JP2006189967A - Fingerprint collation system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a fingerprint collation system for improving safety by preventing registration of fingerprint information by an unauthorized user in authenticating a user by using the fingerprint information. <P>SOLUTION: The fingerprint collation system is provided with: an initial setting part 201 for registering user specific information capable of specifying a user, enciphering apparatus identification information (identification keys K2 and K2') for identifying a fingerprint reader 100 to store it in a fingerprint reader 100 and a control terminal 200; a collation part 105 for collating the identification key K1 to be registered user specification information with the user specific information to be inputted to a control terminal 300 and decoding and collating the apparatus identification information; and a control unit 301 for allowing a user to register the fingerprint to the fingerprint reader 100 when the identification key K1 coincides with the inputted user specific information and the apparatus identification information. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a fingerprint collation system including a fingerprint reader that reads a user's fingerprint and obtains fingerprint information that is the fingerprint information, and a control terminal.

  Conventionally, in order to permit access to an information system only for a specific user, the fingerprint of the user is read using a small portable fingerprint reader, and the read fingerprint information is stored in the fingerprint reader. There is known a fingerprint collation system that authenticates the user by collating with the fingerprint information that has been made (for example, Patent Document 1).

  Also, a method for registering the fingerprint information in the fingerprint reader in a state managed by an administrator of the information system or the like in order to prevent unauthorized registration of the fingerprint information when the user registers the fingerprint information Has been proposed (for example, Patent Document 2).

  Specifically, a user who wishes to register fingerprint information requests the administrator to register fingerprint information, specifies a terminal used by the administrator, and fingerprint information necessary for registration to the terminal. Send etc. In such a method, when registering fingerprint information, the user finds the administrator's terminal and the administrator himself and takes time and effort to transmit the fingerprint information to the terminal.

  In order to save such trouble, the following method has been developed. That is, an administrator such as an information system first performs initial setting of a fingerprint reading device used by a user. Next, the user registers his / her fingerprint information in the fingerprint reading apparatus on which the initial setting has been executed.

  Specifically, fingerprint information is registered along the flow shown in FIG. Although detailed description of the flow is omitted, the fingerprint information is generally registered by the following procedure.

  First, the administrator registers a user ID and a password for user authentication in the fingerprint reading apparatus as initial setting contents. Here, the user ID and password registered in the fingerprint reader are referred to as “identification key”. The user ID and password input by the user are referred to as user specifying information (x).

  Furthermore, when a so-called one-time password is used, one-time password generation information is registered in the fingerprint reader.

  Next, the user inputs the user identification information (x) to the fingerprint reading device that has been initially set. The fingerprint reader collates whether the user identification information (x) input by the user matches the “identification key”.

When the user identification information (x) matches the “identification key”, the fingerprint reader permits the user to register fingerprint information. The user registers fingerprint information and registers “login information” (user ID and password in the information system) associated with the fingerprint information and used for logging in to a specific information system.
JP 2002-278640 A (pages 7-8, FIG. 1) Japanese Unexamined Patent Publication No. 2000-57341 (page 6-7, FIG. 6)

  However, the conventional fingerprint information registration method described above has the following problems. That is, after the administrator performs the initial setting of the fingerprint reader, the fingerprint reader and the user who have performed the initial setting after the “regular” user registers their fingerprint information in the fingerprint reader. When the specific information is acquired by an “unauthorized” user, the fingerprint information of the unauthorized user is registered in the fingerprint reader.

  In particular, when a one-time password is used in the fingerprint reader, the user does not need to register “login information” used for logging in to a specific information system or the like in the fingerprint reader.

  For this reason, when the fingerprint information of the unauthorized user is registered in the fingerprint reader (fingerprint verification system), the “illegal” user is mistakenly authenticated as the “regular” user and can access the information system. Therefore, it becomes a big problem.

  Accordingly, the present invention has been made in view of the above points, and in the case of authenticating a user using fingerprint information, fingerprint verification that improves security by preventing the registration of fingerprint information by an unauthorized user. The purpose is to provide a system.

