JP2008059509A - Personal identification device and personal identification method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a personal identification device and a personal identification method for improving safety against risk of leakage and illegal use of biometric data. <P>SOLUTION: An authentication terminal 120 connects to a management center 130 via a network 140. The authentication terminal 120 acquires iris data of a person to be identified and encode it to generate an iris code. The iris code is divided into a plurality of partial iris codes. The authentication terminal 120 collates a part of a plurality of partial iris codes to a previously registered partial iris code and transmits the rest of a plurality of partial iris codes to the management center 130. The management center 130 collates the transmitted partial iris codes to a registered partial iris code and transmits a collation result to the authentication terminal 120. Based on the collation result of itself and that received from the management center 130, the authentication terminal 120 determined authentication of the person to be identified. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a personal identification device and a personal identification method.

  There are two methods of personal identification: possession such as keys and IC cards, recourse to knowledge such as passwords and passwords, and biometrics such as physical characteristics and physical characteristics. Personal identification by biometrics is a highly convenient identification method with no risk of loss or forgetting, and is a highly secure identification method that is difficult to counterfeit. For this reason, it is used for bank ATMs, immigration checks at airports, and identity verification at the start-up of mobile phones and personal computers.

  In the biometrics personal identification system, first, in order to determine whether or not the identified person is a registered person, data such as physical characteristics and physical characteristics of a person to be authenticated in advance (hereinafter referred to as biometric data). Is stored in a storage device such as a hard disk. When a person to be identified is generated, the biometric data of the person to be identified is compared with the biometric data stored in the storage device to determine whether the biometric data is the same person.

  It has been pointed out that such biometric data that can identify an individual is not only dangerous but also psychologically resistant to being known by others. For example, in a system having a configuration in which a server that stores biometric data and a terminal device that acquires biometric data of an identified person are connected via a network, the biometric data may flow through the network and be stolen.

  Therefore, the biometric data is divided and stored in a plurality of servers, and when a person to be identified is generated, the partial data of the biometric data stored on the plurality of servers is transmitted to the terminal device and combined by the terminal device. Thus, there is a network system that collates with the biometric data of the person to be identified (see, for example, Patent Document 1).

  Incidentally, one of personal identification systems based on biometrics uses an iris pattern of eyes (see, for example, Patent Document 2). In the human identification system described in Patent Document 2, an iris pattern characteristic (hereinafter referred to as an iris code) is used as biometric data.

  The person identification system acquires the iris code as follows. First, from the image data obtained by photographing the eyes, the iris part is determined as a part surrounded by two circles indicating the inner boundary and the outer boundary. Next, polar coordinates are set with the center of the circle that is the inner boundary as the origin and the ratio of the distance between the inner boundary and the outer boundary as the radial coordinate, and this polar coordinate is divided into multiple annular analysis bands in the radial direction. To do. Then, an iris code is generated by substituting the area obtained by dividing the annular analysis band in the arc direction with 0/1 digital information as one unit.

JP 2002-071146 A Japanese Patent No. 3307936

  When such a personal identification system is mounted on a vehicle, a mode in which all of the personal identification system is mounted in the vehicle, a mode in which a terminal device is installed in the vehicle, and a server that manages a database of biometric data is installed in the management center Etc. are considered.

  However, in the case where all personal identification systems are installed in a car, the biometric data of the person to be authenticated is also stored in a storage device installed in the car. There is a risk that biometric data will be leaked if it is rough.

  In addition, when only the terminal device is installed in the automobile and the biometric data is collectively managed by the server of the management center, there are concerns about data leakage from the management center, leakage from the communication path with the terminal device, and the like. Even when the data is divided and stored between the terminal device and the server as shown in the above-mentioned Patent Document 1, when the personal identification is performed, the complete biometric data is restored by the terminal device. However, it cannot be said that safety against leakage of biometric data and theft is not sufficiently secured during authentication.

  The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a personal identification device and a personal identification method capable of improving the safety against leakage of biometric data and the risk of theft.

  A first aspect of the present invention is a registration data storage unit that stores partial registration data that is biometric data of a registrant divided into a plurality of parts, and a part that is biometric data of a person to be identified divided into a plurality of parts. A biometric data acquisition unit that acquires at least one of the biometric data, a collation unit that collates the acquired partial biometric data and the partial registration data stored in the storage unit, and outputs the collation result. A personal identification device is provided.

  With this configuration, partial registration data obtained by dividing the biometric data into a plurality of parts is stored in the storage unit, and since biometric data is collated using a part of the biometric data of the person to be identified, Therefore, it is possible to identify an individual without restoring them, and to improve the safety against leakage of biometric data and the danger of theft.

  Secondly, the present invention relates to the personal identification device according to the first aspect, wherein the communication unit is connected via a communication line to an authentication terminal device that divides the biometric data of the person to be identified and generates partial biometric data. The biometric data acquisition unit is provided with a personal identification device that acquires partial biometric data transmitted from the authentication terminal device via the communication unit.

  With this configuration, for example, when the personal identification device and the authentication terminal device are connected via a communication line and authentication is performed, partial biometric data is exchanged. Therefore, safety against leakage of biometric data itself and the risk of theft Can be improved.

