JP2002297256A - Personal identification system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a personal identification system capable of improving authentication efficiency. SOLUTION: The collated result of biological information inputted to a personal identification unit 10 is held in the personal identification unit 10, and when personal identification requesting equipment 20 installed at an entrance/exit door or the like transmits an identification condition necessary for user authentication, and the collated result held by the personal identification unit 10 fulfills the identification condition, the personal identification unit 10 receives authentication from the personal identification requesting equipment 20 without inputting the biological information again.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a personal identification system capable of efficiently performing user authentication using biometric information on a device that requires user authentication.

[0002]

2. Description of the Related Art In facilities such as a building itself, a tenant area in a building, and a specific room where it is necessary to restrict persons entering and leaving, an authentication device for authenticating a user is generally installed near the entrance. Only after receiving the authentication by the authentication device, the lock of the electronic lock of the entrance door is unlocked, and entry / exit becomes possible.

[0003] In recent years, IDCs have attracted attention due to the emergence of new business models using the Internet such as application service providers (ASPs). IDC is E
A server hosting base for commerce and ASP business. Generally, server machines are always running, are highly resistant to fire and earthquakes, provide uninterruptible power supply, air conditioning equipment, and broadband backbone lines. It is installed in a building with the necessary infrastructure. Usually, the server machine is stored in each of a plurality of racks installed in the server room in the building.

[0004] As described above, in the IDC, a server machine is entrusted to and managed by an unspecified number of customers, and maintenance of the server machine itself is basically performed by a server maintainer who is a customer. In these server machines, data very important to customers is stored or stored, and since an unspecified number of customers enter and exit as described above, IDC protects against data destruction and leakage. The server machine is physically protected by a lockable rack (individual area), and the server room is connected to the central console for 24 hours.
The system is monitored on a 65-day basis, and strict checks are made on entry and exit with an authentication device.

The authentication apparatus described above often determines whether or not the user is a valid user by reading an ID card or inputting a personal identification number, and is not limited to simply permitting entry and exit. In many cases, a personal identification management system is also configured to simultaneously manage user personal information and authentication time, such as time management and management of entry / exit history.

On the other hand, biometrics authentication has attracted attention as a method for performing user authentication other than reading an ID card and inputting a personal identification number. Biometrics authentication is a method of identifying a user based on biometric information unique to an individual, such as a fingerprint, iris, palm print, voice, and handwriting.
Therefore, when inputting biometrics information, it is impossible for anyone other than the user to execute it, and user authentication with higher security can be performed.

[0007] Therefore, as an apparatus for performing user authentication at the time of entering and leaving using such biometric information, for example, a "remote control electric lock" disclosed in Japanese Patent Application Laid-Open No. 8-270281 has been proposed. According to the “remote control electric lock”, fingerprint information is adopted as biometric information, and wireless communication is performed between the fingerprint recognition unit and the electric locks installed on each of the plurality of doors (entrance doors). Each electric lock is unlocked according to the result of the fingerprint collation transmitted from the fingerprint recognition unit. This realizes highly secure user authentication and simplicity by remote operation.

[0008]

However, fingerprint recognition is generally recognized as having a low success rate of recognition and requiring multiple input operations. Requires an operation of inputting a fingerprint by the fingerprint recognizing unit every time an unlock request is made, so that there is a problem that much time is required for fingerprint recognition.

For example, when a large number of users operate the opening / closing body at one time, such as when the “remote control electric lock” is used for attendance management, if fingerprint recognition fails many times, The number of persons (throughput) that can pass through the opening / closing body within a unit time is reduced, and the efficiency is reduced. In particular, in time management,
Since embossing at the time of authentication is important, such a waste of time means that accurate management cannot be performed.

[0010] In the above-mentioned "remote control electric lock",
In the fingerprint recognition unit, information indicating which opening / closing body the user can pass is registered. Even with a conventional authentication device, the user can be identified by registering information such as a name and an individual ID number. I was However, when the above-described fingerprint recognition unit is used as a general-purpose identification device, for example, a device that requires a completely unrelated user to provide identification (eg, age, gender, place of residence, etc.). Has a problem that it is virtually impossible to register personal information such as a person's name and ID number in advance.

