JP2006092491A - Personal authentication apparatus, personal authentication system, personal authentication method and personal authentication program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a personal authentication apparatus, a personal authentication system, a personal authentication method and a personal authentication program that can authenticate a customer according to a feature quantity of face image data changing with time. <P>SOLUTION: The personal authentication apparatus 10 authenticates a customer according to biometric authentication data changing with time. An imaging part 104 images a predetermined region of the customer representing a predetermined biometric characteristic. An IC tag reading/writing part 103 reads a plurality of biometric authentication data acquired from respective pickup image data imaging the predetermined region of the customer at a plurality of past time points from a predetermined IC tag 3 carried by the customer. An authentication determination part 1072 identifies the customer according to the result of collation between the plurality of biometric authentication data read by the IC tag reading/writing part 103 and biometric authentication data acquired from the pickup image data imaging the customer at the authentication. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a user authentication device, a user authentication system, a user authentication method, and a user authentication program for authenticating a customer based on biometric authentication data that varies with time, and in particular, a biometric that varies with time. The present invention relates to a personal authentication device, a personal authentication system, a personal authentication method, and a personal authentication program capable of authenticating a customer who matches the reality based on authentication data.

  2. Description of the Related Art Conventionally, a personal authentication device for authenticating a customer's identity based on biometric authentication data for identifying an individual such as face image data, voiceprint data, fingerprint data, or the like has been known in a sales office of a financial institution. Such a personal authentication device is installed at a financial institution or the like, for example, and the facial image data obtained by capturing the feature amount of the face image data read from the IC tag attached to the bank passbook etc. carried by the customer and the face of the customer The customer's authentication decision is made by checking the feature quantity of the customer.

  For example, Patent Document 1 uses a feature amount of customer face image data registered in an IC card carried by a customer and a detailed feature amount of customer face image data registered in a server in two stages. Disclosed is a conventional technique for performing customer authentication determination. Moreover, in patent document 2, face image data and personal information are memorize | stored in an IC card, customer's personal information is confirmed, and customer's authentication judgment is performed by visually confirming a customer based on the displayed face image data. The prior art is disclosed.

JP-A-62-212781 Japanese Patent Laid-Open No. 62-147580

  However, in the prior arts of Patent Documents 1 and 2, the identity of the customer is calculated by calculating the degree of coincidence between the feature amount of the customer's face image data when visiting the store and the feature amount of the face image data registered in advance. It was. Alternatively, the customer's identity is verified by visually confirming the customer's face when visiting the store and face image data registered in advance. Therefore, when the customer is wearing makeup different from when the facial image data is registered, the customer may be authenticated if he / she is not the person himself / herself.

  Financial institutions provide services corresponding to their identity when they authenticate themselves, so authenticating themselves as being unintentional will cause inconvenience to customers and eventually result in financial institution loss. . That is, it goes without saying that it is a security problem to authenticate a person who is not the person, but in financial institutions, it is a problem that the person is authenticated but not the person.

  In addition, when authenticating a customer based on biometric authentication data that does not change over time such as fingerprint data, such problems do not occur, but based on biometric authentication data that changes over time such as facial image data. When authenticating a customer's identity, the identity of the customer, but not the identity of the customer, is authenticated, which is a problem that does not match reality.

  The present invention has been made in order to solve the above-described problems, and a personal authentication device that can authenticate a customer according to reality based on biometric data that varies with time, a person An object of the present invention is to provide an authentication system, a personal authentication method, and a personal authentication program.

  In order to solve the above-described problems, the present invention provides a personal authentication device for authenticating a customer based on biometric authentication data that varies with time, and a predetermined biometric characteristic of the customer. Imaging means for imaging a part; and reading means for reading a plurality of biometric authentication data respectively obtained from captured image data obtained by imaging a predetermined part of the customer at a plurality of past times from a predetermined storage medium carried by the customer; It is authenticated whether or not the customer is the person based on a collation result between a plurality of biometric authentication data read by the reading unit and biometric authentication data obtained from captured image data obtained by imaging the customer at the time of authentication. And an authentication means.

  In the above invention, the present invention is further characterized by further comprising biometric authentication data acquisition means for acquiring a predetermined feature amount as the biometric authentication data from the captured image data captured by the imaging means.

  Also, in the present invention according to the above invention, the authentication unit includes the latest biometric data read by the reading unit and biometric data calculated based on captured image data obtained by capturing the customer at the time of authentication. If it is within a predetermined error, the customer is authenticated as the principal.

  Also, in the present invention according to the above invention, the authentication unit includes the latest biometric data read by the reading unit and biometric data calculated based on captured image data obtained by capturing the customer at the time of authentication. If it is not within a predetermined error, the biometric authentication data calculated based on the captured image data obtained by capturing the customer at the time of authentication is compared with a plurality of authentication data read by the reading unit, and each comparison result And authenticating whether or not the customer is the principal.

  Further, the present invention is the above invention, wherein the imaging unit images a customer's face image, and the reading unit calculates a plurality of face image data calculated from a plurality of face image data obtained by imaging the customer's face portion at a plurality of past time points. The biometric authentication data is read from a predetermined storage medium carried by the customer, and the authentication means calculates based on a plurality of biometric authentication data read by the reading means and face image data obtained by imaging the customer at the time of authentication. The customer is authenticated based on the collation result with the biometric authentication data thus obtained.

  In the above invention, the present invention further comprises face image display means for displaying the face image data, and face image data display control means for controlling display of the face image data on the face image display means. Reads a plurality of biometric authentication data and one or a plurality of face image data respectively calculated from a plurality of face image data obtained by imaging the face portion of the customer at a plurality of past times, and the face image data display control means includes: When the authentication unit authenticates that the customer is not the person, the display unit controls display of one or more face image data read from the storage medium by the reading unit, or the one or more The face image data and the face image data captured at the time of authentication by the imaging unit are controlled to be displayed on the face image display unit. To.

  Also, the present invention provides the face image data captured at the time of authentication by the image capturing means and the biometric authentication data calculated from the face image data when the customer is authenticated as the person in the above invention. It is further characterized by further comprising writing means for writing to the storage medium.

  Further, the present invention is characterized in that in the above-mentioned invention, an authentication result display means for displaying an authentication result by the authentication means is further provided.