  Thirdly, the present invention relates to the personal identification device according to the second aspect described above, wherein whether or not the identified person is the same person as the registrant based on the collation result output from the collation unit. The communication unit is provided with a personal identification device that transmits a determination result by the determination unit to the authentication terminal device.

  With this configuration, authentication determination is performed in the personal identification device and transmitted to the authentication terminal device. Therefore, the authentication terminal device only needs to have at least a function of generating divided biometric data. Therefore, it can be suitably used in a personal identification system such as an entrance / exit management system that authenticates a large number of persons or installs authentication terminal devices at a plurality of locations.

  Fourth, the personal identification device according to the second or third aspect, wherein the storage unit has a storage device equal to the number of divisions of the biometric data, and the partial registration data of the same registrant Is provided in a separate storage device.

  With this configuration, a plurality of pieces of partial registration data are stored separately, making it difficult to completely reproduce the biometric data. Therefore, it is possible to improve safety against leakage of biometric data and the risk of theft.

  Fifthly, the present invention provides the personal identification device according to the second or third aspect, wherein the storage unit is provided with a personal identification device that stores partial registration data of the same registrant in a distributed manner. It is.

  With this configuration, a plurality of pieces of partial registration data are stored separately, making it difficult to completely reproduce the biometric data. Therefore, it is possible to improve safety against leakage of biometric data and the risk of theft.

  Sixth, the personal identification device according to the first aspect, wherein the biometric data acquisition unit acquires biometric information of the identified person and generates biometric data; There is provided a personal identification device having an encoding unit that encodes the generated biometric data and a dividing unit that divides the encoded biometric data into a plurality of parts.

  With this configuration, the partial registration data stored in the storage unit and the partial biometric data used at the time of collation use encoded and divided data, thereby improving the safety against leakage of biometric data itself and the risk of theft. be able to.

  Seventhly, the present invention relates to the personal identification device according to the sixth aspect, wherein the authentication management device that collates the partial biometric data of the identified person and the partial registration data and outputs a collation result, A communication unit connected via a line, wherein the communication unit transmits at least one of the partial biometric data divided by the dividing unit to the authentication management device, and is transmitted from the authentication management device; There is provided a personal identification device for obtaining a collation result.

  With this configuration, for example, when the personal identification device and the authentication terminal device are connected via a communication line and authentication is performed, partial biometric data is exchanged. Therefore, safety against leakage of biometric data itself and the risk of theft Can be improved.

  Eighth, the present invention relates to the personal identification device according to the sixth or seventh aspect, wherein the identification target is based on at least one of a verification result obtained by the verification unit and a verification result acquired from the authentication management device. A personal identification device further comprising a determination unit for determining whether or not a person is the same person as the registrant is provided.

  With this configuration, the person to be identified can be authenticated based on either the collation result in the personal identification device or the collation result from the authentication management device.

  Ninthly, the present invention provides a biometric data generation unit that acquires biometric information of a person to be identified and generates biometric data, an encoding unit that encodes the generated biometric data, and the encoded biometric data. A division unit that divides data into a plurality of parts and outputs partial biometric data, the partial biometric data of the identified person, and partial registration data that is preregistered partial biometric data are collated A communication unit connected to an authentication management device that determines whether or not the identified person is the same person as the registrant, and the communication unit includes at least one of the partial biometric data divided by the dividing unit A personal identification device is provided that transmits one to the authentication management device and receives a determination result from the authentication management device.

  With this configuration, partial biometric data is transmitted to the authentication management apparatus and a determination result from the personal management apparatus is received, and authentication is performed by connecting to the authentication management apparatus via a communication line. At this time, since the partial biometric data is exchanged, it is possible to improve safety against leakage of biometric data itself and the risk of theft.

  The tenth aspect of the present invention is the personal identification device according to any one of the first to ninth aspects, wherein the biological data is obtained by encoding image data of an iris portion divided into a plurality of annular analysis bands. The partial biological data and the partial registration data are partial iris codes obtained by dividing the iris code into a plurality, and each of the partial iris codes is included in at least one of the annular analysis bands. A personal identification device including a corresponding part is provided.

  With this configuration, the division into partial iris codes is performed in units of the annular analysis band, so that the partial iris code has a code for one round of the radial position where the iris is located, and the part is not affected by the eye tilt. Since collation can be performed for each iris code, it is not necessary to completely restore and collate biometric data, thereby improving the safety against leakage of biometric data and the risk of theft.

  The eleventh aspect of the present invention is the personal identification device according to the tenth aspect described above, in which the leading portion of each of the partial iris codes has a declination of a polar coordinate system having an origin at the center of a circle indicating the annular analysis band. A personal identification device corresponding to a different position is provided.

  With this configuration, the portion of the annular analysis band corresponding to the head of each partial iris code is different, so even if all the partial iris codes are obtained, it is difficult to restore the biological data itself from there. Further, it is possible to further improve the safety against leakage of biometric data and the risk of theft.

  Twelfth, the present invention includes an authentication management device and an authentication terminal device connected via a communication line, and the authentication management device includes the personal identification device described in any one of the second to fifth aspects. And the authentication terminal device is provided with a personal identification system having the personal identification device according to any one of the sixth to eleventh aspects.

