JP2008146138A - Biometrics device, biometrics system, and biometrics method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent deterioration of convenience of a device with respect to a testee, and to prevent deterioration of authentication precision in confirming an individual even when the number of registrants who use a biometrics device is increased. <P>SOLUTION: A user input number is temporarily stored (S81). Whether or not the number of digits of a character string value exceeds the lower limit value of the number of digits is checked (S82). When it exceeds, the biological information of the testee is read. Biological data to be collated are generated, and temporarily stored (S83). Registration numbers including the character string values of input numbers are retrieved by referring to a user registration table. All biological registration data corresponding to the registration numbers are extracted (S84). The biological data to be collated and each extracted biological registration data are successively collated (S85). When it succeeds, user information corresponding to the biological registration data is acquired. The user information and the result of success are transmitted to an external device, or announced to a testee (S87), When it fails, the result of failure is transmitted to the external device, or reported to the testee (S88). <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a biometric authentication device that performs a process necessary for biometric authentication of a subject using biometric information of the subject, a biometric authentication system including the biometric authentication device, and a biometric authentication method.

  When performing various types of commercial transactions using ATMs such as financial institutions and entrance / exit management in buildings and the like where access is strictly restricted using an information processing device such as a computer, identification processing is required. This identity verification process is generally performed using information known only to the principal, such as a password or password. However, there is a drawback that information such as a personal identification number and a password can be easily impersonated by a third party in case of theft. Therefore, in recent years, as a technique used for identity verification processing, biological information such as fingerprints, irises, or finger veins that is virtually impossible to be stolen by a third party and is different information for each individual. Biometric authentication technology that uses information has attracted attention.

  2. Description of the Related Art Conventionally, in the technical field of personal authentication using a fingerprint, which is one type of biometric information, an apparatus has been proposed that aims to perform automatic authentication with few false positives. The device according to the proposal does not limit the information obtained from the pattern of the human palm to a fingerprint, collates a plurality of arbitrary parts included in the palm, and also uses a personal identification number for personal authentication. This is intended to improve authentication accuracy. The apparatus includes an operation unit for a subject to input a personal identification number, a palm image input unit for inputting a palm image of the subject, and a palmprint feature information holding unit for storing the palmprint feature information of the subject. A determination unit that compares the personal identification number and the input palm image with the palm print feature information of the person held in the palm print feature information holding unit to determine whether the subject is the person, and the determination result And a determination result output unit for outputting (see, for example, Patent Document 1).

Japanese Patent Laid-Open No. 7-114640

  The reason why the technique disclosed in Patent Document 1 described above has been proposed is as follows.

  In personal authentication using fingerprints as an example of biometric authentication, when a subject touches a fingertip with the surface (sensor surface) of a fingerprint sensor placed at an appropriate location of the biometric authentication device, the subject's fingerprint Information is output from the fingerprint sensor to the arithmetic processing unit of the apparatus. The arithmetic processing unit generates data to be verified by performing processing for extracting feature patterns such as end points and branch points of the fingerprint from the fingerprint information. Then, by comparing the data to be verified with data (registered data) registered in the image memory of the apparatus in advance (which is a characteristic pattern of the person's fingerprint), it is determined whether or not the subject is the person. Check.

  However, in the biometric authentication, since the biometric information is analog information, it is possible to determine whether the data to be collated and the registered data are similar or dissimilar. Therefore, it is impossible to make a so-called binary determination as to whether the two match completely or not at all. Therefore, the degree of similarity or mismatch between the data to be verified and registered data is calculated using a predetermined algorithm, and the result of the calculation is compared with a preset reference value (threshold value). A process for confirming whether or not the person is the person is performed.

  FIG. 1 shows a non-matching degree distribution in a matching result between matching data and registered data as an example of a calculation process prior to a process for confirming whether or not the subject is the person. In FIG. 1, the horizontal axis represents the degree of inconsistency in the collation result between the collated data and the registered data, and the vertical axis represents the appearance frequency. Curve 1 represents a frequency curve when the user's registered data is collated with the person's collated data, and curve 3 represents a frequency curve when the person's registered data is collated with another person's collated data. .