  The present invention also provides a personal authentication server device that provides biometric authentication data that varies with time, a personal authentication device that authenticates a customer based on the biometric data acquired from the personal authentication server device, The personal authentication server device associates a plurality of biometric authentication data respectively obtained from captured image data obtained by capturing a predetermined part of the customer at a plurality of past points in time with the customer. A personal authentication database for storing, wherein the personal authentication device captures a plurality of pieces of biometric authentication data relating to a customer imaged by the imaging means and an imaging means for imaging a predetermined part showing a predetermined biometric characteristic of the customer; An acquisition unit that acquires from an authentication server device, a plurality of biometric authentication data acquired by the acquisition unit, and an image of the customer captured at the time of authentication On the basis of the comparison result between the obtained biometric data from the image data customer comprising the authentication means for authenticating whether a person.

  The present invention is also a personal authentication method for authenticating a customer's identity based on biometric authentication data that varies with time, and an imaging step for imaging a predetermined part exhibiting a predetermined biometric characteristic of the customer; A reading process of reading a plurality of biometric authentication data respectively obtained from captured image data obtained by imaging a predetermined part of the customer at a plurality of past points of time from a predetermined storage medium carried by the customer, and read by the reading process An authentication step of authenticating whether or not the customer is the person based on a result of collation between biometric authentication data obtained from captured image data obtained by imaging a plurality of biometric authentication data and the customer at the time of authentication. It is characterized by.

  Further, the present invention is a personal authentication program for authenticating a customer based on biometric authentication data that varies with time, and an imaging procedure for imaging a predetermined part showing a predetermined biometric characteristic of the customer; , A reading procedure for reading a plurality of biometric data obtained from captured image data obtained by imaging a predetermined part of the customer at a plurality of past points in time from a predetermined storage medium carried by the customer, and a plurality of reading steps read by the reading procedure The computer executes an authentication procedure for authenticating whether or not the customer is the person based on a result of matching between the biometric authentication data of the user and the biometric authentication data obtained from the captured image data obtained by capturing the customer at the time of authentication It is characterized by that.

  According to the present invention, a customer carries a plurality of pieces of biometric authentication data respectively obtained from captured image data obtained by imaging a predetermined part showing a predetermined biometric characteristic of the customer and imaging the predetermined part of the customer at a plurality of past time points. Whether or not the customer is the identity of the customer based on the collation result between the plurality of biometric authentication data read from the predetermined storage medium and the biometric authentication data obtained from the captured image data obtained by imaging the customer at the time of authentication. Since the authentication is configured, it is possible to authenticate the customer according to the reality based on the biometric data that varies with time.

  In addition, according to the present invention, since a predetermined feature amount is acquired as biometric authentication data from the captured image data, biometric authentication data can be easily acquired from the captured image data.

  Further, according to the present invention, when the latest biometric authentication data read and biometric authentication data calculated based on captured image data obtained by capturing the customer at the time of authentication are within a predetermined error, the customer Since authentication is performed to authenticate the user, the latest biometric data is weighted and evaluated with the highest weight, so that the customer's identity can be authenticated in accordance with reality.

  Further, according to the present invention, when the latest biometric authentication data read and biometric authentication data calculated based on captured image data obtained by capturing the customer at the time of authentication are not within a predetermined error, the customer is The biometric authentication data calculated based on the captured image data captured at the time of authentication is compared with each of a plurality of read biometric authentication data, and the customer is authenticated based on the comparison result. As a result, it is possible to authenticate the customer according to the reality by evaluating the comparison result of the plurality of biometric authentication data.

  Further, according to the present invention, the customer's face image is captured, and the customer stores a plurality of pieces of biometric data calculated from the plurality of face image data obtained by capturing the customer's face portion at a plurality of past points in time. Based on the comparison result between the biometric authentication data read from the medium and the biometric authentication data calculated based on the face image data obtained by imaging the customer at the time of authentication, whether or not the customer is the user is authenticated Since it comprised in this way, there exists an effect which can authenticate the identity of the customer who matched reality based on the biometric data which fluctuate | varies with a time-dependent change.

  Further, according to the present invention, a plurality of biometric authentication data and one or a plurality of face image data respectively calculated from a plurality of face image data obtained by imaging a customer's face at a plurality of past points in time are read, and the customer is not the person. If one or more face image data read from the storage medium is displayed, display control is performed on one or more face image data and face image data captured at the time of authentication. As a result, it is possible to easily visually check whether or not the customer is the person himself / herself based on the displayed face image data.

  Further, according to the present invention, when the customer is authenticated, the face image data captured at the time of authentication and the biometric data calculated from the face image data are written to the storage medium. Thus, it is possible to update the face image data and the feature amount of the storage medium and increase the reliability of customer authentication.

  Further, according to the present invention, since the authentication result is displayed, there is an effect that the authentication result can be easily known.

  Further, according to the present invention, a plurality of biometric authentication data respectively obtained from captured image data obtained by imaging a predetermined part showing a predetermined biometric characteristic of the customer and imaging the predetermined part of the customer at a plurality of past time points are obtained. A plurality of biometric authentication data related to the customer imaged from the personal authentication database stored in association with the acquired biometric authentication data and the biometric authentication data obtained from the acquired biometric authentication data and the captured image data of the customer imaged at the time of authentication Because it is configured to authenticate whether or not the customer is the identity based on the result of the comparison with the customer, it is possible to authenticate the customer according to the reality based on biometric data that varies with time There is an effect.

Embodiments 1 and 2 of a personal authentication apparatus according to the present invention will be described below in detail with reference to the drawings.
(1) In the first embodiment, a case where the personal authentication device reads the face image data and the feature amount of the face image data from the IC tag attached to the bank passbook carried by the customer and authenticates the customer is described.
(2) In the second embodiment, the case where the personal authentication device acquires the face image data and the feature amount of the face image data from the personal authentication server device and authenticates the customer is described.
In addition, this invention is not limited by these Examples.

  In the first embodiment, a case where the personal authentication device reads the face image data and the feature amount of the face image data from the IC tag attached to the bank passbook carried by the customer to authenticate the customer is described. Here, (1-1) the outline and main features of the personal authentication system, (1-2) the configuration of the personal authentication system, and (1-3) the personal authentication procedure of the personal authentication system will be described in this order.