  With this configuration, partial registration data obtained by dividing the biometric data into a plurality of parts is stored in the storage unit, and since biometric data is collated using a part of the biometric data of the person to be identified, It becomes possible to identify an individual without restoring to the above. Partial biometric data is exchanged via a communication line. Therefore, safety against leakage of biometric data and the risk of theft can be improved.

  According to a thirteenth aspect of the present invention, there is provided a step of obtaining at least one of partial biometric data, which is biometric data of a person to be identified divided into a plurality of parts, and biometric data of a registrant divided into a plurality of parts. A personal identification method including a step of referring to a registration data storage unit that stores partial registration data, and comparing the acquired partial biometric data with the partial registration data stored in the storage unit is provided It is.

  By this method, partial registration data obtained by dividing the biometric data into a plurality of parts is stored in the storage unit, and at the time of collation, collation is performed using a part of the biometric data of the identified person. Therefore, it is possible to identify an individual without restoring them, and to improve the safety against leakage of biometric data and the danger of theft.

  Fourteenth aspect of the present invention is the step of acquiring biometric data by acquiring biometric information of the person to be identified, encoding the generated biometric data, and encoding the encoded biometric data into a plurality of parts. And the partial biometric data of the identified person and the partial registration data which is the partial biometric data of the registrant registered in advance are collated, and the identified person is the same person as the registrant. A personal identification method comprising the steps of: transmitting at least one of the partial biometric data to a authentication management device that determines whether or not through a communication line; and receiving a determination result from the authentication management device. It is provided.

  By this method, partial biometric data is transmitted to the authentication management apparatus and the determination result from the personal management apparatus is received, and authentication is performed by connecting to the authentication management apparatus via a communication line. At this time, since the partial biometric data is exchanged, it is possible to improve safety against leakage of biometric data itself and the risk of theft.

  15thly this invention provides the personal identification program which makes a computer perform each step described in the said 13th or 14th.

  With this program, it is possible to improve safety against leakage of biometric data and the risk of theft.

  ADVANTAGE OF THE INVENTION According to this invention, the personal identification device and the personal identification method which can improve the safety | security with respect to the leakage of biometric data, and the danger of theft are provided.

(First embodiment)
FIG. 1 is an explanatory diagram showing an overview of a personal identification system according to the first embodiment of the present invention. In this embodiment, an example in which the personal identification system is used for user authentication in an automobile will be described.

  As shown in FIG. 1, authentication terminals 120A, 120B,... 120N are mounted on a plurality of automobiles 100A, 100B,. In the following description, the automobiles 100A, 100B,... 100N and the authentication terminals 120A, 120B,.

  The authentication terminal 120 manages registration information of the user of the mounted car. The registration information includes a partial iris code obtained from the registrant's iris data. The authentication terminal 120 is connected to the ETC on-board unit 111, the engine 112, the mirror 113, the seat 114, the door 115, and the audio 116 mounted on the automobile 100 via the in-vehicle network 110. The in-vehicle network 110 can be connected to a network 140 as an example of a communication line via an external network connection unit 117.

  The management center 130 is connected to the network 140 and collectively manages registration information of registrants of the plurality of vehicles 100A, 100B,. This registration information includes a partial iris code.

  Next, an outline of the operation of the personal identification system of this embodiment will be described. The authentication terminal 120 is connected to the management center 130 via the network 140. And the authentication terminal 120 acquires the iris data of the driver | operator who is a to-be-identified person, and another passenger | crew, and produces | generates a partial iris code. And the authentication terminal 120 and the management center 130 collate with the partial iris code of the managed registration information using the generated partial iris code.

  If the authentication terminal 120 determines that the identified person is a registrant, the authentication terminal 120 enables the engine 112 to start or provides various services.

  Here, the partial iris code will be described. FIG. 2 is an explanatory diagram showing an example of a partial iris code in the personal identification system according to the first embodiment of the present invention. FIG. 2 (A) is an explanatory diagram showing an annular analysis band of the iris, and FIG. ) Is an explanatory diagram showing an iris code.

  As shown in FIG. 2A, the iris is a portion between a circle 501 indicating the inner boundary and a circle 502 indicating the outer boundary. The iris code is generated using annular analysis bands 5031 to 5038 obtained by dividing the iris part into a plurality of parts. The annular analysis bands 5031 to 5038 are polar coordinates having the center of a circle 501 as an inner boundary as an origin and a ratio of a distance between the inner boundary (circle 501) and the outer boundary (circle 502) as a radial coordinate. It is obtained by setting and dividing the polar coordinate into eight in the radial direction.

  The iris code is obtained by replacing the annular analysis bands 5031 to 5038 with digital information with a region divided in the arc direction as one unit. FIG. 2B shows an iris code in which 0/1 digital information is divided into white / black. As shown in FIG. 2B, the annular analysis bands 5031 to 5038 correspond to the codes C1 to C8.

  The partial iris code is a portion of the iris code corresponding to any of the eight annular analysis bands 5031 to 5038. In FIG. 2, two iris codes correspond to four consecutive annular analysis bands (partial code corresponding area 503B including annular analysis bands 5031 to 5034 and partial code corresponding area 503A including annular analysis bands 5035 to 5038). An example in the case of being divided into partial iris codes PA and PB is shown.

