JP2007199860A - Personal identification system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a personal identification system for acquiring user identification information to be stored by a medium without providing any reading device exclusive for a medium. <P>SOLUTION: This personal identification system is provided with a photographing means for photographing the face of a user; a biological information deciding means for identifying the user by collating biological information generated based on a face image acquired by photographing with preliminarily registered biological information; and a medium deciding means for identifying the user by collating user identification information acquired from the user with registered user identification information preliminarily stored in a storage means. This personal identification system is provided with a medium set as image mode information for optically reading user identification information and an image converting means for converting the image information read by the photographing means from the medium into user identification information. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a personal authentication system including authentication means using biometric information and authentication means using a medium storing personal identification information for identifying an individual in place of or in combination with biometric information.

Conventionally, the following techniques have been proposed as a personal authentication system including an authentication unit using biometric information and an authentication unit using a medium storing personal identification information.
(1) In the personal authentication system disclosed in Patent Document 1, when a user is first personally authenticated with biometric information, a card storing personal identification information is issued. After the card is issued, biometric information or It has a configuration for personally authenticating a user using one of the cards.
(2) Other personal authentication systems have a configuration in which a user is personally authenticated by a combined authentication of authentication using biometric information and authentication using a card storing personal identification information issued in advance.
(3) In still another personal authentication system, a user who has registered biometric information is authenticated by biometric information, and a user who is difficult to register biometric information (a user whose biometric information is unclear, temporary For example, a card storing personal identification information is issued to a user whose biometric information is not registered for use), and the user who is not registered with biometric information is personally authenticated by using the card. .
JP 2005-44252 A

  Such a personal authentication system is used, for example, in an entrance / exit management system and the like, and since it is possible to use a medium such as a magnetic card in addition to biometric information, it is excellent in user convenience.

  However, in the above-described conventional personal authentication system, since a magnetic card or IC card storing personal identification information is used in combination, a card dedicated to reading personal identification information stored in the card in addition to the biometric information acquisition means There is a problem that it is necessary to provide a reader and the system configuration becomes expensive.

  In view of the above problems, an object of the present invention is to provide a personal authentication system including an authentication unit using biometric information and an authentication unit using a medium storing personal identification information for identifying an individual instead of or in combination with biometric information. An object of the present invention is to provide a personal authentication system capable of reading personal identification information stored in a medium without installing a medium-specific information reading device.

The present invention adopts the following configuration in order to solve the above points.
The personal authentication system according to the present invention checks whether or not the user is the person by collating the photographing means for photographing the face of the user, the biometric information generated based on the face image obtained by photographing and the pre-registered biometric information. Biometric information determination means for determining whether the user is the user by comparing the user identification information acquired from the user with the registered user identification information stored in the storage means in advance. A medium provided as image form information capable of optically reading the user identification information, and an image conversion means for converting the image information read from the medium by the photographing means into the user identification information. Features.

  In the above configuration, the medium is provided with user identification information as a one-dimensional barcode.

  The medium is characterized in that user identification information is provided as a two-dimensional barcode.

  The medium is characterized in that the user identification information is provided as a character string composed of numerals and characters.

  The medium is characterized in that user identification information is provided as a dedicated code created for a personal authentication system.

  The medium is characterized in that user identification information is provided as a digital watermark.

  According to the present invention, in a personal authentication system that captures an image of a person to be identified by an image capturing device to acquire image information and generates biometric information from the image information, a medium on which user identification information is displayed in an image form is captured by the image capturing device. Since the user identification information is generated from the obtained image data, the user identification information held on the medium can be acquired without providing a reader dedicated to the medium.

  Hereinafter, embodiments of the present invention will be described in detail using examples.

<Configuration of Example 1>
As shown in FIG. 1, the personal authentication system according to the first embodiment of the present invention includes a registration device 100, a host device 200 connected to the registration device 100 via a network 400, and an authentication device 300. ing. Here, the personal authentication system of the present invention is used, for example, in an unlocking system of an electric door of a company building or a research facility.

  For simplicity, only one authentication device 300 is shown in FIG. 1, but a number of authentication devices 300 having the same functions as the authentication device 300 are connected to the network 400. .

  The registration device 100 is a device operated by a person who desires registration within or outside the company to perform registration procedures as a user of the personal authentication system, and controls the communication unit 101 connected to the network 400 and the entire device. Control unit 102, display unit 103, input unit 104, temporary storage unit 105, imaging unit 106, biometric information generation unit 107, biometric information registration determination unit 108, identification code generation unit 109, and card issuance Unit 110.

  The control unit 102 of the registration apparatus 100 executes a memory control program (not shown) and displays an input instruction screen on the display unit 103 for allowing a registration applicant to input personal identification information (ID number or name and company name). Display.

  The registration applicant inputs identification information (ID number or name and company name) using a touch panel or buttons provided in the input unit 104.

  When the identification information (ID number or name and company name) is input from the input unit 104, the control unit 102 transmits the identification information to the host device 200.

