JP2004080777A - Authentication apparatus and authentication method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication apparatus having high certainty on the correctness of the presence of a specific individual and specific article. <P>SOLUTION: Information necessary for authentication of an object article (object information) is obtained from an object information retrieval portion 11 and a user input portion 12. The obtained object information is input to an authentication object information processing portion 40 via a calculation control unit 30, and an individual and article, etc. are authenticated by an object information authentication portion 41. Object information DB42 is used for the authentication. Also, position information necessary for specifying a present position is obtained from a GPS data receiving portion 51 and a position information receiving portion 52. The position information is obtained from a GPS satellite and a cell station of cellular phones and PHS. A position information authentication portion 71 authenticates a position based on the obtained position information and information stored in a memory portion 90 in advance. Position information DB72 is used for the position authentication. <P>COPYRIGHT: (C)2004,JPO

Description

(4) The present invention relates to an authentication device that targets a specific individual or a specific article as an authentication target. In particular, the present invention relates to an authentication device that can authenticate even when those objects exist at a specific position or a specific time.

Conventionally, there is a case where it is desired to manage “existence / existence” of “specific individual (person or thing)” at “specific position”. For example, “tour control”, in which the supervisor manages the activities of the salesperson on the outskirts, is applicable. In this case, in the related art, a GPS terminal, a mobile phone, or the like (hereinafter, referred to as “terminal”) is carried by a salesperson and “ The above management is performed by performing "position tracking" and "position identification" and transmitting the position information and the like to a management server used by the supervisor.

シ ス テ ム Also, a system that enables confirmation / identification of a position based on position information of a predetermined terminal has been disclosed (for example, see Patent Documents 1 to 4). Further, there is a proposal of a device or the like that enables sharing of position information between terminals having a function of notifying position information (for example, see Patent Document 5). Furthermore, a technology has been disclosed that enables acquisition of position information of a specific individual (wanderer) (for example, Patent Document 6).

Further, there has been proposed a system capable of obtaining information previously requested by a terminal user when the terminal user goes to a predetermined place (for example, see Patent Document 7). There has also been proposed an image management method capable of attaching shooting location information to an image shot by a digital camera (for example, see Patent Document 8).

Various methods have been proposed for an authentication method using voiceprint data, an authentication method using image data representing facial features, and an authentication method using iris data (for example, see Patent Documents 9 to 11).
JP 2000-209641 A JP 2001-503134 A JP 2001-91291 A JP 2000-354268 A JP-A-2000-97098 JP 2000-304564 A JP 2001-119762 A JP 2001-36840 A JP-A-8-223281 JP-A-11-85988 JP-A-9-212644

However, in these conventional examples, it is an absolute condition that a device is given to a specific person on a one-to-one basis, and that location information is transmitted to the device. Therefore, it is completely powerless against an "impersonation" event such as "when a terminal is carried to a specific position by a person other than a specific person".

In a situation where it is desired to confirm that a “specific individual” exists (existing) at a “specific position (place)”, when the “specific individual” is “unspecified majority” from the side that wants to confirm Helpless. That is, when a specific individual does not correspond one-to-one with a conventional terminal or the like, authentication itself is impossible with the conventional terminal or the like. In other words, these problems occur because there is no terminal device that can authenticate both “location (place)” and “individual” or a system including the terminal device and the server device.

Specifically, there is a need for a technology that effectively functions in the following situations.
(1) A situation where a "specific article" exists at a "specific location", or a situation where it is desired to authenticate a "specific individual" and a "specific article" (authentication of delivery to a specific address, authentication of delivery of an article, etc.)
(2) Situation where you want to certify that a "specific person" exists at a "specific position" (such as salesman patrol management, orienteering situation management)
(3) Situation where it is desired to authenticate “specific actions and movements” of individuals (for example, individuals and goods) (business trip management, industrial waste disposal management, copyright certification of photography data, recording data, etc.)
(4) A situation in which a new secondary effect is desired by one or more “individuals and their location authentication” (remote lock management for specific facilities, etc.)

In the above-mentioned Patent Documents 1 to 5, it is impossible to specify an individual and authenticate the individual. Further, in Patent Document 6 and Patent Document 7 described above, since it is impossible to cope with a so-called “spoofing” event, provided information is omitted for a fake impersonator. For example, in the case of the above-described remote lock management, the key is opened.

Further, Patent Document 8 cannot attach photographer information. Even if such a device is added, even if the photographing location information and the photographer information are attached to the image data, the image data can be easily modified and cannot function as an authentication device.

Therefore, the present invention has been made in view of the above-described problems, and has as its object to provide an authentication device with high accuracy regarding the validity of the existence of a specific individual or a specific article.

In order to achieve the above object, an authentication device according to the present invention is an authentication device that authenticates the validity of a specific individual, and obtains first target information characterizing the individual from the individual. Target information obtaining means, target information authentication means for authenticating the validity of the individual based on the obtained first target information, and position information obtaining means for obtaining position information indicating a position where the individual exists. And position information adding means for associating the acquired position information with target information on the individual whose authenticity has been authenticated.
Thereby, the validity of the individual to be authenticated is authenticated, and the position information of the position where the authenticated target exists is added, so that it is possible to grasp where the valid individual exists.

Furthermore, in order to achieve the above object, an authentication device according to the present invention is an authentication device that authenticates the validity of a specific individual and the existence of the individual, and an object that characterizes the individual. Target information obtaining means for obtaining information; position information obtaining means for obtaining position information indicating a position where the individual exists; and target information authentication for authenticating the legitimacy of the individual based on the obtained target information. Means, based on the obtained position information, a position information authenticating means for authenticating the position where the individual is present, the legitimacy of the individual is authenticated, and when the position information is authenticated, the individual And an existing authentication means for authenticating the existence.
Thus, the validity and the position of the individual to be authenticated are authenticated, so that it can be grasped that the valid individual exists at the position where it should exist.