  Note that the number of annular analysis bands corresponding to one partial iris code may be an arbitrary number, and may include non-continuous annular analysis bands. Furthermore, the number of divisions of the annular analysis band may be an arbitrary value such as 2 or more and 8 or less.

  FIG. 3 is a block diagram showing the main configuration of the personal identification system according to the first embodiment of the present invention.

  As shown in FIG. 3, the authentication terminal 120 is an example of an authentication terminal device that generates a partial iris code by dividing the iris data of the person to be identified. A certain camera 122, a terminal CPU 123, a terminal storage device 126, a terminal communication interface (hereinafter referred to as a terminal IF) 127, and an authentication result output device 128 are included.

  The terminal CPU 123 controls the overall operation of the authentication terminal 120, and is configured mainly with a processor that operates according to a personal identification program or the like. Moreover, it functions as an example of a biometric data acquisition unit having a biometric data generation unit, an encoding unit, and a division unit, a collation unit, and a determination unit.

  The terminal storage device 126 functions as an example of a registration data storage unit, and stores a registrant's partial iris code. The terminal IF 127 functions as an example of a communication unit, and is connected to the management center 130 via the in-vehicle network 110 and the network 140. The authentication terminal 120 may have two interfaces connected to each of the in-vehicle network 110 and the network 140.

  The authentication result output device 128 notifies the identification result to the person to be identified by sound output, light emission output, image output, or the like.

  The management center 130 is an example of an authentication management device, and collates a partial iris code of a person to be identified with registration information and outputs a collation result. The management center 130 includes a center CPU 133, a center storage device 136, and a center communication interface (hereinafter referred to as center IF) 137.

  The center CPU 133 controls the operation of the management center 130 as a whole, and is mainly composed of a processor that operates according to a personal identification program or the like. Moreover, it functions as an example of a biometric data acquisition unit, a collation unit, and a determination unit.

  The center storage device 136 functions as an example of a registration data storage unit, and stores a registrant's partial iris code. The center IF 137 functions as an example of a communication unit, and is connected to the authentication terminal 120 via the network 140 and the in-vehicle network 110.

  Next, details of the operation of the personal identification system of this embodiment will be described. The authentication terminal 120 illuminates the driver 121 who gets in and sits in a car, shoots the eyes of the driver with the camera 122, and the terminal CPU 123 obtains eye image data.

  The terminal CPU 123 encodes the acquired image data to generate an iris code, and divides the generated iris code to generate partial iris codes PA and PB. Then, the terminal CPU 123 collates the partial iris code PA with the registrant partial iris code stored in the terminal storage device 126 to obtain a collation result.

  Further, the terminal CPU 123 transmits the partial iris code PB to the management center 130 through the terminal IF 127 together with the vehicle ID and the like. In the management center 130, the center CPU 133 acquires the partial iris code PB via the center IF 137 and collates it with the registrant's partial iris code stored in the center storage device 136.

  Then, the center CPU 133 is a partial iris code registered as a user who gets on the corresponding vehicle using the vehicle ID, whether the acquired partial iris code PB is the same as the registrant's partial iris code. Determine whether or not. The center CPU 133 transmits the determination result from the center IF 137 to the authentication terminal 120 through the network 140.

  The terminal CPU 123 of the authentication terminal 120 receives the determination result transmitted from the management center 130. Then, it is determined whether or not to authenticate the identified person in response to the collation result of the partial iris code PA and the partial iris code PB.

  Note that the authentication determination of the terminal CPU 123 does not necessarily need to use the collation results of both the partial iris codes PA and PB. For example, a service that requires a high level of security may be effective only when the collation result of both the partial iris code PA and the partial iris code PB matches the registered partial iris code with high accuracy. If a general level of security is sufficient, it may be effective even when the accuracy of matching is slightly low, or may be effective by collation of only one of the partial iris code PA and the partial iris code PB.

  Here, the terminal storage device 126 and the center storage device 136 may store all of the registrant's partial iris codes. As described above, since the discrete data is stored as the partial iris code in the storage device, it is difficult to restore the iris data itself even if the data leaks from the storage device. Can be improved.

  In addition, the terminal storage device 126 and the center storage device 136 store only a predetermined portion of the partial iris code (for example, the terminal storage device 126 stores only the partial iris code of the registrant corresponding to the partial iris code PA in the center storage. The device 136 may store only the partial iris code of the registrant corresponding to the partial iris code PB). As described above, since the storage device holds only the partial iris code corresponding to only a part of the iris data, even when the data leaks outside from the single storage device, the iris data itself is partially extracted from the data. Since it cannot be restored, safety can be improved.

  According to the first embodiment of the present invention as described above, the partial iris code is stored in the storage device, and at the time of collation, collation is performed using a part of the partial iris code of the identified person. It becomes possible to identify an individual without completely restoring the data, and it is possible to increase the safety against the risk of iris data leakage or theft.

  Further, since a part of the partial iris code of the identified person is exchanged on the network 140, it is possible to improve the safety against the risk of leakage of the iris data itself or theft.

