the ID medium when receiving the weak signal; and proximity transmission means for proximately transmitting the personal authentication data read by the data reading means. I do.

A personal authentication system according to a seventh aspect of the present invention comprises:
The authentication assisting device according to the sixth aspect, and the following (a) to (e):
(A) a weak signal transmitting means for generating a predetermined weak signal; (b) a proximity receiving means for receiving personal authentication data transmitted from the authentication assisting device in proximity; (C) an authentication data storage and storage unit in which personal authentication data is registered in advance; (d) comparing the authentication data received by the proximity receiving unit with the authentication data stored in the authentication data storage and storage unit. (E) operation determining means for determining whether or not the apparatus itself is to be operated or not, based on the authentication result of the authentication means.

An ID media issuing / individual authentication network system according to an eighth invention is connected to the Internet and a server of a management organization that manages ID media, and is connected to the Internet. Media issuing device for issuing an ID media having a storage area storing application data to the user, one or more servers connected to the Internet and managing one or more networks,
And (f) a terminal connected to one or a plurality of networks, respectively: (a) weak signal transmitting means for generating a predetermined weak signal; (b) sixth invention (C) when an ID medium is issued from an ID media issuing device, a server of a management organization and a server for managing a network connected to the own device when ID media is issued from the ID media issuing device; Relay data receiving means for receiving the authentication data stored on the issued ID medium transmitted by relaying the authentication data; (d) storing and storing the authentication data received by the relay data receiving means Means: (e) comparing the authentication data received by the proximity receiving means with the authentication data stored in the authentication data storage and storage means, and An authentication means for authenticating a user of the auxiliary device; (f) an operation determining means for determining whether or not the apparatus itself is operating or not, based on an authentication result of the authentication means.

According to a ninth aspect of the present invention, in the ID media issuing / personal authentication network system according to the fifth or eighth aspect, the terminal further obtains the operation result when the operation of the terminal itself is determined by the operation determining means. Information transmitting means for transmitting the information to a server of a management organization via a server for managing a network to which the apparatus is connected.

Further, the authentication assisting means of the tenth invention includes an ID medium having a storage area for storing external device authentication data, an ID medium mounting section for mounting the ID medium, and an instruction to transmit personal authentication data. Transmission instruction means for detecting the transmission instruction, reading data for external device authentication from the storage area of the ID medium, and proximate transmission of the external device authentication data read by the data reading means. Means.

According to an eleventh aspect of the present invention, in the authentication assisting apparatus according to the first, third or tenth aspect, before the ID reading by the data reading means, the user of the own device is authenticated by a password. An authentication means is provided.

A personal authentication system according to a twelfth aspect of the present invention is the personal authentication system according to the tenth aspect of the present invention, which comprises:
It is characterized by comprising an external device having the configuration of (d): (a) proximity receiving means for receiving external device authentication data transmitted by the authentication auxiliary device in proximity; (b) self-recognition data registered in advance (C) comparing the external device authentication data received by the proximity receiving unit with the authentication data stored in the authentication data storage unit to identify the user of the authentication assisting device; An authentication means for performing authentication; (d) an operation determining means for determining whether or not the apparatus itself is operating or not, based on an authentication result of the authentication means.

A personal authentication system according to a thirteenth aspect of the present invention is the personal authentication system according to the first aspect, comprising:
(A) proximity receiving means for receiving authentication data transmitted in proximity from the authentication assisting device; (b) obtaining raw data for authentication of a user of the authentication assisting device. (C) authentication data generating means for analyzing raw authentication data obtained by the data obtaining means and generating authentication data; (d) external device authentication data and authentication data received by the proximity receiving means Authentication means for comparing the authentication data generated by the generation means to authenticate the user of the authentication assisting device; (e) operation determining means for determining whether or not the apparatus itself is to be operated or not based on the authentication result of the authentication means.

According to a fourteenth aspect, in the authentication assisting apparatus according to the first, third, sixth or tenth aspect, the ID medium comprises a storage medium having a disk-shaped storage area fixed.

According to a fifteenth aspect, in the ID medium issuing / personal identification network system according to the fifth or eighth aspect, the ID medium comprises a storage medium having a disk-shaped storage area fixed. .

A personal authentication apparatus according to a sixteenth aspect of the present invention provides an ID medium having a storage area for storing personal authentication data,
An ID medium mounting section for mounting an ID medium, transmission instruction means for instructing transmission of personal authentication data, data reading means for detecting the transmission instruction and reading personal authentication data from a storage area of the ID medium; A data acquisition unit that acquires raw data for authentication of the user of the own device; an authentication data generation unit that analyzes the raw data for authentication acquired by the data acquisition unit to generate authentication data; The device authentication data is compared with the authentication data generated by the authentication data generation unit to authenticate the user of the own device, and the data specifying the external device to be activated based on the authentication result by the authentication unit is stored. Determining means for determining whether or not a trigger signal can be transmitted.

A personal authentication system according to a seventeenth aspect of the present invention is the personal authentication system according to the sixteenth aspect of the present invention, comprising:
It is characterized by comprising an external device including the configuration of (b): (a) proximity receiving means for receiving a trigger signal transmitted in proximity from the personal authentication device; (b) the received trigger signal activates itself. Operation control means for operating own machine only in case of signal.

According to an eighteenth aspect of the present invention, in the personal authentication device according to the sixteenth aspect, the ID medium is a storage medium having a disk-shaped storage area fixed.

[0028]

FIG. 1 shows an embodiment of an ID medium. In this embodiment, an authentication card such as a CD card is used as the ID medium. In FIG. 1, the authentication card 1 is embedded on the card, and has a storage area 2 composed of a disk-shaped memory having a non-circular portion restricted by the shape of the card, and a hole 3 for rotating the authentication card. Hole 3
Has a shape (in the embodiment, circular, but not limited to) that is easily rotated by the card medium driving mechanism when accessing the authentication card.

The authentication card 1 is mounted on a terminal or a reading unit of a card reader as described later, and rotates the authentication card when accessing data stored in the storage area 2. That is, the storage area 2 is a dynamic storage unit provided on the authentication card 1.

The type of the card is printed on the opposite side of the authentication card 1 as shown in the figure. On this side, the service content, table, design, photograph, etc. for the individual user may be printed. Further, an IC 7 may be provided as shown in FIG. Note that the IC 7 may be provided on the same surface as the storage area 2. Also, reference numeral 8 in FIG.
Indicates an input / output contact.

In the example shown in FIG. 1, an example is shown in which the storage area 2 of the authentication card 1 is restricted by the shape of the card and has a shape in which both ends of a circle are cut, but the present invention is not limited to this shape.

[Embodiment (1)] In this embodiment, a terminal is used as an authentication assisting device, and personal authentication is performed on the external device side. FIG. 2 is an explanatory view of data stored in the storage area 2 of the authentication card. The authentication card 1 has a system area 40 storing file management information, an encrypted personal ID number 41, and personal information such as a user name. The authentication data 43 of the user (individual) corresponding to the information 42 and the personal ID number 41 is stored. When the storage area 2 of the authentication card 1 is a rewritable storage medium such as an MD, an information column 44 for storing transaction contents and the like may be provided.

The authentication data 43 stored in the authentication card 1 is the same as the authentication data registered in the external device 100 described later, and includes voiceprint data, iris data,
It is personal data such as a fingerprint and a palm print. In this example, a random long character string that can specify an individual, unusual arbitrary graphic data or image pattern data may be used.

The personal ID number 41, the personal information 42, and the authentication data 43 are encrypted, but are not limited to this. That is, the data need not be encrypted and may be compressed data.

In this embodiment, as described later,
Although the personal identification code is configured to be registered in the personal identification code registration memory of the portable terminal as the authentication assisting device, when the authentication card 1 is configured as shown in FIG.
7 (that is, a static storage unit accessed by the static access unit) may store a personal identification code and a program.

FIG. 3 is an external view of an embodiment of a terminal that accesses an ID medium. FIG. 3A is a perspective view of the terminal.
FIG. 3B is a diagram illustrating the upper end side of the terminal.

As shown in FIG. 3A, the terminal 1 of this embodiment
Reference numeral 0 denotes a portable terminal formed to be portable, and a portable terminal 1
Reference numeral 0 denotes a display 11, a transmission button 12, a power button 13, and "1" to "9", "*", "0",
A key unit 14 composed of keys such as "#" and configured to allow input of a personal ID number, a personal identification code, and the like. The key unit 14 can input alphabetic characters and kana characters by switching.

Further, a voice input unit may be provided between the display 11 on the upper surface and the transmission button 12 and the power button 13, or an image pickup unit may be provided above the display 11. In this case, the key section 14 can be omitted except for the power button.

A card insertion slot 15 for the authentication card 1 is provided on the side, and an infrared transmitting / receiving section 16 is provided on the upper end of the head as shown in FIG. 3B. A battery mounting portion (not shown) is provided on the back side. At the time of use, when the authentication card 1 is inserted by inserting it into the card mounting section 15 and the power is turned on by pressing the power button 13, a guide is displayed on the display 11 and an authentication assisting operation to be described later is started.