  As is apparent with reference to FIG. 1, the frequency curve 1 is usually more leftward than the frequency curve 3, and therefore, by setting a biometric authentication threshold indicated by a line segment 5, the inconsistency is set to the biometric authentication threshold 5. If it is smaller than the threshold value, the subject is determined to be the subject, and if the degree of mismatch is greater than the biometric threshold 5, the subject is determined to be another person. In general, the power curve 1 and the power curve 3 have an overlap as shown in FIG. 1, and even if the subject is another person, there is a certain probability that the person will be determined to be the person. This is called the stranger acceptance rate. In FIG. 1, the area 7 is an area showing the acceptance rate of others.

  In a biometric authentication apparatus configured to centrally manage registered data of a plurality of registrants using a database or the like and recognize a specific person, so-called verification data is checked against registered data of each registrant. 1: N verification needs to be performed. Here, the algorithm for performing the collation process between the collated data and the registered data is based on pattern matching between images (an image related to the collated data and an image related to the registered data). Increases and the number of registered data becomes enormous (in other words, when N in 1: N verification becomes a sufficiently large value), the load on the arithmetic processing unit inevitably increases. As a result, there arises a problem that the processing speed in the arithmetic processing unit is reduced, and it takes time to confirm whether or not the subject is the subject, thereby impairing the convenience of the apparatus. In addition, due to the existence of the other person acceptance rate described above, the more the number of registered data to be collated, the greater the possibility that the subject will be misidentified even if the subject is another person. There is also a problem that the performance is degraded.

  Then, the technique currently disclosed by patent document 1 mentioned above came to be proposed.

  As described above, in the technique described in Patent Document 1, a personal identification number and biological information are stored in advance for each individual registrant, and when the subject inputs the personal identification number, the personal identification number is stored. The biometric information corresponding to the personal identification number is read out from the existing (biometric) information and collation processing is performed. This is because the number of registered users is enormous, and when the amount of registered data stored in the device is enormous, it is entered rather than suddenly comparing the data to be verified with the registered data. It is possible to further reduce the load on the arithmetic processing unit by comparing the registered data corresponding to the registered personal identification number that matches the personal identification number and the verification data from the subject (1: N). This is because it is possible to reduce the value of N in the collation), and it is possible to confirm whether or not the user is the person in a relatively short time, so that the authentication performance of the apparatus can be improved.

  However, in the technique described in Patent Document 1, since the subject needs to input the PIN number for identifying each individual correctly, the subject will need to input it when the number of digits of the PIN number becomes too large. Since it becomes difficult to memorize in my head, the usability of the device becomes worse. If the number of registrants increases, an increase in the number of digits of the personal identification number assigned to each individual is unavoidable. If the number of registrants is not so large and it is not necessary to increase the number of digits of the PIN, the convenience of the device for the subject will be improved, but to the person by stealing the PIN of a third party Since the possibility of spoofing increases on the contrary, the authentication accuracy of the apparatus is lowered, and there is a problem that it is not preferable in terms of security.

  Accordingly, an object of the present invention is to prevent a decrease in convenience of the apparatus for the subject even if the number of registrants who use the apparatus increases in the biometric authentication apparatus, and to improve the authentication accuracy when verifying the identity. It is to be able to prevent the decrease.

  The biometric authentication device according to the first aspect of the present invention performs a process necessary for biometric authentication of a subject using biometric information of the subject, and character string data input by the subject is A character string data discriminating unit that discriminates whether or not a predetermined criterion is satisfied, and registration by each device user when the character string data determining unit determines that the input character string data satisfies a predetermined criterion The character string data search unit that searches for the one corresponding to the input character string data from among the plurality of character string data that has been searched, and the input biometric information of the subject and the character string data search unit Validity of the subject based on the biometric information collation unit that collates the biometric information of the device user registered in association with the character string data, and the collation result between the biometric information in the biometric information collation unit Determine That includes a subject validity determination unit.

  In a preferred embodiment according to the first aspect of the present invention, the character string data searched by the character string data search unit from among a plurality of character string data registered for each individual device user is the input character. It matches the column data or contains the input character string data.

  In another embodiment, the biometric information includes a subject's fingerprint pattern or finger vein pattern.