(1-1) Overview and Main Features of Personal Authentication System First, the overview and main features of the personal authentication system according to the first embodiment will be described with reference to FIGS. 1 and 2. FIG. 1 is an explanatory diagram for explaining an example of a bank store to which the personal authentication system according to the first embodiment is applied. FIG. 2 is an explanatory diagram for explaining an overview of personal authentication of the personal authentication system according to the first embodiment.

  As shown in FIG. 1, in this store, a plurality of windows are provided facing the lobby where customers are located. At these counters, a bank employee called a teller in charge of the counter responds to the customer and delivers cash, bankbooks and slips according to the processing required by the customer. Behind it is a board seat. At this seat, an officer who is in charge of managing the window, for example, a section manager, confirms and approves the processing contents at each window. There is a seat behind the back, which provides support for counter operations. At these seats, a staff member in charge of back work performs processing such as computer input of slips processed at the window. In addition, a cashier is provided at one corner of the store to deposit and withdraw cash.

  One identity authentication device 10 or 12 is arranged for each of the teller seat and the executive seat. When the customer withdraws cash from the account, the bank passbook carried by the customer is held over the identity authentication device 10 to confirm the identity. A non-contact type IC tag is affixed to the bank passbook, and N feature quantities of customer biometric data, for example, face image data and face image data, are stored in the IC tag. Normally, Teller handles the customer, but when the authentication is performed that the person authentication device 10 is not the person, the face image data read from the IC tag is displayed on the person authentication device 12 at the office and the section manager is displayed. Etc. are visually confirmed to make an authentication decision.

Next, with reference to FIG. 2, an outline of the personal authentication of the personal authentication system according to the first embodiment will be described. As shown in the figure, when the customer holds the bank passbook over the IC tag reading / writing device 103 of the personal authentication device 10, the personal authentication device 10 passes N feature values of the face image data from the IC tag 3. Read in order of time. At the same time, the personal authentication device 10 acquires customer face image data with a camera, and calculates a feature amount from the acquired face image data. Then, the reliability H of the matching result obtained by comparing the calculated feature quantity with the feature quantity in the order of the i-th elapsed time read from the IC tag is evaluated by a weighting function WF (i) weighted to the order i of the elapsed time. To do.
H = WF (i)
Here, the subscript i takes a value of 1 to N. That is, a function is selected such that the feature quantity of i = 1 is the latest, WF (i) is the largest, the feature quantity of i = N is the oldest, and WF (i) is the smallest. Specifically, WF (i) is an exponential function or the like.

Further, in order to evaluate the reliability of the collation result of the N feature values read from the IC tag as follows, the sum of the reliability H is taken.
H = H + WF (i)
When the total reliability H is equal to or greater than a predetermined threshold value H0, it is determined that the customer is authenticated. When WF (i) is an exponential function, the reliability of the collation result of the new feature quantity (i = 1 to 3) becomes dominant.

  For example, FIG. 2A shows a case where all of the N feature quantities match (indicated by a circle), and the personal authentication device 10 determines that the customer is the principal. (D) is a case where all of the N feature amounts do not match (indicated by ×), and the personal authentication device 10 determines that the customer is not the person. Therefore, the person authentication device 10 displays the face image data read from the IC tag on the person authentication device 12 at the office, and the section manager visually confirms the determination.

  (B) is a case where the second and third feature values of the N feature values match, and since the reliability H is equal to or higher than a predetermined threshold value H0, the user authentication device 10 is the customer. Judge that there is. (C) shows a case where only the third feature amount of the N feature amounts matches, and the identity authentication device 10 determines that the customer is not the principal because the reliability H is less than the predetermined threshold value H0. To do. Therefore, the person authentication device 10 displays the face image data read from the IC tag on the person authentication device 12 at the office, and the section manager visually confirms and makes an authentication determination.

  As described above, the identity authentication device 10 uses each of the N feature amounts of the face image data read from the IC tag attached to the bank passbook carried by the customer and the face image data of the customer captured by the camera. The calculated feature value is collated. And the reliability H of the collation result collated is evaluated, and it is determined whether or not the customer is the principal based on the evaluated reliability. Furthermore, when it is determined that the customer is not the person himself / herself, the face image data read from the IC tag is displayed on the person identification device 12 at the office and the section manager visually confirms and makes the determination. Based on the biometric authentication data that fluctuates, it is possible to authenticate the customer who matches the reality.

(1-2) Configuration of Personal Authentication System Next, the configuration of the personal authentication system 1 according to the first embodiment will be described with reference to FIG. FIG. 3 is a functional block diagram illustrating the configuration of the personal authentication system 1 according to the first embodiment. As shown in the figure, the personal authentication system 1 includes an IC tag 3, personal authentication devices 10 and 12, a security company terminal device 20, and a network 40.

  The IC tag 3 is a storage medium carried by the customer, and stores a plurality of biometric authentication data for specifying the customer. The biometric authentication data includes at least face image data, feature amounts of face image data, fingerprint data, finger vein data, palm print data, retina data, iris data, voice print data, and handwriting data. In the first embodiment, the IC tag 3 stores face image data and personal identification data as N feature amounts, and is, for example, a non-contact type IC tag.

  The personal authentication device 10 is a face authentication device installed at a bank counter, and authenticates a customer based on the feature amount of face image data. Specifically, the customer's identity is authenticated based on the identity authentication data. The personal authentication device 10 will be described in detail separately.

  Further, the personal authentication device 12 is a face authentication device installed at the office. When the personal authentication device 10 determines that the customer is not the principal, the personal authentication device 12 is stored in the IC tag 3 transmitted from the personal authentication device 10. The face image data obtained by capturing the face image data and the customer's face are displayed in parallel. Then, based on the face image data displayed in parallel, it is determined whether or not the customer is the customer by visual confirmation of the section manager.

  Further, the security company terminal device 20 is a security company terminal device connected to the personal authentication devices 10 and 12, and as a result of customer authentication by the personal authentication devices 10 and 12, another person has impersonated and used the passbook. Receive a report from the bank if fraud is detected. The network 40 is a network for connecting the personal authentication devices 10 and 12 and the security company terminal device 20, and includes the Internet, a LAN, a dedicated line, and combinations thereof.

  Next, the configuration of the personal authentication device 10 will be described in detail. The personal authentication device 10 includes an input unit 101, a display unit 102, an IC tag reading / writing unit 103, an imaging unit 104, an IF unit 105, a storage unit 106, and a control unit 107.