FIG. 4 is a block diagram showing a configuration example of the portable terminal 10 shown in FIG. In FIG. 4, the portable terminal 10 includes a key input unit 21, a control unit 22, a display unit 23, a rotary motor M
, A pickup drive control unit 25 for controlling the drive of the pickup P, a reading unit 26, and an Ir standard infrared transmitting / receiving unit 27. In FIG. 4, broken lines indicate the flow of authentication data.

It should be noted that a short-range weak radio wave (Blue tooth) transmission / reception unit may be provided in place of the infrared transmission / reception unit 27. Also, as shown in FIG.
In the case where the IC 7 is provided in the
, That is, a static reading unit.

The key input unit 21 includes a transmission button 12, a power button 13, and a key unit 1 provided on the upper surface of the portable terminal 10.
The operation result of No. 4 is converted into an electric signal and input to the control unit 22. Thereby, in addition to the user's personal ID number, data such as a personal identification code and necessary data, an instruction (instruction code) selected by the user among the operation contents displayed on the display 11 can be input.

As shown in FIG. 4B, the control unit 22
A PU 221, a RAM 222, a program storage memory 223 storing device number data of the mobile terminal 10, an authentication auxiliary program, a display message, an icon, and an access control driver, a personal identification code registration memory 224, and the like. In addition to controlling the operation, it performs decryption of data encrypted by the authentication auxiliary program stored in the program storage memory 223, display control such as an operation guide on the display unit 23, and data transmission / reception control with the external device 100. Executing and controlling the authentication assisting operation of the present invention.

The secret code registration memory 224 is a rewritable memory, and stores data in which a personal ID and a secret code are associated with each other. It should be noted that the number of sets of the personal ID and the personal identification code is registered as many as the number of authentication cards used by the user. Although the number of digits of the personal identification code is six in the embodiment, it is not limited to this.

The display unit 23 displays, on the display 11, an operation message or the like extracted from the program storage memory 223 under the control of the control unit 22.

The motor drive controller 24 generates a drive signal for rotating the attached authentication card 1 from the control signal sent from the controller 22 based on the execution control of the access control driver.

Further, the pickup drive control unit 25 reads a read head (a laser beam of the read unit 26) provided on the pickup arm P from read control data sent from the control unit 22 based on execution control of the access control driver. The emission unit and the light receiving unit are moved to the reading start position (the first sector of the sector where the data to be read is stored), and the data stored in each sector is sequentially read along the track of the storage area 2 on the authentication card 1. The movement of the pickup arm P is controlled so as to read.

The reading section 26 includes a laser beam emitting section, a light receiving section, and a signal processing section provided on the pickup arm P, and emits a laser beam from the laser emitting section to a track of the rotating storage area 2 of the authentication card 1 during reading. Then, the reflected light is received by the light receiving section, and signal processing is performed by the signal processing section to obtain encrypted data (digital data or image data). The control of the laser beam emission timing and the pickup position by the reading unit 26 and the signal processing are performed by the control unit 22 executing an access control driver.

When the portable terminal 10 is provided with a second reading unit, that is, as shown in FIG.
In the case where a reading unit for reading data stored in a static storage area such as 7 is provided, reading by the second reading unit is performed when the authentication card 1 is stationary, for example, before the movement of the pickup arm P, This is performed when the reading by the reading unit 26 is stopped or after the reading by the reading unit 26 is completed.
The reading control by the second reading unit is also performed by the execution of the access control driver by the control unit 22 as in the reading unit 26.

The infrared transmitting / receiving unit 27 transmits the authentication request signal and the personal ID number 41 and the authentication data 42 read and decoded by the reading unit 26 to the external device 100 having the Ir standard infrared transmitting / receiving unit. Receiving the authenticated notification signal transmitted from. As described above, even when an interface capable of transmitting and receiving data to and from an external device such as a short-range weak radio wave transmitting and receiving unit is provided instead of the infrared transmitting and receiving unit 27, the above-described data and notification signal are transmitted and received.

FIG. 5 is a block diagram showing a configuration example of a main part of the user authentication unit of the external device. The external device 100 is an electronic device having an interface capable of exchanging data with the portable terminal 10. User authentication is performed on the external device 100 side, and the external device 100 determines whether to operate or not according to the authentication result.

In FIG. 5, the authentication unit 110 of the external device 100
Is an infrared transmitting / receiving unit 111, a CPU 112, a RAM 11
3. Program storage memory 1 in which the authentication program is registered
14 and an authentication data registration memory 115 configured to associate and store a plurality of pairs each including a personal ID number of an individual and authentication data, and to search for the corresponding authentication data by the personal ID number.

FIG. 6 is a diagram showing an embodiment of a message displayed on the portable terminal at the time of the authentication assisting operation. FIG. 7 is a flowchart showing the authentication assisting operation of the portable terminal and the authentication operation of the external device. 7A shows the operation on the portable terminal side, and FIG. 7B shows the operation on the external device 100 side.

(Terminal Auxiliary Operation) Step S1: (Message Display) In FIG. 7A, in order to enable the user to operate the external device 100, the authentication card 1 for the external device 100 is inserted into the portable terminal 1.
0 and the power button 13 is pressed, the control unit 22 controls the display unit 23 by the authentication assisting program, and
A message prompting the user to input a password as shown in FIG.

Step S2: (Password Input) When the user operates the keys of the key section 14 to input a password, the key input section 21 converts the input signal into a character code and sends it to the control section 22.

Step S3: (Authentication of Mobile Terminal Use Qualification by Password) The control unit 22 compares the password registered in the password registration memory 223 with the inputted password (character code) by the authentication assisting program. If they do not match, the process proceeds to step S4, and if they do match, the process proceeds to step S5.

Step S4: (Error Message Display) If the registered password does not match the input character code, the control unit 22 controls the display unit 23 by the authentication assisting program and returns to FIG. A message prompting the user to re-enter the personal identification code is displayed on the display 11. The re-input display is performed a predetermined number of times (three times in the embodiment), and when the number of times exceeds the predetermined number, the power is turned off. That is, if the passwords do not match, the authentication card cannot be read, and as a result, the external device 100 cannot be operated. Therefore, the external device 100 cannot be accessed using the authentication card of another person.

Step S5: (Reading Data from Authentication Card) If the registered password matches the entered character code, the control unit 22 controls the motor drive control unit 24 and the pickup drive control by the access control driver. Part 2
A control signal is sent to 5 to rotate the attached authentication card 1 and move the pickup arm to read the personal ID number 41 and the authentication data 43 stored in the storage area 2.

Step S6: (Decryption of Read Data) The control unit 22 decrypts and restores the read personal ID number and the authentication data by the decryption means (decryption program module) included in the authentication auxiliary program.
22 temporarily.

Step S7: (Determining the Presence or Absence of Transmission Instruction) The control unit 22 controls the display unit 23 by the authentication auxiliary program to display a message prompting the transmission instruction (for example, "press the transmission button") on the display 11. .
When the transmission instruction message is displayed, the user sets the infrared transmitting / receiving unit 27 on the head of the portable terminal 10 to the external device 100.
The transmission button 12 is pressed so as to match the direction of the infrared transmission / reception unit 111. The control unit 22 checks whether or not the transmission button 12 has been pressed. If the transmission button 12 has been pressed, the process proceeds to step S8. If not, the control unit 22 waits for the transmission button 12 to be pressed. If the send button is not pressed, turn off the power.

Step S8: (Proximity Transmission to External Device 100) The control unit 22 controls the infrared transmission / reception unit 27 and stores it in the RAM 222 by the data transmission means (data transmission program module) included in the authentication auxiliary program. The personal ID number and the authentication data that have been sent are transmitted by infrared communication.

Step S 9: (Determining Reception of Authenticated Notification) The control unit 22 transmits an authenticated notification or an authentication rejection notification from the external device 100 by the data receiving means (data receiving program module) included in the authentication auxiliary program. When the infrared transmission / reception unit 27 receives the authentication failure notification, the process proceeds to step S10.
If an authenticated notification has been received, the process proceeds to step S11. If the notification signal from the external device 100 cannot be received even after the lapse of the predetermined time, the power is turned off as reception failure.

Step S10: (Authentication Refusal Message Display) The control unit 22 controls the display unit 23 by the authentication auxiliary program to display an authentication rejection message as shown in FIG. 6D on the display 11, and returns to step S2. . By this message display, the user of the portable terminal 10
In the case of 0 and the genuine owner of the authentication card 1, it can be understood that the inserted authentication card was mistaken. In addition, a person who has improperly used the mobile terminal 10 by impersonation or tried to use the external device 100 by using another person's authentication card cannot use the external device 100.

Step S11: (Display of authenticated message) The control section 22 controls the display section 23 by the authentication auxiliary program to display an authenticated message as shown in FIG. This message display allows the user to know that the external device 100 has become usable.