  In addition, the division into partial iris codes is performed in units of the annular analysis band, so that the partial iris code has a code for one round of the radial position where the iris is located, and the partial iris code is not affected by the inclination of the eyes. Since collation can be performed every time, it is not necessary to completely restore and collate biometric data, and it is possible to improve safety against leakage of biometric data and the risk of theft.

  Note that the terminal CPU 123 may generate the partial iris codes so that the heads of the partial iris codes correspond to positions where the polar angles of the polar coordinate system having the origin at the center of the circle indicating the annular analysis band are different. As a result, the portion of the annular analysis band corresponding to the head of each partial iris code is different, so even if all the partial iris codes are obtained, it is difficult to restore the biological data itself from there. The safety against leakage of biometric data and the risk of theft can be further improved.

  In addition, although the case where the personal identification system of this embodiment was applied to the user authentication in a motor vehicle was mentioned as an example, it is not necessarily limited to this example.

(Second Embodiment)
FIG. 4 is an explanatory diagram showing an overview of a personal identification system according to the second embodiment of the present invention. In this embodiment, an example in which the personal identification system is used for user authentication in an automobile will be described.

  As shown in FIG. 4, the automobile 100 is equipped with an authentication terminal 220. The authentication terminal 220 manages registration information of the user of the mounted car. The registration information includes a partial iris code. The authentication terminal 220 is connected to an input device 211 and a monitor 212 mounted on the automobile 100 via the in-vehicle network 210.

  The mobile phones 260A, 260B,... 260N have a configuration connectable to the in-vehicle network 210, and manage registration information of the owners of the mobile phones 260A, 260B,. This registration information includes a partial iris code. Further, the mobile phones 260A, 260B,... 260N can be connected to the Internet or the like via a network 240 such as a mobile phone network. In the following description, mobile phones 260A, 260B,... 260N will be described as mobile phones 260 when it is not necessary to distinguish them.

  Next, an outline of the operation of the personal identification system of this embodiment will be described. The authentication terminal 220 is connected to the mobile phone 260 via the in-vehicle network 210. And the authentication terminal 220 acquires the iris data of the driver | operator who is a to-be-identified person, and another passenger | crew, and produces | generates partial iris code PA and PB (refer FIG. 2). And the authentication terminal 220 and the mobile phone 260 collate with the partial iris code of the managed registration information using the generated partial iris code.

  If it is determined that the identified person is a registrant, the authentication terminal 220 enables a hands-free call using the function of the mobile phone 260, a web page browsing on the monitor 212, and the like.

  FIG. 5 is a block diagram showing the main configuration of a personal identification system according to the second embodiment of the present invention. In FIG. 5, the same reference numerals are given to the portions overlapping with FIG. 3 described in the first embodiment.

  As shown in FIG. 5, the authentication terminal 220 is an example of an authentication terminal device that generates a partial iris code by dividing the iris data of the person to be identified, and includes an illumination 121, a camera 122, a terminal CPU 223, and a terminal storage. A device 226, a terminal communication interface (hereinafter referred to as a terminal IF) 227, and an authentication result output device 128 are included.

  The terminal CPU 223 controls the operation of the authentication terminal 220 as a whole, and is mainly composed of a processor that operates according to a personal identification program or the like. Moreover, it functions as an example of a biometric data acquisition unit having a biometric data generation unit, an encoding unit, and a division unit, a collation unit, and a determination unit.

  The terminal storage device 226 functions as an example of a registration data storage unit, and stores a registrant's partial iris code. The terminal IF 227 functions as an example of a communication unit, and is connected to the mobile phone 260 via the in-vehicle network 210. Note that the authentication terminal 220 may have two interfaces connected to each of the in-vehicle network 210 and the mobile phone 260.

  The mobile phone 260 is an example of an authentication management device, and collates a partial iris code of a person to be identified with registration information and outputs a collation result. The mobile phone 260 includes a mobile phone CPU 263, a mobile phone storage device 266, a mobile phone communication interface (hereinafter referred to as mobile IF) 267, and a wireless interface (hereinafter referred to as wireless IF) 268.

  The mobile phone CPU 263 controls the overall operation of the mobile phone 260, and is mainly composed of a processor that is operated by a personal identification program or the like. Moreover, it functions as an example of a biometric data acquisition unit, a collation unit, and a determination unit.

  The mobile phone storage device 266 functions as an example of a registration data storage unit, and stores a registrant's partial iris code. The portable IF 267 functions as an example of a communication unit, and is connected to the authentication terminal 220 via the in-vehicle network 110. The wireless IF 268 is connected to the network 240 via a wireless transmission path.

  Next, details of the operation of the personal identification system of this embodiment will be described. The authentication terminal 220 illuminates the eyes of the driver who gets in and sits in the car, shoots the eyes of the driver with the camera 122, and the terminal CPU 223 obtains eye image data.

  The terminal CPU 223 encodes the acquired image data to generate an iris code, and divides the generated iris code to generate partial iris codes PA and PB. The terminal CPU 223 collates the partial iris code PA with the registrant's partial iris code stored in the terminal storage device 226 to obtain a collation result.

