JP2007193463A - Personal authentication device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent a malicious person from impersonating an authorized person by using the vein pattern of the authorized person in a personal authentication device for performing personal authentication with the vein pattern of the finger. <P>SOLUTION: The personal authentication device includes: a vein pattern extraction part for photographing the finger placed at a photographic position and acquiring the finger image to extract a vein pattern; a sequence determination part for determining a plurality of fingers to be photographed and the sequence of photographing each time personal authentication is executed; a user interface part; a storage part for storing a registered vein pattern; and an authentication part. Each time a user is instructed to place the fingers to be photographed on the photographic positions by the user interface part, a vein pattern extraction part 201b photographs at least the fingers placed on the photographic positions, and the authentication part associates the respective vein patterns extracted from the photographed finger images with the plurality of fingers based on the sequence of photographing, and reads the registered vein patterns from the storage part for each of those fingers, and decides whether the registered vein patterns are matched with the associated vein patterns. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a technique for performing personal authentication using a finger vein pattern.

  In recent years, as a personal authentication apparatus for performing personal authentication, a finger vein pattern is extracted based on image data obtained by photographing a finger, and the extracted vein pattern is registered in advance as a vein pattern ( In the following, various personal authentication devices that perform personal authentication by determining whether or not they coincide with each other have been proposed (see Patent Document 1 below).

JP 2004-110605 A

  As described above, in a personal authentication device that performs personal authentication using a finger vein pattern, when authentication is always performed using a specific finger vein pattern, there is a high possibility that a Service-to-Self impersonates a legitimate person.

  Specifically, for example, consider a personal authentication device that always performs authentication using the vein pattern of the right-hand index finger. In such a personal authentication device, when a legitimate person authenticates, the vein pattern of the right hand index finger is extracted based on the finger image obtained by photographing the right hand index finger of the legitimate person, and the vein pattern data (finger Data indicating the presence or absence of veins in each pixel constituting the image) is extracted. Accordingly, the Service-to-Self attempt to illegally acquire the extracted vein pattern data.

  Specifically, when the personal authentication device has a configuration including a personal computer, the Service-to-Self reads out the extracted vein pattern data from a predetermined storage area in which the extracted vein pattern data is stored. An unauthorized program that is copied and transmitted to a malicious person via a network is illegally installed and executed on the personal computer. As a result, the Service-to-Self can acquire the vein pattern data of the right person's right index finger.

  The Service-to-Self then stores the illegally acquired vein pattern data in the predetermined storage area instead of photographing his / her index finger in personal authentication.

  In this case, the function unit for determining whether or not the registered vein pattern (the vein pattern registered in advance for the right person's right index finger of the legitimate person) matches the vein pattern extracted by photographing is a predetermined storage area. And reading out the vein pattern data stored by the Service-to-Self from the user, and determining whether or not the extracted vein pattern matches the registered vein pattern based on the read vein pattern data and the registered vein pattern data. .

  As described above, the vein pattern data stored in the predetermined storage area by the Service-to-Self is the vein pattern data of the right person's right index finger of the right person. It will be judged. As a result, personal authentication succeeds and the Service-to-Self can impersonate a legitimate person.

  The present invention has been made to solve at least a part of the above-described problems. In a personal authentication apparatus that performs personal authentication using a finger vein pattern, a Service-to-Self uses a finger vein pattern data of a legitimate person. An object of the present invention is to suppress the success of such personal authentication when it is illegally obtained and personal authentication is attempted by impersonating a legitimate person using the vein pattern data.

  In order to solve at least a part of the above-described problems, a personal authentication device according to the present invention is a personal authentication device for performing personal authentication using a finger vein pattern, and a finger placed at a predetermined photographing position. To obtain a finger image and extract a vein pattern of the finger from the obtained finger image, and a plurality of fingers to be photographed among the fingers of the user to be authenticated and An order determining unit that determines an imaging order for imaging the plurality of fingers each time authentication is attempted, and a plurality of fingers to be imaged are placed at the predetermined imaging positions in accordance with the determined imaging order, respectively. A user interface unit for instructing the user, a storage unit that stores a registered vein pattern registered in advance for each of the user's fingers, and an authentication unit. The pattern extracting unit photographs at least a finger placed at the predetermined photographing position each time the user interface unit instructs to place each of the plurality of fingers at the predetermined photographing position, and the authentication unit Associates each vein pattern extracted from the photographed finger image with the plurality of fingers based on the order of photographing, and for each of the plurality of fingers, the registration pre-registered for each finger The gist is to read a vein pattern from the storage unit and determine whether or not the read registered vein pattern matches the extracted vein pattern associated with the finger.

  As described above, in the personal authentication device of the present invention, the order determination unit determines a plurality of fingers to be photographed and a photographing order every time authentication is attempted. Therefore, since a specific finger is not determined in advance as a finger to be photographed, the plurality of fingers and the photographing order that the user interface unit instructs the user are likely to be different each time authentication is attempted. Then, the user places his / her finger at a predetermined photographing position in accordance with this instruction, so that the vein pattern extracted by the vein pattern extraction unit is likely to be different each time authentication is attempted.

  Therefore, even if the Service-to-Self unauthorizedly obtains the vein pattern extracted by the vein pattern extraction unit, the illegally obtained vein pattern is not necessarily used in the next personal authentication. Therefore, the Service-to-Self becomes a target for determining whether or not the illegally acquired vein pattern matches the registered vein pattern by the authentication unit, instead of causing the vein pattern extraction unit to photograph his / her finger. Even when personal authentication is performed by impersonating the user by using it as a vein pattern, the success of such unauthorized personal authentication can be suppressed.

  Further, in the personal authentication device of the present invention, a plurality of fingers of the user are used for personal authentication, and for each of the plurality of fingers, the extracted vein pattern is a registered vein pattern registered in advance. It is determined whether or not they match. Therefore, in the unauthorized personal authentication by the Service-to-Self as described above, the possibility that the vein pattern illegally acquired and used by the Service-to-Self and the registered vein pattern all match is determined for the user authentication. Compared with the case of using a single finger, it can be lowered.

  In the personal authentication device, the authentication unit determines, for each of the plurality of fingers, whether the read registered vein pattern matches the extracted vein pattern associated with the finger. As a result, it is preferable to determine that personal authentication has failed when it is determined that any of the plurality of fingers does not match.