Further, in order to achieve the above object, the authentication system according to the present invention is a method for targeting at least one individual among a specific individual and a specific article possessed by the individual to determine whether the individual is legitimate and the individual An authentication system comprising: an authentication server for authenticating the existence; and an authentication terminal connected to the authentication server via a network, wherein the authentication terminal is characterized by the individual from the individual. Target information obtaining means for obtaining target information to be attached, position information obtaining means for obtaining position information indicating a position where the individual exists, and transmitting means for transmitting the obtained target information and the position information to the authentication server. Comprising, receiving means for receiving the target information and the position information from the authentication terminal, based on the received target information, Target information authenticating means for authenticating the validity of the body, position information authenticating means for authenticating the position where the individual is present based on the received position information, and the authenticity of the individual is authenticated, and the position information And an existing authentication means for authenticating that the individual actually exists when is authenticated.

Thereby, the authentication terminal transmits information characterizing the individual and information on the position where the individual exists to the authentication server for the specific individual (an individual or an article possessed by the individual), and the authentication server transmits the information and the position Since the legitimacy of the individual and its position are authenticated based on the information, it is possible to recognize that the specific legitimate individual was present at the position where the legitimate individual should exist even in a remote place.

In order to achieve the above object, the present invention may be realized as an authentication method having the characteristic means of the authentication device as steps, or as a program for causing a computer such as a personal computer to execute those steps. it can. Then, such a program can be distributed via a recording medium such as a CD-ROM or a transmission medium such as the Internet.

With the authentication device according to the present invention,
(1) A situation where a "specific article" exists at a "specific location", or a situation where it is desired to authenticate a "specific individual" and a "specific article" (authentication of delivery to a specific address, authentication of delivery of articles, etc.)
(2) Situation where it is desired to certify that a “specific person” exists at a “specific position” (such as salesman patrol management, orienteering situation management)
(3) Situation where it is desired to certify “specific actions or movements” of individuals (for example, individuals or goods) (business trip management, industrial waste disposal management, copyright certification of shooting data, recording data, etc.)
(4) A situation in which a new secondary effect is desired by one or more “individuals and their location authentication” (remote lock management for specific facilities, etc.)
It is possible to provide an authentication device that functions effectively in each of the above situations.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
(Embodiment 1)
FIG. 1 is an example of the present embodiment, and is a diagram illustrating a situation where a delivery person of a home delivery company performs various types of authentication using the authentication device 200 according to the present embodiment when delivering an article. FIG. 1 shows a state in which a delivery person 110 of a delivery company 100 delivers an article 150 to a recipient 120 at a delivery destination home 130. At this time, the delivery person 110 performs an operation for authentication of the delivery person, the article, the delivery destination, the delivery time, and the like using the authentication device 200.

Here, “authentication” refers to certifying that an act or document has been performed by a valid actor or legal procedure, for example, being a specific individual, existing, This corresponds to the case of proving that the exchange has been performed and that the content has not been tampered with.

Specifically, when the delivery person 110 delivers the article 150 to the recipient 120, a fingerprint of the delivery person 110 is collected using the authentication device 200, and the fingerprint is registered in the delivery person 110 registered in the authentication device 200 in advance. If the fingerprint matches the “delivery person has been authenticated”. Further, the barcode 151 of the article 150 is read, and when the address 152 registered in advance in association with the barcode matches the location information acquired through the GPS satellite 140 at this location, the message “Article and The delivery address has been authenticated. " Furthermore, if the time obtained at the time of delivery (for example, obtained from a built-in clock or radio clock) is included in the delivery time zone registered in advance in association with the barcode, " The delivery time has been authenticated. "

FIG. 2 is an external view of the authentication device 200 in FIG. The authentication device 200 is a stand-alone terminal that authenticates “delivery person”, “article”, “delivery destination”, and “delivery time” by the operation of the delivery person 110 when delivering the article 150. An infrared port 230, a fingerprint reading sensor 240, a keyboard 250, a memory slot 260, a barcode reader 270, an antenna 280, and the like are stored in the housing 210.

The display panel 220 is, for example, a liquid crystal panel, and displays the contents of the operation input received from the operator via the keyboard 250, the above-described authentication result, and the like. FIG. 2 shows display examples of various authentication results, the status of procedures, and the like (221 to 224).

(4) The infrared port 230 is an input / output port for enabling data communication with another information terminal such as a PC (Personal Computer) by using infrared rays based on IrDA standards or the like.

The fingerprint reading sensor 240 is a capacitance type or optical type sensor for reading a fingerprint, and captures a fingerprint of a finger placed thereon. The fingerprint reading sensor 240 includes a communication port 245 and a memory slot 260. Further, the fingerprint reading sensor 240 is detachable and is provided as a standard feature in the authentication device 200, and is also provided with a PDA (Personal Digital Assistants) such as another mobile phone via a communication cable or the like connected to the communication port 245. ) Can be connected.

The communication port 245 is, for example, a serial communication port, and is a port for a communication interface for transmitting data related to the authentication from the fingerprint reading sensor 240 to a PDA other than the authentication device 200.

The memory slot 260 is an interface device for reading / writing data from / to a small storage medium such as an SD memory card. For example, in the small storage medium, the name and address 152 of the recipient 120, the ID code of the delivery person 110 to be delivered, and the delivery The time zone and the like are stored in advance. Note that the ID code of the delivery person 110 and the fingerprint data of the delivery person are separately stored in a built-in memory (not shown), and registered / updated by the manager of the courier company 100 or the like, thereby ensuring security. It is assumed that

The barcode reader 270 is a device (for example, an OCR type or a CCD type) for reading the barcode 151 attached to the article 150 to be delivered.

The antenna 280 is an antenna for receiving position information, time information, and the like transmitted from a base station (not shown) of a PHS or a mobile phone, a GPS satellite 140, or the like.

The speaker 290 sounds an alarm sound when the holder of the authentication device 200 (for example, the operator 110) approaches within a preset range (for example, within a radius of 50 m from the delivery home 150). .