SUMMARY OF THE INVENTION The present invention has been made to solve the above-mentioned problems, and improves the efficiency of authentication by providing an expiration date for a result of verification of biometric information. An object of the present invention is to provide a personal identification system that can use a device by providing only minimum information to the device that requires the device.

[0012]

Means for Solving the Problems The above-mentioned problems are solved,
In order to achieve the object, in the personal identification system according to the present invention, in the personal identification system including a personal identification request device and a personal identification unit that can communicate with each other, the personal identification request device includes the personal identification request device. In response to the access request transmitted from the unit, identification information indicating a predetermined identification condition is returned, and in response to the access right ownership notification transmitted from the personal identification unit, control is performed to enable use of a predetermined device. The personal identification unit includes biometric information input means for inputting biometric information, and stores a matching result obtained by comparing biometric information input by the biometric information input means with biometric information registered in advance; The access request is transmitted to the personal identification request device in response to the operation, and when the identification condition is received, the access request is stored. Collation result there are judges whether the identification conditions are satisfied, the access rights notified and transmits to the personal identification request apparatus when satisfied.

According to the present invention, if the collation result with respect to the input of biometric information performed in the past satisfies the identification condition transmitted from the personal identification request device, the biometric information is not input again. Upon receiving the user authentication, the device controlled by the personal identification request device can be used.

In the personal identification system according to the next invention, in the above invention, the personal identification unit is:
When the stored collation result does not satisfy the identification condition, the user is requested to input the biometric information by the biometric information input unit, and the biometric information input in response to the request and the biometric information registered in advance When the collation result obtained by collating the information satisfies the identification condition, the access right ownership notification is transmitted to the personal identification request device.

According to the present invention, even when the result of collation with respect to the input of the biometric information performed in the past does not satisfy the identification condition transmitted from the personal identification request device, the input of the biometric information is performed again. Upon receiving user authentication, a device controlled by the personal identification request device can be used.

[0016] In the personal identification system according to the next invention, in the above invention, the personal identification request device includes:
The identification condition includes a valid time, and the personal identification unit includes a collation time in the collation result.

According to the present invention, an expiration date can be set for the result of matching of biometric information input in the past, so that time management can be performed as to whether or not biometric information must be input again.

[0018] In the personal identification system according to the next invention, in the above invention, the personal identification request device includes:
Including the transmission request of personal information in the identification condition, the personal identification unit stores personal information of a user who owns the personal identification request device, and converts the personal information requested in the identification condition into the access right ownership notification. It is characterized by including.

According to the present invention, not only whether or not the personal identification requesting device can be accessed, but also personal information can be transmitted to the personal identification requesting device. In the case where only an attribute that does not specify an individual is transmitted as personal information, the personal identification request device can control whether or not access is possible based on the attribute without performing user management. it can.

In the personal identification system according to the next invention, in the above invention, the personal identification unit is:
When transmitting the access right ownership notification, the personal information requested in the identification condition is displayed, and whether or not to transmit the access right ownership notification is selected according to a user operation. .

According to the present invention, the user can confirm the personal information transmitted to the personal identification request device.

[0022] In the personal identification system according to the next invention, in the above invention, the personal identification request device includes:
Including the attribute of personal information in the identification condition, the personal identification unit stores personal information of a user who owns the personal identification request device, the collation result satisfies the identification condition, and the stored personal information is In a case where the information corresponds to the attribute of the personal information, the access right ownership notification is transmitted to the personal identification requesting device.

According to the present invention, the personal identification unit determines whether the stored personal information corresponds to the attribute of the personal information, so that the personal information itself is transmitted to the personal identification request device. Eliminates the need.

[0024]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiments of the personal identification system according to the present invention will be described below in detail with reference to the drawings. The present invention is not limited by the embodiment.

Embodiment 1 First, a personal identification system according to the first embodiment will be described. In the personal identification system according to the first embodiment, the result of matching the biometric information input in the personal identification unit is stored in the personal identification unit, and a personal identification request device installed at an entrance door or the like is required for user authentication. When the identification condition is transmitted, if the matching result held in the personal identification unit satisfies the identification condition, it is possible to be authenticated by the personal identification request device without inputting biometric information again. Features.