  With such a configuration, in the unauthorized personal authentication by the Service-to-Self as described above, a vein pattern that is illegally acquired and used by a Service-to-Self for a certain finger, and a registered vein pattern Even if they match, if they do not match with other fingers, it can be determined that the authentication has failed. As a result, the success of such unauthorized personal authentication can be suppressed with a higher probability.

  In the personal authentication device, when determining the plurality of fingers and the imaging order, the order determination unit preferably determines the plurality of fingers and the imaging order randomly each time authentication is attempted.

  With such a configuration, the plurality of fingers that the user interface unit instructs the user and the order in which the user interface unit instructs are random fingers and the order every time authentication is attempted. Therefore, the user randomly places a finger at a predetermined shooting position every time, and the vein pattern extraction unit extracts a random vein pattern every time.

  Therefore, even if the Service-to-Self obtains the vein pattern extracted by the vein pattern extraction unit illegally, the possibility that the illegally obtained vein pattern is always used in the next and subsequent personal authentication is reduced. be able to. Therefore, the success of such unauthorized personal authentication can be suppressed with a higher probability.

  The personal authentication device may be used for authentication of the officer in a system that requires approval by the officer.

  By adopting such a configuration, in this system, it is possible to prevent the Service-to-Self from impersonating the officer and making an approval.

  Note that the present invention is not limited to the aspect of the device invention such as the above personal authentication device, but can be realized as a method invention such as a personal authentication method.

Hereinafter, the best mode for carrying out the present invention will be described in the following order based on examples.
A. Example:
A1. Configuration of transaction system and officer's terminal:
A2. Personal authentication processing by officers:
A3. Verification of personal authentication processing by Service-to-Self:
A4. Effects of the embodiment:
B. Variation:

A. Example:
A1. Configuration of transaction system and officer's terminal:
FIG. 1 shows, as an embodiment of the present invention, a schematic configuration of a transaction system to which an officer's terminal is applied in order to suppress impersonation of an officer who is most effective in the present invention in a settlement operation in a bank. It is explanatory drawing which shows.

  A transaction system 1000 shown in FIG. 1 includes a counter staff terminal 10, a host computer 20, and an officer's staff terminal 30, each connected to a local area network LAN1.

  This transaction system 1000 is a system for performing transactions such as withdrawals at a bank. Specifically, for example, when a customer who visits a bank window requests a withdrawal to a predetermined account, the person in charge of the window performs a procedure for withdrawing money to an account designated by the customer in response to the request. This is performed at the contact person terminal 10. As a result, the contact person terminal 10 transmits a withdrawal processing execution command to the host computer 20 via the local area network LAN1, and the host computer 20 performs the transaction processing according to the command and issues it from the specified account. Do money.

Here, in the case of a large transaction in which the transaction amount is larger than a predetermined amount, this bank requires approval by the officers prior to transaction processing. Therefore, in the case of a large transaction, when the person in charge of the window inputs a predetermined amount or more to the window of the person in charge of the window, the window of the person in charge of the window 10 judges the input amount and automatically registers in advance. An approval request message including the transaction data of the amount is transmitted to the officer's officer terminal 30 via the local area network LAN1.
When the officer approves the large transaction at the officer's terminal 30, the officer's terminal 30 transmits an approval result “approved” to the window person terminal 10, and the window person terminal 10 transmits the approval result to the host computer 20 together with an execution command for processing such as withdrawal.

  The host computer 20 executes the execution command for the large transaction and performs transaction processing such as withdrawal only when the approval result “approved” is received together with the execution command for the large transaction.

  Thus, since the approval of transactions is performed in the case of a large transaction, if the approval is impersonated as a officer by a malicious person, a large amount of money is malicious. There is a risk that fraudulent acts such as withdrawals and embezzlements will be executed. Therefore, the officer's terminal 30 performs personal authentication of a person who intends to approve, thereby suppressing such illegal acts. The officer's terminal 30 employs an authentication method using a finger vein pattern as an authentication method for personal authentication.

  FIG. 2 is an explanatory diagram showing the configuration of the officers' terminal 30. As shown in FIG.

  The officer's terminal 30 shown in FIG. 2 includes a notebook personal computer (hereinafter referred to as “notebook PC”) 100 and an authentication device 200, which are connected to each other by a USB (Universal Serial Bus) cable 150. Has been.

  The notebook PC 100 mainly includes a CPU 101, a memory 102, an input / output interface unit 103, and a hard disk drive 104, which are connected by an internal bus 107. In addition to these devices, the notebook PC 100 includes a keyboard 105 as a device for inputting data and a display unit 106 as a device for outputting data.

  The input / output interface unit 103 includes an interface group for connecting the local area network LAN 1, the keyboard 105, and the display unit 106 to components such as the CPU 101 via the internal bus 107. Further, the input / output interface unit 103 includes a USB controller (not shown), and realizes USB connection between the notebook PC 100 and the authentication device 200.

  In the notebook PC 100, an application program for approval of officers operates under a predetermined operating system. Various drivers are incorporated in the operating system, and a USB controller (not shown) is controlled in addition to the keyboard 105 and the display unit 106 described above.

  Then, the CPU 101 functions as the approval control unit 101a and the authentication pattern determination unit 101b by executing the application program for approval of the officers.

  The memory 102 includes a finger number table storage unit 102a and an authentication pattern storage unit 102b. In the initial state, the finger number table storage unit 102a stores a finger number table TB.

  FIG. 3 is an explanatory diagram schematically showing the finger number table TB stored in the finger number table storage unit 102a.

  As shown in FIG. 3, in the finger number table TB, numbers (finger numbers) from 1 to 10 are associated with all fingers of the left and right hands. Specifically, finger numbers “1” to “5” are associated with the right hand in the order of thumb, index finger, middle finger, ring finger, and little finger. Similarly for the left hand, finger numbers “6” to “10” are sequentially associated with each finger.

  Returning to FIG. 2, the authentication device 200 is a dedicated device for performing personal authentication using a finger vein pattern, and mainly includes a CPU 201, a card control unit 202, a memory 203, an input / output interface unit 204, and imaging. Each of which is connected by an internal bus 205.

  The photographing unit 210 is a functional unit that obtains a finger image by photographing a finger placed at a predetermined position in the photographing unit 210 (hereinafter also simply referred to as “predetermined photographing position”). The photographing unit 210 includes a sensor (not shown) that senses that a finger is placed at a predetermined photographing position.