FIG. 3 is a block diagram showing a functional configuration of the authentication device 200 shown in FIG. As shown in FIG. 3, the authentication device 200 includes an input unit 10, a display unit 20, an arithmetic control unit 30, a target information processing unit 40, a transmission / reception control unit 50, a time information authentication unit 60, a position information processing unit 70, a video A generation unit 80, an alarm sound generation unit 85, a storage unit 90, and the like are provided.
The input unit 10 is a unit that acquires data necessary for the apparatus 200 and receives an operation input from an operator, and includes an object information acquisition unit 11 and a user input unit 12.

The target information acquisition unit 11 includes the fingerprint reading sensor 240 and the barcode reader 270 shown in FIG. 2 described above, and is information capable of individually identifying objects to be authenticated (for example, individuals and articles). (Hereinafter, referred to as “target information”) and transmits it to the arithmetic and control unit 30.

Here, the target information for authenticating an individual includes an ID code and a password input by the operator, fingerprint data input from the fingerprint reading sensor 240 and the like, voiceprint data, image data representing facial features, iris data , DNA data, and the like. It should be noted that authentication may be performed using one piece of target information among these pieces of target information, or authentication may be performed with higher accuracy by combining two or more pieces of target information. On the other hand, the target information for authenticating an article includes an ID code (including a barcode) of the article, image data representing characteristics of the article, and the like.

The user input unit 12 is a part corresponding to the keyboard 250 in FIG. 2 described above, and receives a keyboard input such as an ID code and a password from the operator as necessary.

The display unit 20 includes the display panel 220 shown in FIG. 2 and displays the contents input through the user input unit 12 and the authentication result.

The arithmetic control unit 30 is, for example, a microcomputer including a ROM, a RAM, and the like, and controls the entire authentication device 200. Further, the arithmetic control unit 30 receives the target information from the target information acquisition unit 11 and transmits the target information to the target information processing unit 40. In this case, the arithmetic control unit 30 stores the received target information in the storage unit 90 as a database as necessary. Furthermore, the arithmetic and control unit 30 has a clock capable of measuring the time therein, and upon receiving a request from the time information obtaining unit 61, returns the time information representing the time. Further, the arithmetic and control unit 30 compares the address of the visit destination set in advance and the current address at a fixed frequency (for example, once every 30 seconds), and within a certain range (for example, the delivery When the vehicle approaches (within a radius of 50 m from the previous home 150), an alarm generation signal is generated and transmitted to the alarm sound generation unit 85. The arithmetic and control unit 30 may have a built-in so-called radio clock, and transmit time information based on the radio clock.

The target information processing unit 40 has a function of performing an authentication process on the target information received via the arithmetic control unit 30 and updating the target information stored in the target information DB 42. It comprises a unit 41, a target information DB 42, and a target information update unit 43.

The target information authentication unit 41 collates the target information received from the calculation control unit 30 with information stored in advance in the target information DB 42, performs a match / mismatch determination, and notifies the calculation control unit 30 of the result. I do. For example, the fingerprint information of the delivery person input in the target information acquisition unit 11 is compared with the fingerprint data stored in the target information DB 42 in advance, and if there is a match, the “delivery person” corresponding to the fingerprint data is matched. "ID" is notified to the arithmetic and control unit 30, and if they do not match, "not applicable person" is notified. Data other than the delivery person's fingerprint data, such as an ID code, a password, voiceprint data, data relating to facial features, iris data, and DNA data, are input from the target information acquisition unit 11 and registered in advance based on the data. The data may be collated with the data, and the result may be notified to the arithmetic and control unit 30.

The target information DB 42 is, for example, a RAM or a hard disk, and stores an ID code and a password for identifying an individual or an article, fingerprint data, voiceprint data, data on facial features, iris data, DNA data, and the like. It is assumed that registration / update of the data is performed only by a specific person, and that security is ensured.

(4) The target information DB updating unit 43 registers / updates target information stored in the target information DB 42 according to an instruction from the arithmetic control unit 30.

The transmission / reception control unit 50 has a function of performing communication with a GPS satellite, a PHS, a mobile phone, or the like in order to obtain position information and time information necessary for specifying the current position and the current time. A unit 51, a position information receiving unit 52, and a data transmitting unit 53 are provided.

The GPS data receiving unit 51 receives position information and time information from the GPS satellite 550. The position information receiving unit 52 receives position information from a base station of a PHS or a mobile phone, position information from a beacon, and the like. The data transmission unit 53 is a unit corresponding to the infrared port 230 in FIG. 2 and a transmission control circuit or the like in the PHS or the mobile phone. The data transmission unit 53 transmits data such as the authentication result received from the arithmetic control unit 30 to a PC or other portable information. Send to terminal etc.

The time information authentication unit 60 collates the time information received from the arithmetic control unit 30 with information (for example, the above-mentioned delivery time zone) stored in the storage unit 90 in advance, and notifies the arithmetic control unit 30 of the result. I do. For example, the time information acquired via the GPS data receiving unit 51 is compared with the delivery time zone stored in the storage unit 90 in advance, and when the delivery time zone includes the time indicated by the time information, , "Delivery within time" to the arithmetic control unit 30, and if the above time is not included, "delivery outside time" is notified.

The position information processing unit 70 has a function of performing position authentication by comparing the position information received via the transmission / reception control unit 50 and the operation control unit 30 with data stored in the position information DB 72 in advance. , A position information generation and authentication unit 71, a position information DB 72, and a position information DB update unit 73.

The position information generation / authentication unit 71 converts the position information received via the operation control unit 30 according to the position information stored in the position information DB 72 in advance (for example, converts longitude / latitude into an actual address). , And compares the converted position information with the position information stored in advance in the position information DB to determine a match / mismatch. The determination result is notified to the arithmetic and control unit 30.

The position information DB 72 is, for example, a hard disk or a RAM, and stores data for converting the position information. For example, it is a database for converting position information expressed by latitude / longitude into an address (△△ prefecture, city, etc.) (or performing the reverse conversion).

The position information DB updating unit 73 updates the contents of the position information DB 72 according to an instruction from the arithmetic control unit 30.

The video generation unit 80 stores video data of a video (for example, the appearance of an article to be delivered, an ID code, and the like) acquired by an operator, a barcode read result, and the like.