  When the control unit 102 acquires in-house user information (to be described later) from the host device 200, the control unit 102 stores the in-house user information in the temporary storage unit 105 and instructs the image capturing unit 106 to perform image capturing. Further, the control unit 102 instructs the photographing and executes a memory control program (not shown) to cause the display unit 103 to display a photographing notification screen for notifying the registration applicant that the face is photographed.

  On the other hand, when acquiring the external user information described later from the host device 200, the control unit 102 stores the external user information in the temporary storage unit 105 and instructs the identification code generation unit 109 to generate an identification code.

  The photographing unit 106 includes a camera for photographing a registration applicant who operates the registration apparatus 100. When a photographing instruction is received, the photographing unit 106 photographs the face of the registration applicant with the camera and acquires face image information.

  When the photographing unit 106 acquires face image information, the control unit 102 instructs the biological information generation unit 107 to generate biological information.

  When receiving the biometric information generation instruction, the biometric information generation unit 107 extracts the eye image from the face image information acquired by the imaging unit 106 and generates iris information indicating the feature of the iris.

  When the biometric information generation unit 107 generates iris information, the control unit 102 instructs the biometric information registration determination unit 108 to perform biometric information registration determination.

  When receiving the biometric information registration determination instruction, the biometric information registration determination unit 108 measures the clarity of the iris information generated by the biometric information generation unit 107 and determines whether the iris information can be registered as user authentication information. To do. The sharpness value of the iris information that can be registered is set for each system. When the biometric information registration determination unit 108 determines that biometric information can be registered, the control unit 102 transmits the internal user information held in the temporary storage unit 105 and the generated iris information to the host device 200.

  On the other hand, when the biometric information registration determination unit 108 determines that biometric information registration is not possible, the control unit 102 instructs the identification code generation unit 109 to generate an identification code.

  Upon receiving the identification code generation instruction, the identification code generation unit 109 assigns “authentication means = card” information to the user information (internal user information or external user information) acquired from the host device 200, and codes Convert and generate an optically readable identification code. Here, the identification code is a one-dimensional barcode, a two-dimensional barcode, a character string, a dedicated code dedicated to a personal authentication system, or the like.

  When the identification code generation unit 109 generates an identification code, the control unit 102 instructs the card issuing unit 110 to issue a card.

  Upon receiving the card issuance instruction, the card issuing unit 110 prints and displays the identification code generated by the identification code generating unit 109 on the card surface, and issues the card. When the card issuing unit 110 finishes issuing the card, the control unit 102 generates a card issuance end signal, and transmits the user information held in the temporary storage unit 105 and the generated card issued signal to the host device 200. To do. FIG. 4 shows an example of the card of the present invention.

  4A is an example of a card displaying a two-dimensional barcode, FIG. 4B is an example of a card displaying a one-dimensional barcode, and FIG. 4C is an example of a card displaying a character string. Yes, (d) is an example of a card displaying a dedicated code. Here, the human eye recognizes the dedicated code displayed on the card as a figure like the one-dimensional barcode and the two-dimensional barcode, but cannot read the identification information from the dedicated code.

  When the control unit 102 receives an in-house user information registration disable signal (to be described later) from the host device 200, the control unit 102 executes a memory control program (not shown) to notify the registration applicant that registration is not possible as an in-house user. A notification screen is displayed on the display unit 103, and the user registration process is stopped.

  When the control unit 102 obtains an in-house user information registered signal (to be described later) from the host device 200, the control unit 102 executes a memory control program (not shown) and displays a notification screen for notifying that the user has already been registered as an in-house user. The information is displayed on the display unit 103 and the processing is stopped.

  In addition, when the control unit 102 obtains an outside user information registration impossible signal described later from the host device 200, the control unit 102 executes a memory control program (not shown) and displays a notification screen notifying that registration as an internal user is not possible. The information is displayed on the unit 103 and the processing is stopped.

  Further, when the control unit 102 obtains an external user information registered signal to be described later from the host device 200, the control unit 102 executes a memory control program (not shown) and displays a notification screen for notifying that it has already been registered as an external user. The information is displayed on the display unit 103 and the processing is stopped.

  When the control unit 102 obtains a card registration completion signal (to be described later) from the host device 200, the control unit 102 executes a memory control program (not shown) to notify a registration applicant to use the card issued as an authentication unit. Displayed on the display unit 103, the user registration process is terminated.

  On the other hand, when the control unit 102 obtains an iris information registration completion signal (to be described later) from the host device 200, the control unit 102 executes a memory control program (not shown) and displays a notification screen on the display unit 103 to notify the use of iris information as an authentication unit. Display and finish the process.

  The host device 200 is a device that registers a user in response to a request from the registration device 100 and authenticates the user in response to a request from the authentication device 300, and is a communication unit connected to the network 400. 201, a control unit 202 that controls the entire apparatus, a temporary storage unit 203, a user information DB 204, a user information management unit 205, a biological information DB 206, a biological information management unit 207, and a user registration determination unit. 208 and a user verification determination unit 209.

  When the control unit 202 acquires the identification information (ID number) from the registration device 100, the control unit 202 instructs the user registration determination unit 208 to determine the in-house user. In addition, when acquiring the identification information (name and company name), the control unit 202 instructs the user registration determination unit 208 to perform external user determination.