  In order to solve the above-described problems, the present invention has the following features. First, a first feature of the present invention is that a fingerprint reading device (fingerprint reading device 100) that reads a fingerprint of a user (user USR) and obtains fingerprint information that is information of the fingerprint, and a control terminal (control terminal 200, 300), a user identification information registration unit (initial setting unit 201) that registers user identification information that is unique to the user and that can identify the user, and the fingerprint reader. Generating device identification information (identification key K2), encrypting the device identification information and storing it in the fingerprint reading device and the control terminal, and the user identification User identification information (identification key K1), which is user identification information registered by the information registration unit, and the user identification information input to the control terminal are collated. The identification information matching unit (control unit 301), the device identification information matching unit (control unit 301) for decoding and matching the device identification information stored in the fingerprint reading device and the control terminal, and the user identification As a result of collation by the information collation unit and the device identification information collation unit, when the user identification information matches the user identification information and the device identification information coincides, the fingerprint applied to the fingerprint reader by the user And a fingerprint registration permission unit (control unit 301) that permits the registration of the above.

  According to such a feature, when the user registers fingerprint information in the fingerprint reader, verification using “user identification information” such as a user ID or password and verification using “device identification information” for identifying the fingerprint reader. Are compared in two stages.

  That is, even when the fingerprint reading device in which the initial setting of the user identification information is executed and the user identification information is acquired by an “illegal” user, the device identification information is encrypted, The user cannot obtain the device identification information.

  For this reason, it is possible to prevent the fingerprint information of the unauthorized user from being registered in the fingerprint reader, and to improve the safety of the fingerprint verification system.

  A second feature of the present invention relates to the first feature of the present invention, and is a fingerprint for collating the fingerprint information acquired by the fingerprint reader with registered fingerprint information that is already registered fingerprint information. An information verification unit (control unit 301), wherein the fingerprint registration permission unit is a case where the user identification information and the user identification information match and the device identification information matches, and further the fingerprint information And the registered fingerprint information match, the gist is to allow the user to register the fingerprint in the fingerprint reader.

  According to this feature, in addition to “user identification information” and “device identification information”, collation of fingerprint information of the user, that is, three-stage collation is executed. For this reason, for example, when registering fingerprint information of a new user in the fingerprint reader, or re-registering fingerprint information of an already registered user, the fingerprint information of an unauthorized user is further registered. It can be surely prevented.

  ADVANTAGE OF THE INVENTION According to this invention, when authenticating a user using fingerprint information, the fingerprint collation system which improves safety can be provided by preventing registration of fingerprint information by an unauthorized user.

(Overall schematic configuration of fingerprint verification system)
Embodiments of the present invention will be described with reference to the drawings. FIG. 1 is an overall schematic configuration diagram of a fingerprint matching system according to the present embodiment. As shown in the figure, the fingerprint collation system according to the present embodiment includes a fingerprint reader 100, a control terminal 200, and a control terminal 300.

  The fingerprint reader 100 is a small portable fingerprint reader that reads the fingerprint of the user USR and acquires fingerprint information that is information of the fingerprint of the user USR. The control terminal 200 and the control terminal 300 are terminals to which the fingerprint reading device 100 can be connected, and in the present embodiment, are configured by notebook personal computers.

  In the present embodiment, the control terminal 200 is unique to the user USR, and is mainly used by the administrator MGR that manages user specifying information (user ID and password) that can specify the user USR. On the other hand, the control terminal 300 is mainly used by the user USR.

(Logical block configuration of fingerprint verification system)
Next, the logical block configuration of the fingerprint matching system shown in FIG. 1 will be described with reference to FIG. As shown in FIG. 2, the fingerprint reading apparatus 100 includes a fingerprint information acquisition unit 101, a data storage unit 103, and a collation unit 105.

  The control terminal 200 mainly used by the administrator MGR includes an initial setting unit 201, a data storage unit 203, and a recording medium control unit 205.

  The control terminal 300 mainly used by the user USR includes a control unit 301, a data storage unit 303, and a recording medium control unit 305.

  First, the function of each part of the control terminal 200 used mainly by the administrator MGR will be described.

  The initial setting unit 201 performs initial setting of the fingerprint reading apparatus 100 used by the user USR. Specifically, the initial setting unit 201 is specific to the user USR and registers user specifying information that can specify the user USR. In the present embodiment, the initial setting unit 201 constitutes a user specifying information registration unit. In this embodiment, a user ID uniquely associated with the user USR and a password associated with the user ID are used as the user specifying information.

  The initial setting unit 201 generates device identification information for identifying the fingerprint reading device 100, encrypts the device identification information, and prints the fingerprint reading device 100 (specifically, the data storage unit 103) and the control terminal 200 ( Specifically, the data is stored in the data storage unit 203). In the present embodiment, the device identification information generation unit is configured.