The alarm sound generation unit 85 includes the speaker 290, and upon receiving an alarm generation signal from the arithmetic and control unit 30, synthesizes a predetermined electronic sound and outputs an alarm sound from the speaker.

The storage unit 90 is a memory slot 260, a small storage medium, a RAM, or the like in FIG. 2 described above, and, as described above, according to an instruction from the arithmetic control unit 30, stores each ID code of an article to be delivered registered before delivery as described above. The name and address of the recipient, the ID code and the scheduled delivery time zone of the planned delivery person, the delivery person ID for each article ID code registered as the authentication result, the delivery position, the delivery date and time, and the like are stored. The small storage medium may be a flexible disk or the like in addition to an arbitrary memory card typified by an SD card or a multimedia card. The stored data may be encrypted. Further, the storage medium may be one compatible with encryption processing such as SDX.

FIGS. 4 to 6 are configuration examples of data stored in the target information DB 42 or the storage unit 90 in FIG.
FIG. 4 is a configuration example of the delivery person fingerprint data and the like stored in the target information DB 42. As shown in FIG. 4, the delivery person fingerprint data 403 is stored in advance in the target information DB 42 (before the start of delivery) in association with the delivery person ID 401 and the delivery person name 402. It should be noted that the registration / update of the fingerprint data is performed only by a part of the persons in charge, and the delivery person cannot perform the registration / change.

FIG. 5 is a configuration example of a delivery data table stored in the storage unit 90. Here, the “delivery data table” is a table that summarizes information on undelivered items, and is registered on the day before delivery starts. As shown in FIG. 5, in the delivery data table 500, a recipient name 502, a recipient address 503, and a scheduled delivery time zone 504 are stored in the storage unit 90 in advance (before starting delivery) for each article ID 501. Is done. In the column of the estimated delivery time zone 505, the date may be registered together. The registration / update etc. of the delivery data is performed by the person in charge.

FIG. 6 is an example of the configuration of an authentication result data table registered in the storage unit 90 when delivery is completed. Here, the "authentication result data table" is a table in which various information necessary for authentication and an authentication result are summarized when the article is delivered, and is stored when the delivery is completed. As shown in FIG. 6, as the authentication result data table 600, a delivery person ID 602, a delivery position 603, a delivery date and time 504, and a recipient fingerprint data 605 are stored in the storage unit 90 when delivery is completed for each article ID 601. . Here, the delivery person ID 602 describes the corresponding delivery person ID when the fingerprint data of the delivery person matches the fingerprint data registered in advance at the time of delivery. The delivery position 603 and the delivery date and time 604 indicated by longitude and latitude are automatically acquired from a GPS satellite or the like and stored when the article ID is read by the barcode reader 270. The recipient fingerprint data 605 is obtained from the recipient as confirmation that the delivery of the article has been completed.

Next, a description will be given of the flow of processing of the authentication device 200 when the delivery person 110 of the delivery company 100 performs various authentications using the authentication device 200 when delivering the article 150.

FIG. 7 is a flowchart showing a state of the process of the present authentication device 200.
First, the arithmetic and control unit 30 displays a message such as "Please input the fingerprint of the delivery person" on the display unit 20 (S701), and waits for the input of the fingerprint from the delivery person (S702).
When the fingerprint is input, the arithmetic and control unit 30 refers to the target information DB 42 and instructs the target information authentication unit 41 to determine whether the delivery person is a valid delivery person. In this case, when it is determined that the delivery person is a valid delivery person, the delivery person is "authenticated" (S703).

Next, the arithmetic and control unit 30 displays a message such as "Please input the barcode of the article" on the display unit 20 (S704), and waits for the input of the barcode attached to the article (S705). . When the barcode is input, the arithmetic control unit 30 refers to the target information DB 42 and instructs the target information authentication unit 41 to determine whether or not the item is an item to be delivered. If it is determined that the item is to be delivered, the item is "authenticated" (S706).

Further, the arithmetic and control unit 30 displays a message such as "Please input the fingerprint of the recipient" on the display unit 20 (S707), and waits for the input of the fingerprint from the recipient (S708). Immediately after the fingerprint is input, the arithmetic and control unit 30 instructs the transmission and reception control unit 50 to acquire position information and time information (S709). When the position information and the time information are obtained, the arithmetic control unit 30 instructs the position information processing unit 70 and the time information authentication unit 62 to determine whether the delivery position and the delivery time are valid (S710). .
Further, the arithmetic and control unit 30 transmits the above authentication result to the display unit 20 (S711).

As described above, according to the authentication device 200 of the present embodiment, data that is registered in advance and whose security is ensured is collated with dynamically acquired data to determine its validity. It is possible to certify that a "specific individual (person or thing)" exists at a "specific position", that "existence" or that "proper transmission / reception has been performed".

In the above embodiment, the authentication is performed in the order of “fingerprint of the delivery person”, “article ID”, and “fingerprint of the recipient”, but the authentication order is arbitrary. Also, an example has been described in which fingerprint data is used as target information for authenticating an individual. However, the present invention is not limited to fingerprint data, and uses voiceprint data, image data indicating facial features, iris data, and the like as described above. It may be good.

In addition, as the authentication method in the target information authentication unit 41 and the position information generation authentication unit 71 of the above embodiment, a general authentication method can be used. For example, an authentication execution code created by a predetermined authentication organization can be used. It is also possible to dynamically control the authentication code of each terminal (in this case, each authentication device) from a server described later in accordance with a predetermined condition to maintain authentication accuracy (prevent spoofing or the like).

Further, in the above embodiment, the target information used for authentication of the article 150 is not limited to the barcode 151, and may be any information (such as video data of the appearance) for authenticating the article. At this time, the image generation unit 80 can confirm that the tag is attached to the article S as an image. Thereby, it is possible to confirm that the tag is not detached from the article S.

物品 Note that the article S can be authenticated directly from the image of the article S. When the article S is delivered to Mr. B, the authentication device 1 authenticates the place and the article S, and it is proved that the article S has been delivered to the place.