(Personal Authentication Operation of External Apparatus) Step T1: (Reception of Personal ID Number and Authentication Data) In FIG. 7B, the authentication unit 110 of the external apparatus 100 transmits a proximity message from the portable terminal 10 to the external apparatus 100. When the infrared transmitting / receiving unit 111 receives the personal ID number and the authentication data transmitted in close proximity by infrared communication, the infrared transmitting / receiving unit 111 performs reception processing on the personal ID number and the authentication data to restore the data.

Step T2: (Search for Registered Authentication Data) Next, the CPU 112
The authentication data registration memory 115 is searched using the personal ID number received from 0 as a key, and when the personal ID numbers match, the authentication data stored in association with the personal ID number is taken out and the process proceeds to step T3.

Step T3 (Authentication by Authentication Data) The CPU 112 compares the authentication data retrieved from the authentication data registration memory 115 with the authentication data received from the portable terminal 10 in the above-described step T1. If they do not match, the process proceeds to Step T5.

Step T4: (Transmission of Authenticated Notification Signal) The CPU 112 transmits an authenticated signal to the portable terminal 10 via the infrared transmitting / receiving section 111 to enable the external terminal 100 itself to operate.

Step T5: (Transmission of Authentication Rejection Notification Signal) The CPU 112 transmits an authentication rejection signal to the portable terminal 10 via the infrared transceiver 111.

According to the present embodiment, since personal data (for example, any of voiceprint data, iris data, fingerprint, palm print, etc.) is stored as authentication data in the storage area of the authentication card, the external device If the same authentication data is registered in the external device using the authentication card, the authentication data stored in the authentication card will be the same as the authentication data registered in the external device that is trying to access. Only the authentication card of the person having the same unique data (authentic person) can be accessed, and tampering with the authentication data does not make any sense.
Even if an attempt is made to access the external device using an authentication card whose authentication data has been falsified, access is not possible.

In addition to the highly confidential external device,
If the external device has registered the authentication data registered in the authentication data, it is possible to authenticate the individual user as a genuine person registered in the authentication data without the user inputting the authentication data. In other words, since the same authentication data as the registered authentication data is registered in the authentication unit of the device, device, or facility, the user does not need to input the authentication data from the input unit of the device, device, or facility each time. Also, those devices, devices, and facilities can easily authenticate the user's access qualification. Also,
Since the authentication of the use qualification of the mobile terminal is performed by inputting the personal identification code before reading the authentication card, it is possible to prevent the user from impersonating the user and using the authentication auxiliary device to access the external device.

For example, when the external device 100 is a car, the user points the portable terminal 10 to the infrared transmitting / receiving section provided on the door of the car and presses the transmission button 12 of the portable terminal. When the user is authenticated as a qualified user of the car, the user can open the car door and start the engine by inserting and turning the engine key. You cannot open the door unless you are authenticated as a genuine user of the car. In addition, even if the car door is opened and the engine key is still inserted, the engine will not start even if the engine key is turned unless the user is authenticated as a genuine user of the car, preventing theft of the car it can.

When the user is the same, such as when unlocking a door of a house, an electronic device in a house, a private car, or the like, authentication by all devices, devices, and facilities can be easily performed.
It is also possible to use only one authentication card. When the use environment of the apparatus is different, such as in a home and a company, different authentication cards can be used. Individual I
By assigning the D number to positions such as job titles, genders, and children and adults, it is possible to perform data security in the workplace or to prohibit men from entering women-only places.

When the storage area 2 of the authentication card 1 is a rewritable storage medium such as an MD, the external device 100 can write and update transaction data and the like after authentication. For example, if the external device 100 is a POS
If the terminal is used, after the personal authentication, it is possible to write the details of the purchased product and the amount of money, and to update the credit balance.

In steps S7 to S9 and steps T1, T4, and T5, data is transmitted and received by infrared transmission and reception, but the present invention is not limited to this. For example, data may be transmitted / received by a proximity transmission / reception method such as short-range weak radio wave transmission / reception instead of infrared transmission / reception.

<Modification 1> In the configuration of FIG. 3 described above, the portable terminal 10 is configured to include the display 11 and the key unit 14. However, personal authentication can be performed using a portable terminal in which these are omitted. . FIG. 8 shows a perspective view and a block diagram of an embodiment of the portable terminal thus configured.
In the operation of the mobile terminal shown in FIG. 8, among the operations of the mobile terminal shown in FIG. 7A, the operations after the power is turned on need only be steps S5 to S8, and other operations can be omitted.

Although the configuration of the authentication unit 110 of the external device 100 may be the same, the external device 100 shown in FIG.
Of the operations T1 to T3,
The notification operation to the portable terminal in steps T4 and T5 can be omitted.

When the mobile terminal of this modification is used, the user simply turns on the power of the mobile terminal and easily performs personal authentication using an automatic ticket gate, a company exit control device, or the like without inputting a password. be able to.

<Modification 2> In Modification 1, the user turns on the power of the mobile terminal, transmits the authentication data from the mobile terminal, and performs authentication on the external device 100 side that has received the authentication data from the mobile terminal. Although the mobile terminal and the external device 100 are provided with a weak radio wave transmission / reception unit that performs data transmission and reception by the weak radio wave, the mobile terminal automatically turns on when a predetermined weak radio wave is received by the mobile terminal. The external device 1
A predetermined weak radio wave may be transmitted constantly (or intermittently) from 00, and the portable terminal that has received the weak radio wave may be turned on to automatically transmit the authentication data.

With this configuration, the authentication data can be transmitted from the portable terminal in response to the action from the external device 100. For example, since the authentication data is transmitted from a portable terminal placed in a pocket or a bag even when the user does not turn on the power every time when a ticket gate is passed, the automatic ticket gate can perform personal authentication.

The portable terminal 10 shown in FIGS.
Similarly to the above, since the personal data is stored in the storage area of the authentication card as the authentication data, if the same authentication data is registered in the external device, the authentication data is stored in the external device using the authentication card. Since the authentication card is not transmitted, the authentication card other than the genuine person's authentication card cannot be accessed, and the authentication card whose authentication data has been falsified cannot access the external device even if there is a request from the external device.

In addition to the highly confidential external device,
If the external device has registered the authentication data registered in the authentication data, it is possible to authenticate the individual user as a genuine person registered in the authentication data without the user inputting the authentication data.

<Modification 3> In the configuration of each of the above embodiments, each external device has the authentication unit 110 built in, but the present invention is not limited to this.

For example, in the case of a configuration in which each external device connects to a server of the network to which the external device belongs via the network, the authentication unit 110 of the device 100 does not have the authentication data registration memory 115, and the personal data is stored in the database of the server.
The D number and the encrypted authentication data are registered, and at the time of authentication, that is, when the external terminal receives the personal ID number and the encrypted authentication data from the mobile terminal 10, the personal ID number is registered on the server side. The corresponding registered authentication data may be transmitted and acquired, and the personal authentication data received from the mobile terminal 10 may be compared with the authentication data acquired from the server for authentication.

When the apparatus 100 is connected to a server of the network to which the apparatus 100 belongs via a network, the authentication unit 110 of the apparatus 100 is connected to the infrared transmitting / receiving unit 11.
When the apparatus 100 receives the ID number and the encrypted authentication data from the mobile terminal 10, the apparatus transmits the ID number and the encrypted authentication data to the server via the network.
The server decrypts the authentication data received from the apparatus 100, searches the authentication data registered in the database based on the received personal ID number, decodes the hit authentication data, and decrypts the authentication data received from the apparatus 100. In comparison, the authentication result may be transmitted to the device 100 via the network.

When the external device and the server are configured as described above, the authentication system 100 can be applied to an authentication card issuing / using system according to an embodiment (5) described later.

[Embodiment (2)] In this embodiment, a terminal is used as an authentication assisting device, and an external device to be used by a user is authenticated on the external device side. That is, the type code of the external device that can be used is stored in the authentication card, and it is configured that only the corresponding device can be used.

FIG. 9 is an explanatory diagram of data stored in the storage area 2 of the authentication card. The authentication card 1 includes a system area 50 storing file management information, personal information 51 such as a user's name, and a model ID number 52. Is stored.
The model ID number 52 is a code indicating the machine number or model of the available external device 100, and one or a plurality of them can be stored. Also, the storage area 2 of the authentication card 1 is
In the case of a rewritable storage medium such as, an information column 54 for storing transaction contents and the like may be provided.

Also, personal information 51 and model ID number 52
Is encrypted, but is not limited to this. That is, the data need not be encrypted and may be compressed data.

In the present embodiment, a portable terminal 10 having the same configuration (FIGS. 3 and 4) as in the above-described embodiment (1) can be used as a terminal for accessing an ID medium.

The external device 100 is an electronic device having an interface capable of exchanging data with the portable terminal 10. User authentication is performed on the external device 100 side.
Determines whether to operate or not according to the authentication result.

FIG. 10 is a block diagram showing the configuration of an embodiment of the authentication unit of the external device. The authentication unit 210 registers authentication data from the configuration of the authentication unit 110 (FIG. 5) of the above-described embodiment (1). This is a simple configuration excluding the memory 115. In this case, the ID (for example, machine number) of the external device 100 is stored in the program storage memory 113.