  Further, the terminal CPU 223 transmits the partial iris code PB to the mobile phone 260 via the terminal IF 227. In the mobile phone 260, the mobile phone CPU 263 acquires the partial iris code PB via the mobile IF 267 and compares it with the registrant's partial iris code stored in the mobile phone storage device 266.

  Then, the cellular phone CPU 263 determines whether the acquired partial iris code PB is the same as the registrant's partial iris code. The mobile phone CPU 263 transmits this determination result from the mobile IF 267 to the authentication terminal 220.

  Terminal CPU 223 of authentication terminal 220 receives the determination result transmitted from mobile phone 260. Then, it is determined whether or not to authenticate the identified person in response to the collation result of the partial iris code PA and the partial iris code PB.

  Note that the authentication determination of the terminal CPU 223 does not necessarily need to use the collation results of both the partial iris codes PA and PB. For example, a service that requires a high level of security may be effective only when the collation result of both the partial iris code PA and the partial iris code PB matches the registered partial iris code with high accuracy. If a general level of security is sufficient, it may be effective even when the accuracy of matching is slightly low, or may be effective by collation of only one of the partial iris code PA and the partial iris code PB.

  Here, the terminal storage device 226 and the mobile phone storage device 266 may store all of the registrant's partial iris codes. As described above, since the discrete data is stored as the partial iris code in the storage device, it is difficult to restore the iris data itself even if the data leaks from the storage device. Can be improved.

  In addition, the terminal storage device 226 and the mobile phone storage device 266 include only a predetermined portion of the partial iris code (for example, the terminal storage device 226 includes only the partial iris code of the registrant corresponding to the partial iris code PA. The telephone storage device 266 may store only the partial iris code of the registrant corresponding to the partial iris code PB. As described above, since the storage device holds only the partial iris code corresponding to only a part of the iris data, even when the data leaks outside from the single storage device, the iris data itself is partially extracted from the data. Since it cannot be restored, safety can be improved.

  According to the second embodiment of the present invention as described above, the partial iris code is stored in the storage device, and at the time of collation, the partial iris code of the identified person is used for collation. It becomes possible to identify an individual without completely restoring the data, and it is possible to increase the safety against the risk of iris data leakage or theft.

  In addition, since a part of the partial iris code of the person to be identified is exchanged between the authentication terminal 220 and the mobile phone 260, the safety against leakage of the iris data itself and the risk of theft can be improved.

  In addition, by dividing the partial iris code in units of the annular analysis band, the partial iris code has a code for one round of the radial position where the iris is located, and the partial iris code is not affected by the inclination of the eyes. Since collation can be performed every time, it is not necessary to completely restore and collate biometric data, and the safety against leakage of biometric data and the risk of theft can be improved.

  Note that the terminal CPU 223 may generate the partial iris codes so that the heads of the partial iris codes correspond to positions where the polar angles of the polar coordinate system have different origins with the center of the circle indicating the annular analysis band as the origin. As a result, the portion of the annular analysis band corresponding to the head of each partial iris code is different, so even if all the partial iris codes are obtained, it is difficult to restore the biological data itself from there. The safety against leakage of biometric data and the risk of theft can be further improved.

  In addition, although the case where the personal identification system of this embodiment was applied to the user authentication in a motor vehicle was mentioned as an example, it is not necessarily limited to this example.

(Third embodiment)
FIG. 6 is a block diagram showing the main configuration of a personal identification system according to the third embodiment of the present invention. In FIG. 6, portions that are the same as those in FIG. 3 described in the first embodiment are denoted by the same reference numerals. In the present embodiment, an example in which the personal identification system is used for office entry / exit management will be described.

  As shown in FIG. 6, the personal identification system of this embodiment includes an authentication terminal 320 and a management center 330. The authentication terminal 320 is provided at the entrance of each room. The management center 330 collectively manages a plurality of authentication subjects, and is connected to the authentication terminal 320 via the network 340.

  The management center 330 manages a plurality of authentication target person information. The authentication target person information includes a partial iris code. On the other hand, the authentication terminal 320 does not manage authentication target person information. The personal identification system configured as described above identifies a person entering the room and authenticates the person who has been registered in advance, and unlocks or opens an automatic door.

  The authentication terminal 320 is an example of an authentication terminal device that generates a partial iris code by dividing the iris data of the person to be identified, and includes an illumination 121, a camera 122, a terminal CPU 323, a communication IF 327, and an authentication result output device. 128.

  The terminal CPU 323 controls the overall operation of the authentication terminal 320, and is configured mainly with a processor that operates according to a personal identification program or the like. Moreover, it functions as an example of a biometric data acquisition unit having a biometric data generation unit, an encoding unit, and a division unit. The terminal IF 327 functions as an example of a communication unit and is connected to the management center 330 via the network 340.

  The management center 330 is an example of an authentication management device, and collates a partial iris code of a person to be identified with registration information and outputs a collation result. The management center 330 includes a center CPU 333, center storage devices 336A and 336B, and a center communication interface (hereinafter referred to as center IF) 337.

  The center CPU 333 controls the entire operation of the management center 330, and is configured mainly by a processor that operates according to a personal identification program or the like. Moreover, it functions as an example of a biometric data acquisition unit, a collation unit, and a determination unit.