FIG. 1 is a block diagram showing a schematic configuration of the personal identification system according to the first embodiment. 1, the personal identification system according to the first embodiment includes a personal identification unit 10 and a personal identification request device 20.

The personal identification unit 10 includes a transmitting / receiving unit 12,
It comprises a biometric information input unit 13, an identification information storage unit 15, a biometric information matching unit 14, a matching result storage unit 16, a control unit 11, and an access button 17. Here, the transmission / reception unit 12 is a communication interface for communicating with the personal identification request device 20 via radio waves such as radio waves or infrared rays, or via wires such as cables and connectors.

The biometric information input unit 13 is a means for inputting biometric information such as a fingerprint pattern, an iris pattern, a retinal pattern, a voice, a palm print pattern, and a handwriting. For example, a user's fingerprint is input as biometric information. in case of,
This is a fingerprint scanner, and is an input pad like a tablet that can be input using a stylus pen when inputting a user's handwriting as biometric information.

The identification information storage unit 15 stores the biological information input unit 1
3 stores personal information of the user such as biometric information and ID code registered in advance. Biometric information collation unit 1
4 collates the biometric information input by the biometric information input unit 13 with the biometric information registered in the identification information storage unit 15 and writes the collation result in the collation result storage unit 16. In addition, this collation result indicates not only the degree of coincidence between the two but also
It also includes information accompanying the collation, such as the time at the time of collation and the type of biometric information.

The control unit 11 transmits an access request signal to the personal identification request device 20 via the transmission / reception unit 12 when detecting that the access button 17 is pressed. Further, the control unit 11 determines whether or not the collation result stored in the collation result storage unit 16 satisfies the identification condition received from the personal identification request device 20. If the collation result is satisfied, the identification information storage unit 15
Is transmitted to the personal identification requesting device 20 including the ID code or the like stored in the personal identification requesting device 20. If the signal is not satisfied, the user is prompted to input the biometric information by the biometric information input unit 13.

The personal identification unit 10 is preferably small enough to be portable so that biometric information can be input at any time and place. In addition, a plurality of the above-described biological information input units 13 may be provided so that a plurality of different types of biological information can be input.

On the other hand, the personal identification request device 20 includes a transmission / reception unit 22, a control unit 21, and an identification condition storage unit 23. Here, the transmission / reception unit 22 is a communication interface for communicating with the personal identification unit 10 via radio waves such as radio waves and infrared rays, or via wires such as cables and connectors.

The identification condition storage unit 23 stores identification conditions set in advance. The identification condition is a condition required for the personal identification unit 10 to receive user authentication, and is, for example, a lower limit value of the matching degree or a valid time of the matching result. The control unit 21 returns the identification condition stored in the identification condition storage unit 23 in response to the access request from the personal identification unit 10 and, upon receiving the above-mentioned access right possession signal, sets the personal identification request device 20 Perform this operation.

The personal identification requesting device 20 is specifically installed near, for example, an entrance door, and requests user authentication in conjunction with a login process of a device or a computer that controls an electronic lock of the entrance door. Device.
Therefore, the actual operation of the personal identification request device 20 described above is
In the case of an electronic lock control device, this is an unlocking process, and in the case of a computer authentication device, this is a login process.

The operation of the personal identification system according to the first embodiment will be described below. Here, a case where the personal identification requesting device 20 is the electronic lock control device described above will be described as an example. FIG. 2 is a flowchart illustrating an operation of the personal identification system according to the first embodiment. The user holds the personal identification unit 10 and presses the access button 17 of the personal identification unit 10 near the door where the personal identification requesting device 20 is installed, when requesting to open the door (see FIG. Step S101).

When the access button 17 is pressed, the personal identification unit 10 transmits an access request signal to the personal identification request device 20 (step S10).
2). Upon receiving the access request signal, the personal identification request device 20 extracts the identification condition from the identification condition storage unit 23 (Step S201), and returns a signal indicating the extracted identification condition to the personal identification unit 10 (Step S20).
2).