(Authentication assisting operation of portable terminal) The authentication assisting operation of the portable terminal may be the same as the above-described operation of the portable terminal of the embodiment (1) (FIG. 7A). The data handled in steps S5, S6, and S8 of FIG. 7A is only the model ID number.

(Authentication Operation on External Device 100) FIG. 11 is a flowchart showing an authentication operation on the external device.

Step U1: (Reception of Model ID Number) In FIG. 11, the authentication unit 110 of the external device 100
Waiting for the proximity transmission from 0 to the external device 100, and receiving the model ID number and the authentication data transmitted close by infrared communication, the infrared transmission / reception unit 111 performs reception processing to restore the model ID number.

Step U2 (Authentication of External Device 100) The CPU 112 compares the ID of the external device 100 stored in the program storage memory 113 with the model ID number received from the portable terminal 10 in step U1. The process transitions to Step U3, and if they do not match, the process proceeds to Step U4.

Step U3: (Transmission of Authenticated Notification Signal) The CPU 112 transmits an authenticated signal to the portable terminal 10 via the infrared transmission / reception unit 111 to enable the external device 100 itself to operate.

Step U4: (Transmission of Authentication Rejection Notification Signal) The CPU 112 transmits an authentication rejection signal to the portable terminal 10 via the infrared transceiver 111.

As described above, according to this embodiment, since the model ID indicating the range of the external device usable for the authentication card mounted on the portable terminal is registered, such an authentication card is stored in the portable terminal. By attaching the device, the user, the device, or the equipment can easily authenticate the access qualification of the user without inputting the authentication data each time the user uses the device. In addition, since the authentication of the mobile terminal use qualification is performed by inputting the personal identification code before reading the authentication card, it is possible to prevent unauthorized use of the authentication card and access to the external device. Further, since the configuration and operation of the authentication unit of the external device are simple, the range of the external device 100 to which the authentication system of the present invention can be applied is expanded.

For example, when the external device 100 is a car,
When the user points the portable terminal 10 at the infrared transmitting / receiving unit provided on the door of the car and presses the transmission button 12 of the portable terminal, the user is authenticated by the authentication unit, and the car is authenticated as a car usable by the user. Then, the door of the car can be opened, and the engine can be started by inserting and turning the engine key. However, if the user does not have an authentication card capable of using the car in the portable terminal 10, the door can be opened. Can not open. Further, even when the car door is opened and the engine key is inserted, if the car is not authenticated, the engine is not started even if the engine key is turned, so that the car can be prevented from being stolen.

When the user is the same, such as when unlocking the door of a house, an electronic device in a house, a private car, or the like, the authentication can be easily performed by all devices, devices, and facilities.
It is also possible to use only one authentication card. When the use environment of the apparatus is different, such as in a home and a company, different authentication cards can be used. Also, model I
D-numbers are classified into large, medium, small, and machine numbers, and if you have an authentication card with a different rank depending on the position of the individual you use, you can use it in your company. Because devices can be restricted by job title, data security in the workplace can be enforced, and men can be barred from entering women-only locations.

When the storage area 2 of the authentication card 1 is a rewritable storage medium such as an MD, for example, if the external device is an automatic ticket gate, the machine number of the automatic ticket gate at a station in a specific section is changed. If registered in the authentication card, the user cannot enter or exit the ticket gate except within a specific section, and can be used instead of a ticket or commuter pass. In addition, the external device 10
If 0 is a POS terminal, it can be used as a shopping card that can be used only at stores belonging to a specific company.

Further, similarly to the first modification of the above-described embodiment (1), the external device 10 is provided by using a portable terminal (FIG. 8) in which the portable terminal display 11 and the key section 14 are omitted.
Authentication of 0 can also be performed. In the operation of the mobile terminal shown in FIG. 8, among the operations of the mobile terminal shown in FIG. 7A, the operations after the power is turned on need only be steps S5 to S8, and other operations can be omitted. The configuration of the authentication unit 210 of the external device 100 may be the same, but only the operations of steps U1 and U2 of the operation of the external device 100 shown in FIG. The operation can be omitted.

By using the portable terminal having such a configuration, the user only has to turn on the power of the portable terminal and authenticate the user at the time of using the automatic ticket gate and the company leaving / managing device without inputting a password. Easy to do.

Further, similarly to the second modification of the above-described embodiment (1), the portable terminal and the external device are provided with a weak radio wave transmitting / receiving section for transmitting / receiving data by a weak radio wave. And an automatic power-on means for automatically turning on the power when receiving a weak radio wave, and a predetermined weak radio wave is constantly (or intermittently) transmitted from an external device. May be turned on to automatically transmit the authentication data.

With this configuration, the authentication data can be transmitted from the portable terminal in response to the action from the external device. For example, the machine number ID number is transmitted from a portable terminal placed in a pocket, a bag, or the like without the user turning on the power every time a ticket gate is passed or the like, so that the automatic ticket gate can perform use authentication.

[Embodiment (3)] In this embodiment, the terminal is used as an authentication assisting device, and personal authentication is performed on the external device side, but registration of authentication data is not required in the external device.

In the present embodiment, a portable terminal 10 having the same configuration (FIGS. 3 and 4) as in the above-described embodiment (1) can be used as a terminal for accessing an ID medium.

The data configuration of the storage area of the authentication card is the same as the data configuration of the authentication card shown in FIG. 2, but the personal ID number 41 can be omitted. Further, the contents of the authentication data 43 stored are different.

In the present embodiment, a user's voiceprint, iris,
The digital data of a fingerprint, a palm print, a pendant, and the like, such as a pendant, are stored in the storage area 2 of the authentication card 1. When voiceprint data is used as authentication data, it is desirable to register a plurality of data in order to increase the matching accuracy.

FIG. 12 is a block diagram showing a configuration example of a main part of the user authentication unit of the external device.

The external device 100 is an electronic device having an interface capable of exchanging data with the portable terminal 10. User authentication is performed on the external device 100 side.
Determines whether to operate or not according to the authentication result.

In FIG. 12, the personal authentication unit 310 of the external device is used.
Is obtained from the configuration of the authentication unit 110 (FIG. 5) of the external device 100 according to the first embodiment (1).
5 is removed, and a data input unit 116 and an authentication data generation unit 117 are added.
The configuration and function of the program storage memory 114 are the same as the configuration and function of the authentication unit 110 in FIG.

When the voice input data is registered in the authentication card, the data input unit 116 is a voice input unit such as a directional microphone in this embodiment. Or a voice that reads and utters a predetermined character string and outputs a voice signal. The authentication data generation unit 117 converts the input audio signal into a digital signal, analyzes characteristics of the audio, and generates voiceprint data. The configuration of the authentication data generation unit 117 and the data output from the authentication data generation unit of the external authentication data registration device (not shown) for registering voiceprint data in the authentication card 1 are the same.

For example, when the authentication data is voiceprint data, when the same user reads the same sentence or character string, the voiceprint data generated by the authentication data generation unit 117 and the voiceprint data generated by the authentication data registration device are Match (or match rate is within a predetermined threshold).
In this case, it is desirable that the user utters a predetermined number of times, but the present invention is not limited to this.

When the iris data is registered in the authentication card, the data input unit 116 of the external device 100 is an image pickup unit such as a digital camera, and the authentication data generation unit 117 is an electric signal from the image pickup unit. The signal may be converted into digital data to generate iris data. In a case where a fingerprint or a palm print is registered in the authentication card, the data input unit 11 of the external device 100 is used.
Reference numeral 6 may be a proximity imaging unit, and the authentication data generation unit 117 may generate fingerprint data or palm print by converting an electric signal from the proximity imaging unit into digital data. In other words, according to the type of authentication data stored in the authentication card,
The data input unit 116 and the authentication data generation unit 117 of the external device 100 may be configured. (Authentication assisting operation of portable terminal) The authentication assisting operation of the portable terminal is the operation of the portable terminal of the above-described embodiment (1) (FIG. 7).
It may be the same as (a)). In this case, the data handled in steps S5, S6, and S8 in FIG. 7A is only the authentication data.

(Personal Authentication Operation of External Device) FIG. 13 is a diagram showing an embodiment of a personal authentication operation by the authentication unit of the external device.

Step V1: (Reception of Authentication Data) In FIG. 13, the authentication unit 110 of the external device 100
0 and waits for the proximity transmission to the external device 100. When the infrared transmission / reception unit 111 receives the personal ID number and the authentication data transmitted by the infrared communication, the reception processing is performed to restore the authentication data. To temporarily memorize it.

Step V2: (Input of Raw Data for Authentication) Next, when the user performs an input operation of raw data for authentication (for example, utterance, iris, fingerprint or palm print close-up), the data input unit 116 Enter raw authentication data (voice input,
The photographing and capturing of the iris and the close-up photographing and capturing of fingerprints and palm prints are performed, and the raw authentication data is converted into electric signals. For example, assuming that the data input unit 116 is a voice input unit, a user reads a predetermined sentence or a predetermined character string and reads and utters a voice (raw data for authentication), converts it into an electric signal, and outputs it.