  The data storage unit 203 stores data related to the user USR and the fingerprint reading device 100. Specifically, the data storage unit 203 stores the user ID and password of the user USR and device identification information for identifying the fingerprint reading device 100. The device identification information is encrypted by the initial setting unit 201 using a predetermined one-way hash function or the like, and the encrypted device identification information is stored in the data storage unit 203.

  In the present embodiment, the device identification information stored in the data storage unit 203 is appropriately labeled as an identification key K2.

  The recording medium control unit 205 controls writing of data to a recording medium such as a CD-R and reading of data from the recording medium. In particular, in this embodiment, the recording medium control unit 205 is used to write the identification key K2 (device identification information) stored in the data storage unit 203 on the recording medium.

  Next, functions of each unit of the fingerprint reading device 100 used by the user USR will be described.

  The fingerprint information acquisition unit 101 reads the fingerprint of the user USR and acquires fingerprint information that is information on the fingerprint of the user USR. Specifically, the fingerprint information acquisition unit 101 captures the fingerprint of the user USR using a small semiconductor fingerprint sensor, and acquires the fingerprint information of the user USR converted into digital data.

  The data storage unit 103 stores information related to the user USR and the fingerprint reading device 100. Specifically, the data storage unit 103 stores the user ID and password (user identification information) of the user USR.

  The data storage unit 103 stores device identification information for identifying the fingerprint reading device 100. Specifically, the device identification information encrypted by the initial setting unit 201 is stored.

  Further, the data storage unit 103 stores the fingerprint information acquired by the fingerprint information acquisition unit 101.

  In the present embodiment, the user specifying information stored in the data storage unit 103, that is, registered by the control terminal 200 is appropriately labeled as an identification key K1. In addition, the device identification information stored in the data storage unit 103 is appropriately labeled as an identification key K2 '.

  The data storage unit 103 can also store login information (for example, a user ID and password for the information system) and information for generating a one-time password for an information system (not shown) accessed by the user USR. .

  The collation unit 105 collates the identification key K1 (user identification information), which is user identification information registered in the fingerprint reading device 100, with the user identification information input to the control terminal 300 by the initial setting unit 201. Yes, in the present embodiment, a user specifying information matching unit is configured.

  Specifically, the collation unit 105 is input to the control terminal 300 by the user ID and password stored in the data storage unit 103 and the user USR in a state where the fingerprint reader 100 is connected to the control terminal 300. The user ID and password are verified.

  The collating unit 105 decrypts and collates the identification key K2 ′ (device identification information) stored in the fingerprint reading device 100 and the identification key K2 (device identification information) stored in the control terminal 300. In this embodiment, a device identification information matching unit is configured.

  The identification key K2 is generated by the control terminal 200 as described above. The identification key K2 recorded on the recording medium by the recording medium control unit 205 is stored in the data storage unit 303 via the recording medium control unit 305. Further, the identification key K2 is transmitted from the control terminal 300 to the fingerprint reader 100.

  Next, functions of each unit of the control terminal 300 used mainly by the user USR will be described.

  The control unit 301 permits the user USR to register the fingerprint of the user USR in the fingerprint reading device 100 as a result of the collation of the user identification information and the device identification information. In this embodiment, the control unit 301 constitutes a fingerprint registration permission unit. To do.

  Specifically, the control unit 301 has (1) an identification key K1 (user identification information) stored in the data storage unit 103, and a user ID and password (user identification information) input to the control terminal 300. (2) Whether the identification key K2 ′ stored in the data storage unit 103 matches the identification key K2 (device identification information) stored in the data storage unit 303 Determine.

  In the determinations (1) and (2) described above, the control unit 301 permits the user USR to register the fingerprint of the user USR in the fingerprint reading apparatus 100 when the information to be determined matches.

  The data storage unit 303 stores data related to the user USR and the fingerprint reading device 100. In the present embodiment, the data storage unit 303 stores an identification key K2 (device identification information) for identifying the fingerprint reading device 100.

  The recording medium control unit 305 has the same function as the recording medium control unit 205, and controls writing of data to a recording medium such as a CD-R and reading of data from the recording medium.

  In particular, in the present embodiment, the recording medium control unit 305 is used to read the identification key K2 (device identification information) stored in the recording medium and store the identification key K2 in the data storage unit 303.