  The input / output interface unit 204 has a USB controller (not shown), and is connected to the input / output interface unit 103 in the notebook PC 100 via the USB cable 150.

  The CPU 201 functions as the integrated control unit 201a and the extraction unit 201b by executing a predetermined program. Among these, the integrated control unit 201 a is a functional unit that controls the entire authentication device 200 and controls data exchange with the notebook PC 100. The extraction unit 201b is a functional unit that extracts a vein pattern based on the finger image photographed by the photographing unit 210.

  A card slot 220 is connected to the card control unit 202. The card control unit 202 is a functional unit that writes data to and reads data from an IC chip provided in an IC (Integrated Circuit) card inserted into the card slot 220.

  It should be noted that the above-mentioned officer's terminal 30 is the personal authentication device in the claims, the photographing unit 210 and the extraction unit 201b are the vein pattern extraction unit in the claims, and the authentication pattern determination unit 101b is the order determination in the claims. The display unit 106 described above corresponds to a user interface unit in the claims.

  In the officer's terminal 30 having the above configuration, as described above, an authentication method using a finger vein pattern is adopted in personal authentication performed for approving a transaction. Here, if the officer's terminal 30 is configured to always authenticate with a vein pattern of a specific finger (for example, the right hand index finger), the right index finger extracted at the time of personal authentication by the officer is used. When the vein pattern data is illegally acquired by the Service-to-Self, it is highly possible that the personal authentication is successful using the illegally acquired vein pattern data and the transaction is illegally approved.

  Therefore, in the officer's terminal 30, as a characteristic part of the present invention, a finger used for authentication is randomly determined every time personal authentication is performed, and a plurality of fingers are used for this authentication. The authentication order is determined randomly.

A2. Personal authentication processing by officers:
As a premise of the personal authentication process that is a characteristic part of the present invention, in the officer's terminal 30 shown in FIG. 2, the officer inserts the IC card 250 into the card slot 220 of the authentication machine 200 and the officer's terminal 30. You are logged in. As a result of the login, the approval control unit 101a causes the display unit 106 to display an approval request list screen described later.

  Here, the IC card 250 includes an IC chip 251. The IC chip 251 includes a CPU and a memory (not shown). The CPU (not shown) executes a predetermined program stored in the memory (not shown) as a determination unit 251a. Will work.

  The memory (not shown) in the IC chip 251 includes a vein pattern data storage unit 251b. In the vein pattern data storage unit 251b, registered vein pattern data for the left and right fingers of the officer who is the owner of the IC card 250 is stored in a predetermined order in advance. The registered vein pattern data is vein pattern data extracted from a finger image of a finger obtained in advance by photographing the officer's finger.

  FIG. 4 is an explanatory diagram schematically showing registered vein pattern data stored in the vein pattern data storage unit 251b.

  The registered vein pattern data of the officers is stored in a predetermined order in the vein pattern data storage unit 251b. Specifically, as shown in FIG. 4, first, the registered vein pattern data is stored in the order of the thumb, index finger, middle finger, ring finger, and little finger for the right hand. Registered vein pattern data is stored in the order of the index finger, middle finger, ring finger, and little finger.

  Here, each of these registered vein pattern data is encrypted, and only the above-described determination unit 251a knows an encryption key for decryption. Therefore, even if the Service-to-Self stole this IC card 250, it is difficult for the Service-to-Self to decrypt and acquire the vein pattern data stored in the vein pattern data storage unit 251b.

  The determination unit 251a corresponds to the authentication unit in the claims, and the vein pattern data storage unit 251b corresponds to the storage unit in the claims.

  Under the above premise, when an approval request for a large transaction relating to withdrawal is transmitted from the window staff terminal 10 shown in FIG. 1 to the officer's terminal 30 via the local area network LAN1, the approval control unit 101a displays the approval request on the approval request list screen displayed on the display unit 106.

  FIG. 5 is an explanatory diagram showing an approval request list screen displayed on the display unit 106.

  As shown in FIG. 5, on the approval request list screen, for each approval request, the request number given in the order received, the date and time of reception, and the approval status indicating whether or not the approval has been completed are displayed. The Then, the approval request for the large transaction described above arrives at the officer's terminal 30, and as shown in FIG. 5, the approval request with the request number “05” and the status “un” (unapproved) appears in the approval request list. It shall be displayed.

  When the officer selects the request number “05” using the keyboard 105 shown in FIG. 2 in order to approve the unapproved approval request, the approval control unit 101a displays the approval execution screen on the display unit 106. To display.

  FIG. 6 is an explanatory diagram showing an approval execution screen displayed on the display unit 106.

  As shown in FIG. 6, in addition to the request number and the request status, transaction details for requesting approval such as a transaction amount are displayed on the approval execution screen. The approval execution screen has an approval button B1.

  Then, when the officer selects and presses the approval button B1 using the keyboard 105 shown in FIG. 2 in order to approve the transaction having the contents shown in FIG. The personal authentication process as a part is started.

  FIG. 7 is a flowchart showing the procedure of the personal authentication process executed in the officer's terminal 30.

  In FIG. 7, the left side shows a flowchart showing the procedure in the notebook PC 100, and the right side shows the flowchart showing the procedure in the authentication device 200.

  When the personal authentication process shown in FIG. 7 is started, in the notebook PC 100 shown in FIG. 2, the authentication pattern determination unit 101b determines an authentication pattern and stores the determined authentication pattern in the authentication pattern storage unit 102b (step S1). S302).

  Here, the authentication pattern is a pattern obtained by arranging three of the numbers of the finger numbers “1” to “10” associated with each finger. For example, the pattern is “1, 2, 3” or “8, 4, 5”. The authentication pattern determination unit 101b randomly determines this authentication pattern every time the personal authentication process is executed. Here, it is assumed that “2, 3, 8” is determined as the authentication pattern and is stored in the authentication pattern storage unit 102b as shown in FIG.

  Next, the approval control unit 101a transmits the determined authentication pattern “2, 3, 8” to the authentication device 200 via the input / output interface unit 103 (step S304), and sets 1 to the variable n. (Step S306).

  As described above, in the personal authentication process of the present invention, authentication is performed using a plurality (three) of finger vein patterns. The variable n is a variable indicating how many fingers are currently authenticated by the vein pattern. Therefore, first, “1” indicating the first is substituted into the variable n.