FIG. 3A is a diagram showing an example of the identification condition in the first embodiment. As shown in FIG. 3A, the identification condition includes items such as “biological information type”, “lower match degree”, “valid time”, and “other request information”. Here, the “biological information type” is a type of biological information that requires input of a fingerprint, a voice, a retinal pattern, an iris pattern, or the like, and a plurality of types can be requested at the same time. The "lower match degree" is a threshold value for the match degree with registered biometric information when the input biometric information is collated,
In other words, it is a threshold value indicating how much the degree of coincidence with the biometric information registered in advance is judged to be the same user as at the time of registration.

The "expiration time" is the expiration date of the collation result already stored. If the identification has been successful within a predetermined time in the past, the collation is not requested again without inputting the biometric information. Time information for believing the result and granting access. “Other request information” refers to the identification information storage unit 1
5 and the like. In addition to these items, for example, newly required input information other than the biological information, such as a password, may be requested.

In particular, in the example shown in FIG. 3A, the personal identification unit 10 is requested to input fingerprint information as biometric information, and the matching result among the matching results already stored in the matching result storage unit 16 is determined. This indicates that the degree is 60% or more, the collation time is within the past 5 minutes from the current time, and that an input of a password is required in addition to the biometric information.

Upon receiving the above-described identification condition, the personal identification unit 10 refers to the collation result stored in the collation result storage unit 16 (step S103), and determines whether the collation result satisfies the received identification condition. It is determined whether or not it is (step S104). If the identification condition is not satisfied, the user is prompted by the biometric information input unit 13 to input biometric information again (step S10).
5). Then, when the input of the biometric information is completed, the input biometric information is collated to determine how much the biometric information matches the registered biometric information stored in the identification information storage unit 15.
The collation result is stored in the collation result storage unit 16 (step S
106).

Then, the collation result is obtained in step S20.
If the identification condition received in step 2 is not satisfied (step S
107 negative), a warning such as an error display or a request for re-input is made. On the other hand, step S104 and step S10
7, if the collation result satisfies the identification condition received in step S202 (steps S104 and S107).
Affirmative), an access right ownership notification indicating that the user has the access right to the personal identification requesting device 20 is transmitted to the personal identification requesting device 20 together with other request information (step S108).

FIG. 3B is a diagram showing an example of the collation result. As shown in FIG. 3B, the collation result includes items such as “biological information type”, “match degree”, and “collation time”. In particular, in the example shown in FIG. 3B, the “biological information type”, the “matching degree”, and the “collation time” correspond to the “biological information type”, “matching Lower limit ",
It corresponds to "valid time".

Therefore, in the example shown in FIG. 3, the current time is 8:
If it is 48, the collation result storage unit 16 retains the collation result that “the fingerprint information was input three minutes before the current time and the identification was successful with a matching degree of 82%”. This satisfies the identification condition transmitted from the personal identification requesting device 20 that “success has been achieved with a degree of coincidence of 60% or more using a fingerprint within the past five minutes”.

As described above, according to the personal identification system of the first embodiment, the personal identification request device 20
Holds the identification conditions, and the personal identification unit 10
Holds the past collation results, it is possible to set different identification conditions for each personal identification request device 20 and finely set conditions for executing the main operation of the device.

The personal identification unit 10 can also include personal information such as an ID code as other request information in the access right ownership notification transmitted to the personal identification requesting device 20. It is also possible to manage the usage history for each user and to manage attendance.

Furthermore, the personal identification unit 10 stores the collation time, and the personal identification requesting device 20 can set the validity period of the collation result as the identification condition. By inputting biometric information using the personal identification unit 10 in advance, the operation of the personal identification requesting device 20 can be performed only by issuing an access request near the personal identification requesting device 20. In particular, this is the case where the personal identification requesting device 20 is a device that performs attendance management,
When a large number of users use the device at one time, the effect that the throughput can be improved is brought about.