(Operation of fingerprint verification system)
Next, the operation of the above-described fingerprint verification system will be described. FIG. 3 shows a registration processing flow of the fingerprint information of the user USR by the fingerprint collation system.

  As shown in the figure, in step S <b> 101, the manager MGR executes initial setting of the fingerprint reading device 100 in a state where the fingerprint reading device 100 is connected to the control terminal 200.

  Specifically, the administrator MGR uses the control terminal 200 to register the user ID that identifies the user USR and the password associated with the user ID in the fingerprint reading apparatus 100 as the identification key K1.

  In addition, the control terminal 200 generates device identification information for identifying the fingerprint reading device 100. Further, the control terminal 200 encrypts the device identification information, stores it in the control terminal 200 as the identification key K2, and stores it in the fingerprint reader 100 as the identification key K2 '.

  After the initial setting by the administrator MGR is completed, the fingerprint reader 100 is delivered to the user USR. The identification key K2 is generated by the control terminal 200 as described above, and the identification key K2 recorded on the recording medium by the recording medium control unit 205 is stored in the data storage unit 303 through the recording medium control unit 305. .

  In step S <b> 102, the user USR inputs user identification information (hereinafter, user identification information (x)) to the control terminal 300 in a state where the fingerprint reader 100 is connected to the control terminal 300.

  In step S <b> 103, the control terminal 300 transmits the user identification information (x) input by the user USR to the fingerprint reading device 100.

  In step S <b> 104, the fingerprint reading apparatus 100 collates the user identification information (x) transmitted from the control terminal 300 with the identification key K <b> 1 stored in the data storage unit 103, and sends the collation result to the control terminal 300. Send.

  In step S105, the control terminal 300 determines whether the user identification information (x) matches the identification key K1, that is, the user ID and password of the user USR that have been input are stored. It is determined whether or not it matches.

  When the user identification information (x) and the identification key K1 do not match (NO in step S105), in step S106, the control terminal 300 stops the fingerprint information registration process of the user USR.

  In step S <b> 107, the control terminal 300 transmits the identification key K <b> 2 (device identification information) stored in the data storage unit 303 to the fingerprint reading device 100.

  In step S <b> 108, the fingerprint reading apparatus 100 collates the identification key K <b> 2 transmitted from the control terminal 300 with the identification key K <b> 2 ′ stored in the data storage unit 103 and transmits the collation result to the control terminal 300. .

  In step S109, the control terminal 300 determines whether or not the identification key K2 and the identification key K2 'match.

  If the identification key K2 and the identification key K2 'do not match (NO in step S109), in step S110, the control terminal 300 stops the fingerprint information registration process of the user USR.

  Note that the processes in steps S107 to S110 are executed in parallel with the processes in steps S103 to S106.

  Next, when the user identification information (x) matches the identification key K1 (YES in step S105), and when the identification key K2 matches the identification key K2 ′ (YES in step S109), in step S111, The control terminal 300 permits registration of the fingerprint information of the user USR.

  In step S112, the fingerprint reading apparatus 100 reads the fingerprint of the user USR and acquires the fingerprint information of the user USR.

  In step S113, the fingerprint reading apparatus 100 encrypts the acquired fingerprint information and registers it as the fingerprint information of the user USR.

  When the registered fingerprint information of the user USR and login information such as an information system that can be used by the user USR are registered in the fingerprint reader 100, the user USR is in a state where the fingerprint reader 100 is connected to the control terminal 300. Using the control terminal 300, login information (such as a user ID and a password) for the information system can be registered in the fingerprint reader 100.

  By registering the login information, the fingerprint information of the user USR is associated with the login information. In addition, when a one-time password is used in the fingerprint reading device 100, since the one-time password generation information is stored in the fingerprint reading device 100, it is not necessary to register login information.

(Action / Effect)
According to the fingerprint collation system according to the present embodiment described above, when the user USR registers fingerprint information in the fingerprint reader 100, collation using user identification information (user identification information (x) and identification key K1) Two-stage collation is performed with collation using device identification information (identification key K2 and identification key K2 ′).

  That is, even if the fingerprint reading device 100 in which the initial setting of the user identification information is executed and the user identification information is acquired by an “unauthorized” user, the device identification information is encrypted, Users cannot obtain device identification information.

  For this reason, it is possible to prevent the fingerprint information of the unauthorized user from being registered in the fingerprint reading device 100, and to improve the safety of the fingerprint collation system.