  Next, the approval control unit 101a reads the authentication pattern stored in the authentication pattern storage unit 102b, and instructs the user to place the finger corresponding to the nth finger number in this authentication pattern at a predetermined shooting position. The approver authentication screen is displayed on the display unit 106 (step S308).

  Specifically, as described above, when “2, 3, 8” is stored in the authentication pattern storage unit 102b as the authentication pattern and “1” is substituted as the variable n, the approval control unit 101a extracts the first finger number “2” from the authentication pattern. Then, the approval control unit 101a reads the finger number table TB from the finger number table storage unit 102a, and extracts the finger name corresponding to the finger number “2” using the finger number table TB.

  As shown in FIG. 3, since the finger name corresponding to the finger number “2” is “right hand index finger”, the approval control unit 101a extracts the finger name “right hand index finger”. Then, the approval control unit 101a causes the display unit 106 to display an approver authentication screen for the “right hand index finger”.

  FIG. 8 is an explanatory diagram showing an approver authentication screen displayed on the display unit 106.

  As shown in FIG. 8, the approver authentication screen is provided with a designated finger display unit H1, and is a screen for instructing the user to place the finger displayed on the designated finger display unit H1 at a predetermined shooting position. Then, as described above, when the “right hand index finger” is extracted from the finger number table TB, the approval control unit 101a displays, on the display unit 106, the approver authentication screen displaying “right hand index finger” on the designated finger display unit H1. Display.

  Returning to FIG. 7, in the notebook PC 100, the approval control unit 101 a transmits a display completion notification indicating that the approver authentication screen is displayed on the display unit 106 to the authenticator 200 via the input / output interface unit 103. (Step S309).

  On the other hand, in the authentication device 200, the integrated control unit 201a receives the authentication pattern “2, 3, 8” transmitted from the notebook PC 100 and stores it in the memory 203 (step S402).

  Next, in the authentication device 200, the determination unit 251a substitutes 1 for the variable n (step S404). Since this variable n is the same as the variable n in the process of step S306 described above, the description thereof is omitted.

  Next, in the authentication device 200, the integrated control unit 201a determines whether a display completion notification has been received from the notebook PC 100 (step S405). As described above, when the approval control unit 101a transmits a display completion notification in the process of step S309, the integrated control unit 201a receives the display completion notification via the input / output interface unit 204 and determines that it has been received. It will be. In this case, the integrated control unit 201a instructs the photographing unit 210 to determine whether or not the finger is placed at the predetermined shooting position, and the photographing unit 210 determines whether or not the finger is placed at the predetermined photographing position. A determination is made (step S406).

  As described above, since the approver authentication screen for instructing to place the “right hand index finger” is displayed on the display unit 106 in the notebook PC 100, the officer who viewed the screen takes a picture of the right hand index finger. Will be placed in position.

  When the officer places the right index finger at the predetermined shooting position, the shooting unit 210 senses that the finger has been placed at the predetermined shooting position by a sensor (not shown) and determines that the finger has been placed. In this case, the image capturing unit 210 captures the finger and stores the image data of the obtained finger image in the memory 203 (step S408).

  Next, in the authentication device 200, the extraction unit 201b reads out the image data obtained earlier from the memory 203, extracts a vein pattern based on the read image data, and stores the vein pattern data in the memory 203. (Step S410).

  Next, in the authentication device 200, the determination unit 251a reads the authentication pattern from the memory 203, and reads and decodes the registered vein pattern data corresponding to the nth finger number in the authentication pattern from the vein pattern data storage unit 251b. Further, the vein pattern data stored earlier is read from the memory 203, and it is determined whether or not the vein patterns represented by the read data match each other (step S412).

  Specifically, as described above, since “1” is assigned to the variable n, the determination unit 251a extracts the first finger number “2” in the authentication pattern “2, 3, 8”. Accordingly, the determination unit 251a reads and decodes the second registered vein pattern data stored in the registered vein pattern data stored in the vein pattern data storage unit 251b.

  Here, as shown in FIG. 4, since the second registered vein pattern data stored in the vein pattern data storage unit 251b is the registered vein pattern data of the right hand index finger, the determination unit 251a uses the right hand index finger. The registered vein pattern data is read out.

  Therefore, as described above, when the officer places the right index finger at a predetermined position and the vein pattern data extracted based on the finger image of the right index finger is stored in the memory 203, the determination unit 251a determines that “ It is determined that they match.

  Next, in the authentication device 200, the determination unit 251a passes the determination result obtained by the process of step S412 to the integrated control unit 201a, and the integrated control unit 201a passes the determination result via the input / output interface unit 204. To the notebook PC 100 (step S414).

  As described above, when the determination unit 251a determines “match” as a result of the process in step S412, the determination result “match” is transmitted to the notebook PC 100.

  Next, in the authentication device 200, the determination unit 251a determines whether or not the determination result is “match” (step S416). As described above, when it is determined that “match”, the determination unit 251a determines that the determination result is “match”.

  In this case, in the authentication device 200, the determination unit 251a determines whether or not the variable n is 3 (step S418). As described above, immediately after the authentication for the first finger is performed, the variable n is “1” substituted in the process of step S404. Therefore, the determination unit 251a determines that the variable n is not 3, and in this case, the determination unit 251a substitutes n + 1 for the variable n (step S420).

  When the variable n is 1 as described above, the variable n is “2” as a result of the process of step S420. Then, after the process of step S420, as shown in FIG. 7, the process returns to the process of step S405 described above, and the integrated control unit 201a determines whether a display completion notification has been received from the notebook PC 100.

  On the other hand, in the notebook PC 100, after the approver authentication screen for the first finger is displayed on the display unit 106 and the display completion notification is transmitted to the authentication device 200, the approval control unit 101 a receives the determination result from the authentication device 200. Is determined (step S310).

  As described above, when the determination result “match” is transmitted from the authentication device 200, the approval control unit 101a receives the determination result via the input / output interface unit 103. It is determined that it has been received. In this case, the approval control unit 101a further determines whether or not the received determination result is “match” (step S312).

  As described above, when the approval control unit 101a receives the determination result “matching”, it is determined that the determination result is “matching”. In this case, the approval control unit 101a determines whether or not the variable n is 3 (step S314).