Step V3: (Generation of Authentication Data) The authentication data generation section 117 converts the electric signal from the data input section 116 into a digital signal (voice data), analyzes the characteristics of voice, and generates voiceprint data. For example, the data input unit 116 is a voice input unit, and the authentication data generation unit 11
Assuming that the voiceprint generation unit 7 is a voiceprint generation unit, the voiceprint generation unit 117 converts the electric signal from the voice input unit into digital data, performs feature extraction, and generates voiceprint data.

Step V4 (Authentication Processing) The CPU 112 compares the authentication data generated by the authentication data generation unit 117 with the authentication data received from the portable terminal 10 in step V1. If not, go to step V6.

Step V5: (Transmission of Authenticated Notification Signal) The CPU 112 transmits an authenticated signal to the portable terminal 10 via the infrared transmission / reception unit 111 to enable the external device 100 itself to operate.

Step V6: (Transmission of Authentication Rejection Notification Signal) The CPU 112 transmits an authentication rejection signal to the portable terminal 10 via the infrared transceiver 111.

According to the present embodiment, the user performs the operation input of the authentication data from the external device, but simply inputs the authentication data because the authentication data to be compared is not registered in the external device. The external device alone does not operate. That is, the authentication data received by the external device and the authentication raw data input by the user must be transmitted only after the user transmits the authentication data using the mobile terminal equipped with the authentication card storing the user's own authentication data such as the iris. Since the authentication is performed in comparison with the authentication data generated from the authentication unit, the configuration of the authentication unit is slightly complicated. However, since the authentication is performed only by the genuine person registered in the authentication card, an external device due to unauthorized use of the ID media by another person is used. Access to the site.

For example, when the external device 100 is an electronic unlockable safe, the user directs the portable terminal 10 to an infrared transmitting / receiving unit provided at a predetermined portion of the electronic unlockable safe provided with a fingerprint reading unit. After the transmission button 12 of the mobile terminal is pressed, for example, when the index finger is brought close to the fingerprint reading unit, the user is authenticated, and the dial lock can be rotated.

Further, since the authentication of the mobile terminal use qualification can be performed by inputting the personal identification code before reading the authentication card, it is possible to prevent unauthorized use of the authentication assisting device and impersonation of the user to access the external device.

When the user is the same, such as when the door of a house is unlocked, or when the user is the same as an electronic device in a house or a private car, etc., it is possible to easily perform authentication by all devices, devices, and facilities.
It is also possible to use only one authentication card. When the use environment of the apparatus is different, such as in a home and a company, different authentication cards can be used. In steps V1, V4, and V5 in FIG. 13, data is transmitted and received by infrared transmission and reception, but the present invention is not limited to this. For example, data may be exchanged with the portable terminal by a proximity transmission / reception method such as transmission / reception of a short-distance weak radio wave instead of the infrared transmission / reception.

[Embodiment (4)] In this embodiment, a terminal authentication device is used, and an external device determines operation / non-operation based on a result of authentication performed on the terminal side. It is not necessary to input a password on the terminal side.

The data structure of the storage area of the authentication card used in the present embodiment is the same as the data structure of the authentication card shown in FIG. The device number of a specific external device is stored.

In this embodiment, the user's voiceprint, iris,
The digital data of a fingerprint, a palm print, a pendant, and the like, such as a pendant, are stored in the storage area 2 of the authentication card 1. When voiceprint data is used as authentication data, it is desirable to register a plurality of data in order to increase the matching accuracy.

FIG. 14 is a block diagram showing a configuration example of a main part of a portable terminal and an external device. FIG. 14A shows a configuration example of a portable terminal, and FIG. An example of the configuration is shown. The password registration memory 2 of the control unit 22
24 (FIG. 4B) may not be necessary.

In this embodiment, as shown in FIG. 14A, the input unit 1 in the configuration of the portable terminal 10 (FIG. 4) of the above-described embodiment (1) is used as a terminal for accessing the ID media. Using a data input unit 28 that captures raw data for user authentication and a mobile terminal 10 ′ that is replaced with an authentication data generation unit 29 that analyzes the raw data for authentication captured by the data input unit 28 and generates authentication data. .

The configuration of the control unit 402 has a configuration obtained by removing the personal identification code confirmation memory 224 from the configuration of the control unit 22 shown in the embodiment (1). An authentication program for performing authentication on the terminal side based on the raw authentication data is stored.

The data input unit 28 is provided on the upper part of the portable terminal. For example, when the iris is registered in the authentication card 1, the data input unit 28 of the portable terminal 10 'is connected to the digital camera. The authentication data generation unit 29 may be configured to generate iris data by converting an electric signal from the imaging unit into digital data.

Note that the configuration of the authentication data generation unit 29 and the output data from the authentication data generation unit of the external authentication data registration device (not shown) for registering iris data in the authentication card 1 are the same. That is, when the authentication data is iris data, the iris data generated by the authentication data generation unit 29 matches the iris data generated by the authentication data registration device (or the matching rate is within a predetermined threshold). .

When a fingerprint or a palm print is registered in the authentication card 1, the data input unit 28 of the portable terminal 10 'is a close-up image pickup unit, and the authentication data generation unit 29 is an electric signal from the close-up image pickup unit. The signal may be converted into digital data to generate fingerprint data or palm print.

In the case where voiceprint data is registered in the authentication card 1, the data input unit 28 is a voice input unit such as a directional microphone and the like (user to be authenticated) allows a user It is configured to input a voice to read and utter a predetermined character string and output a voice signal, and convert the voice signal input to the authentication data generation unit 29 into a digital signal to analyze the characteristics of the voice and obtain voiceprint data. May be generated. In this case, it is desirable that the user make utterances a predetermined number of times in order to improve the matching rate, but the present invention is not limited to this.

That is, the data input unit 28 and the authentication data generation unit 29 of the portable terminal 10 'may be configured to correspond to the type of authentication data stored in the authentication card.

The external device 400 is an electronic device having an interface capable of exchanging data with the portable terminal 10 ', and user authentication is performed on the external device 400 side. As shown in FIG. 14B, the external device 400 includes an infrared transmitting / receiving unit 401 and a control unit 402 which starts the processing of the external device 400 itself when receiving an operation instruction from the portable terminal received by the infrared receiving unit 401. Have.

FIG. 15 is a flowchart showing the authentication operation by the portable terminal and the operation on the external device side. (Authentication Operation of Mobile Terminal) Step W1: (Message Display) In FIG. 15, in order to enable the user to operate the external device 400, the authentication card 1 for the external device 400 is inserted into the mobile terminal 10 '.
When the user presses the power button 13 and the control unit 22 controls the display unit 23 by the authentication program, the control unit 22 prompts the user to input raw authentication data as shown in FIG. Please bring one eye closer to the center lens part of the display ”on the display 11.

Step W2: (Input of Raw Data for Authentication) Next, when the user performs an input operation of raw data for authentication, the data input section 28 takes in the raw data for authentication and converts the raw data for authentication into an electric signal. Convert. For example, if the data input unit 28 is an imaging unit provided at the center of the upper part of the camera, when the user opens one eye (the eye on which the iris is registered) and approaches the photographing lens portion, the iris is photographed and the iris image is formed. It takes in, converts it into an electric signal, and outputs it.

Step W3: (Generation of Authentication Data) The authentication data generation unit 29 takes in the authentication raw data from the data input unit 28, converts it into a digital signal, analyzes the characteristics of the authentication raw data, and converts the authentication data. Generate and RAM2
22 temporarily. Step W4: (Reading Data from Authentication Card) If the registered password matches the entered character code, the control unit 22 controls the motor drive control unit 24 and the pickup drive control unit 2 by the access control driver.
A control signal is sent to 5 and the mounted authentication card 1 is rotated and the pickup arm is moved to read the authentication data 43 stored in the storage area 2.

Step W5: (Decryption of Read Data) The control section 22 decrypts and restores the read authentication data by the decryption means (decryption program module) included in the authentication auxiliary program, and temporarily stores it in the RAM 222. Remember.

Step W6: (Personal Authentication) The CPU 112 compares the authentication data generated by the authentication data generation section 29 with the authentication data read from the authentication card 1 in step W4, and if they match (or the matching rate is a predetermined value). If the value exceeds the threshold, the process proceeds to step W6. If the values do not match, the process proceeds to step W9.

Step W7: (Judgment of Presence or Absence of Transmission Instruction) The control unit 22 controls the display unit 23 by the authentication program to display a message prompting the transmission instruction (for example, "press the transmission button") on the display 11. When the user displays the transmission instruction message, the mobile terminal 1
The transmission button 12 is pressed so that the infrared transmission unit 27 at the head of 0 ′ is aligned with the direction of the infrared reception unit 401 of the external device 400. The control unit 22 checks whether or not the send button 12 has been pressed. If the send button 12 has been pressed, the process proceeds to step W8.
When the transmission button is not pressed after a predetermined time has elapsed, the power is turned off.