  The center storage devices 336A and 336B function as an example of a registration data storage unit, and store a partial iris code of a registrant. The center storage devices 336A and 336B are provided, for example, by the number of divisions of the partial iris code, and store the partial registration data of the same registrant in separate storage devices.

  For example, in the example shown in FIG. 2, two partial iris codes PA and PB are generated from the iris data for one person. Therefore, the center storage device 336A stores the partial iris code of the registrant corresponding to the partial iris code PA, and the center storage device 336A stores the partial iris code of the registrant corresponding to the partial iris code PA. As a result, a plurality of pieces of partial registration data are stored in separate storage devices, making it difficult to completely reproduce the biometric data. Therefore, it is possible to improve safety against leakage of biometric data and the risk of theft. .

  The center IF 337 functions as an example of a communication unit and is connected to the authentication terminal 320 via the network 340.

  Next, the operation of the personal identification system of this embodiment will be described. The authentication terminal 320 illuminates the eyes of the identified person with the illumination 121 and photographs the eyes of the identified person with the camera 122, and the terminal CPU 323 obtains eye image data.

  The terminal CPU 323 encodes the acquired image data to generate an iris code, and divides the generated iris code to generate partial iris codes PA and PB (see FIG. 2).

  Further, the terminal CPU 323 transmits all the partial iris codes PA and PB to the management center 330 via the terminal IF 327 together with the storage device ID and the like to be compared with the authentication terminal ID. In the management center 330, the center CPU 333 acquires the partial iris codes PA and PB via the center IF 337, and collates them with the registrant's partial iris codes stored in the center storage devices 336A and 336B, respectively.

  Then, the center CPU 333 registers the acquired partial iris codes PA and PB as a user who can authenticate with the corresponding authentication terminal using the authentication terminal ID, or whether the partial iris code of the registrant is the same. It is determined whether it is a partial iris code. The center CPU 333 transmits the determination result from the center IF 337 to the authentication terminal 320 through the network 340.

  The terminal CPU 323 of the authentication terminal 320 receives the determination result transmitted from the management center 330 and determines whether to authenticate the identified person.

  Note that the center CPU 323 does not necessarily need to use the collation results of both the partial iris codes PA and PB. For example, a service that requires a high level of security may be effective only when the collation result of both the partial iris code PA and the partial iris code PB matches the registered partial iris code with high accuracy. If a general level of security is sufficient, it may be effective even when the accuracy of matching is slightly low, or may be effective by collation of only one of the partial iris code PA and the partial iris code PB.

  The management center 330 may have only one center storage device, and partial iris data may be stored separately in one center storage device. Even in this case, since each of the partial iris data of a plurality of registrants is distributed and stored in the center storage device, it is difficult to reproduce the complete iris data for one person, and the leakage of iris data is prevented. Safety can be improved.

  According to the third embodiment of the present invention as described above, the partial iris code is stored in the storage device, and the collation is performed using a part of the partial iris code of the identified person. It becomes possible to identify an individual without completely restoring the data, and it is possible to increase the safety against the risk of iris data leakage or theft.

  In addition, since the partial iris codes of the person to be identified are exchanged on the network 140, the safety against leakage of the iris data itself or the risk of theft can be improved.

  In addition, by dividing the partial iris code in units of the annular analysis band, the partial iris code has a code for one round of the radial position where the iris is located, and the partial iris code is not affected by the inclination of the eyes. Since collation can be performed every time, it is not necessary to completely restore and collate biometric data, and the safety against leakage of biometric data and the risk of theft can be improved.

  Note that the terminal CPU 123 may generate the partial iris codes so that the heads of the partial iris codes correspond to positions where the polar angles of the polar coordinate system having the origin at the center of the circle indicating the annular analysis band are different. As a result, the portion of the annular analysis band corresponding to the head of each partial iris code is different, so even if all the partial iris codes are obtained, it is difficult to restore the biological data itself from there. The safety against leakage of biometric data and the risk of theft can be further improved.

  In addition, although the case where the personal identification system of this embodiment was applied to the occupant management system was mentioned as an example, it is not necessarily limited to this example.

  In the first to third embodiments, the case where iris data (partial iris code as an example of divided biometric data) is used as an example of biometric data has been described. However, biometric data such as fingerprints and vein patterns is used. May be used.

  INDUSTRIAL APPLICABILITY The personal identification device and the personal identification method of the present invention have an effect capable of enhancing the safety against leakage of biometric data and the risk of theft, and are installed in personal possessions and require high security. It is useful for an identification system, and is useful for an engine start system in a car, an electronic payment system using a mobile phone, an entrance / exit management system in an office, and the like.

Explanatory drawing which shows the outline | summary of the personal identification system which concerns on the 1st Embodiment of this invention. Explanatory drawing which shows an example of the partial iris code in the personal identification system which concerns on the 1st Embodiment of this invention. The block diagram which shows the main structures of the personal identification system which concerns on the 1st Embodiment of this invention Explanatory drawing which shows the outline | summary of the personal identification system which concerns on the 2nd Embodiment of this invention. The block diagram which shows the main structures of the personal identification system which concerns on the 2nd Embodiment of this invention. The block diagram which shows the main structures of the personal identification system which concerns on the 3rd Embodiment of this invention.