  As described above, when the determination result for the first finger is received from the authentication device 200, the variable n is “1” substituted in the process of step S306. Therefore, the approval control unit 101a determines that the variable n is not 3. In this case, the approval control unit 101a substitutes n + 1 for the variable n (step S316).

  As described above, when the variable n is 1, the variable n becomes “2” as a result of the process of step S316. Then, after the processing of step S316, as shown in FIG. 7, the approval control unit 101a performs the processing of step S308 and step S309 described above, and this time the display unit displays the approver authentication screen for the second finger. The display completion notification is transmitted to the authentication device 200.

  As described above, since the variable n is “2”, the approval control unit 101a extracts the second finger number “3” of the authentication patterns “2, 3, 8” in the process of step S308. . Then, the approval control unit 101a extracts the finger name “right hand middle finger” corresponding to the finger number “3” using the finger number table TB, and displays the approver authentication screen for “right hand middle finger” on the display unit 106. Let

  FIG. 9 is an explanatory diagram showing an approver authentication screen for the second finger in the personal authentication process by the officer. The layout and the like are the same as those of the approver authentication screen shown in FIG.

  As described above, when the approval control unit 101a extracts the “right hand middle finger” from the finger number table TB, the “right hand middle finger” is displayed on the designated finger display unit H1, as shown in FIG. Then, the officer who looks at the approver authentication screen places the middle finger of the right hand at the predetermined photographing position.

  Here, as described above, in the authentication device 200, the integrated control unit 201a determines whether the display completion notification is received from the notebook PC 100 (step S405). If a display completion notification is transmitted from the approval control unit 101a after the approver authentication screen for the finger is displayed on the display unit 106, the integrated control unit 201a determines that it has been received.

  In this case, as in the case of the first finger described above, the photographing unit 210 determines whether or not the finger is placed at a predetermined photographing position (step S406), and the officer is in the right hand as described above. When the middle finger is placed at a predetermined position for photographing, the middle finger of the right hand is photographed and image data of the finger image is stored in the memory 203 (step S408), and the extraction unit 201b extracts the finger vein pattern data. It is stored in the memory 203 (step S410).

  In the authentication device 200, the determination unit 251a then converts the registered vein pattern data corresponding to the second finger number “3” in the authentication pattern “2, 3, 8” into the vein pattern as the process of step s412. It reads out from the data storage unit 251b, decodes it, and further reads out the vein pattern data for the middle finger of the right hand stored earlier from the memory 203, and determines whether or not the vein patterns represented by these read data match each other.

  As shown in FIG. 4, since the third registered vein pattern data stored in the vein pattern data storage unit 251b is the registered vein pattern data of the right hand middle finger, the determination unit 251a uses the registered vein pattern of the right hand middle finger. Data is read and decoded.

  Then, as described above, when the officer places the middle finger of the right hand at the predetermined shooting position and the vein pattern data extracted based on the finger image of the middle finger of the right hand is stored in the memory 203, the determination unit 251a Judge as “match”.

  Therefore, in this case, the integrated control unit 201a transmits the determination result “match” to the notebook PC 100 via the input / output interface unit 204 as in the case of the first finger (step S414). . In addition, the determination unit 251a determines that the determination result is “match” in the process of step S416.

  Here, since the variable n is “2”, the determination unit 251a determines that the variable n is not 3 in the process of step S418, and substitutes 3 for the variable n in the process of step S420. Then, the process returns to step S405 again, and the integrated control unit 201a determines whether a display completion notification has been received from the notebook PC 100.

  On the other hand, in the notebook PC 100, the approval control unit 101 a displays an approver authentication screen for the second finger on the display unit 106 and transmits a display completion notification to the authentication device 200. Is determined (step S310).

  As described above, when the determination result for the second finger is transmitted from the authenticator 200, the determination result is “match” as in the case of the first finger. Then, the processes of steps S310 to S316 described above are performed.

  As a result, the variable n changes from 2 to 3, and the approval control unit 101a sets the finger name “middle finger of the left hand” corresponding to the third finger number “8” in the authentication pattern “2, 3, 8”. The finger number table TB is extracted, and the approver authentication screen for the third finger “middle finger on the left hand” is displayed on the display unit 106. Further, the approval control unit 101a transmits a display completion notification to the authentication device 200.

  FIG. 10 is an explanatory diagram showing an approver authentication screen for the third finger in the personal authentication process by the officer. The layout and the like are the same as those of the approver authentication screen shown in FIG.

  As described above, when the approval control unit 101a extracts the “left hand middle finger” from the finger number table TB, the “left hand middle finger” is displayed on the designated finger display unit H1, as shown in FIG. Then, the officer who looks at the approver authentication screen places the middle finger of the left hand at the predetermined position for photographing.

  In this case, in the authentication device 200, after determining that the integrated control unit 201a has received the display completion notification, the imaging unit 210 determines that a finger has been placed (step S406), and the 3 is placed at the predetermined shooting position. The finger is photographed and image data of the finger image is stored in the memory 203 (step S408), and the extraction unit 201b extracts the finger vein pattern data and stores it in the memory 203 (step S410).

  Then, in the authentication device 200, the determination unit 251a, as the process of step S412, next converts the registered vein pattern data corresponding to the third finger number “8” in the authentication pattern “2, 3, 8” to the vein pattern. It reads out from the data storage unit 251b and decodes it, and further reads out the vein pattern data for the left middle finger stored earlier from the memory 203, and determines whether or not the vein patterns represented by these read data match each other.

  As shown in FIG. 4, since the eighth registered vein pattern data stored in the vein pattern data storage unit 251b is registered vein pattern data of the left hand middle finger, the determination unit 251a uses the registered vein pattern of the left hand middle finger. Data is read and decoded.

  As described above, when the officer places the left finger middle finger at a predetermined position and the vein pattern data extracted based on the finger image of the left hand middle finger is stored in the memory 203, the determination unit 251a Judge as “match”.

  In this case, the integrated control unit 201a transmits a determination result “match” to the notebook PC 100 via the input / output interface unit 204 (step S414). In addition, the determination unit 251a determines that the determination result is “match” in the process of step S416.

  Here, since the variable n is “3”, unlike the case of the first and second fingers described above, the determination unit 251a determines that the variable n is 3 in the process of step S418. In this case, the personal authentication process ends in the authentication device 200.