Step W8: (Proximity Transmission to External Device) The control unit 22 controls the infrared transmission / reception unit 27 by using a data transmission unit (data transmission program module) included in the authentication program. A model classification code indicating a range or a trigger signal including a specific model number is transmitted in proximity by infrared communication. In the case where the device numbers of a plurality of external devices are registered in the authentication card 1, all are transmitted.

Step W9: (Authentication Unavailable Message Display) The control unit 22 controls the display unit 23 according to the authentication program to display an authentication unusable message as shown in FIG. .

(Operation of External Apparatus) The external apparatus 400 is provided with a storage memory in which the control unit 402 stores and stores its own machine number. When the infrared receiver 401 receives a trigger signal from the mobile terminal 10 ′, the controller 402
Starts the external device 400 from the received trigger signal. The model classification code or the model number of the external device 400 is taken out to the control unit 402 and is compared with the model number of the own apparatus stored in the storage memory. The control unit 402 activates the external device 400 only when the device number matches the specified device number.

According to the configuration and operation of the portable terminal 10 ′, the external device 400 does not need to be authenticated.
Since it is only necessary to provide a proximity data receiving unit for receiving a trigger signal transmitted in proximity from 0 ', the additional configuration of the external device 400 can be simplified.

The portable terminal 10 'inputs raw data for authentication such as an iris, which is unique to the user, generates raw data for authentication, and compares the generated authentication data with the authentication data stored in the authentication card. Authentication, the user cannot impersonate another person and use the authentication card except for the authentic person. In addition, since the trigger code includes a classification code indicating the range of accessible devices registered in the authentication card or the device number of a specific external device, it is impossible to access an external device outside the registered range.

In step W8 in FIG. 15, data is transmitted and received by infrared transmission / reception, but the present invention is not limited to this. For example, a trigger signal can be transmitted to an external device by a near-field transmission method such as short-range weak radio wave transmission or ultrasonic transmission instead of infrared transmission. Also, the external terminal can receive a trigger signal from the portable terminal by a proximity reception method such as short-range weak radio wave transmission / reception or ultrasonic reception instead of infrared reception.

In the above embodiment (1), the personal authentication system using a portable terminal has been described, but the device used by the user in the personal authentication system is not limited to the portable terminal. For example, a device having a configuration as shown in FIG. 8B may be attached to the front of a car so that the gate opens when approaching a garage or a parking lot.

Further, the configuration of the portable terminal shown in FIG. 8B may be incorporated in or attached to a portable telephone, PHS, PDA, PC, wristwatch or the like. Mobile phone or P
When incorporated into or attached to the HS, the user of a mobile phone or the like can be easily specified, and usage restrictions, change of billing destinations for each user, and control of display contents such as a telephone directory can be performed.

[Embodiment (5)] The above embodiment (1)
In (4), the authentication data is registered in the storage area of the authentication card 1 attached to the portable terminal. By combining the authentication data registration with the authentication card issuing device, authentication as a new service using the authentication card is performed. A card issuing / using system can be provided.

FIG. 16 is a diagram showing the configuration of an embodiment of an authentication card issuing device. FIG. 16 (a) is a perspective view of an embodiment of an authentication data registration device, and FIG. 16 (b) is an authentication data registration device. FIG. 3 is a block diagram showing a configuration example of the present invention.

The authentication card registration device 60 is configured as shown in FIG.
This is a stand-alone type device as shown in Fig. 1 and is installed in stations, department stores, supermarkets, convenience stores, banks, etc., and is connected to the Internet. In the authentication card issuing device 60, a card medium having a disk-shaped storage area whose storage area is a writable memory such as an MD is used as an authentication card.

As shown in FIG. 16B, the authentication card issuing device 60 includes a key input unit 61, a display unit 62, an authentication data input unit 63, an authentication data generation unit 64, a RAM 65, an authentication data storage unit 66, an authentication data A transport unit 67, an authentication data writing unit 68, an Internet connection unit 69, and a data transmission unit 70 are provided.

The key input unit 61 is used for the authentication card issuing device 60
Has a keyboard provided in the middle of the front of the housing of, the user can enter user information from the keyboard,
The service content for the individual user displayed on the screen of the display unit 62 can be selected.

The display section 62 has a display screen provided in the upper part on the front surface of the housing of the authentication card issuing device 60, and is used depending on the operation guide message of the authentication card issuing device 60, the type of the authentication card and the authentication card. The content of the service that can be performed, the result of the key input by the user, and the like are displayed. It should be noted that the personal information entered by the user through a key is temporarily stored in the RAM 65 when the user confirms it. The authentication data input unit 63 takes in the raw data for authentication of the user, converts it into an electric signal, and passes it to the authentication data generation unit 64. Further, the authentication data input unit 63 is provided with the authentication card issuing device 60.
And an authentication data reading unit provided in the middle of the front surface of the housing.

When the iris is registered in the authentication card, for example, the authentication data input unit 63 converts the iris image captured by the imaging lens as an imaging unit such as a digital camera into an electric signal. . When a fingerprint or palm print is registered in the authentication card, the authentication data input unit 63 is used as a close-up imaging unit, and the fingerprint or palm print image captured by the close-up imaging lens is converted into an electric signal. In a case where voiceprint data is registered in the authentication card 1, the authentication data input unit 6
3 is a voice input unit such as a directional microphone,
A user (authenticatee) reads a predetermined sentence or a predetermined character string, inputs a voice to utter, and outputs a voice signal. The voice signal input from the voice input unit is converted into a digital signal. What is necessary is just to comprise so that voiceprint data may be generated by analyzing the characteristics of the voice. In this case, it is desirable that the user make utterances a predetermined number of times in order to improve the matching rate, but the present invention is not limited to this.

The authentication data generation section 64 converts the electric signal output from the authentication data input section 63 into digital data and analyzes it, generates authentication data and temporarily stores it in the RAM 65.

For example, when the iris data is registered in the authentication card 1, the authentication data generation unit 64 converts the electric signal from the imaging unit into digital data to generate the iris data. It is configured. Also,
When a fingerprint or a palm print is registered in the authentication card 1, the authentication data generation unit 64 is configured to convert the electric signal from the close-up imaging unit into digital data to generate the fingerprint data or the palm print. I have. Authentication card 1
When the voiceprint data is registered in the authentication data generation unit 64, the authentication data generation unit 64 is configured to convert the input voice signal into a digital signal, analyze voice characteristics, and generate voiceprint data. In this case, it is desirable that the user make utterances a predetermined number of times in order to improve the matching rate, but the present invention is not limited to this.

The authentication data storage section 66 stores a plurality of authentication cards in which personal ID numbers are registered. In addition, the authentication data transfer section 67, when there is an issuance confirmation by the user,
One authentication data card stored in the authentication data issuance storage unit 66 is taken out, moved along a transport path (not shown), and attached to the authentication data rotating unit of the authentication data writing unit 68.

The authentication data writing section 68 has an access control driver,
When the writing of the authentication data to the storage device 5 is completed, the access control driver writes the user personal information and the authentication data stored in the RAM 65 in a predetermined area while rotating the authentication card. In addition, as the authentication data, a character string code in a range of a predetermined random length input by the user from the key input unit can be used.

When the writing of the authentication data to the authentication card is completed, the authentication data transport section 67 moves the written authentication data along a discharge conveyor (not shown) and discharges the same from the discharge port. Make it possible to remove the card.

On the other hand, when the user confirms the issuance, in parallel with the transportation of the authentication card by the authentication data transport section 67 and the writing of the authentication data and the like to the authentication card by the authentication data writing section 68, the Internet connection section 69 connects the Internet. When the connection with the server operated by the authentication card management organization is established via the authentication card management institution, and the connection with the server is successful, the data transmission unit 70 stores the data specifying the service contents for the individual user stored in the RAM 65, The personal ID number of the issued authentication card, user personal information, authentication data, and the like are encrypted and transmitted to the server.

FIG. 17 is a diagram showing an embodiment of an authentication card issuing system using the Internet. FIG.
The authentication card issuance / use system 500 includes a server 8 operated and managed by a management organization that manages the issuance of the authentication card.
0, a plurality of authentication card issuing devices 60-1 to 60-n as shown in FIG. 16, and a server managed by the user who receives the service of the management organization, that is, a management service such as payment by the management organization. A server 90- of a network managed by a department store, a supermarket, a convenience store, a bank, a credit company, a travel agency, a manufacturing company, a national or local government, or a branch office of the user or a company to which the user of the authentication card belongs. 1 to 90-m are connected to the Internet 600.

Further, the management service user server 90-
1 to 90-m include the device 100 shown in the embodiment (1).
(External devices: FIG. 5) are connected via the Internet 600.

When the individual user is the authentication card issuing device 60-1
60-n, the personal ID number of the issued authentication card, the personal information of the user, and the authentication data (encrypted data) are transmitted to the Internet 600. Is transmitted to the server 80 of the management institution via. Note that the authentication card issued by any of the authentication card issuing devices 60-1 to 60-n may be free or paid, but is free in the embodiment.