  Further, in the fingerprint collation system according to the present embodiment, the information that the user USR has to input when registering fingerprint information in the fingerprint reader 100 is only the user identification information (x) as in the conventional fingerprint collation system. It is.

  However, in the present embodiment, the fingerprint reader 100 performs collation between the identification key K2 and the identification key K2 'in step S108 shown in FIG. 3 without any special operation by the user USR. Next, in step S109, the fingerprint reader 100 determines whether or not the identification key K2 and the identification key K2 ′ match. If the identification key K2 and the identification key K2 ′ do not match, registration of fingerprint information is advanced. I can't.

  For this reason, even when a one-time password is used in the fingerprint reader 100, an unauthorized user cannot register the fingerprint information of the fingerprint reader 100 and impersonate the user USR. That is, the safety is improved compared with the conventional fingerprint collation system without the user USR being aware of it.

  In addition, since the fingerprint information registered in the fingerprint reading device 100 is encrypted, even if the fingerprint reading device 100 in which the fingerprint information is registered is lost, an unauthorized user who has acquired the lost fingerprint reading device 100 is not allowed. The fingerprint information cannot be read, and the user USR cannot be impersonated by forging the fingerprint information.

(Other embodiments)
As described above, the content of the present invention has been disclosed through one embodiment of the present invention. However, it should not be understood that the description and drawings constituting a part of this disclosure limit the present invention. From this disclosure, various alternative embodiments, examples and operational techniques will be apparent to those skilled in the art.

  For example, the above-described fingerprint matching system can be modified as follows. FIG. 4 shows a registration process flow of fingerprint information of the user USR by the fingerprint collation system according to the modified example of the present invention.

  In this modification, in addition to the fingerprint information of the user USR already registered in the fingerprint reader 100, when another fingerprint information is newly registered, or the fingerprint information of the user USR already registered in the fingerprint reader 100 Is re-registered, the fingerprint information already registered in the fingerprint reading apparatus 100 is also a target of collation.

  The logical block configuration of the fingerprint verification system according to this modification is the same as the logical block configuration of the fingerprint verification system according to this embodiment described above (see FIG. 2).

  However, the collation unit 105 of the fingerprint reading apparatus 100 according to the present modification example is already registered in the fingerprint reading apparatus 100 and the acquired fingerprint information of the user USR in addition to the function of the collation unit 105 according to the present embodiment described above. It is possible to collate with the identification key K3 (registered fingerprint information) which is the fingerprint information of the user USR, and in this modified example, a fingerprint information collating unit is configured.

  In addition, the control unit 301 (fingerprint registration permission unit) of the control terminal 300 according to the present modification example is input to the control terminal 300 and (1) the identification key K1 (user identification information) stored in the data storage unit 103. The user ID and password (user identification information) match, and (2) the identification key K2 ′ stored in the data storage unit 103 and the identification key K2 (device identification information) stored in the data storage unit 303 And when the fingerprint information of the user USR collated by the collation unit 105 matches the identification key K3 (registered fingerprint information), the user USR is informed of the user USR to the fingerprint reader 100. Allow fingerprint registration.

  Next, with reference to FIG. 4, a registration process flow of the fingerprint information of the user USR by the fingerprint collation system according to this modification will be described. In the following description, portions different from the fingerprint information registration process flow of the operating user USR shown in FIG. 3 will be mainly described.

  First, in step S <b> 201, the user USR inputs user identification information (x) to the control terminal 300 in a state where the fingerprint reading device 100 is connected to the control terminal 300.

  In step S202, the fingerprint reading device 100 reads the fingerprint of the user USR and acquires the fingerprint information of the user USR (hereinafter, fingerprint information (z)).

  In step S203, the fingerprint reader 100 collates the fingerprint information (z) acquired in step S202 with the identification key K3 (registered fingerprint information) registered in the fingerprint reader 100.

  In step S204, the fingerprint reader 100 determines whether the fingerprint information (z) matches the identification key K3, that is, the fingerprint information of the user USR acquired in step S202 and the identification key registered in the fingerprint reader 100. It is determined whether or not K3 matches.

  If the fingerprint information of the user USR acquired in step S202 does not match the identification key K3 registered in the fingerprint reader 100 (NO in step S204), the fingerprint reader 100 determines the number of determinations in step S205. It is determined whether or not the number of times (for example, 3 times) has been reached.

  When the number of determinations reaches the specified number (YES in step S205), in step S210, the fingerprint reading apparatus 100 stops the fingerprint information registration process. On the other hand, when the number of determinations has not reached the specified number (No in step S205), the processing from step S202 is repeated.