  On the other hand, in the notebook PC 100, the approval control unit 101a displays whether the determination result is received from the authenticator 200 after displaying the approver authentication screen for the third finger on the display unit 106 in the process of step S308. The determination is made (step S310).

  As described above, when the determination result for the third finger is transmitted from the authenticator 200, the determination result is also “match”, and thus the notebook PC 100 performs the processing from step S310 to step S314 described above. Will be performed.

  Here, since the variable n is 3, the approval control unit 101a determines that the variable n is 3 as a result of the process of step S314. In this case, the approval control unit 101a determines that the personal authentication has succeeded (step S318), and the personal authentication process ends.

  When the personal authentication process is completed as a result of determining “authentication success” as described above, in the notebook PC 100, the approval control unit 101a displays the approval result “approved” as the local area network LAN1 shown in FIG. Is sent to the contact person terminal 10 via.

  As a result, as described above, the contact person terminal 10 transmits the approval result “approved” and the execution instruction for the withdrawal process to the host computer 20, and the host computer 20 issues the output according to the execution instruction. Gold processing will be done.

A3. Verification of personal authentication processing by Service-to-Self:
In the above-described personal authentication process, the process when the person performing authentication is a legitimate person, that is, the officer, has been described. However, in the following, the individual when the person performing authentication is not a legitimate person but a malicious person Let's examine the authentication process.

  As a precondition for the personal authentication processing by the Service-to-Self, it is assumed that the Service-to-Self obtains the officer's IC card 250 illegally. Here, as described above, the registered vein pattern data of the officers stored in the IC card 250 is encrypted, and the Service-to-Self cannot decrypt the registered vein pattern data and cannot obtain it. To do.

  However, the Service-to-Self used the malicious program installed on the notebook PC 100 to illegally copy and obtain from the memory 203 the three vein pattern data extracted during the previous personal authentication by the officer. Shall. The three vein pattern data are the vein pattern data of “right hand index finger”, “right hand middle finger”, and “left hand middle finger”, which are sequentially extracted in the case of the personal authentication process by the officer described above. To do.

  However, when these vein pattern data are stored in order in the memory 203, which vein pattern of the finger is not explicitly stored. Accordingly, the Service-to-Self cannot know which finger vein pattern data each of the three illegally obtained vein pattern data is.

  Then, it is assumed that the Service-to-Self log in the officer's terminal 30 by inserting the IC card 250 of the officer's illegally obtained into the card slot 220. The other premise is the same as the personal authentication process by the above-mentioned officer, and the description is omitted.

  Under this assumption, when the Service-to-Self selects and presses the approval button B1 on the approval execution screen shown in FIG. 6, personal authentication processing is started.

  When the personal authentication processing is started, as described above, in the notebook PC 100, the processing of steps S302 to S309 is performed, the authentication pattern is determined and transmitted to the authentication device 200, and approved by the display unit 106. The person authentication screen is displayed, and a display completion notification is transmitted to the authenticator 200. It is assumed that the determined authentication pattern is “5, 2, 4” this time.

  On the other hand, in the authenticator 200, after the processing of step S402 to step S405 is performed, as the processing of step S406, the photographing unit 210 determines whether or not the finger is placed at a predetermined photographing position.

  Here, instead of placing the finger at a predetermined position, the Service-to-Self places the first vein pattern data among the three vein pattern data obtained illegally, that is, the vein pattern data of the right index finger of the officer in the memory 203. It shall be memorized.

  In such a case, since the finger is not placed at the predetermined photographing position, the photographing unit 210 does not photograph, and the extracting unit 201b does not extract the vein pattern data, but the vein pattern data is stored in the memory 203. Therefore, the determination unit 251a performs the process of step S412.

  Here, since the variable n is “1” and the authentication pattern is “5, 2, 4”, the determination unit 251a is different from the personal authentication process by the officer described above from the vein pattern data storage unit 251b. Then, the registered vein pattern data of the right hand little finger is read and decoded.

  Therefore, the determination unit 251a uses the right hand little finger registered vein pattern data obtained by the decryption and the vein pattern data of the officer's right hand index finger stored in the memory 203 by the Service-to-Self. Since it is determined whether or not the vein patterns represented by each match each other, it is determined that they do not match.

  In this case, unlike the above-described personal authentication process by the officer, in the authentication machine 200, the integrated control unit 201a transmits a determination result “not matched” to the notebook PC 100 in the process of step S414, and the determination unit 251a. In step S416, it is determined that the determination result is not “match”, and the personal authentication process ends.

  On the other hand, in the notebook PC 100, the approval control unit 101a receives the determination result “not matched” transmitted from the integrated control unit 201a as described above, and therefore the determination result “matches” in the process of step S312. It will be determined that it is not. In this case, the approval control unit 101a determines that the personal authentication has failed (step S320), and the personal authentication process ends.

  When the personal authentication process is completed by determining “authentication failure” as described above, in the notebook PC 100, the approval control unit 101a displays the approval result “approval failure” as the local area network LAN1 shown in FIG. Is sent to the contact person terminal 10 via.

  Upon receiving the approval result “approval failure”, the contact person terminal 10 does not transmit the execution instruction for the withdrawal process to the host computer 20. As a result, since the withdrawal process is not performed in the host computer 20, an illegal act such as embezzlement can be suppressed.

A4. Effects of the embodiment:
In the personal authentication process described above, the authentication pattern determination unit determines a finger corresponding to an authentication pattern (finger number) randomly determined every time the personal authentication process is performed as a finger to be determined as a vein pattern match target. ing. Therefore, even if the Service-to-Self illegally acquires the vein pattern data extracted when the officer performs personal authentication, the finger that was determined in such personal authentication and the determination target in the subsequent personal authentication Is not necessarily the same as the finger.

  Therefore, when the Service-to-Self attempts to perform personal authentication by storing the illegally acquired vein pattern data in the memory 203 instead of photographing his / her finger, the determination unit 251a uses the vein pattern data storage unit 251b. The registered vein pattern data to be read and the vein pattern data stored in the memory 203 by the Service-to-Self are unlikely to be different from each other.

  As a result, it is possible to suppress the approval control unit 101a from determining that the authentication has succeeded, and to transmit the approval result of “approval failure” to the contact person terminal 10 to suppress unauthorized transaction approval. it can.