  The input unit 101 is an input device for inputting a request, instruction, and data of a teller at a bank counter, and is a keyboard, a mouse, or the like. The display unit 102 is a display unit that displays face image data and the like, and is an LCD (Liquid Crystal Display) or the like.

  The IC tag reading / writing unit 103 is a reading / writing unit that reads the personal authentication data stored in the IC tag 3 carried by the customer or writes the personal authentication data to the IC tag 3. IC tag reader / writer. The imaging unit 104 is an imaging unit that captures an image of a customer's face, and is specifically a camera or the like. The IF unit 105 is a communication interface unit that communicates with the personal identification device 12 or the security company terminal device 20 at the office via the network 40.

  Here, the configuration of the IC tag reading / writing unit 103 shown in FIG. 3 will be described with reference to FIG. FIG. 4 is a functional block diagram showing the configuration of the IC tag reading / writing unit 103 shown in FIG. The IC tag reading / writing unit 103 shown in the figure is a reading / writing unit that reads or writes the IC tag 3 that is a proximity non-contact IC tag, and includes an antenna 1031, a transmission / reception circuit 1032, and a communication control circuit. 1033 and an input / output circuit 1034.

  The antenna 1031 is, for example, an antenna that transmits a 13.56 MHz microwave band radio wave to the IC tag 3 and receives an 847 KHz radio wave from the IC tag 3, and simultaneously supplies power to the IC tag 3 by the transmitted radio wave. . The transmission / reception circuit 1032 is a circuit that modulates and amplifies the radio wave transmitted to the IC tag 3 and amplifies and demodulates the radio wave received by the antenna 1031. The communication control circuit 1033 is a circuit that controls communication with the IC tag 3. The input / output circuit 1034 is an input / output interface circuit that inputs / outputs data to / from the control unit 107 of the personal authentication device 10. The IC tag 3 includes a coil that transmits and receives radio waves and an IC chip that stores and processes data.

  Returning to the description of FIG. 3, the storage unit 106 is an HHD (Hard Disk Drive) or the like, and stores the personal authentication data read from the IC tag 3 or the captured customer face image data.

  The control unit 107 is a control unit that controls the entire personal authentication apparatus 10, and includes a feature amount calculation unit 1071, an authentication determination unit 1072, a face image data transmission unit 1073, a face image data display control unit 1074, and personal authentication data writing. A control unit 1075 is included.

  The feature amount calculation unit 1071 is a calculation unit that calculates a feature amount from face image data. As described above, since the feature amount calculation unit 1071 acquires a predetermined feature amount from the captured image data as biometric authentication data, the biometric authentication data can be easily acquired from the captured image data.

  Further, the authentication determination unit 1072 collates each of the N feature amounts read from the IC tag 3 by the IC tag reading / writing unit 103 with the feature amount of the face image data obtained by imaging the customer's face. Is a determination unit that determines whether or not the customer is the person himself / herself, and includes a matching result evaluation unit 1072a. The collation result evaluation unit 1072a is an evaluation unit that evaluates the reliability of each collation result of the N feature amounts by weighting the elapsed time of the N feature amounts.

  Further, the authentication determination unit 1072 has a predetermined error between the latest feature amount read by the IC tag reading / writing unit 103 and the feature amount calculated based on face image data obtained by capturing the customer at the time of authentication. In some cases, authenticate that the customer is the principal.

  Further, the authentication determination unit 1072 determines that the latest feature amount read by the IC tag reading / writing unit 103 and the feature amount calculated based on captured image data obtained by capturing the customer at the time of authentication are within a predetermined error. If not, the feature amount calculated based on the face image data captured at the time of authentication of the customer is compared with a plurality of authentication data read by the IC tag reading / writing unit 103, and based on each comparison result Authenticate whether the customer is the principal.

  The face image data transmission unit 1073 is a transmission unit that transmits the face image data to the personal identification device 12 at the office. Further, the face image data display control unit 1074 receives the face image data read from the IC tag 3 by the IC tag reading / writing unit 103 and the imaging unit when the authentication determining unit 1072 determines that the customer is not the person. This is a display control unit that controls to transmit the face image data captured by the image 104 to the personal identification device 12 at the office by the face image data transmission unit 1073.

  As described above, the IC tag reading / writing unit 103 reads a plurality of feature amounts and one or a plurality of face image data respectively calculated from a plurality of face image data obtained by imaging a customer's face portion at a plurality of past time points. The face image data display control unit 1074 controls the display of one or more face image data read from the IC tag 3 when the authentication determination unit 1072 authenticates that the customer is not the person, or one or more Since the display control is performed on the face image data and the face image data captured at the time of authentication, it is possible to easily visually check whether or not the customer is the customer based on the displayed face image data.

  The face image data display control unit 1074 controls the display unit 102 to display the authentication result determined by the authentication determination unit 1072. For example, when the customer holds a passbook over the personal authentication device 10 and the customer is authenticated, the green lamp is displayed as an image. When the customer is not authenticated, the red lamp blinks as an image, and the IC tag 3 is controlled to display the face image data read from 3 on the display unit 102. Further, when the bankbook is removed from the personal authentication device 10, the lamp is turned on, blinked, and the image display of the face image data is turned off.

  Thus, since the display unit 102 displays the authentication result, the authentication result can be easily known. Here, the blinking of the lamp has been described as being displayed as an image, but it may also be displayed with an LED (Light Emitting Diode) or the like.

  Also, the face image data display control unit 1074 reads the personal authentication data from the IC tag 3 by the IC tag reading / writing unit 103 and stores the read personal authentication data in the storage unit 106.

  As described above, the face image data display control unit 1074 reads the personal authentication data from the IC tag 3 by the IC tag reading / writing unit 103 and stores the read personal authentication data. Even if the IC tag 3 is removed from 10, the face image data of the customer can be displayed when the bank clerk visually confirms the customer.

  Further, the personal authentication data writing control unit 1075 determines that the customer is the person himself / herself by visual confirmation based on the face image data displayed on the display unit 102 or the person authentication device 12 at the office by the face image data display control unit 1074. If authentication is determined, the IC tag 3 is updated by writing the face image data obtained by capturing the customer's face and the feature amount of the face image data.