Although the access button is provided in the personal identification unit 10 in the configuration shown in FIG. 1, it is provided in the personal identification request device 20 like the access button 27 shown by the dotted line in FIG. Is also good. When the personal identification unit 10 and the personal identification request device 20 are configured to communicate wirelessly, the personal identification request device 20 always monitors whether the personal identification unit 10 is present nearby. It can also be configured as follows.

Embodiment 2 Next, a personal identification system according to the second embodiment will be described. Embodiment 2
In the personal identification system according to the first embodiment,
This explains a case in which it is not necessary to identify a user as in the case where the personal identification request device requests only age as an identification condition, for example. The configuration of the personal identification system according to the second embodiment is the same as that shown in FIG. 1, and a description thereof will be omitted.

Device 2 for requesting personal identification in the second embodiment
0 is, for example, a vending machine for alcoholic beverages and cigarettes, such as equipment that originally has a condition such as age, an admission ticket vending machine that is specially discounted by residence and gender, etc. It is a device whose operation is permitted or special processing such as discount is performed depending on the condition of the user who operates it. Note that this includes devices such as entrance doors and computers that can be operated only by their affiliation or position.

Hereinafter, a case where the personal identification requesting device 20 is an alcoholic beverage vending machine will be described as an example. FIG. 4A is a diagram illustrating an example of an identification condition according to the second embodiment. In the example shown in FIG. 4A, the vending machine requests “age” as “other request information” of the identification condition. However, in the second embodiment, “biological information type”,
The fields "Lower match" and "Effective time" are not important,
The identification conditions may be set appropriately on the vending machine side or may not be set at all and use the identification conditions set by default on the personal identification unit 10 side.

On the other hand, it is possible to store personal information in the identification information storage section 15 of the personal identification unit 10 as described in the first embodiment. FIG. 4B shows an example of the personal information. In the example shown in FIG.
The identification information storage unit 15 stores personal information including items such as “name”, “sex”, “age”, “place of residence”, and “occupation”.

Therefore, when the user holding the personal identification unit 10 wants to purchase an alcoholic beverage with the vending machine described above, the personal identification unit 10 and the vending machine operate according to the same procedure as the flowchart shown in FIG. In particular, in the case of the example shown in FIG.
Includes the “age” information of the identification information stored in the identification information storage unit 15 in the access right ownership notification in step S108.

Then, the personal identification requesting device 20 extracts the “age” information from the received access right ownership notice, and the “age” information satisfies a condition such as “must be at least 20 years old”. Only when this is the case, the automatic operation, which is the main operation, is permitted.

Here, the maliciously-informed personal identification request device 2
If the zero administrator sets so as to request personal information that is not originally required, there is a possibility that personal information that is not originally required may be collected. Therefore, a transmission content display unit may be provided on the personal identification unit side to display personal information to be transmitted to the personal identification requesting device 20, and confirm whether or not to transmit. That is, the access right possession notification is transmitted only when the user determines that the personal information displayed on the transmission content display unit may be transmitted,
If it is determined that unnecessary information is included, the access right ownership notification is not transmitted. This can prevent unnecessary personal information from being leaked without permission.

In the above description of the second embodiment,
Although the requested personal information itself is transmitted to the personal identification requesting device 20, the personal identification requesting device 20 includes
An item that specifies the content of personal information, such as “age is 20 years or older” may be included. In this case, the personal identification unit 10 extracts personal information from the identification information storage unit 15 and determines whether or not the personal information corresponds to the specified item together with other identification conditions. Only send access rights notification.

As described above, according to the personal identification system of the second embodiment, the personal identification is performed based on the attribute of the user, instead of the information that identifies the user, such as the name and the ID code. Since the identification requesting device 20 performs this operation, there is no need to register personal information for permitting access on the personal identification requesting device 20 side, and authentication means is used in a widely used device such as a vending machine. Can be provided.

[0057]

As described above, according to the present invention, if the collation result with respect to the input of the biometric information performed in the past satisfies the identification condition transmitted from the personal identification request device, the biometrics is re-established. Without inputting information, it is possible to use the device controlled by the personal identification request device after receiving user authentication, so it is not necessary to input biometric information every time, eliminating the trouble of the user,
As a result, there is no need to occupy the personal identification requesting device for personal identification, and it is possible to improve the throughput of the entire system.