  In an embodiment different from the above, the character string data is numerical data of a plurality of digits.

  In another embodiment different from the above, the predetermined reference used by the character string data determining unit for determining the input character string data is a lower limit value of the number of digits of numerical data of a plurality of digits, and is input by a subject. The search processing by the character string data search unit is performed only when the number of digits of the numerical data exceeds the lower limit of the number of digits.

  In another embodiment different from the above, when the legitimacy determination unit determines that the input biometric information of the subject is illegal, the biometric information determined to be illegal is used as the illegal biometric information. I am trying to register as.

  Furthermore, in an embodiment different from the above, when biometric information of a subject is input, the biometric information is collated with the one or more registered illegal biometric information, and the collation As a result, only when it is determined that the biometric information does not match the registered illegal biometric information, the biometric information matching unit performs the matching process.

  A biometric authentication system according to a second aspect of the present invention includes one or a plurality of biometric authentication devices and a biometric authentication server connected to the biometric authentication device through a communication network, and the biometric authentication device includes a subject. The character string data received by the biometric authentication server and the biometric information of the subject to be transmitted to the biometric authentication server through the communication network, the character received by the biometric authentication server from the biometric authentication device A character string data discriminating unit that discriminates whether or not the column data satisfies a predetermined criterion, and when the character string data discriminating unit determines that the input character string data satisfies a predetermined criterion, use of each device A character string data search unit for searching for a character string data corresponding to the input character string data from among a plurality of character string data registered for each person, and the input of the subject A biometric information collation unit that collates body information with the biometric information of the device user registered in association with the character string data retrieved by the character string data retrieval unit, and the biometric information in the biometric information collation unit Based on the collation result of the subject, a subject validity judgment unit for judging the legitimacy of the subject, and a transmission for transmitting the judgment result by the subject validity judgment unit to the biometric authentication device through the communication network Part.

  In a preferred embodiment according to the second aspect of the present invention, when the correctness determination unit determines that the biometric information of the subject received from the biometric authentication device is illegal, the correctness is determined as incorrect. The biometric information is registered as illegal biometric information.

  In an embodiment different from the above, when biometric information of a subject is received from the biometric authentication device, the biometric information is collated with the one or more registered illegal biometric information, Only when it is determined that the biometric information does not match the registered illegal biometric information as a result of the collation, the biometric information collating unit performs the collation processing.

  The biometric authentication method according to the third aspect of the present invention performs processing necessary for biometric authentication of a subject using the subject's biometric information, and character string data input by the subject is When it is determined that the input character string data satisfies the predetermined standard in the step of determining whether or not the predetermined standard is satisfied, and the step of determining the character string data, it is registered for each device user. In the step of searching for a character string data corresponding to the input character string data from among the plurality of character string data, and the step of determining the character string data, the input biological information of the subject and the character string data A step of collating the biometric information of the device user registered in association with the character string data searched by the search unit; Based on the results, and a step of determining the validity of the subject.

  According to the present invention, even if the number of registrants who use the device increases in the biometric authentication device, it is possible to prevent a decrease in convenience of the device with respect to the subject, and a decrease in authentication accuracy during identity verification. Can also be prevented.

  Hereinafter, embodiments of the present invention will be described in more detail with reference to the drawings.

  FIG. 2 is a functional block diagram showing the overall configuration of the biometric authentication apparatus according to the first embodiment of the present invention.

  The biometric authentication device 10 is assumed to use a fingerprint pattern or a finger vein pattern as biometric information. As shown in FIG. 2, the biometric information sensor 11, a data storage memory 13, a program storage memory 15, The external communication part 17, the user alerting | reporting part 19, the user input part 21, and the arithmetic processing part 23 are provided. These units (11, 13, 15, 17, 19, 21, 23) are connected through a bus line 24.

  The biological information sensor 11 reads the subject's own biological information provided from the subject, and outputs the read biological information to the arithmetic processing unit 23 through the bus line 24. In the present embodiment, the biometric information sensor 11 reads a fingerprint pattern or a finger vein pattern from the subject's finger 65 as the subject's biometric information and outputs it to the arithmetic processing unit 23.