  In this way, the personal authentication data writing control unit 1075 stores the face image data captured at the time of authentication and the biometric data calculated from the face image data in the storage medium when the customer is authenticated. Since writing is performed, the face image data and the feature amount of the storage medium can be updated, and the reliability of customer authentication can be increased.

(1-3) Personal Authentication Procedure of Personal Authentication System Next, a personal authentication procedure of the personal authentication system 1 shown in FIG. 3 will be described with reference to FIG. FIG. 5 is a flowchart showing a personal authentication procedure of the personal authentication system 1 shown in FIG. First, when a passbook is held over the IC tag reading / writing unit 103 of the personal authentication apparatus 10 at the counter by the customer, the face image data display control unit 1074 determines whether or not the passbook is held over the IC tag reading / writing unit 103. Is determined (step S201). As a result, when the passbook is not held over the IC tag reading / writing unit 103 (No in step S201), the face image data display control unit 1074 waits until the passbook is held over the IC tag reading / writing unit 103. .

  On the other hand, when the bankbook is held over the IC tag reading / writing unit 103 (Yes in step S201), the face image data display control unit 1074 starts the face image data and N features from the IC tag 3 attached to the bankbook. The IC tag reading / writing unit 103 is controlled to read the amount (step S202).

  Then, the face image data display control unit 1074 determines whether or not the imaging button of the imaging unit 104 that acquires the customer's face image data has been pressed (step S203). As a result, when the imaging button is not pressed (No at Step S203), the face image data display control unit 1074 waits until the imaging button is pressed.

  On the other hand, when the imaging button is pressed (Yes at Step S203), the face image data display control unit 1074 images the customer's face by the imaging unit 104 and stores it in the storage unit 106 (Step S204). Then, the feature amount calculating unit 1071 calculates the feature amount of the captured customer face image data (step S205).

  Further, the authentication determination unit 1072 collates each of the N feature amounts read from the IC tag 3 with the feature amount of the captured customer face image data, calculates the reliability H (step S206), It is determined whether the degree H is greater than a predetermined threshold value H0 (step S207). As a result, when the reliability H is greater than the predetermined threshold value H0 (Yes at Step S207), the authentication determination unit 1072 displays that the customer has been authenticated (Step S208), and ends this procedure.

  On the other hand, when the reliability H is equal to or lower than the predetermined threshold value H0 (No at Step S207), the face image data display control unit 1074 is read from the IC tag 3 by the face image data transmission unit 1073 to the person authentication device 12 at the office. Control is performed to transmit the captured face image data and the captured customer face image data, and a request is made to display the transmitted face image data (step S209).

  Then, the person-in-person authentication apparatus 12 at the executive office displays the face image data received from the person authentication apparatus 10 at the window in parallel (step S210). Further, the personal identification device 12 at the executive office notifies the personal authentication device 10 at the window of the determination result based on the visual confirmation of the section manager based on the face image data displayed in parallel (step S211).

  On the other hand, the IC tag writing control unit 1075 of the personal authentication apparatus 10 at the counter receives the determination result by the visual confirmation of the section manager from the personal authentication apparatus 12 at the office, and the customer determines based on the received determination result. It is confirmed whether or not it has been authenticated (step S212). As a result, when the customer is authenticated (Yes at step S212), the IC tag writing control unit 1075 writes the face image data and the feature amount of the face image data to the IC tag 3 by the IC tag reading / writing unit 103. (Step S213).

  On the other hand, when the customer is not authenticated (No at Step S212), the IC tag writing control unit 1075 controls to write to the IC tag 3 that the IC tag reading / writing unit 103 has not authenticated (No). Step S214).

  By performing the above-described series of processing, the personal authentication apparatus 10 at the counter collates each of the N feature amounts of the face image data read from the IC tag 3 with the feature amount of the face image data obtained by capturing the customer's face. The reliability of the matching result is calculated, and it is determined whether or not the customer is the principal. Further, when the customer is not authenticated by the personal authentication device 10, the customer's authentication is determined by visual confirmation of the section manager based on the face image data obtained by imaging the customer's face. Therefore, it is possible to authenticate the customer who matches the reality based on the feature amount of the face image data that varies with time.

  Next, the reliability calculation procedure shown in FIG. 5, step S206, will be described in more detail with reference to FIG. FIG. 6 is a flowchart showing the reliability calculation procedure shown in FIG. 5, step S206 in more detail. As shown in the figure, the authentication determination unit 1072 first initializes the subscript i and sets i = 1 (step S301), then initializes the reliability H and sets H = 0.0 (step S302). .

  Then, the authentication determination unit 1072 collates the feature amount in the order of the i-th elapsed time of the IC tag with the feature amount of the captured face image data (step S303). Further, the authentication determination unit 1072 confirms whether or not the feature amount in the order of the i-th elapsed time of the IC tag matches the feature amount of the captured face image data (step S304). As a result, when the feature amounts match (Yes at Step S304), the matching result evaluation unit 1072a calculates the reliability H of the matching result (Step S305).

  Note that WF (i) indicates the reliability H of the matching result obtained by comparing the feature quantity in the order of the i-th elapsed time read from the IC tag 3 with the feature quantity of the captured face image data. This is a weighting function that evaluates the order i with a weight. Further, a function is selected such that the feature quantity of i = 1 is the newest, WF (i) is the largest, the feature quantity of i = N is the oldest, and WF (i) is the smallest. Specifically, WF (i) is an exponential function or the like.

  On the other hand, if the feature amounts do not match (No at Step S304), the authentication determination unit 1072 proceeds to Step S306. Then, the authentication determination unit 1072 sets the subscript i = i + 1 (step S306), and determines whether the subscript i exceeds the number N of feature amounts or whether the reliability H is equal to or higher than a predetermined threshold value H0. Is determined (step S307). As a result, when the subscript i is equal to or smaller than the number N of feature amounts and the reliability H is less than the predetermined threshold value H0 (No at Step S307), the authentication determination unit 1072 repeats Steps S303 to S306. On the other hand, if the subscript i exceeds the number N of feature quantities or the reliability H is greater than or equal to the predetermined threshold value H0 (Yes at step S307), the authentication determination unit 1072 ends this procedure.