  The user information DB 204 holds user information of the personal authentication system, and includes an internal user information DB that holds information on internal users and an external user information DB that holds information on external users. Has been. FIG. 2 shows an example (part 1) of the in-house user information DB, and FIG. 3 shows an example of the in-house user information DB.

  A user information management unit 205 manages user information held in the user information DB 204. Upon receiving an external user information new registration instruction to be described later, the user information management unit 205 generates new external user information and stores it in the user information DB 204.

  When acquiring the user information and the card issuance end signal from the registration device 100, the control unit 202 instructs the user information management unit 205 to update the card issuance user information.

  Upon receiving an instruction to update the card issuing user information, the user information management unit 205 searches the user information DB 204 based on the user information acquired from the registration device 100, and sets the “authentication means” for the user information. Change from unregistered to card.

  When the user information management unit 205 changes the “authentication unit” of the user information from unregistered to a card, the control unit 202 generates a card registration completion signal and transmits the card registration completion signal to the registration device 100. To do.

  On the other hand, when receiving a biometric information new registration signal (to be described later) from the control unit 202, the user information management unit 205 searches the user information DB 204 based on the in-house user information acquired from the registration device 100, and the user information The “authentication means” is changed from unregistered to iris information.

  When the user information management unit 205 changes the “authentication means” of the user information from unregistered to iris information, the control unit 202 generates an iris information registration completion signal and registers the iris information registration completion signal. Transmit to device 100.

  The biometric information DB 206 stores the ID number of the in-house user who registered the iris information as the authentication unit in the registration apparatus 100 and the iris information of the in-house user in association with each other.

  When the control unit 202 acquires the in-house user information and the iris information from the registration device 100, the control unit 202 instructs the biometric information management unit 207 to register biometric information.

  When receiving the biometric information registration instruction, the biometric information management unit 207 associates the ID number of the in-house user information acquired from the registration device 100 with the iris information and stores it in the biometric information DB 206 as new biometric information. When the biometric information management unit 207 finishes storing, the control unit 202 generates a new biometric information registration signal and transmits the biometric information new registration signal to the user information management unit 205.

  Upon receiving an in-house user determination instruction, the user registration determination unit 208 searches the user information DB 204 and holds in-house user information corresponding to the ID number acquired from the registration device 100. If the user information is “authentication means = unregistered”, it is determined that internal user registration is possible, and if the authentication means for the internal user information has been registered, it is determined that internal user registration has been completed.

  In addition, when receiving the in-house user determination instruction, the user registration determination unit 208 searches the user information DB 204, and if the in-house user information corresponding to the ID number acquired from the registration device 100 is not held, It is determined that internal user registration is not possible.

  When the user registration determination unit 208 determines that internal user registration is possible, the control unit 202 searches the user information DB 204 and transmits internal user information corresponding to the ID acquired from the registration device 100 to the registration device 100. .

  When the user registration determination unit 208 determines that the in-house user registration is not possible, the control unit 202 generates an in-house user registration disable signal and transmits the in-house user registration disable signal to the registration apparatus 100. When the user registration determination unit 208 determines that the in-house user has been registered, the control unit 202 generates an in-house user registration signal and transmits the in-house user registration signal to the registration apparatus 100.

  On the other hand, when receiving an instruction for external user determination, the user registration determination unit 208 searches the user information DB 204, and the transaction company information corresponding to the company name acquired from the registration device 100 is stored in the transaction company information DB (not shown). If the external user information corresponding to the name and company name acquired from the registration apparatus 100 is not held, it is determined that external user registration is possible, and if the external user information is held, the external user information is retained. It is determined that the user has been registered.

  In addition, when receiving an instruction for external user determination, the user registration determination unit 208 searches the user information DB 204 and stores the company information corresponding to the company name acquired from the registration apparatus 100 in a transaction company information DB (not shown). If not, it is determined that external user registration is not possible.

  When the user registration determination unit 208 determines that external user registration is possible, the control unit 202 instructs the user information management unit 205 to register new external user information.

  When the user information management unit 205 stores new external user information in the user information DB 204, the control unit 202 transmits the new external user information to the registration apparatus 100.

  When the user registration determination unit 208 determines that external user registration is not possible, the control unit 202 generates an external user registration disable signal and transmits the internal user registration disable signal to the registration device 100. When the user registration determining unit 208 determines that the external user has been registered, the control unit 202 generates an external user registered signal and transmits the internal user registered signal to the registration apparatus 100.

  When acquiring the identification information from the authentication device 300, the control unit 202 instructs the user verification determination unit 209 to perform identification information verification determination. In addition, when the control unit 202 acquires the iris information from the authentication device 300, the control unit 202 instructs the user verification determination unit 209 to perform the iris information verification determination.

  When receiving the identification information verification determination instruction, the user verification determination unit 209 searches whether the user information corresponding to the acquired identification information is stored in the user information DB 204. And the user collation determination part 209 will determine with collation matching, if applicable user information is hold | maintained by user information DB204. Further, the user verification determination unit 209 determines that the verification does not match if the corresponding user information is not held in the user information DB 204.