  The program storage memory 15 is a memory that stores a control program for the arithmetic processing unit 23 to execute processing as the biometric authentication device 10, that is, biometric authentication processing, and is configured from a hard disk (HDD), a semiconductor memory, or the like. The

The external communication unit 17 is the result of the biometric authentication process executed by the arithmetic processing unit 23 given from the arithmetic processing unit 23 through the bus line 24 under the control of the arithmetic processing unit 23 (that is, the subject is the subject). Whether or not confirmed). Then, the result of the biometric authentication process is transmitted to an external (information processing) device (not shown here) having a communication function. When various information is transmitted from the external (information processing) device having the above-described communication function under the control of the arithmetic processing unit 23, the external communication unit 17 receives the various information and the various information. Is output to the arithmetic processing unit 23 through the bus line 24. In the present embodiment, as the external communication unit 17, for example, a wired LAN (local
Any one of an area network module, a wireless LAN module, a USB module, and the like is used. Alternatively, communication modules other than those described above can be used.

  Under the control of the arithmetic processing unit 23, the user notification unit 19 uses the result of the biometric authentication process given from the arithmetic processing unit 23 through the bus line 24 as visual information such as image data or character data, or audio information ( This is to notify the user (of the biometric authentication device 10). When the processing result is provided to the user as visual information such as image data or character data, the liquid crystal display is used. When the processing result is provided to the user as audio information, the speaker is used. Used as the person notification unit 19. In the following description, it is assumed that both the liquid crystal display and the speaker are used as the usage notification unit 19.

  The user input unit 21 is used by the user to input various information necessary for the biometric authentication process that the biometric authentication device 10 is to perform. In the present embodiment, for example, any one of a keyboard, a numeric keypad, and a touch panel is used as the user input unit 21. Information input from the user through the user input unit 21 is output from the user input unit 21 to the arithmetic processing unit 23 through the bus line 24.

  The data storage memory 13 is a memory for storing various data necessary for the arithmetic processing unit 23 to execute the process as the biometric authentication device 10, that is, the biometric authentication process. The data storage memory 13 is a hard disk (HDD) or It consists of a semiconductor memory or the like. In the data storage memory 13, a user registration table 25, biometric verification data 27, user input number data 29, and digit number lower limit data 31, which are one of nonvolatile fixed data, are stored. The

  The biometric collation data 27 is collation data generated by the arithmetic processing unit 23 based on a fingerprint pattern or finger vein pattern read by the biometric information sensor 11 from the user's finger 65. The biometric verification data 27 is stored in the user registration table 25 by the arithmetic processing unit 23 in the biometric authentication process necessary for the identity verification of the subject executed in the biometric authentication device 10. The biometric registration data 39, 41, 43, 45, 47, 49, 51,.

  The user input number data 29 is a character string (numerical number) of number data input to the biometric authentication device 10 by the user (the subject of the biometric authentication process by the biometric authentication device 10) using the user input unit 21. Column) Data indicating the value. The user input number data 29 is written to the data storage memory 13 through the bus line 24 by the arithmetic processing unit 23 by being output to the arithmetic processing unit 23 through the bus line 24.

  The digit number lower limit data 31 is a number input to the biometric authentication device 10 by the user (each individual who receives a determination for identity verification using the biometric authentication device 10) using the user input unit 21. This is data with the minimum number of digits in the data indicating the character string value of the data. In this embodiment, the digit number lower limit data 31 is set in advance as a system parameter. Here, the number of digits is assumed to be the number of digits when the number data is represented as a decimal character string. However, the number of digits when represented as a hexadecimal character string, for example, is not a decimal character string. It doesn't matter. When the digit number lower limit data 31 is set and the biological information of the user (subject) related to the user input number data 29 whose number of digits is smaller than the digit number lower limit value data 31 is input, The processing load of the arithmetic processing unit 23 is prevented by not generating the biometric matching data based on the biometric information and the matching processing between the biometric matching data and the biometric registration data (39 to 51,...). Can be reduced.