The server 80, which has received the data specifying the service contents to the individual user, the personal ID number, the personal information of the user, and the authentication data from any of the authentication card issuing devices 60-1 to 60-n, , 90-m of the management service user's servers 90-1, 90-2,..., 90-m
The personal ID number of the user and the encrypted authentication data are transmitted to the server of the management service user corresponding to the service content for the individual user via the Internet 600.
At this time, the management service user is charged.

From the management institution server 80, the user's individual I
The D number and the encrypted authentication data are transmitted to the Internet 6
The service user's server received via
The D number and the encrypted authentication data are transmitted to the device 100 connected to the network managed by itself.

When the apparatus 100 receives the personal ID number and the encrypted authentication data from the server that manages the Internet to which the apparatus 100 belongs, the apparatus 100 associates them as a pair and registers them in the authentication data registration memory 115. The device 1
00, the personal ID number and the encrypted authentication data are registered in the server of the management service user. At the time of authentication, the apparatus 100 connects to the server via the network, and based on the personal ID number, May be taken out, or the server may transmit the personal ID number and the encrypted authentication data received from the mobile terminal 10 to obtain the authentication.

With the above configuration, the registered user can be authenticated by the external device 100 connected to the management service user's network using the issued authentication card, and can operate the external device 100. For example, if the authentication card issuance device 60 receives the issuance of a super-chain-type authentication card, the personal ID number of the user and the encrypted authentication data are transmitted via the Internet 600 via the server of the management organization. It is sent to a server installed at the headquarters of the super chain, and the server of the super chain sends the user's personal information to a plurality of POS terminals (= external device 100) installed at each store via a network under its control. The POS terminal transmits the ID number and the encrypted authentication data, and each POS terminal registers the received user's personal ID number and the encrypted authentication data in the authentication data registration memory 115 of the authentication unit 110. You can do cashless shopping at the cash register of any super chain participating store. In addition, it is also possible to adopt a structure in which shopping is carried out with a certain discount, instead of being cashless.

When the user makes a shopping using the authentication card, the shopping information is transmitted in the order of the POS terminal → the server of the super chain → the server 80 of the management organization, and the server 80 performs the payment processing. Server 80
In this case, ① charge the usage fee to the super chain.

According to the authentication card issuing / using system having the above-described structure, not only use at a POS terminal, but also payment for a ticket on a train, a toll road, a parking lot, and a house or condominium as a key for a door. The present invention can be used for unlocking or locking a building or the like, as a switch for equipment, a device, or an electric appliance, and can be applied to access restriction or security of these buildings, equipment, or devices. It can also be applied to online payments such as taxes and pensions.

Although several embodiments of the present invention have been described above, the present invention is not limited to the above embodiments, and it goes without saying that various modifications can be made.

[0177]

As described above, according to the authentication assisting devices of the first, third, and sixth aspects of the present invention, the ID is added to the authentication assisting device.
The authentication data is transmitted in close proximity only by attaching a medium and giving a transmission instruction, so that the ID medium can be used as a key for operating the external device.

Further, according to the personal authentication system of the second, fourth and seventh inventions, the same authentication data as the authentication data stored in the ID medium registered in the authentication card mounted on the authentication auxiliary device. Is registered in the external device, the access qualification of the external device can be authenticated without the user inputting authentication data at the external device.

According to the ID medium issuing / personal authentication network system of the fifth invention, when the ID medium is issued, the authentication information automatically stored in the issued ID medium is connected to a specific network. Since the information is transmitted to a plurality of external devices and registered in the external devices, the user operates the external device by receiving an authentication of any of the external devices connected to the specific network using the ID medium. Can be done.

Further, according to the authentication assisting device of the sixth invention, the authentication data is automatically transmitted from the portable terminal to the external device in accordance with the action from the external device, and the external device is obtained after obtaining the authentication. Since it operates, no transmission instruction is required. Therefore, for example, it is possible to automatically turn on the ticket gate simply by entering the gate of an automatic ticket gate, use the time recorder to record the time of attending and leaving the office just by passing the company reception, or carry it as an identification card, It can be used to prohibit or allow access to floors other than the floors that are specifically permitted.

According to the personal authentication system of the seventh aspect of the present invention, the authentication is performed by the external device acting on the authentication assisting device to cause the portable terminal to transmit the authentication data in proximity to the personal authentication system. It is possible to automatically certify whether or not the user has the use (use) qualification. In addition, since the operation or non-operation of the own device is determined according to the recognition result, the present invention can be applied to, for example, automatic locking / unlocking of a door.

According to the ID medium issuing / personal authentication network system of the eighth invention, if an ID medium is mounted on the user's recognition assisting device, an external device connected to a specific network is automatically connected to the ID medium. The user can be authenticated.

Further, according to the ID media issuing / personal authentication network system of the ninth aspect, the information obtained by the operation result of the external device is transmitted to the ID via the network.
Since the server of the management organization that manages the media can obtain the information, the management organization collects and analyzes the obtained information,
We can provide services such as organizing and providing.

According to the authentication assisting apparatus of the tenth aspect of the present invention, the authentication data of the external device can be transmitted in proximity by simply attaching the ID medium and giving a transmission instruction. Can be used as

Further, according to the authentication assisting device of the eleventh aspect, since the use qualification of the authentication assisting device itself is authenticated by a password before reading the ID medium, the authentication assisting device can be used by impersonating the user. Access to an external device can be prevented.

According to the personal authentication system of the twelfth aspect, the same authentication data as that of the external device stored in the ID medium registered in the authentication card attached to the authentication auxiliary device is stored in the external device. Side, the access qualification of the external device can be authenticated without the user inputting authentication data at the external device.

Further, according to the personal authentication system of the thirteenth aspect, the authentication data registered in the ID medium mounted on the authentication auxiliary device is sent to the external device, and the authentication data is input from the external device to the authentication raw data. Since the authentication is performed in comparison with the generated authentication data, only the individual registered in the ID medium can be authenticated. Therefore, it is possible to prevent an unauthorized person from using the ID medium to access the external device.

Further, the authentication assisting apparatus of the fourteenth invention,
According to the ID media issuing / personal authentication network system of the fifth invention and the personal authentication device of the seventeenth invention,
D-Media has a fixed disk-shaped storage area, so it can store data unique to each individual with large data capacity such as iris, voiceprint, fingerprint, palmprint, etc., and cannot be authenticated even if the authentication card is tampered with. And cannot access the external device. In other words, only the genuine person who has the access qualification for the external device can access the external device.

Further, according to the personal authentication apparatus of the sixteenth aspect, authentication data is generated by inputting user raw data for authentication, and authentication is performed by comparing the authentication data registered in the ID medium. Therefore, the user impersonates another
D media authentication card cannot be used.

According to the personal authentication system of the seventeenth aspect, a proximity data receiving unit for receiving a trigger signal transmitted from the personal authentication device in proximity is provided, and it is only necessary to check the device number. An additional configuration for determining operation can be simplified.

[Brief description of the drawings]

FIG. 1 is a diagram showing an embodiment of an ID medium.

FIG. 2 is an explanatory diagram of data stored in a storage area of an authentication card as an ID medium.

FIG. 3 is an external view of an embodiment of a terminal that accesses an ID medium.

FIG. 4 is a block diagram showing a configuration of an embodiment of the portable terminal of FIG. 3;

FIG. 5 is a block diagram illustrating a configuration example of a main part of a user authentication unit of the external device.

FIG. 6 is a diagram showing an example of a message displayed on the portable terminal at the time of the authentication assisting operation.

FIG. 7 is a flowchart illustrating an authentication assisting operation performed by the portable terminal and an authentication operation performed on the external device side.

FIG. 8 is a perspective view and a block diagram of one embodiment of a portable terminal.

FIG. 9 is an explanatory diagram of data stored in a storage area of an authentication card as an ID medium.

FIG. 10 is a block diagram illustrating a configuration example of a main part of a user authentication unit of the external device.

FIG. 11 is a flowchart illustrating an authentication operation on the external device side.

FIG. 12 is a block diagram illustrating a configuration example of a main part of a user authentication unit of the external device.

FIG. 13 is a diagram showing an embodiment of a personal authentication operation by the authentication unit of the external device.

FIG. 14 is a block diagram illustrating a configuration example of main parts of a mobile terminal and an external device.

FIG. 15 is a flowchart showing an authentication operation by the mobile terminal and an operation on the external device side.

FIG. 16 is a diagram showing a configuration of an embodiment of an authentication data registration device.