  On the other hand, when the user verification determination unit 209 receives the iris information verification determination instruction, the user verification determination unit 209 searches whether or not the registered iris information that matches the acquired iris information is held in the biometric information DB 206. And the user collation determination part 209 will determine with collation coincidence, if the corresponding registration iris information is hold | maintained by biometric information DB206. Further, the user verification determination unit 209 determines that the verification does not match if the corresponding registered iris information is not held in the biometric information DB 206.

  When the user verification determination unit 209 determines that the verification matches, the control unit 202 generates a verification match signal and transmits the verification match signal to the authentication device 300. When the user verification determination unit 209 determines that the verification does not match, the control unit 202 generates a verification mismatch signal and transmits the verification mismatch signal to the authentication device 300.

  The authentication device 300 is a device that is operated by a person to be identified in order to authenticate the user of the personal authentication system, and includes a communication unit 301 connected to the network 400 and a control unit 302 that controls the entire device. A display unit 303, an input unit 304, a temporary storage unit 305, a photographing unit 306, an identification information reading unit 307, and a biological information generation unit 308.

  The control unit 302 executes a memory control program (not shown) and causes the display unit 303 to display a procedure selection screen that allows the identification target person to select a user verification unit (iris information or a card).

  The person to be identified selects the user verification means (iris information or card) using the touch panel or button provided in the input unit 304.

  When the identification target person selects card use via the input unit 304, the control unit 302 instructs the photographing unit 306 to perform card photographing. Then, the control unit 302 executes a memory control program (not shown) at the same time as the card shooting instruction, and causes the display unit 303 to display a shooting instruction screen that allows the identification target person to present the card in front of the camera.

  On the other hand, when the person to be identified selects the use of iris information via the input unit 304, the control unit 302 instructs the photographing unit 306 to take a face. Then, the control unit 302 executes a memory control program (not shown) at the same time as the face photographing instruction, and causes the display unit 303 to display a photographing instruction screen that causes the identification target person to stare at the camera.

  When receiving the card shooting instruction, the shooting unit 306 takes a card presented by the person to be identified with the provided camera, and acquires a card image.

  When the photographing unit 306 acquires the card image, the control unit 302 instructs the identification information reading unit 307 to read the identification information.

  When the identification information reading unit 307 receives the identification information reading instruction, the identification information reading unit 307 extracts the identification code image from the card image acquired by the photographing unit 306, decodes the identification code from the identification code image, and acquires the identification information.

  When the identification information reading unit 307 acquires the identification information, the control unit 302 transmits the identification information to the host device 200.

  On the other hand, when receiving an instruction for photographing a face, the photographing unit 306 photographs the face of the person to be identified with the provided camera and acquires a face image.

  When the photographing unit 306 acquires a face image, the control unit 302 instructs the biometric information generation unit 308 to generate biometric information.

  Upon receiving the biometric information generation instruction, the biometric information generation unit 308 extracts an eye image from the face image acquired by the imaging unit 306 and generates iris information indicating the feature of the iris.

  When the biometric information generation unit 308 generates iris information, the control unit 302 transmits the iris information to the host device 200.

  Then, when the control unit 302 obtains the collation match signal from the host device 200, the control unit 302 executes a memory control program (not shown) and displays a notification screen on the display unit 303 to notify the identification target person that the authentication is successful. For example, use of a device (not shown) is permitted.

  In addition, when the control unit 302 acquires a verification mismatch signal from the host device 200, the control unit 302 executes a memory control program (not shown), causes the display unit 303 to display a notification screen notifying that authentication has failed, and cancels the authentication process. To do.

<Operation of Example 1>
Next, the user registration operation of the first embodiment of the personal authentication system of the present invention will be described.

  First, an operation for registering an external user as a system user will be described.

  When a sensor (not shown) of the registration apparatus 100 detects an external user, the control unit 102 executes a memory control program (not shown) and causes the external user to input identification information (name and company name). Is displayed on the display unit 103 (step S101).

  When an external user refers to the screen and inputs identification information (name and company name) via the input unit 104 (step S102), the control unit 102 sends the input identification information to the host device via the communication unit 101. 200.

  When acquiring the identification information (name and company name), the control unit 202 of the host device 200 stores the identification information in the temporary storage unit 203. Then, the control unit 202 instructs the user registration determination unit 208 to perform external user determination.

  Upon receiving an external user determination instruction, the user registration determination unit 208 searches the user information DB 204, and the transaction company information corresponding to the company name acquired from the registration apparatus 100 is held in a transaction company information DB (not shown). If the external user information corresponding to the name and the company name acquired from the registration apparatus 100 is not held, it is determined that external user registration is possible.

  When the user registration determination unit 208 determines that external user registration is possible, the control unit 202 instructs the user information management unit 205 to register new external user information.

  Upon receiving an instruction for new external user information registration, the user information management unit 205, for example, new external user information (an arbitrarily set ID number, a name acquired from the registration device 100, a registration, as shown in FIG. 3). Transaction company information (company name, company phone number, company address), authentication means = unregistered) based on the company name acquired from the apparatus 100 is generated (step S103) and stored in the user information DB 204.

  When the user information management unit 205 finishes storing, the control unit 202 transmits the generated new external user information to the registration apparatus 100 via the communication unit 201.