  In the personal authentication process described above, three fingers are determined as the vein pattern matching determination target. Accordingly, for example, it is determined whether the registered vein pattern data read by the determination unit 251a from the vein pattern data storage unit 251b and the vein pattern data illegally acquired by the Service-to-Self and stored in the memory 203 all match. This can be made lower than the case where the target finger is one.

  Then, the approval control unit 101a determines that the authentication is successful for all three fingers when the authentication device 200 transmits a determination result that the extracted vein pattern matches the registered vein pattern. ing. Therefore, for example, in comparison with the case where only one finger is determined as a vein pattern matching determination target, it is more likely that the authorization control unit 101a determines that the authentication is successful in the unauthorized personal authentication by the Service-to-Self. Can be suppressed.

B. Variation:
The present invention is not limited to the above-described examples and embodiments, and can be implemented in various modes without departing from the gist thereof. For example, the following modifications are possible. .

B1. Modification 1:
In the personal authentication process in the above-described embodiment, authentication is performed with any three fingers of all fingers of the left and right hands. Some of the fingers may be determined in advance, and authentication may be performed using any three of the fingers.

  Specifically, for example, authentication may be performed with any three fingers of the five fingers of the right hand. Further, for example, authentication may be performed with any three fingers among the total of six fingers of the left and right hands, the thumb, the index finger, and the middle finger.

  In addition, you may make it authenticate not only with 3 fingers but with several fingers, such as 2 or 4 or more. Furthermore, the number of fingers to be authenticated may be changed depending on the person who is trying to authenticate and the transaction amount that is to be approved. For example, authentication may be performed with four fingers in the case of a certain officer, but authentication may be performed with three fingers in the case of another officer. For example, even for the same officer, if the transaction amount to be approved is less than 10 million yen, it will be authenticated with 3 fingers, and if it is 10 million yen or more, it will be authenticated with 4 fingers. May be.

B2. Modification 2:
In the embodiment described above, a finger used for authentication is randomly determined every time personal authentication is performed, and a plurality of fingers are used for authentication, and the order of authentication of these fingers is also determined randomly. However, the present invention is not limited to this.

  For example, a plurality of random authentication patterns may be determined in advance, and the plurality of authentication patterns may be used in order each time personal authentication is performed. Specifically, a plurality of random authentication patterns such as authentication patterns “2, 3, 8”, “5, 2, 4”, “1, 3, 6”, “10, 3, 7” are defined. These multiple authentication patterns may be used in order. Even in this case, it is possible to always avoid using a specific finger vein pattern.

B3. Modification 3:
In the above-described embodiment, for each of the three fingers used for authentication, the extraction of the vein pattern and the determination as to whether or not it matches the registered vein pattern are performed in the order in which they were photographed. It is not limited to this.

  For example, regarding the extraction of the vein pattern, it is not necessary to extract the vein pattern in the order in which the images are taken as long as the extracted vein pattern is clearly the vein pattern extracted from the captured finger image. In addition, regarding the above-described determination, the vein pattern may be extracted for all three fingers, and the above-described determination may be performed for each extracted vein pattern regardless of the order of photographing.

  In this case, when it is determined that any one of the extracted vein patterns does not match the registered vein pattern, the authentication device 200 transmits a determination result “not matching” to the notebook PC 100, and all the extracted vein patterns are extracted. When it is determined that the vein pattern matches the registered vein pattern, a determination result “match” may be transmitted to the notebook PC 100. The notebook PC 100 determines “authentication failure” when receiving a determination result “not matched” from the authenticator 200, and “authentication success” when receiving a determination result “match”. It may be determined that.

B4. Modification 4:
In the embodiment described above, as shown in FIG. 3, the finger numbers associated with the fingers of the left and right hands are the finger numbers “1” to “1” in the order of thumb, index finger, middle finger, ring finger, and little finger for the right hand. “5” is also associated with the finger numbers “6” to “10” in order in the same manner for each finger of the left hand, but the present invention is not limited to this. .

  For example, the order of the left and right hands is reversed. First, the left hand is associated with “1” to “5” in the order of thumb, index finger, middle finger, ring finger, and little finger, and then the same applies to each finger of the right hand. “6” to “10” may be associated with each other. Further, “1” to “10” may be associated in the order of right thumb, left thumb, right hand index finger, left hand index finger, right hand middle finger, left hand middle finger, right hand ring finger, left hand ring finger, right hand little finger, and left hand little finger.

  In addition, “1” to “10” are associated as finger numbers, but instead of “1” to “10”, other numbers such as “100” to “110” are associated. Also good. Furthermore, in the present invention, the finger number is not limited to a number as long as it is an identifier that can identify each finger, and any identifier may be used. For example, instead of numbers such as “1” to “10”, alphabets such as “A”, “B”, “C”,..., “J” may be associated.

B5. Modification 5:
In the above-described embodiment, the authentication pattern is determined by the notebook PC 100 (authentication pattern determination unit 101b). However, instead of this, the authentication machine 200 may determine the authentication pattern. For example, in the authentication device 200, the determination unit 251a may determine the authentication pattern.

  In this case, when the approval control unit 101a detects that the approval button B1 is pressed on the approval execution screen, the approval control unit 101a may transmit a start instruction for personal authentication processing to the determination unit 251a. Then, when the determination unit 251a receives a start instruction from the approval control unit 101a, the determination unit 251a may determine an authentication pattern and transmit the determined authentication pattern to the approval control unit 101a.

B6. Modification 6:
In the embodiment described above, the determination unit (determination unit 251a) that determines whether or not the registered vein pattern matches the extracted vein pattern is determined by the CPU (not shown) provided in the IC chip 251 with a predetermined program. Although it is assumed that it is a functional unit that functions by executing, the present invention is not limited to this. For example, the determination unit may be a functional unit that functions when the CPU 201 included in the authentication device 200 executes a predetermined program.

B7. Modification 7:
In the embodiment described above, after the authentication pattern is determined, the approval control unit 101a sequentially displays the approver authentication screen for each finger in order to instruct the user to place the finger at a predetermined shooting position according to the authentication pattern. However, the present invention is not limited to this.