  If the fingerprint information of the user USR acquired in step S202 matches the identification key K3 registered in the fingerprint reading apparatus 100 (YES in step S204), the processing from step S207 and step S211 is executed. .

  Note that the processes in steps S207 to S217 are the same as the processes in steps S103 to S113 shown in FIG.

  According to this modified example, in addition to “user specifying information” and “device identification information”, collation of fingerprint information of the user USR, that is, three-stage collation is executed. For this reason, for example, when registering fingerprint information of a new user in the fingerprint reader 100 or re-registering fingerprint information of a user USR that has already been registered, the fingerprint information of an unauthorized user is registered. Can be more reliably prevented.

  As mentioned above, although the modified example of this invention was demonstrated, you may change the embodiment of this invention mentioned above further as follows.

  For example, in the above-described embodiment of the present invention, two control terminals of the control terminal 200 and the control terminal 300 are used. However, one control terminal (for example, the control terminal 200), the fingerprint reader 100, A fingerprint collation system may be configured. In this case, the control terminal 200 may be provided with a control unit 207 (see FIG. 2) having the same function as the control unit 301 of the control terminal 300.

  In addition, for connection between the fingerprint reading apparatus 100 and the control terminal 200 or the control terminal 300, any of a wired method and a wireless method can be used.

  Further, in the above-described embodiment of the present invention, the identification key K2 (device identification information) generated in the control terminal 200 is stored in the control terminal 300 using the recording medium control unit 205 and the recording medium control unit 305. However, the control terminal 200 and the control terminal 300 may be connected to a communication network, and the identification key K2 may be stored in the control terminal 300 via the communication network.

  In the above-described embodiment of the present invention, a notebook personal computer is used as the control terminal 200 and the control terminal 300. However, the control terminal 200 or the control terminal 300 may be a personal digital assistant (PDA) or a portable terminal. It may be a telephone terminal.

  As described above, the present invention naturally includes various embodiments that are not described herein. Therefore, the technical scope of the present invention is defined only by the invention specifying matters according to the scope of claims reasonable from the above description.

1 is an overall schematic configuration diagram of a fingerprint matching system according to an embodiment of the present invention. It is a figure which shows the logic block structure of the fingerprint collation system which concerns on embodiment of this invention. It is a registration processing flow of a user's fingerprint information by the fingerprint collation system which concerns on embodiment of this invention. It is a registration processing flow of a user's fingerprint information by the fingerprint collation system which concerns on the example of a change of this invention. It is a registration processing flow of a user's fingerprint information by the conventional fingerprint collation system.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... Fingerprint reader 101: Fingerprint information acquisition part 103 ... Data storage part 105 ... Collation part 200 ... Control terminal 201 ... Initial setting part 203 ... Data storage part 205 ... Recording medium control part 207 ... Control unit, 300 ... control terminal, 301 ... control unit, 303 ... data storage unit, 305 ... recording medium control unit, K1, K2, K2 ', K3 ... identification key, MGR ... administrator, USR ... user

Claims (2)

A fingerprint collation system configured by a fingerprint reader that reads a user's fingerprint and obtains fingerprint information that is information of the fingerprint, and a control terminal,
A user identification information registration unit that registers user identification information that is specific to the user and that can identify the user;
A device identification information generating unit for generating device identification information for identifying the fingerprint reading device, encrypting the device identification information and storing it in the fingerprint reading device and the control terminal;
User identification information that is user identification information registered by the user identification information registration unit, and user identification information collation unit that collates the user identification information input to the control terminal;
A device identification information collating unit that decrypts and collates the device identification information stored in the fingerprint reading device and the control terminal;
When the user identification information matches the user identification information and the device identification information matches as a result of the collation by the user identification information collation unit and the device identification information collation unit, the user identifies the fingerprint reading device. And a fingerprint registration permission unit for permitting the registration of the fingerprint. A fingerprint information collating unit that collates the fingerprint information acquired by the fingerprint reader with registered fingerprint information that is the already registered fingerprint information;
The fingerprint registration permission unit is a case where the user identification information matches the user identification information and the device identification information matches, and the fingerprint information collated by the fingerprint information collation unit and the fingerprint identification collation unit The fingerprint verification system according to claim 1, wherein when the registered fingerprint information matches, the user is permitted to register the fingerprint in the fingerprint reader.

Images