  The user registration table 25 includes number data (user registration number data) selected by each user at the time of registration in the biometric authentication device 10 and individual users as biometric information registered by the user. This is a table for managing biometric registration data such as fingerprint patterns and finger vein patterns and user information such as names and addresses of individual users, which are information for identifying users, in association with each other. . The user registration table 25 includes a plurality of user registration number data 33, 35, 37,... And a plurality of biometric registration data 39, 41, 43, 45, 47 as data for identifying the user. , 49, 51,... And a plurality of user information 53, 55, 57, 59, 61, 63,.

  The user registration number data 33, 35, 37,... Is number data set by each individual user when the individual user registers various information related to the biometric authentication device 10. The biometric registration data 39, 41, 43, 45, 47, 49, 51,... Are data such as individual user fingerprint patterns and finger vein patterns, which are biometric information registered by the user. User information 53, 55, 57, 59, 61, 63,... Is information such as the name and address of each user, which is information for specifying the user.

  User information 53 is registered in biometric registration data 39, user information 55 is registered in biometric registration data 41, and biometric registration data 39 and 41 are registered in user registration number data 33. Registered in association. User information 57 corresponds to biometric registration data 43, user information 59 corresponds to biometric registration data 45, user information 61 corresponds to biometric registration data 47, and user information 63 corresponds to biometric registration data 49. Attached and registered. The biometric registration data 43, 45, 47, and 49 are registered in association with the user registration number data 35. The biometric registration data 51 is registered in association with the user registration number data 37.

  Here, the user registration number may not be different for each individual user. In the example shown in FIG. 2, the character string value of the user registration number data 33 is “123”, and the character string value of the user registration number data 35 is “124”.

  As described above, the user registration table 25 is searched for user registration number data (33, 35, 37,...) Including an arbitrary character string value, and searched user registration number data. The biometric registration data associated with can be acquired. It is conceivable that the user registration table 25 is implemented using a relational database mechanism, but it may be implemented by other methods.

  The arithmetic processing unit 23 places each unit constituting the biometric authentication device 10 under the control thereof. For the arithmetic processing unit 23, for example, a microprocessor is used. The arithmetic processing unit 23 accesses the data storage memory 13 through the bus line 25. Then, using the data stored in the data storage memory 13, a biometric authentication process for the subject is executed according to the control program stored in the program storage memory 15. Details of the subject's biometric authentication process executed by the arithmetic processing unit 23 will be described in detail with reference to FIG.

  Next, the biometric registration data used in the collation process between the character string value held in the user input number data 29 shown in FIG. 2 and the collation data generated based on the biometric information from the subject. The relationship will be described with an example.

  FIG. 3 is an explanatory diagram showing the relationship between the user input number data 29 and the biometric registration data when the character string value held by the user input number data 29 shown in FIG. 2 is “123”. is there.

  In this case, the character string value of the user registration number data 33 stored in the user registration table 25 is “123”, which matches “123”, which is the character string value of the user input number data 29. Therefore, the arithmetic processing unit 23 performs so-called 1: N collation with the data to be collated using the biometric registration data 39 and 41 associated with the user registration number data 33 in the user registration table 25. become.

  FIG. 4 is an explanatory diagram showing the relationship between the user input number data 29 and the biometric registration data when the character string value held by the user input number data 29 shown in FIG. 2 is “12”. is there.

  In this case, both “123” as the character string value of the user registration number data 33 stored in the user registration table 25 and “124” as the character string value of the user registration number data 35 are stored. The character string value “12” of the user input number data 29 is included. Therefore, the arithmetic processing unit 23 is associated with the biometric registration data 38 and 41 associated with the user registration number data 33 in the user registration table 25 and the user registration number data 35. The so-called 1: N collation with the data to be collated is executed using the biometric registration data 43, 45, 47, 49.

  FIG. 5 is an explanatory diagram illustrating an example of screen transition displayed on the user notification unit 19 (liquid crystal display) (of the biometric authentication device 10) illustrated in FIG.

  In FIG. 5, the biometric authentication device 10 first receives user registration number data and biometric information (such as a fingerprint pattern and finger vein pattern) necessary for the device 10 to execute biometric authentication processing on the subject. An image for requesting provision from the examiner is displayed on a liquid crystal display. The image is an image for first guiding the user registration number and then guiding the subject to place the finger 65 on the biological information sensor 11. The biometric authentication device 10 also outputs a voice related to the content of the guidance through a speaker. Examples of the image include guidance text or graphics related to the content of the guidance (step S71).