  By performing the above-described series of processing, the authentication determination unit 1072 evaluates the collation result obtained by collating the N feature amounts read from the IC tag 3 with the feature amount of the captured face image data as the feature amount is new. Therefore, the reliability of the personal authentication can be increased based on the feature amount of the face image data.

  As described above, in the first embodiment, the imaging unit 104 captures an image of a predetermined part indicating a predetermined biological characteristic of the customer, and the IC tag reading / writing unit 103 stores a plurality of predetermined parts of the customer in the past. The plurality of biometric authentication data respectively obtained from the captured image data captured at the time point is read from the IC tag 3 carried by the customer, and the authentication determination unit 1072 reads the plurality of biometric authentications read by the IC tag reading / writing unit 103. Since it is decided to authenticate whether or not the customer is the customer based on the result of collation between the data and the biometric authentication data obtained from the captured image data obtained by imaging the customer at the time of authentication, Based on the authentication data, it is possible to authenticate the customer who matches the reality.

  Further, in the first embodiment, the imaging unit 104 captures a customer's face image, and the IC tag reading / writing unit 103 calculates each of the customer's face parts from a plurality of face image data captured at a plurality of past time points. A plurality of biometric authentication data read from the IC tag 3 carried by the customer, and the authentication determination unit 1072 captures the plurality of biometric authentication data read by the IC tag reading / writing unit 103 and the customer at the time of authentication. Since it is decided to authenticate whether or not the customer is the customer based on the result of the comparison with the biometric data calculated based on the image data, it is suitable for the reality based on the biometric data that varies with time. Can authenticate the identity of customers.

  In the first embodiment, the authentication determination unit 1072 also calculates the biometric authentication calculated based on the latest biometric authentication data read by the IC tag reading / writing unit 103 and captured image data obtained by capturing the customer at the time of authentication. If the data is within the specified error, it is decided that the customer is the person, so the latest biometric data is weighted and evaluated with the highest weight, and the customer's identity is matched to the reality. Can do.

  In the first embodiment, the authentication determination unit 1072 also calculates the biometric authentication calculated based on the latest biometric authentication data read by the IC tag reading / writing unit 103 and captured image data obtained by capturing the customer at the time of authentication. If the data is not within a predetermined error, the biometric authentication data calculated based on the captured image data obtained by capturing the customer at the time of authentication is compared with each of the read biometric authentication data, and each comparison result is Based on this, it is determined whether or not the customer is the person himself / herself. Therefore, the customer's identity can be authentically matched by evaluating the comparison result of the plurality of biometric data.

  By the way, in the first embodiment, the case where the personal authentication device 10 reads the face image data and the feature amount of the face image data from the IC tag 3 attached to the bank passbook carried by the customer and authenticates the customer is described. However, the present invention is not limited to this, and may be applied to the case where the personal authentication device 10a acquires the face image data and the feature amount of the face image data from the personal authentication server device 30 and authenticates the customer. it can. Accordingly, in the second embodiment, a case will be described in which the personal authentication device 10a acquires the face image data and the feature amount of the face image data from the personal authentication server device 30 and authenticates the customer. Here, (2-1) the configuration of the personal authentication system and (2-2) the personal authentication procedure of the personal authentication system will be described in this order. The description common to the first embodiment is omitted.

(2-1) Configuration of Personal Authentication System First, the personal authentication system 1a according to the second embodiment will be described with reference to FIGS. FIG. 7 is an explanatory diagram for explaining an example of a bank store to which the personal authentication system according to the second embodiment is applied. FIG. 8 is a functional block diagram illustrating the configuration of the personal authentication system 1a according to the second embodiment.

  As shown in FIG. 7, the difference between the first embodiment and FIG. 1 is that the personal authentication server device 30 is installed behind the executive seat. The personal authentication server device 30 is a server that provides biometric authentication data that fluctuates with time, that is, face image data and feature quantities of the face image data in the second embodiment, to the personal authentication devices 10a and 12.

  As shown in FIG. 8, the personal authentication system 1a includes personal authentication devices 10a and 12, a security company terminal device 20, a personal authentication server device 30, and a network 40 connecting them. Here, the control unit 107a of the personal authentication device 10a and the personal authentication server device 30, which are different from the first embodiment, will be described.

  The personal authentication device 10a includes an input unit 101, a display unit 102, an imaging unit 104, an IF unit 105, a storage unit 106, and a control unit 107a. In the second embodiment, the customer face image and the personal authentication data as N feature quantities are acquired from the personal authentication server device 30, so that the IC tag reading / writing unit 103 is eliminated. Further, the control unit 107a is different from the functional block diagram of the first embodiment.

The control unit 107a is a control unit that controls the entire personal authentication device 10a, and includes a feature amount calculation unit 1071, an authentication determination unit 1072, a face image data transmission unit 1073, a face image data display control unit 1074, and a personal authentication data acquisition unit. 1076 and a personal authentication data registration request unit 1077. Among these, since the personal authentication data acquisition unit 1076 and the personal authentication data registration request unit 1077 are different from the constituent elements of the control unit 107 of the first embodiment, the personal authentication data acquisition unit 1076 and the personal authentication data registration request unit 1077 are different. Will be described.

  The personal authentication data acquisition unit 1076 is an acquisition unit that acquires face image data and N feature amounts associated with a customer from the personal authentication server device 30. Specifically, when a customer number is input from the keyboard of the personal authentication device 10a at the window by the customer, the personal authentication device 10a displays the face image data associated with the customer number input by the customer and N features. The amount is acquired from the personal authentication server device 30. The personal authentication data registration request unit 1077 is a request unit that requests the personal authentication server device 30 to register the face image data obtained by capturing the customer's face and the feature amount of the face image data.

  The personal authentication server device 30 is a server that provides biometric authentication data that varies with time, and includes an IF unit 301, a storage unit 302, and a control unit 303. In the second embodiment, the biometric authentication data is the face image data and the feature amount of the face image data.

  The IF unit 301 is a communication interface unit that communicates with the personal authentication devices 10 a and 12 and the security company terminal device 20 via the network 40. The storage unit 302 is an HHD or the like and has a personal authentication database 3021. The personal authentication database 3021 is a database that stores face image data and personal authentication data, which are N feature amounts, in association with customers. Specifically, the face image data and the N feature quantities are stored in association with the customer number of the customer.