  When acquiring the external user information, the control unit 102 of the registration apparatus 100 stores the information in the temporary storage unit 105 and instructs the identification code generation unit 109 to generate an identification code.

  Upon receiving the identification code generation instruction, the identification code generation unit 109 converts the code by adding “authentication means = card” information to the external user information held in the temporary storage unit 105, and optically readable two-dimensional A bar code is generated (step S104).

  When the identification code generation unit 109 generates a two-dimensional barcode, the control unit 102 stores the two-dimensional barcode in the temporary storage unit 105 and instructs the card issuing unit 110 to issue a card. Then, the control unit 102 instructs the card issuance, executes a memory control program (not shown), and causes the display unit 103 to display a notification screen for notifying the card issuance.

  Upon receiving the card issuance instruction, the card issuing unit 110 prints and displays the two-dimensional barcode held in the temporary storage unit 105 on the card surface, and issues the card (step S105).

  When the card issuing unit 110 finishes issuing the card, the control unit 202 generates a card issuance end signal and transmits the external user information held in the temporary storage unit 105 and the card issuance end signal to the communication unit. The data is transmitted to the host device 200 via 101.

  When acquiring the external user information and the card issuance end signal, the control unit 202 of the host device 200 instructs the user information management unit 205 to update the card issuance user information.

  When the user information management unit 205 receives an instruction to update the card issuing user information, the user information management unit 205 searches the user information DB 204 based on the external user information held in the temporary storage unit 203, and stores the external user information. “Authentication means” is changed from unregistered to card (step S106).

  When the user information management unit 205 changes the “authentication means” of the external user information from unregistered to a card, the control unit 202 generates a card issuance registration end signal and sends the card issuance registration end signal to the communication unit 201. To the registration apparatus 100.

  When the control unit 102 of the registration device 100 acquires the card issuance registration end signal, it executes a memory control program (not shown) and displays notification information for notifying outside users to use the card as a user authentication unit. The registration process is terminated.

  Next, an operation for registering an in-house user as a system user will be described.

  When a sensor (not shown) of the registration device 100 detects an in-house user, the control unit 102 executes a memory control program (not shown) and displays an input instruction screen for allowing the in-house user to input identification information (ID number). The information is displayed on the unit 103 (step S201).

  When an in-house user refers to the screen and inputs identification information (ID number) via the input unit 104 (step S202), the control unit 102 sends the input identification information to the host device 200 via the communication unit 101. Send.

  When acquiring the identification information (ID number), the control unit 202 of the host device 200 stores it in the temporary storage unit 203. Then, the control unit 202 instructs the user registration determination unit 208 to perform in-house user determination.

  When receiving the in-house user determination instruction, the user registration determination unit 208 searches the internal user information DB in the user information DB 204 for internal user information corresponding to the ID number held in the temporary storage unit 203, and If the authentication means for the in-house user information is not registered, it is determined that in-house user registration is possible.

  When the user registration determination unit 208 determines that the internal user registration is possible, the control unit 202 searches the internal user information DB in the user information DB 204 for internal user information corresponding to the ID number held in the temporary storage unit. Then, the searched in-house user information is transmitted to the registration apparatus 100 via the communication unit 201.

  When acquiring the in-house user information from the host device 200, the control unit 102 of the registration device 100 stores it in the temporary storage unit 105 and instructs the photographing unit 106 to photograph the registration applicant. Upon receiving the registration requester shooting instruction, the shooting unit 106 takes a face of the registration applicant with a camera provided in the shooting unit 106 and acquires a face image (step S203).

  When the photographing unit 106 acquires a face image, the control unit 102 stores the generated face image in the temporary storage unit 105 and instructs the biometric information generation unit 107 to generate iris information. Upon receiving the iris information generation instruction, the biometric information generation unit 107 extracts iris information from the face image held in the temporary storage unit 105 and generates iris information (step S204).

  When the biometric information generation unit 107 generates iris information, the control unit 202 stores the acquired iris information in the temporary storage unit 203 and instructs the biometric information registration determination unit 108 to determine the registration of iris information.

  When receiving the iris information registration determination instruction, the biometric information registration determination unit 108 measures the definition of the iris information held in the temporary storage unit 105, determines whether registration is possible (step S205), and stores the iris information. When determining that registration is possible, the control unit 202 transmits the in-house user information held in the temporary storage unit 203 and the iris information to the host device 200 via the communication unit 101.

  On the other hand, when determining that the iris information generated by the biometric information registration determination unit 108 cannot be registered, the control unit 102 instructs the identification code generation unit 109 to generate an identification code. The subsequent processing is the same as steps S104 to S106.

  When the control unit 202 of the host device 200 acquires the in-house user information and the iris information, the control unit 202 stores the ID number of the in-house user information and the iris information in the temporary storage unit 203, and the biometric information management unit 207. Iris registration is instructed. Upon receiving the iris registration instruction, the biometric information management unit 207 associates the ID number held in the temporary storage unit 203 with the iris information and stores it in the biometric information DB 206 as new biometric information (step S206).