According to the next invention, the input of the biometric information is performed again even when the collation result for the input of the biometric information performed in the past does not satisfy the identification condition transmitted from the personal identification request device. Thus, since the device controlled by the personal identification request device can be used after receiving the user authentication, it is possible to flexibly cope with the identification condition required by the personal identification request device.

According to the next invention, an expiration date can be set for the result of the verification of the input of the biometric information performed in the past, so that it is possible to time-manage whether or not it is necessary to input the biometric information again. There is an effect that a balance between improvement in system throughput and reliability can be achieved.

According to the next invention, not only whether or not the personal identification requesting device can be accessed, but also personal information can be transmitted to the personal identification requesting device. In the case where only an attribute that does not specify an individual is transmitted as personal information, the personal identification request device controls whether or not access is possible based on the attribute without performing user management. This makes it possible to cope with more detailed identification conditions different for each individual identification request device.

According to the next invention, since the user can confirm the personal information transmitted to the personal identification requesting device, it is possible to prevent personal information not intended by the user from leaking to the personal identification requesting device. Has the effect of being able to

According to the next invention, since the personal identification unit determines whether the stored personal information corresponds to the attribute of the personal information, the personal information itself is transmitted to the personal identification request device. This eliminates the necessity to perform the operation and prevents the leakage of personal information to the personal identification request device.

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating a schematic configuration of a personal identification system according to a first embodiment;

FIG. 2 is a flowchart illustrating an operation of the personal identification system according to the first exemplary embodiment;

FIG. 3 is a diagram illustrating an example of an identification condition and a matching result according to the first embodiment;

FIG. 4 is a diagram showing an example of identification conditions and personal information according to the second embodiment.

[Explanation of symbols]

10 personal identification unit, 11, 21 control unit, 12,
Reference Signs List 22 transmission / reception section, 13 biometric information input section, 14 biometric information collation section, 15 identification information storage section, 16 collation result storage section, 17, 27 access button, 20 personal identification request device, 23 identification condition storage section.

 ──────────────────────────────────────────────────続 き Continued on the front page F term (reference) 5B085 AA01 AA08 AE25

Claims (6)

[Claims] 1. A personal identification system comprising a personal identification request device and a personal identification unit that can communicate with each other, wherein the personal identification request device performs a predetermined identification in response to an access request transmitted from the personal identification unit. The identification information indicating the condition is returned, and the access right ownership notification transmitted from the personal identification unit is controlled to enable a predetermined device to be used. An information input unit, and stores a collation result obtained by collating the biometric information input by the biometric information input unit with biometric information registered in advance, and accesses the personal identification request device according to a user operation. Transmitting a request, upon receiving the identification condition, determining whether the stored collation result satisfies the identification condition. Personal identification system the access rights notified and transmits to the personal identification request apparatus when satisfied. 2. The personal identification unit requests a user to input biometric information by the biometric information input means when the stored collation result does not satisfy the identification condition, and responds to the request. 2. The access right possession notice is transmitted to the personal identification request device when a collation result obtained by collating inputted biometric information with biometric information registered in advance satisfies the identification condition. Personal identification system. 3. The individual according to claim 1, wherein the personal identification request device includes a valid time in the identification condition, and the personal identification unit includes a collation time in the collation result. Identification system. 4. The personal identification request device includes a request for transmission of personal information in the identification condition, the personal identification unit stores personal information of a user who owns the personal identification request device, and 4. The personal identification system according to claim 1, wherein the requested personal information is included in the access right ownership notice. 5. The personal identification unit displays personal information requested in the identification condition when transmitting the access right ownership notification, and transmits the access right ownership notification in response to a user operation. 5. The personal identification system according to claim 4, wherein whether or not to select is selected. 6. The personal identification request device includes an attribute of personal information in the identification condition, the personal identification unit stores personal information of a user who owns the personal identification request device, and the collation result is 4. The personal identification request device according to claim 1, wherein when the identification condition is satisfied and the stored personal information corresponds to the attribute of the personal information, the access right ownership notification is transmitted to the personal identification request device. Personal identification system.