FIG. 17: Issue of authentication card using Internet /
FIG. 1 is a diagram illustrating an embodiment of a personal authentication network system.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Authentication card 2 Storage area 3 Hole part 10 Mobile terminal 11 Display 12 Send button 13 Power button 14 Key part 15 Card mounting part 16 Infrared transmitting / receiving part 21 Key input part 22 Control part 23 Display part 24 Motor drive control part 25 Pickup drive control Unit 26 reading unit 27 infrared transmission / reception unit 28 data input unit 29 authentication data generation unit 40, 50 system area 41 personal ID number 42, 51 personal information 43 authentication data 44, 54 information field for storing transaction details 52 model ID number 60 Authentication card issuing device 61 Key input unit 62 Display unit 63 Authentication data input unit 64 Authentication data generation unit 65 RAM 66 Authentication data storage unit 67 Authentication data transport unit 68 Authentication data writing unit 69 Internet connection unit 70 Data transmission unit 100, 400 Outside Device 111, 401 Infrared transmitting / receiving unit (proximity transmitting / receiving unit) 112 CPU 113 RAM 114 Program storage memory 115 Authentication data registration memory 116 Data input unit 117 Authentication data generation unit 221 CPU 222 RAM 223 Program storage memory 402 Control unit 500 Authentication card Issuing / using system 600 Internet

──────────────────────────────────────────────────の Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G06K 19/06 G06K 19/00 C H04L 9/32 R H04L 9/00 673E 673A

Claims (18)

[Claims] 1. An ID medium having a storage area for storing personal authentication data, an ID medium mounting unit for mounting the ID medium, transmission instruction means for instructing transmission of personal authentication data, and transmitting the transmission instruction. Data reading means for detecting and reading personal authentication data from the storage area of the ID medium; and proximity transmission means for performing close proximity transmission of the personal authentication data read by the data reading means. Authentication assisting device. 2. A personal authentication system comprising: the authentication assisting device according to claim 1; and an external device including the following configurations (a) to (d): (a) Proximity transmission from the authentication assisting device (B) authentication data storage and storage means in which personal authentication data is registered in advance; (c) personal authentication data received by the proximity receiving means; An authentication unit that compares the authentication data stored in the data storage unit with the authentication data to authenticate the user of the authentication auxiliary device; (d) the operation of the own device according to the authentication result of the authentication unit;
Operation determining means for determining non-operation. 3. An ID medium having a storage area for storing accessible model authentication data, an ID medium mounting section for mounting the ID medium, transmission instruction means for instructing transmission of model authentication data, An authentication assisting device, comprising: a proximity transmitting unit for performing a proximity transmission of the model authentication data based on a transmission instruction from the transmission instruction unit. 4. A personal authentication system comprising: the authentication assisting device according to claim 1; and an external device including the following configurations (a) to (d): (a) proximity transmission from the authentication assisting device Proximity receiving means for receiving model authentication data to be received; (b) authentication data storage and storage means in which self-identification data is registered in advance; (c) model authentication data received by the proximity receiving means and the authentication data An authentication means for comparing the identification data stored in the storage means with the self-identification data to authenticate the user of the authentication assisting device;
Operation determining means for determining non-operation. 5. A server of a management organization that connects to the Internet and manages ID media, and an ID medium that is connected to the Internet and has a storage area storing personal authentication data of a user by an operation of the user. An ID media issuing device for issuing to the user, one or a plurality of servers connected to the Internet and managing one or a plurality of networks, and having the following configurations (a) to (d); An ID media issuing / personal authentication network system comprising: a terminal connected to each of a plurality of networks: (a) receiving authentication data transmitted in proximity from the authentication assisting apparatus according to claim 1 or 3; (B) when an ID medium is issued from an ID medium issuing device, Relay data receiving means for receiving the authentication data stored in the issued ID medium, which is transmitted by relaying the server which manages the server and the network connected to the own apparatus; (c) received by the relay data receiving means (D) comparing the authentication data received by the proximity receiver with the authentication data stored in the authentication data storage and storing the authentication data. An authentication means for authenticating a user of the authentication assisting device; (d) an operation of the own device based on an authentication result of the authentication means;
Operation determining means for determining non-operation. 6. An ID medium having a storage area storing personal authentication data, an ID medium mounting section for mounting the ID medium, a receiving unit for receiving a weak signal emitted from an external device, Data receiving means for reading personal authentication data from the storage area of the ID medium upon reception; and proximity transmission means for performing close proximity transmission of the personal authentication data read by the data reading means. Authentication assisting device. 7. A personal authentication system, comprising: the authentication assisting device according to claim 6; and an external device having the following configurations (a) to (e): (a) a weak signal for generating a predetermined weak signal. (B) proximity receiving means for receiving personal authentication data transmitted from the authentication assistant device in proximity; (c) authentication data storage and storage means in which personal authentication data is registered in advance; (d) the proximity Authentication means for comparing the authentication data received by the receiving means with the authentication data stored in the authentication data storage means to authenticate the user of the authentication assisting device; Depending on the authentication result, the operation of own machine,
Operation determining means for determining non-operation. 8. A server of a management institution that connects to the Internet and manages ID media, and an ID medium that is connected to the Internet and has a storage medium storing data for personal authentication of a user by an operation of the user. An ID media issuing device for issuing to the user, one or a plurality of servers connected to the Internet and managing one or a plurality of networks, and having the following configurations (a) to (f); 7. An ID media issuing / personal authentication network system comprising: a terminal connected to each of a plurality of networks: (a) a weak signal transmitting unit that emits a predetermined weak signal; Proximity receiving means for receiving authentication data transmitted from the apparatus in proximity; (c) ID from the ID media issuing apparatus; Relay data receiving means for receiving authentication data stored in the issued ID media transmitted via the server of the management organization and the server managing the network to which the device is connected when the media is issued (D) an authentication data storage unit for storing the authentication data received by the relay data receiving unit; and (e) an authentication data storage unit for storing the authentication data received by the proximity receiving unit and the authentication data storage unit. Authentication means for comparing the stored authentication data with a user of the authentication assisting device to authenticate the user of the authentication auxiliary device;
Operation determining means for determining non-operation. 9. The terminal further transmits information obtained from the operation result to a server of the management organization via a server connected to the terminal when the operation of the terminal is determined by the operation determining means. 9. The ID medium issuing / personal authentication network system according to claim 5, further comprising information transmission means. 10. An ID medium having a storage area for storing external device authentication data, an ID medium mounting unit for mounting the ID medium, transmission instruction means for instructing transmission of personal authentication data, and the transmission instruction. And data reading means for reading external device authentication data from the storage area of the ID medium, and proximity transmission means for proximately transmitting the external device authentication data read by the data reading means. An authentication assisting device, characterized in that: 11. The apparatus according to claim 1, further comprising a primary authentication unit for authenticating a user of the own device by a password before reading the ID medium by the data reading unit.
11. The authentication assisting device according to 3 or 10. 12. A personal authentication system comprising: the authentication assisting device according to claim 10; and an external device including the following configurations (a) to (d): (a) proximity transmission from the authentication assisting device Proximity receiving means for receiving external device authentication data to be received; (b) authentication data storage / storage means in which self-apparatus recognition data is registered in advance; (c) external device authentication data received by the proximity receiving means; Authentication means for comparing the authentication data stored in the authentication data storage means with the authentication data to authenticate the user of the authentication assisting device; (d) the operation of the own device according to the authentication result of the authentication means;
Operation determining means for determining non-operation. 13. A personal authentication system comprising: the authentication assisting device according to claim 1; and an external device including the following configurations (a) to (e): (a) Proximity transmission from the authentication assisting device Proximity receiving means for receiving the authentication data to be obtained; (b) data obtaining means for obtaining raw data for authentication of a user of the authentication auxiliary device; (c) analyzing the raw data for authentication obtained by the data obtaining means. Authentication data generating means for generating authentication data; (d) comparing the external device authentication data received by the proximity receiving means with the authentication data generated by the authentication data generating means, and using the authentication auxiliary device. Authentication means for authenticating a user; (e) operation of own machine according to the authentication result of said authentication means;
Operation determining means for determining non-operation. 14. The authentication assisting device according to claim 1, wherein the ID medium is a storage medium in which a disk-shaped storage area is fixed. 15. The ID medium issuing / personal authentication network system according to claim 5, wherein the ID medium is a storage medium in which a disk-shaped storage area is fixed. 16. An ID medium comprising a storage area storing personal authentication data, transmission instruction means for instructing transmission of personal authentication data, detecting the transmission instruction, and Data reading means for reading personal authentication data from the storage area; data obtaining means for obtaining raw data for authentication of the user of the own device; analyzing the raw data for authentication obtained by the data obtaining means; Authentication data generating means for generating, external device authentication data received by the proximity receiving means, authentication means for comparing the authentication data generated by the authentication data generating means, to authenticate the user of the own device, Determining means for determining whether to transmit a trigger signal including data specifying an external device to be activated based on the authentication result by the authentication means, A personal authentication device comprising: 17. A personal authentication system comprising: the personal authentication device according to claim 16; and an external device having the following configurations (a) and (b): (a) proximity transmission from the personal authentication device (B) operation control means for operating the own device only when the received trigger signal is a signal for operating the own device. 18. The personal authentication apparatus according to claim 16, wherein the ID medium is a storage medium in which a disk-shaped storage area is fixed.