For example, consider the case where Mr. A requests the delivery company D to deliver an important article S to Mr. B. By performing the authentication of Mr. B and the authentication of the article S, D. On the other hand, it can be proved that "the article S has been delivered to Mr. B". Company D's false declaration (declaring that "it has been passed" even though it has not actually been delivered) or impersonation (a person other than Mr. B receiving the goods S on behalf of Mr. B) It is possible to prove that Company D has surely finished delivering the package. This can be applied to proof-of-delivery mail or any other event that makes sense by authenticating a “specific person” and “specific item”.

(Embodiment 2)
In the first embodiment, the authentication apparatus 200 used stand-alone has been described. In the present embodiment, the authentication system 300 configured via a network will be described. In the authentication system 300, the authentication server 310, which has received data necessary for authentication such as fingerprint data and position information from the authentication device 201, performs various types of authentication based on the data (for example, "visitor who visited on a business trip"). And authentication of the “visit destination”, “visit time”, etc.).

In the following, components different from those in the first embodiment will be mainly described, and common components will be denoted by the same reference numerals and description thereof will be omitted.

FIG. 8 is a system configuration diagram of the authentication system 300 according to the present embodiment. As shown in FIG. 8, the present system 300 transmits target information from the authentication device 201 to the authentication server 310 via a network 320 such as the Internet, and the authentication server 310 performs authentication based on the received target information. Things.

The authentication device 201 is a terminal for transmitting the target information to the authentication server 310, and has the same function as the authentication device 200 of the first embodiment. The information authentication unit 60 and the position information processing unit 70 may not be provided.

On the other hand, the authentication server 310 is a server (for example, a personal computer having a communication function and a server function) that receives target information from the authentication device 201 and performs various types of authentication based on the information. The apparatus 200 includes an arithmetic control unit 30, a target information processing unit 40, a time information authentication unit 60, and a position information processing unit 70 (not shown).

FIG. 9 is a diagram showing a state of a business trip which is an example of a management target by the authentication system 300, and shows a planned route and a scheduled visit time (shown in parentheses in FIG. 9) in the business trip. FIG. As shown in FIG. 9, the employee 901 visits the company 910 at 10:00, and then visits the company 920 at 13:00, the company 930 at 15:00, and the company 940 at 16:00. At that time, the employee 901 transmits fingerprint data, position information, and the like to the authentication server 310 when arriving at each visit destination. Thereby, the manager 902 in the business office 900 authenticates the “visitor”, the “visited destination”, and the “visit time”.

FIG. 10 is a configuration example of a table (hereinafter, referred to as a “business trip table”) stored in the authentication server 310 and storing data indicating the book-scheduling schedule of the employee 901. As shown in FIG. 10, the business trip schedule table 1000 stores, for each visited company name 1001, data representing the location 1002 of the company, the visitor ID 1003, and the scheduled visit date and time 1004. This travel schedule table is stored in the storage unit 90 of the authentication server 310 before the employee 901 travels.

FIG. 11 is a configuration example of a table (hereinafter, referred to as a “business trip result table”) stored in the authentication server 310 and storing data representing the business trip results of the employee 901. As shown in FIG. 11, in this business trip result table 1100, for each visiting company name 1101, data representing a visiting position 1102, a visitor ID 1103, a visiting date and time 1104, and fingerprint data 1105 of the visitor are registered. Each data of the business trip result table is stored in the authentication server 310 after the employee 901 (or the operator of the authentication terminal 201) arrives at the company at the business trip destination (receives the target information from the authentication device 201 and authenticates the same). It is stored in the unit 90. Note that in FIG. 11, "-" indicates that the data has not been set because the company has not arrived.

FIG. 12 is a communication sequence diagram between the authentication server 310 and the authentication device 201 when the employee 901 is on a business trip.
First, before the employee 901 goes on a business trip, necessary data is registered in the business trip schedule table 1000 (S1201). Next, when the employee 901 arrives at the company on a business trip, as an arrival process, the employee 901 transmits his / her own “fingerprint data” and the acquired “location information” and “time information” to the authentication server 310 (S1202, S1203). Thereby, the authentication server 310 authenticates “visitor”, “visited destination”, and “visit time” as authentication processing based on the received information, and registers predetermined data in the business trip result table 1100. (S1204).

(5) The above process is repeated every time the vehicle arrives at the company according to the schedule (S1205).

FIG. 13 is a flowchart showing a state of the arrival process in the authentication terminal 201 shown in FIG.
First, the arithmetic and control unit 30 of the authentication terminal 201 compares a preset visit address and a current address at a fixed frequency (for example, once every 30 seconds), and When approaching within the range (for example, within a radius of 50 m from the visited place) (S1301: Yes), an alarm generation signal is generated and transmitted to the alarm sound generation unit 85. Thereby, the alarm sound generation unit 85 generates an alarm sound (S1302).

Next, the arithmetic and control unit 30 displays a message such as "Please enter the fingerprint of a business traveler" on the display unit 20 (S1303), and waits for the input of a fingerprint from the operator (S1304). When the fingerprint is input, the arithmetic and control unit 30 generates fingerprint data (S1305).

After that, the arithmetic control unit 30 instructs the transmission / reception control unit 50 to acquire the position information and the time information (S1306). When the position information and the time information are obtained, the arithmetic and control unit 30 transmits the fingerprint data, the position information and the time information to the authentication server 310 (S1307).

FIG. 14 is a flowchart showing the state of the authentication processing 1204 in FIG.
First, when the arithmetic control unit 30 of the authentication server 310 receives the fingerprint data, the location information, and the time information of the business traveler from the authentication terminal 201 (S1401), the fingerprint data of the visitor stored in advance in the target information DB 42 Based on the location 1002 and the scheduled visit date and time 1004 stored in the storage unit 90, the visitor, the visit destination, and the visit time are authenticated, respectively (S1402 to S1404). Note that the order of authentication in each of the processes in S1402 to S1404 is not limited to that in FIG. 14 and is arbitrary.

The present authentication system 300 is not limited to the business trip management described above, and can be applied to authentication of a writer or the like in a work or authentication of a person in charge of lock management.