  When the biometric information management unit 207 stores the new biometric information, the control unit 202 instructs the user information management unit 205 to update biometric information registration user information. Upon receiving the biometric information registration user information update instruction, the user information management unit 205 searches the user information DB 204 based on the in-house user information held in the temporary storage unit 203, and performs “authentication” of the in-house user information. Iris information is registered in "means" (step S207).

  When the user information management unit 205 registers the iris information in the “authentication means” of the in-house user information, the control unit 202 generates an iris information registration end signal and sends the iris information registration end signal via the communication unit 201. It transmits to the registration device 100.

  When acquiring the iris information registration end signal, the control unit 102 of the registration apparatus 100 executes a memory control program (not shown), and displays a notification screen for notifying the in-house user that the iris information registration is completed. And display the registration process.

  Next, the operation of in-house user identity authentication using the card in the first embodiment will be described.

  When a sensor (not shown) of the authentication device 300 detects an in-house user, the control unit 302 executes a memory control program (not shown), and the in-house user performs user authentication processing using either the card or the iris information. A procedure selection screen for selecting k is displayed on the display unit 303 (step S301).

  When an in-house user refers to the screen and selects card use via the input unit 304 (step S302), the control unit 302 instructs the photographing unit 306 to photograph the card. Then, the control unit 202 instructs to take a picture and executes a memory control program (not shown) to cause the display unit 303 to display a photographing instruction screen that instructs the in-house user to present the card in front of the camera.

  Upon receiving the card shooting instruction, the shooting unit 306 takes a card presented by the discriminator with the provided camera, and acquires a card image (step S303).

  When the card image is acquired by the imaging unit 306, the control unit 302 instructs the identification information reading unit 307 to decode the identification information. When receiving the identification information decoding instruction, the identification information reading unit 307 extracts the two-dimensional barcode information from the card image generated by the identification information reading unit 307, decodes the two-dimensional barcode information, and identifies the identification information (ID number). , Name, department name, telephone number, date of birth, authentication means = card, etc.) are acquired (step S304).

  When the identification information reading unit 307 acquires the identification information, the control unit 302 transmits the acquired identification information to the host device 200 via the communication unit 301.

  When acquiring the identification information, the control unit 202 of the host device 200 stores the identification information in the temporary storage unit 203 and instructs the user verification determination unit 209 to perform user verification. When the user verification determination unit 209 receives the user verification determination instruction, the user verification determination unit 209 searches the user information DB 204, and if internal user information that matches the identification information stored in the temporary storage unit 203 is stored, It is determined that the results match (step S305).

  When the user verification determination unit 209 determines that the verification result is a match, the control unit 202 generates a verification match signal and transmits the verification match signal to the authentication device 300 via the communication unit 201.

  When the control unit 302 of the authentication device 300 acquires the verification match signal, the control unit 302 executes a memory control program (not shown) and displays a notification screen on the display unit 303 to notify the in-house user that the verification result matches. For example, an electronic lock of an electronic door (not shown) is opened (step S306).

<Effect of Example 1>
According to the personal authentication system of the first embodiment, the identification information is converted into a one-dimensional barcode, a two-dimensional barcode, a character string, a system-dedicated code, etc., and displayed on the card surface, thereby capturing biometric information acquisition. The card can be photographed with a camera provided in the unit to obtain identification information.

Modified example

  In the personal authentication system, a function of generating a digital watermark is added to the registration apparatus 100 of the first embodiment, a function of issuing a card with a digital watermark displayed and printed on the card surface is added to the card issuing unit 110, and authentication is performed. A function of decoding the digital watermark from the card image information may be added to the device 300. FIG. 5 shows an example of a card using a digital watermark.

  FIG. 5A is an example of a card displaying a digital watermark indicating that it is an original. Then, when a third party who tries to illegally use the personal authentication system of the present invention illegally copies the card shown in FIG. 5A, a digital watermark indicating that the card is a copy is displayed on the illegal card. FIG. 5B is an example of an unauthorized card displaying a digital watermark indicating copying.

  Since this digital watermark cannot be read by human eyes, the appearance of the card displaying the digital watermark is the same as the card shown in FIG. 4 described in the first embodiment. Then, when the photographing unit 306 of the authentication device 300 photographs a card displaying a digital watermark and decrypts the digital watermark using a function of decrypting the digital watermark from the acquired card image, it is possible to detect the use of an unauthorized card. .

  Therefore, according to the personal authentication system of the modified example, unauthorized copying of the card can be prevented by displaying the digital watermark on the card surface.

<Configuration of Example 2>
As shown in FIG. 6, the personal authentication system according to the second embodiment of the present invention includes a registration device 100b, a host device 200b connected to the registration device 100b via a network 400, and an authentication device 300. ing. In the personal authentication system according to the first embodiment and the modified example, the second embodiment allows an operator having management authority to determine in advance whether a user who can register can be registered as a user and to recognize that the user can be registered. , A function for allowing the operator to perform biometric authentication and permit a registration applicant to operate the registration apparatus 100 is added.

  The registration device 100b includes a communication unit 101 connected to the network 400, a control unit 102b that controls the entire device, a display unit 103, an input unit 104, a temporary storage unit 105, a photographing unit 106, and biological information. A generation unit 107, a biometric information registration determination unit 108, an identification code generation unit 109, and a card issue unit 110 are provided.