  Specifically, for example, when the authentication pattern “2, 3, 8” is determined as described above, it corresponds to the finger number in this authentication pattern instead of the approver authentication screen shown in FIGS. A screen displaying all the finger names of “right hand index finger”, “right hand middle finger”, and “left hand middle finger” may be displayed on the display unit 106. In this case, the order in which these fingers should be placed may be displayed on the screen. In addition, every time a finger is placed, a message instructing the display unit 106 to place the next finger when an authentication result “matching” is transmitted from the authenticator 200 as an authentication result for that finger. May be displayed.

  Even in this way, the user can be instructed to place the finger corresponding to the finger number in the determined authentication pattern in order at the predetermined photographing position.

  When instructing a finger to be placed on the user, instead of displaying the finger name, an image of a hand may be displayed, and the finger to be placed in the image may be designated with an arrow icon or the like. . Furthermore, instead of the screen display such as the approver authentication screen, the user may be instructed by a voice message of a finger to be placed at a predetermined shooting position.

B8. Modification 8:
In the above-described embodiment, the authentication success or failure is determined by the approval control unit 101a in the notebook PC 100. Instead, the determination unit 251a performs the determination in the authentication device 200. It doesn't matter. In this case, the determination unit 251a may notify the approval control unit 101a of the determination result via the input / output interface unit 204.

B9. Modification 9:
In the embodiment described above, the officer's terminal 30 has a configuration in which the notebook PC 100 and the authentication device 200 are connected by the USB cable 150, but the present invention is not limited to this. The authentication machine 200 may be configured to be built in the notebook PC 100.

B10. Modification 10:
In the above-described embodiment, the officer's terminal 30 is used in a bank. However, the officer's terminal 30 is used not only in a bank but also in an organization that requires officer approval, such as a government office or a company other than a bank. It doesn't matter. The present invention is not limited to personal authentication of officers and can be widely used for personal authentication. For example, it can be used for personal authentication of a person who uses a credit card in a credit card settlement terminal or the like.

BRIEF DESCRIPTION OF THE DRAWINGS Explanatory drawing which shows the schematic structure of the transaction system to which the officer's terminal as one Example of this invention is applied. Explanatory drawing which shows the structure of the officer terminal 30. FIG. Explanatory drawing which shows typically the finger number table TB stored in the finger number table storage part 102a. Explanatory drawing which shows typically the registered vein pattern data stored in the vein pattern data storage part 251b. Explanatory drawing which shows the approval request list screen displayed on the display part. Explanatory drawing which shows the approval execution screen displayed on the display part. The flowchart which shows the procedure of the personal authentication process performed in the officer terminal 30. Explanatory drawing which shows the approver authentication screen displayed on the display part. Explanatory drawing which shows the approver authentication screen about the 2nd finger | toe in the personal authentication process by a board member. Explanatory drawing which shows the approver authentication screen about the 3rd finger in the personal authentication process by the officer.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Terminal person in charge terminal 20 ... Host computer 30 ... Officer's terminal 100 ... Notebook-type personal computer 101 ... CPU
DESCRIPTION OF SYMBOLS 101a ... Approval control part 101b ... Authentication pattern determination part 102 ... Memory 102a ... Finger number table storage part 102b ... Authentication pattern storage part 103 ... Input / output interface part 104 ... Hard disk drive 105 ... Keyboard 106 ... Display part 107 ... Internal bus 150 ... Cable 200 ... Authentication machine 201 ... CPU
201a ... Integrated control unit 201b ... Extraction unit 202 ... Card control unit 203 ... Memory 204 ... I / O interface unit 205 ... Internal bus 210 ... Imaging unit 220 ... Card slot 250 ... IC card 251 ... IC chip 251a ... Determination unit 251b ... Vein Pattern data storage unit 1000 ... Trading system LAN1 ... Local area network B1 ... Approval button H1 ... Designated finger display unit TB ... Finger number table

Claims (5)

A personal authentication device for performing personal authentication using a finger vein pattern,
A finger pattern is obtained by photographing a finger placed at a predetermined photographing position and obtaining a finger image, and extracting a vein pattern of the finger from the obtained finger image;
An order determining unit that determines a plurality of fingers to be imaged among the fingers of a user to be authenticated and an imaging order for capturing the plurality of fingers each time authentication is to be performed;
A user interface unit for instructing the user to place a plurality of fingers to be photographed at the predetermined photographing positions in accordance with the determined photographing order;
A storage unit that stores a registered vein pattern registered in advance for each of the user's fingers;
An authentication unit;
With
The vein pattern extraction unit photographs at least a finger placed at the predetermined photographing position each time the user interface unit instructs to place each of the plurality of fingers at the predetermined photographing position.
The authentication unit associates each vein pattern extracted from the photographed finger image with the plurality of fingers based on the order of photographing, and registers the plurality of fingers in advance for each finger. The registered vein pattern is read from the storage unit, and it is determined whether or not the read registered vein pattern matches the extracted vein pattern associated with the finger. apparatus. The personal authentication device according to claim 1,
The authentication unit determines, for each of the plurality of fingers, whether or not the read registered vein pattern matches the extracted vein pattern associated with the finger. If it is determined that one of the fingers does not match, it is determined that personal authentication has failed.
Personal authentication device. In the personal authentication device according to claim 1 or 2,
When determining the plurality of fingers and the shooting order, the order determining unit randomly determines the plurality of fingers and the shooting order each time authentication is performed.
Personal authentication device. The personal authentication device according to any one of claims 1 to 3, wherein the personal authentication device is used for authentication of the officer in the system that requires approval by the officer.
Personal authentication device. For a user's finger to be authenticated, a method for performing personal authentication in a personal authentication device including a storage unit that stores a registered vein pattern registered in advance,
A first step of determining a plurality of fingers to be photographed among the fingers of the user and a photographing order for photographing the plurality of fingers each time authentication is performed;
A second step of instructing the user to place a plurality of fingers to be photographed at predetermined photographing positions according to the determined photographing order;
In the instruction step, a third image is obtained in which a finger image is obtained by photographing at least a finger placed at the predetermined photographing position each time the plural fingers are instructed to be placed at the predetermined photographing position. Process,
A fourth step of extracting a vein pattern from each photographed finger image;
Each vein pattern extracted in the extraction step is associated with the plurality of fingers based on the order of photographing, and the registered vein pattern registered in advance for each of the plurality of fingers is stored in the registered vein pattern. A fifth step of reading from the storage unit and determining whether or not the read registered vein pattern matches the extracted vein pattern associated with the finger;
A personal authentication method comprising:

Images