FIG. 15 is a communication sequence diagram between the authentication server 310 and the authentication terminal 201 when authenticating the author of a photographic work and the shooting location using the authentication system 300.

First, when the authentication terminal 201 captures the photograph data by the photographer's operation (S1501), it is acquired in the same procedure as in FIG. 13 ("visitor" is changed to "photographer" and applied). Photo data, fingerprint data, position information of the place where the image was taken, and time information of the time when the image was taken are transmitted to the authentication server 310 (S1502, S1503).

Next, upon receiving photo data, fingerprint data, position information, and the like from the authentication terminal 201, the arithmetic control unit 30 of the authentication server 310 authenticates the photographer based on the fingerprint data of the photographer registered in advance. (S1504). Furthermore, the arithmetic and control unit 30 of the authentication server 310 authenticates the shooting location (the current position of the photographer) based on the information indicating the planned shooting location registered in advance (S1505).

If information that can identify the target object such as the barcode can be obtained from the imaging target, the information is also transmitted to the authentication server 310 to perform authentication with higher accuracy. It may be.

FIG. 16 shows authentication in the case where a lock manager of a certain facility performs locking when there is no worker in the facility, and in which the workers and their locations are authenticated, using the present authentication system 300. FIG. 4 is a communication sequence diagram between a server 310 and an authentication terminal 201. In this case, it is assumed that the worker has the authentication terminal 201 and the authentication server 310 is installed in a management center (not shown). Further, it is assumed that the facility can be locked only when the lock manager himself is in the management center.

First, when the worker leaves the facility, the authentication terminal 201 receives the input of the fingerprint from the worker (S1601) and acquires the position information and the time information (S1602). Further, the authentication terminal 201 transmits the acquired fingerprint data, position information, and the like to the authentication server 310 (S1603).

Next, the authentication server 310 in the management center authenticates that the worker is not in the facility based on the received worker's fingerprint data and positional information (S1604, S1605). Further, the authentication server 310 acquires fingerprint data, position information, and time information from the administrator, and authenticates that the administrator is in the management center (S1606, S1607). Upon confirming that there is no worker in the facility by the above authentication (S1608), the authentication server 310 can lock the facility (S1609).

In addition, the above-mentioned system can perform the same lock management by repeating the same authentication for each worker even when there are a plurality of workers.

As described above, by using the authentication system according to the present embodiment, an object and its position information are transmitted from an authentication terminal to an authentication server via a network, and authentication is performed by the authentication server. , It is possible to construct a more accurate security system.

In order to speed up the authentication process inside the authentication device, an LUT (Logical Unit Table) may be used in addition to the target information DB and the position information DB. By using this, it becomes possible to reduce the input of data required for authentication.

Note that by performing a plurality of authentications in a superimposed manner, the authentication accuracy can be improved. For example, if the erroneous authentication rates of the authentication devices are each 1/1000, by performing authentication using two authentication devices, the erroneous authentication rate can be reduced to 1 / 1,000,000.
In addition, similarly to the above-described plurality of authentication devices, the authentication accuracy can be improved by using a plurality of authentication data for one authentication target object or person.

Furthermore, only when both of the two authentications are approved, by validating the authentication, it is possible to use the exchange as a substitute for the delivery of the article (the delivery of the article). The function by using a plurality of authentication data is not limited to the above, and a plurality of authentication data can be used to realize an arbitrary function.

Note that the authentication function itself of the specific authentication device can be authenticated by another authentication device or the server can be authenticated.
The authentication device may use a secret key, a public key, a cryptographic technique such as encryption based on the difficulty of inverse operation of a one-way function, or DNA authentication by sweat or the like, as an authentication means.

When there are a plurality of authentication methods, the authentication server may dynamically select the authentication method according to the communication environment, the performance of the device, and the like, and notify the authentication terminal of the authentication method.
Furthermore, when the operator's password or the like is leaked to a third party or the like, a warning may be presented to the operator, for example, "There is a possibility that the password is leaked." Further, control may be performed so as to stop using the device.

INDUSTRIAL APPLICABILITY The present invention is useful as a device or a method for authenticating that a specific individual or a specific article is present at a specific location or a specific time, or that the specific individual exists at a specific location. The present invention can be applied to a terminal device and its server device for real-time or post-authentication of what has been done or what has been done.

FIG. 3 is a diagram showing a manner in which a delivery person of a home delivery company performs various authentications using an authentication device when delivering an article according to the first embodiment. FIG. 2 is an external view of the authentication device in FIG. 1. FIG. 2 is a block diagram illustrating a functional configuration of the authentication device. It is an example of a structure of delivery person fingerprint data etc. stored in a target information DB. 5 is a configuration example of a delivery data table stored in a storage unit. 6 is a configuration example of an authentication result data table registered at the time of delivery registered in a storage unit. 6 is a flowchart illustrating a process of the authentication device. FIG. 9 is a system configuration diagram of an authentication system according to a second embodiment. FIG. 2 is a diagram illustrating a business trip, which is an example of a management target by the authentication system. 6 is an example of the configuration of a business trip schedule table stored in an authentication server and indicating a posting schedule of an employee; 5 is a configuration example of a business trip result table that stores data representing a business trip result of an employee, which is stored in an authentication server. FIG. 4 is a communication sequence diagram between the authentication server and the authentication device when an employee travels. 13 is a flowchart illustrating a state of arrival processing in the authentication terminal of FIG. 12. 13 is a flowchart illustrating a state of an authentication process in FIG. 12. FIG. 4 is a communication sequence diagram between an authentication server and an authentication terminal when authenticating a creator and a photographing place in a photographic work using an authentication system. Using the authentication system, between the authentication server and the authentication terminal when authenticating the worker and its location, etc. in the case "the lock manager of a facility locks when there is no worker in the facility" FIG. 4 is a communication sequence diagram in FIG.