Explanation of symbols

100, 100A, 100B, 100N Automobile 110, 210 In-car network 111 ETC on-board unit 112 Engine 113 Mirror 114 Seat 115 Door 116 Audio equipment 117 External network connection part 120, 120A, 120B, 120N, 220, 320 Authentication terminal 121 Illumination 122 Camera 123,223 terminal CPU
126,226 Terminal storage device 127 Terminal communication interface (terminal IF)
128 Authentication result output device 130 Management center 133 Center CPU
136, 336A, 336B Center storage device 137, 337 Center communication interface (center IF)
140, 240, 340 Network 211 Input device 212 Monitor 260, 260A, 260B, 260N Mobile phone 263 Mobile phone CPU
266A, 266B Mobile phone storage device 267 Mobile phone communication interface (mobile IF)
268 Wireless communication interface (wireless IF)
501 Iris inner boundary 502 Iris outer boundary 5031-5038 Annular analysis band 503A, 503B Partial code corresponding area C1-C8 code PA, PB Partial iris code

Claims (15)

A registration data storage unit that stores partial registration data that is biometric data of a registrant divided into a plurality of parts;
A biometric data acquisition unit that acquires at least one of the partial biometric data that is biometric data of the person to be identified divided into a plurality of parts;
A personal identification device comprising: a collation unit that collates the acquired partial biometric data with partial registration data stored in the storage unit and outputs the collation result. The personal identification device according to claim 1,
A communication unit that connects the authentication terminal device that divides the biometric data of the identified person and generates partial biometric data via a communication line;
The biometric data acquisition unit is a personal identification device that acquires partial biometric data transmitted from the authentication terminal device via the communication unit. The personal identification device according to claim 2,
A determination unit that determines whether the identified person is the same person as the registrant based on the collation result output from the collation unit;
The communication unit is a personal identification device that transmits a determination result by the determination unit to the authentication terminal device. The personal identification device according to claim 2 or 3,
The said memory | storage part has a memory | storage device equal to the division | segmentation number of the said biometric data, The personal identification device which memorize | stores each partial registration data of the same registrant in a separate said memory | storage device. The personal identification device according to claim 2 or 3,
The storage unit is a personal identification device that stores partial registration data of the same registrant in a distributed manner. The personal identification device according to claim 1,
The biological data acquisition unit
A biometric data generation unit that acquires biometric information of the identified person and generates biometric data;
An encoding unit for encoding the generated biometric data;
A personal identification device comprising: a dividing unit that divides the encoded biometric data into a plurality of parts. The personal identification device according to claim 6,
The authentication management device that collates the partial biometric data of the person to be identified and the partial registration data and outputs a collation result, further includes a communication unit connected via a communication line,
The communication unit is a personal identification device that transmits at least one of the partial biometric data divided by the dividing unit to the authentication management device, and acquires a collation result transmitted from the authentication management device. The personal identification device according to claim 6 or 7,
A personal identification device further comprising a determination unit that determines whether or not the identified person is the same person as the registrant based on at least one of a verification result by the verification unit and a verification result acquired from the authentication management device. . A biometric data generation unit that acquires biometric information of the person to be identified and generates biometric data;
An encoding unit for encoding the generated biometric data;
A dividing unit that divides the encoded biometric data into a plurality of parts and outputs partial biometric data;
It is determined whether or not the identified person is the same person as the registrant by comparing the partial biometric data of the identified person with partial registered data that is partial biometric data of a registrant registered in advance. A communication unit connected to the authentication management device,
The communication unit is a personal identification device that transmits at least one of the partial biometric data divided by the dividing unit to the authentication management device and receives a determination result from the authentication management device. The personal identification device according to any one of claims 1 to 9,
The biological data is an iris code obtained by encoding image data of an iris portion divided into a plurality of annular analysis bands,
The partial biometric data and the partial registration data are partial iris codes obtained by dividing the iris code into a plurality of parts,
Each of the partial iris codes includes a portion corresponding to at least one of the annular analysis bands. The personal identification device according to claim 10,
A personal identification device in which the head of each of the partial iris codes corresponds to a position where the declination of the polar coordinate system having the origin at the center of a circle indicating the annular analysis band is different. An authentication management device and an authentication terminal device connected via a communication line;
The authentication management device includes the personal identification device according to any one of claims 2 to 5,
The personal identification system having the personal identification device according to any one of claims 6 to 11, wherein the authentication terminal device. Obtaining at least one of partial biometric data that is biometric data of the person to be identified divided into a plurality of parts;
A registration data storage unit that stores partial registration data, which is biometric data of a registrant divided into a plurality of parts, is referenced, and the acquired partial biometric data is compared with the partial registration data stored in the storage unit A personal identification method comprising steps. Acquiring biometric information of the identified person and generating biometric data;
Encoding the generated biometric data;
Dividing the encoded biometric data into a plurality of parts;
It is determined whether or not the identified person is the same person as the registrant by comparing the partial biometric data of the identified person with partial registered data that is partial biometric data of a registrant registered in advance. Transmitting to the authentication management device at least one of the partial biometric data via a communication line;
Receiving a determination result from the authentication management device.   The personal identification program which makes a computer perform each step described in Claim 13 or 14.

Images