  The control unit 102b of the registration apparatus 100b executes a memory control program (not shown) and causes the display unit 103 to display a photographing instruction screen that instructs the operator to look at the camera. Then, the control unit 102b instructs the photographing unit 106 to photograph a face.

  When the biometric information generation unit 107 generates iris information, the control unit 102 b transmits the iris information to the host device 200.

  When the control unit 102b obtains an administrator collation coincidence signal, which will be described later, the control unit 102b determines that the use permission has been received, executes a memory control program (not shown), and sends the individual identification information (ID number or name and company) to the registration applicant. An input instruction screen for inputting (name) is displayed on the display unit 103, and thereafter, the same operation as in the first embodiment is executed.

  On the other hand, when the control unit 102b obtains an administrator authority non-signal to be described later, the control unit 102b executes a memory control program (not shown) and displays a notification screen for notifying that the registration apparatus cannot be used because the operator has no management authority. 103, and the operation of the registration process is stopped.

  Further, when the control unit 102b acquires a biometric information unregistered signal to be described later, the control unit 102b executes a control program in a memory (not shown), and displays a notification screen for notifying that the registration device cannot be used because the operator's iris information is unregistered. The information is displayed on the display unit 103, and similarly the stop is continued.

  The host device 200b includes a communication unit 201 connected to the network 400, a control unit 202b that controls the entire device, a temporary storage unit 203, a user information DB 204b, a user information management unit 205, and a biological information DB 206. A biometric information management unit 207, a user registration determination unit 208, a user verification determination unit 209, and an administrator verification determination unit 210.

  The in-house user information DB in the user information DB 204b holds in-house user information obtained by adding an “administrator authority” item to the in-house user information in the first embodiment. FIG. 7 shows an example (part 2) of the in-house user information DB of the second embodiment.

  When the control unit 202b acquires the iris information from the registration device 100b, the control unit 202b instructs the administrator collation determination unit 210 to perform administrator collation determination.

  Upon receiving the administrator verification determination instruction, the administrator verification determination unit 210 searches whether or not the registered iris information that matches the acquired iris information is held in the biometric information DB 206. Then, when the corresponding registered iris information is held in the biometric information DB 206, the administrator collation determination unit 210 uses the ID number held in correspondence with the registered iris information in the biometric information DB 206. The in-house user information DB in the information DB 204b is searched, and if the “administrator authority” of the in-house user information is “present”, it is determined that the administrator collation matches.

  In addition, when the corresponding registered iris information is held in the biometric information DB 206, the administrator verification determination unit 210 searches the internal user information DB in the user information DB 204b based on the ID number of the registered iris information. If the “administrator authority” of the in-house user information is “none”, it is determined that the administrator authority is absent.

  On the other hand, if the corresponding registered iris information is not held in the biometric information DB 206, the administrator verification determination unit 210 determines that biometric information is not registered.

  When the administrator verification determination unit 210 determines that the administrator verification matches, the control unit 202b generates an administrator verification match signal and transmits the administrator verification match signal to the registration device 100b. When the administrator verification determination unit 210 determines that the administrator authority is not present, the control unit 202b generates an administrator authority non-signal and transmits the administrator authority non-signal to the registration apparatus 100b. When the administrator verification determination unit 210 determines that biometric information is not registered, the control unit 202b generates a biometric information unregistered signal and transmits the biometric information unregistered signal to the registration device 100b.

  Other configurations are the same as those of the first embodiment and the modification.

<Operation of Example 2>
Next, the operation until the registration applicant of the second embodiment of the personal authentication system of the present invention is permitted to perform the user registration process using the registration apparatus 100b will be described with reference to the flowchart of FIG. Here, it is assumed that the applicant for registration is a person outside the company.

  In principle, an operator (administrator) having management authority is always waiting near the registration apparatus 100b. When the registration applicant requests the operator to register the user of the personal authentication system, the operator notifies the registration applicant, for example, “please present your ID card” (step S401).

  When the registration applicant is requested to present an identification card by the operator, the registration applicant presents, for example, a business card and a license to the operator. Then, the operator personally determines whether or not the registration applicant can register as a user based on the business card and the license presented by the registration applicant (step S402), and determines that the user can be registered. Then, for example, the user who wants to register is notified that the user will now operate the registration device and perform the user registration process. Please wait a moment. Move up.

  On the other hand, when the operator personally determines that the registration applicant is not able to register as a user based on the identification card presented by the registration applicant, for example, the operator wants to confirm the user. I would like to work hard at the management center. ”Notify and call the security guard by phone. Then, for example, the operator instructs the security guard to guide the registration applicant to the management center, and ends the response to the registration applicant.

  When a sensor (not shown) of the registration device 100b detects an operator, the control unit 102b instructs the photographing unit 106 to photograph a face. Then, the control unit 102b instructs the photographing to execute a memory control program (not shown), and causes the display unit 103 to display a photographing instruction screen that instructs the operator to stare at the camera in order to perform iris authentication.

  Upon receiving the face photographing instruction, the photographing unit 106 photographs the operator's face with the provided camera and acquires a face image (step S403).