Explanation of reference numerals

DESCRIPTION OF SYMBOLS 10 Input part 11 Target information acquisition part 12 User input part 20 Display part 30 Operation control part 40 Target information processing part 41 Target information authentication part 42 Target information DB
43 target information DB update unit 50 transmission / reception control unit 51 GPS data reception unit 52 position information reception unit 53 data transmission unit 60 time information authentication unit 70 position information processing unit 71 position information generation authentication unit 72 position information DB
73 Location information DB update unit 80 Video generation unit 85 Alarm sound generation unit 90 Storage unit 200 Authentication device 201 Authentication terminal 210 Housing 220 Display panel 230 Infrared port 240 Fingerprint reading sensor 245 Communication port 250 Keyboard 260 Memory slot 270 Barcode reader 280 antenna 290 speaker 300 authentication system 310 authentication server 320 network

Claims (31)

An authentication device that authenticates the validity of a specific individual,
Target information obtaining means for obtaining, from the individual, first target information characterizing the individual;
A target information authentication unit that authenticates the validity of the individual based on the obtained first target information;
Position information obtaining means for obtaining position information indicating a position where the individual exists,
An authentication device comprising: a position information adding unit that associates the acquired position information with first target information relating to the individual whose legitimacy has been authenticated. An authentication device for a specific individual, which authenticates its validity and the existence of the individual,
Target information acquisition means for acquiring target information characterizing the individual;
Position information obtaining means for obtaining position information indicating a position where the individual exists,
Based on the acquired target information, target information authentication means for authenticating the validity of the individual,
Based on the acquired position information, a position information authentication unit that authenticates the position where the individual exists,
An authentication device comprising: an authenticating unit that authenticates that the individual exists when the legitimacy of the individual is authenticated and the position information is authenticated. The authentication device may further include:
A first storage unit that stores in advance second target information for recognizing the specific individual;
The target information authentication means,
When the first target information relating to a specific individual is acquired, the second target information relating to the individual is read from the first storage unit, and the second target information and the acquired first target information are read. The authentication device according to claim 1, wherein the authentication unit authenticates the specific individual if the results match with each other. The authentication device according to claim 3, wherein the specific individual is a specific individual. The target information acquisition means,
As the first target information, at least one of a password that can identify the specific individual, biometric authentication information, fingerprint, voiceprint, facial appearance, retina, palm shape, handwriting, hand vein pattern and iris information The authentication device according to claim 4, wherein the authentication device acquires one piece of information. The authentication device according to claim 3, wherein the specific individual is a specific individual and an article possessed by the individual. The target information acquisition means,
As the first target information, at least one of a password that can identify the specific individual, biometric authentication information, fingerprint, voiceprint, facial appearance, retina, palm shape, handwriting, hand vein pattern and iris information Acquiring one piece of information, and acquiring at least one piece of information from an identification code characterizing the article and information representing an appearance of the article;
7. The authentication device according to claim 6, wherein: The position information acquisition means,
The authentication device according to claim 3, wherein position information of a position where the individual exists is acquired by a GPS (Global Positioning System). The position information acquisition means,
The authentication device according to claim 3, wherein position information of a position where the individual exists is obtained from a PHS (Personal Handyphone System) or a base station of a mobile phone system. The position information obtaining means further includes:
The authentication device according to claim 3, wherein time information indicating the time at which the individual exists is acquired from a radio clock system. The authentication device further incorporates a clock that can measure a predetermined reference time or standard time,
The position information obtaining means further includes:
The authentication device according to claim 3, wherein time information indicating a time at which the individual is present is obtained from the clock. The authentication device may further include:
A time information authentication unit that authenticates the time at which the individual was present, based on the obtained time information,
The existence authentication means further comprises:
The authentication device according to claim 11, wherein the authentication unit authenticates that the individual actually exists at the authenticated time. The authentication device may further include:
A second storage unit that stores in advance the second target information characterizing the specific individual, and position information and time information representing a position and a time after the movement when the individual is moved according to a predetermined schedule;
The target information authentication means,
Reading the second target information relating to the specific individual from the second storage means, collating the read second target information with the obtained first target information, and determining that the results match. Certifying that the particular individual is legitimate,
The location information authentication means,
From the second storage means, read the position information after the movement of the specific individual, collate the read position information and the acquired position information, if the result matches, the Certify that the location where the particular individual is located is legitimate,
The time information authentication unit includes:
From the second storage means, read the time information related to the time after the movement of the specific individual, compare the read time information and the acquired time information, and they are in the same time zone 13. The authentication device according to claim 12, wherein when it is determined that the specific individual exists, the time at which the specific individual exists is authenticated. An authentication server for authenticating the legitimacy of the individual and the existence of the individual for at least one individual among a specific individual and specific articles possessed by the individual, and a network for the authentication server. An authentication system including an authentication terminal connected via the
The authentication terminal,
From the individual, target information acquisition means for acquiring target information characterizing the individual,
Position information obtaining means for obtaining position information indicating a position where the individual exists,
Transmitting means for transmitting the obtained target information and the position information to the authentication server,
The authentication server,
Receiving means for receiving target information and position information from the authentication terminal;
Based on the received target information, target information authentication means for authenticating the validity of the individual,
Based on the received position information, a position information authentication unit that authenticates the position where the individual exists,
An authentication system comprising: an existence authentication unit that authenticates that the individual exists when the legitimacy of the individual is authenticated and the position information is authenticated. The target information acquisition means of the authentication terminal,
As the target information, at least one of a password that can identify the specific individual, biometric authentication information, fingerprint, voiceprint, facial appearance, retina, palm shape, handwriting, vein pattern of the back of the hand and iris. The authentication system according to claim 14, wherein at least one of an identification code for acquiring information and identifying the article and information representing an appearance of the article is acquired. The location information acquisition unit of the authentication terminal,
The authentication system according to claim 14, wherein position information of a position where the individual exists is obtained from a PHS (Personal Handyphone System) or a base station of a mobile phone system. The location information acquisition unit of the authentication terminal,
The authentication system according to claim 14, wherein position information of a position where the individual exists is acquired by a global positioning system (GPS). The authentication terminal further includes:
Comprising time information acquisition means for acquiring time information representing the time at which the individual was present,
The transmitting means also transmits the obtained time information to the authentication server,
The receiving means of the authentication server further receives time information from the authentication terminal,
The authentication server further includes:
A time information authentication unit that authenticates the time at which the individual was present, based on the received time information,