  The control unit 303 is a control unit that controls the entire personal authentication server device 30, and includes a personal authentication data search unit 3031, a personal authentication data transmission unit 3032, and a personal authentication data registration unit 3033. The personal authentication data search unit 3031 is a search unit that searches for personal authentication data associated with the customer number from the personal authentication database 3021 based on the request for acquiring the personal authentication data received from the personal authentication device 10a.

  The personal authentication data transmission unit 3032 is a transmission unit that transmits the personal authentication data searched by the personal authentication data search unit 3031 to the personal authentication device 10a. Further, the personal authentication data registration unit 3033 receives a registration request for the face image data and the feature amount of the face image data captured by the image capturing unit 104 from the personal authentication device 10a, and the received face image data and the features of the face image data. This is a registration unit that stores the amount in the personal authentication database 3021 in association with the customer number.

(2-2) Personal Authentication Procedure of Personal Authentication System Next, a personal authentication procedure of the personal authentication system 1a shown in FIG. 8 will be described with reference to FIG. FIG. 9 is a flowchart showing a personal authentication procedure of the personal authentication system 1a shown in FIG. Since the difference from the personal authentication procedure of the first embodiment is steps S401 to S404 and steps S413 to S417, steps S401 to S404 and steps S413 to S417 will be described.

  First, the procedure from step S401 to step S404 in FIG. When the customer number is input to the personal authentication device 10a by the customer at the bank counter, the personal authentication data acquisition unit 1076 determines whether or not the customer number is input to the personal authentication device 10a (step S401). As a result, when the customer number is not input to the personal authentication device 10a (No at Step S401), the personal authentication data acquisition unit 1076 waits until the customer number is input to the personal authentication device 10a.

  On the other hand, when the customer number is input to the personal authentication device 10a (Yes at Step S401), the personal authentication data acquisition unit 1076 transmits the customer number to the personal authentication server device 30 and the personal authentication data associated with the customer number. Is requested (step S402).

  Then, the personal authentication data search unit 3031 of the personal authentication server device 30 receives the customer number from the personal authentication device 10a, and searches the personal authentication data associated with the received customer number (step S403). Further, the personal authentication data transmission unit 3032 transmits the retrieved personal authentication data to the personal authentication device 10a (step S404).

  Through the series of processes described above, the personal authentication device 10a can acquire the personal authentication data associated with the customer number of the customer from the personal authentication server device 30. Here, it has been described that the customer inputs the customer number from the personal authentication device 10a. However, a teller at a bank counter may input the customer number from the personal authentication device 10a.

  Also, the procedure of steps S413 to S417 in the figure will be described. The personal identification device 12 at the officer's seat notifies the determination result by visual confirmation of the section manager to the personal authentication device 10a at the window based on the displayed face image data (step S413).

  Then, the person authentication device 10a receives the determination result by the visual confirmation of the section manager from the person authentication device 12 at the officer's seat, and checks whether or not the customer has been authenticated based on the received determination result (step S414). As a result, when the customer is authenticated (Yes at step S414), the personal authentication data registration request unit 1077 requests registration of the face image data obtained by capturing the customer's face and the feature amount of the face image data (step S415). Then, the personal authentication data registration unit 3033 of the personal authentication server device 30 registers the face image data received from the personal authentication device 10a and the feature amount of the face image data in the personal authentication database 3021 in association with the customer number of the customer ( Step S416).

  On the other hand, when the customer is not authenticated (No at Step S414), the personal authentication data registration request unit 1076 requests to record that the authentication has not been performed in the personal authentication data of the personal authentication server device 30 (Step S417). ). Then, the personal authentication data registration unit 3033 of the personal authentication server device 30 records that the personal authentication data in the personal authentication database 3021 associated with the customer number has not been authenticated in accordance with the request of the personal authentication device 10a ( Step S416).

  When the customer is authenticated by visual confirmation through the above series of processing, the face image data obtained by imaging the customer's face and the feature amount of the face image data are registered in the personal authentication database 3021 and the customer is not authenticated by visual confirmation. In the case of authentication, the fact that the authentication was not performed in accordance with the request of the personal authentication device 10a is recorded in the customer's personal authentication data. Accordingly, the reliability of the personal authentication can be increased by visual confirmation, and the fact that the authentication has not been performed is recorded in the personal authentication database 3021. Therefore, even if the customer uses other personal authentication devices maliciously, As long as other personal authentication devices use the common personal authentication database 3021, it is not necessary to make the same authentication determination twice, and the burden on customer service can be reduced.

  Next, the reliability calculation procedure shown in FIG. 9 and step 408 will be described with reference to FIG. FIG. 10 is a flowchart showing the reliability calculation procedure shown in FIG. 9 and step 408 in more detail. Since FIG. 10 is the same as FIG. 6 of the first embodiment, detailed description thereof is omitted here.

  As described above, in the second embodiment, the imaging unit 103 captures an image of a predetermined part indicating the predetermined biological characteristics of the customer, and the personal authentication data acquisition unit 1076 captures the predetermined part of the customer at a plurality of past points in time. A plurality of pieces of biometric authentication data relating to a customer acquired from a personal authentication database 3021 that stores a plurality of pieces of biometric authentication data respectively obtained from the picked-up captured image data in association with the customer, and the authentication determination unit 1072 is acquired. In addition, it is determined whether or not the customer is the person based on the result of matching between the plurality of biometric authentication data and the biometric authentication data obtained from the captured image data obtained by capturing the customer at the time of authentication. Based on the biometric authentication data that fluctuates with it, it is possible to authenticate the customer who matches the reality.

  In the first and second embodiments, the face image data and the feature amount of the face image data are described as the personal authentication data. However, the present invention is not limited to this, and the face image data or the face image is not limited thereto. The present invention can be applied to a case where the feature amount of data is combined with other biometric authentication data such as fingerprints, veins, and voiceprints.

  As described above, the personal authentication device according to the present invention is suitable for a personal authentication device used at a bank window or the like.