  When the photographing unit 106 acquires a face image, the control unit 102b instructs the biometric information generation unit 107 to generate biometric information. When receiving the biometric information generation instruction, the biometric information generation unit 107 extracts the eye image from the face image acquired by the imaging unit 106 and generates iris information indicating the iris characteristics (step S404).

  When the biometric information generation unit 107 generates iris information, the control unit 102b transmits the iris information to the host device 200b via the communication unit 101.

  When acquiring the iris information from the registration device 100b, the control unit 202b of the host device 200b instructs the administrator verification determination unit 210 to perform administrator verification determination.

  Upon receiving the administrator verification determination instruction, the administrator verification determination unit 210 searches whether or not the registered iris information that matches the acquired iris information is held in the biometric information DB 206. Then, when the corresponding registered iris information is held in the biometric information DB 206, the administrator collation determination unit 210 uses the ID number held in correspondence with the registered iris information in the biometric information DB 206. The in-house user information DB in the information DB 204b is searched, and if the “administrator authority” of the in-house user information is “present”, it is determined that the administrator collation matches (step S405).

  When the administrator verification determination unit 210 determines that the administrator verification matches, the control unit 202b generates an administrator verification match signal and transmits the administrator verification match signal to the registration apparatus 100b via the communication unit 201.

  When the control unit 102b of the registration device 100b obtains the administrator verification match signal, the control unit 102b determines that the use permission has been received, executes a memory control program (not shown), and sends the individual identification information (ID number or name) to the registration applicant. And the company name) are displayed on the display unit 103 (step S406). Thereafter, the same operation as in the first embodiment is performed.

  On the other hand, when the corresponding registered iris information is held in the biometric information DB 206, the administrator collation determination unit 210 uses the internal user information DB in the user information DB 204b based on the ID number of the registered iris information. If the “administrator authority” of the in-house user information is “none”, it is determined that the administrator authority is not present.

  When the administrator collation determination unit 210 determines that the administrator authority is not present, the control unit 202b generates an administrator authority non-signal and transmits the administrator authority non-signal to the registration apparatus 100b via the communication unit 201.

  When the control unit 102b of the registration device 100b obtains the administrator authority non-signal, the control unit 102b continues to stop the operation and executes a memory control program (not shown) to confirm that the registration device cannot be used because the operator does not have management authority. A notification screen for notification is displayed on the display unit 103.

<Effect of Example 2>
According to the personal authentication system of the second embodiment, an operator having management authority personally determines whether or not the registration candidate can be registered as a user based on the identification certificate presented by the registration applicant, and registration Since the use of the device 100b is limited, it is possible to prevent the use of the device in advance.

  In the above-described embodiments, the case where iris (iris) information is used as biometric information has been described as an example. However, the present invention is not limited to this, and facial images, facial contours, ear shapes, retinas, and the like may be used as biometric information. Good.

It is a block diagram which shows the personal authentication system of Example 1 which concerns on this invention. It is a figure which shows an example (the 1) of in-house user information DB. It is a figure which shows an example of external user information DB. It is a figure which shows an example of a card | curd. It is a figure which shows an example of the card | curd using a digital watermark. It is a block diagram which shows the personal authentication system of Example 2 which concerns on this invention. It is a figure which shows an example (the 2) of internal user information DB. It is a flowchart which shows operation | movement until the user registration process of Example 2 which concerns on this invention is permitted.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Registration apparatus 101 Communication part 102 Control part 103 Display part 104 Input part 105 Temporary memory | storage part 106 Imaging | photography part 107 Biometric information generation part 108 Biometric information registration determination part 109 Identification code generation part 110 Card issuing part 200 Host apparatus 201 Communication part 202 Control Section 203 Temporary storage section 204 User information database (DB)
205 User information management unit 206 Biological information database (DB)
207 Biometric information management unit 208 User registration determination unit 209 User verification determination unit 210 Administrator verification determination unit 300 Authentication device 301 Communication unit 302 Control unit 303 Display unit 304 Input unit 305 Temporary storage unit 306 Imaging unit 307 Identification information reading unit 308 Biometric information generation unit

Claims (6)

Photographing means for photographing the face of the user, biological information determination means for judging whether or not the user is the person by collating the biological information generated based on the face image acquired by photographing and the biological information registered in advance. In a personal authentication system comprising a medium determination unit that compares user identification information acquired from a user with registered user identification information stored in advance in a storage unit to determine whether the user is an individual,
A medium provided as image form information that can optically read the user identification information;
A personal authentication system comprising: image conversion means for converting image information read from the medium by the photographing means into the user identification information.   The personal authentication system according to claim 1, wherein the user identification information is provided as a one-dimensional barcode on the medium.   The personal authentication system according to claim 1, wherein the user identification information is provided as a two-dimensional barcode on the medium.   The personal authentication system according to claim 1, wherein the medium is provided with the user identification information as a character string composed of numerals and characters.   The personal authentication system according to claim 1, wherein the medium is provided with the user identification information as a dedicated code created for the personal authentication system. The personal authentication system according to claim 1, wherein the medium is provided with the user identification information as a digital watermark.

Images