The existence authentication unit of the authentication server further includes:
The authentication system according to claim 17, wherein the authentication is performed when the individual exists at the authenticated time. The time information authentication unit of the authentication server further includes:
19. The authentication system according to claim 18, wherein time information is acquired from a radio-controlled timepiece system, and the time at which the individual is present is authenticated based on the time information and the received time information. The authentication server further incorporates a clock that can measure a predetermined reference time or standard time,
The time information authentication unit further includes:
The authentication system according to claim 18, wherein the authentication unit authenticates the time when the individual exists based on the time information of the built-in clock and the received time information. The authentication server further includes:
Storage means for storing in advance object information characterizing the specific individual, and position information and time information representing the position and time after the movement when the individual is moved according to a predetermined schedule,
In the authentication server,
The target information authentication means,
From the storage means, read out the target information related to the specific individual, collate the read target information with the received target information, and when the result matches, the specific individual is valid. Certify that there is,
The location information authentication means,
From the storage means, read the position information after the movement of the specific individual, collate the read position information and the received position information, if the result matches, the specific Certify that the position where the individual is located is legitimate,
The time information authentication unit includes:
From the storage means, read out the time information after the movement of the specific individual, compare the read time information and the received time information, it was determined that they are in the same time zone 21. The authentication system according to claim 20, wherein in that case, the time at which the specific individual exists is authenticated. The transmitting means of the authentication terminal further comprises:
Information that can identify the authentication terminal, added to the target information and the location information and transmitted to the authentication server,
The receiving means of the authentication server further comprises:
It is determined whether the received information for identifying the authentication terminal is valid or not, and when it is determined that the information is valid, the received target information and position information are treated as valid information. The authentication system according to claim 21, which performs the authentication. The authentication server further includes:
When the information that can identify the received authentication terminal is determined to be not valid information, it includes a warning transmission unit that transmits information indicating a predetermined warning to the authentication terminal,
The authentication terminal further includes:
The authentication system according to claim 22, further comprising: a warning receiving unit that receives the information indicating the warning from the authentication server and presents the content of the information. The transmitting means of the authentication terminal further comprises:
Encrypting the target information and the location information and transmitting the encrypted information to the authentication server,
The receiving means of the authentication server further comprises:
The authentication system according to claim 22, wherein the encrypted target information and position information received from the authentication terminal are decrypted. The authentication server further includes:
Based on a predetermined rule, update the information capable of identifying the authentication terminal and notify the authentication terminal,
The authentication terminal further includes:
23. The authentication system according to claim 22, wherein information that can identify the authentication terminal is updated by notification from the authentication server based on a predetermined rule. Locking including a management server that grasps the legitimacy of a specific worker and the position where the worker is present and manages locking at a predetermined facility, and a worker terminal connected to the management server via a network. A management system,
The worker terminal,
From the worker, target information obtaining means for obtaining target information characterizing the worker,
Position information obtaining means for obtaining position information representing a position where the worker is present,
Transmitting means for transmitting the obtained target information and the position information to the management server,
The management server,
Receiving means for receiving target information and position information from the worker terminal,
Based on the received target information, target information authentication means for authenticating the legitimacy of the worker,
Based on the received position information, position information determining means for determining whether the position where the worker is present is a safe position,
The lock management system is characterized in that when the legitimacy of the worker is authenticated and the position of the worker is determined to be a safe position, the predetermined facility is locked. A management server that grasps the legitimacy of a specific employee and the position and time at which the employee exists and manages a round trip to a predetermined destination, and an employee terminal connected to the management server via a network. A patrol management system including:
The employee terminal is
Target information obtaining means for obtaining target information characterizing the employee from the employee;
Position information obtaining means for obtaining position information indicating a position where the employee is present,
Time information acquisition means for acquiring time information representing the time at which the employee is present,
Transmitting means for transmitting the obtained target information, the position information and the time information to the management server,
The management server,
Receiving means for receiving the target information, the location information and the time information from the employee terminal,
Based on the received target information, target information authentication means for authenticating the validity of the employee,
Based on the received position information, position information determining means for determining whether the position where the employee is present is a position of a valid visit,
Based on the received time information, time information determining means for determining whether the time at which the employee is present is a valid time,
The patrol management system is characterized in that when the legitimacy of the employee is authenticated and the position and time of the employee are determined to be valid positions and times, the patrol visit is determined to be valid. An authentication method that authenticates the validity of a specific individual,
A target information obtaining step of obtaining, from the individual, first target information characterizing the individual;
Based on the obtained target information, target information authentication step of authenticating the validity of the individual,
A position information adding step of obtaining position information indicating a position where the individual whose authenticity has been authenticated exists and associating the position information with the target information. An authentication method for authenticating the validity of a specific individual and the existence of the individual,
A target information obtaining step of obtaining target information characterizing the individual;
A position information obtaining step of obtaining position information indicating a position where the individual exists,
Based on the obtained target information, target information authentication step of authenticating the validity of the individual,
Based on the acquired position information, a position information authentication step of authenticating the position where the individual exists,
An authentication step of authenticating that the individual exists when the legitimacy of the individual is authenticated and the location information is authenticated. A program for an authentication device that authenticates the validity of a specific individual,
A target information obtaining step of obtaining, from the individual, first target information characterizing the individual;
Based on the obtained target information, target information authentication step of authenticating the validity of the individual,
A position information adding step of obtaining position information indicating a position where the individual whose authenticity is authenticated exists and associating the position information with the target information. (Existence authentication program: old claim 38)
A program for an authentication device that authenticates the validity of the specific individual and the existence of the individual,
A target information obtaining step of obtaining target information characterizing the individual;
A position information obtaining step of obtaining position information indicating a position where the individual exists,
Based on the obtained target information, target information authentication step of authenticating the validity of the individual,
Based on the acquired position information, a position information authentication step of authenticating the position where the individual exists,
An authenticating step of authenticating that the individual exists when the legitimacy of the individual is authenticated and the location information is authenticated.

Images