It is explanatory drawing for demonstrating an example of the store of the bank to which the personal identification system which concerns on Example 1 is applied. It is explanatory drawing for demonstrating the outline | summary of the personal authentication of the personal authentication system which concerns on Example 1. FIG. 1 is a functional block diagram illustrating a configuration of a personal authentication system according to a first embodiment. It is a functional block diagram which shows the structure of the IC tag reading / writing part shown in FIG. It is a flowchart which shows the personal authentication procedure of the personal authentication system shown in FIG. It is a flowchart which shows the reliability calculation procedure shown in FIG. 5 in detail. It is explanatory drawing for demonstrating an example of the store of the bank to which the personal identification system which concerns on Example 2 is applied. It is a functional block diagram which shows the structure of the personal authentication system which concerns on Example 2. FIG. It is a flowchart which shows the personal authentication procedure of the personal authentication system shown in FIG. 10 is a flowchart showing the reliability calculation procedure shown in FIG. 9 in more detail.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1, 1a User authentication system 3 IC tag 10, 10a, 12 User authentication apparatus 101 Input part 102 Display part 103 IC tag reading / writing part 1031 Antenna 1032 Transmission / reception circuit 1033 Communication control circuit 1034 Input / output circuit 104 Imaging part 105 IF part 106 storage unit 1061 personal authentication data storage unit 1062 face image data storage unit 107 control unit 1071 feature quantity calculation unit 1072 authentication determination unit 1072a matching result evaluation unit 1073 face image data transmission unit 1074 face image data display control unit 1075 personal authentication data book Control unit 1076 User authentication data acquisition unit 1077 User authentication data registration request unit 20 Security company terminal device 30 User authentication server device 301 IF unit 302 Storage unit 3021 User authentication database 303 Control unit 3031 User authentication data Registration unit 3032 User authentication data transmission unit 3033 User authentication data search unit 40 Network

Claims (11)

A personal authentication device that authenticates a customer's identity based on biometric data that varies with time,
Imaging means for imaging a predetermined part showing the predetermined biological characteristics of the customer;
Reading means for reading a plurality of biometric authentication data respectively obtained from captured image data obtained by imaging a predetermined part of the customer at a plurality of past points in time from a predetermined storage medium carried by the customer;
It is authenticated whether or not the customer is the person based on a collation result between a plurality of biometric authentication data read by the reading unit and biometric authentication data obtained from captured image data obtained by imaging the customer at the time of authentication. And a means for authenticating the user.   The personal authentication apparatus according to claim 1, further comprising biometric authentication data acquisition means for acquiring a predetermined feature amount as the biometric authentication data from captured image data captured by the imaging means.   When the latest biometric data read by the reading unit and the biometric data calculated based on captured image data obtained by capturing the customer at the time of authentication are within a predetermined error, The personal authentication apparatus according to claim 1, wherein the customer is authenticated as the person.   When the latest biometric data read by the reading unit and the biometric data calculated based on the captured image data obtained by capturing the customer at the time of authentication are not within a predetermined error, Whether biometric authentication data calculated based on captured image data obtained by capturing the customer at the time of authentication is compared with a plurality of authentication data read by the reading unit, and whether the customer is the principal based on each comparison result The personal authentication device according to claim 1, wherein authentication is performed to determine whether or not.   The imaging means captures a customer's face image, and the reading means carries the biometric authentication data respectively calculated from a plurality of face image data obtained by capturing the customer's face at a plurality of past points in time. The authentication unit reads from a predetermined storage medium, and the authentication unit obtains a comparison result between the plurality of biometric data read by the reading unit and biometric data calculated based on face image data obtained by capturing the customer at the time of authentication. The identity authentication device according to claim 1, wherein the identity authentication device authenticates whether or not the customer is an identity.   The image processing apparatus further comprises face image display means for displaying the face image data, and face image data display control means for controlling display of the face image data on the face image display means. A plurality of pieces of biometric authentication data and one or a plurality of pieces of face image data respectively calculated from a plurality of pieces of face image data captured at the time are read, and the face image data display control means uses the authentication means to determine that the customer is not the person. When authenticated, the display unit controls display of one or more face image data read from the storage medium by the reading unit, or authentication by the one or more face image data and the imaging unit. 6. The personal authentication apparatus according to claim 5, wherein the face image data picked up at the time is displayed on the face image display means.   Writing means for writing the face image data captured at the time of authentication by the image capturing means and biometric authentication data calculated from the face image data to the storage medium when the customer is authenticated The personal identification device according to claim 5 or 6, further comprising:   The personal authentication apparatus according to claim 1, further comprising an authentication result display unit that displays an authentication result by the authentication unit. A personal authentication system that connects a personal authentication server device that provides biometric authentication data that varies with time, and a personal authentication device that authenticates a customer based on the biometric data acquired from the personal authentication server device. Because
The identity authentication server device
A personal authentication database for storing a plurality of biometric authentication data respectively obtained from captured image data obtained by imaging a predetermined part of the customer at a plurality of past points in time, in association with the customer;
The identity authentication device
Imaging means for imaging a predetermined part showing the predetermined biological characteristics of the customer;
Obtaining means for obtaining a plurality of biometric authentication data relating to the customer imaged by the imaging means from the personal authentication server device;
It authenticates whether or not the customer is the person based on a result of collation between a plurality of pieces of biometric authentication data acquired by the acquisition unit and biometric authentication data obtained from captured image data obtained by capturing the customer at the time of authentication. A personal authentication system comprising an authentication means. A user authentication method for authenticating a customer's identity based on biometric data that varies with time,
An imaging step of imaging a predetermined part showing the predetermined biological characteristics of the customer;
A reading step of reading a plurality of biometric authentication data respectively obtained from captured image data obtained by imaging a predetermined part of the customer at a plurality of past times from a predetermined storage medium carried by the customer;
It is authenticated whether or not the customer is the identity of the customer based on a verification result of a plurality of biometric authentication data read by the reading step and biometric authentication data obtained from captured image data obtained by imaging the customer at the time of authentication. A personal authentication method characterized by including an authentication step. A user authentication program for authenticating a customer's identity based on biometric data that varies with time,
An imaging procedure for imaging a predetermined part showing the predetermined biological characteristics of the customer;
A reading procedure for reading a plurality of biometric data respectively obtained from captured image data obtained by imaging a predetermined part of the customer at a plurality of past points in time from a predetermined storage medium carried by the customer;
It is authenticated whether or not the customer is the person based on a result of collation between a plurality of pieces of biometric authentication data read by the reading procedure and biometric authentication data obtained from captured image data obtained by imaging the customer at the time of authentication. A personal authentication program that causes a computer to execute an authentication procedure.

Images