  Next, when the user input number is input through the user input unit 21 (step S72), the biometric authentication device 10 displays the user input number on the liquid crystal display of the user notification unit 19. At the same time, the biometric authentication device 10 displays and outputs a guidance screen on the liquid crystal display instructing to place the finger 65 (of the subject) on the biometric information sensor 11 after inputting the user input number. A guidance voice is output from the speaker (step S73). Next, when it is detected that the finger 65 (of the subject) is placed on the biometric information sensor 11 (step S74), the biometric authentication device 10 checks the number of digits of the user input number, etc. The user input number is verified (step S75). As a result of the verification, if the user input number is valid (YES in step S75), a screen indicating that “identification is in progress” is displayed on the liquid crystal display and “identification” is performed. A sound indicating “medium” is output from the speaker (step S76).

  On the other hand, if the user input number is not valid as a result of the verification (NO in step S75), a screen indicating that the user input number is not correct is displayed on the liquid crystal display, and the user input After outputting a sound indicating that the number is not correct from the speaker (step S77), the process proceeds to the processing operation shown in step S71. Alternatively, the transition to end the biometric authentication process may be executed without shifting to the processing operation shown in step S71.

  In step S76, a screen indicating that “identification is in progress” is displayed on the liquid crystal display, and a voice indicating that “identification is in progress” is output from the speaker. It is checked whether or not the identity verification is successful (step S78). As a result of this check, if it is determined that the identity verification is successful (YES in step S78), a message indicating that the identity verification is successful and a screen including the name of the subject are displayed on the liquid crystal display, and A message and a voice expressing the name are output from the speaker (step S79). On the other hand, if it is determined that the identity verification has failed as a result of the check in step S78 (NO in step S78), a screen including a message indicating that the identity verification has failed is displayed on the liquid crystal display and the message is displayed. The voice to be expressed is output from the speaker (step S80).

  FIG. 6 is a flowchart illustrating a biometric authentication processing procedure executed by the arithmetic processing unit 23 illustrated in FIG.

  In FIG. 6, when a subject inputs a user number to the biometric authentication device 10 through the user input unit 21, the arithmetic processing unit 23 uses the user number as user input number data 29 to the data storage memory 13. Temporarily save (step S81). Next, the arithmetic processing unit 23 increases the number of digits of the character string value of the user input number data 29 temporarily stored above the digit number lower limit value data 31 stored in the data storage memory 13 in advance. It is checked whether or not it is rotating (step S82). If it is determined as a result of this check that the number is higher (YES in step S82), the arithmetic processing unit 23 determines that the subject's biological body (such as a fingerprint pattern or finger vein pattern) input from the biological information sensor 11 is used. Read information. Then, by performing predetermined arithmetic processing based on the biometric information, biometric matching data 27 is generated, and the biometric matching data 27 is temporarily stored in the data storage memory 13 (step S83).

  Next, the arithmetic processing unit 23 refers to the user registration table 25 and the user registration number including the character string value of the user input number data 29 temporarily stored in the data storage memory 13 in step S81. Search data (33, 35, 37, ...). Then, all the biometric registration data (39, 41, 43, 45, 47, 49, 51,...) Associated with the searched user registration number data (33, 35, 37,. Extract (step S84). Then, the so-called 1: N, in which the biometric verification data 27 and the biometric registration data (39, 41, 43, 45, 47, 49, 51,...) Extracted in step S84 are sequentially verified. Collation is executed (step S85).

  If the 1: N collation in step S85 is successful (YES in step S86), the arithmetic processing unit 23 stores the biometric registration data (39, 41, 43, 45, 47) in the user registration table 25 in which the collation is successful. , 49, 51,..., User information (any of 53, 55, 57, 59, 61, 63,...) Is acquired. Then, the acquired user information and successful biometric authentication are transmitted to the external (information processing) device via the external communication unit 17, or to the subject via the user notification unit 19. Notification is made (step S87).

  On the other hand, if the 1: N collation in step S85 is unsuccessful (NO in step S86), the arithmetic processing unit 23 notifies the external (information processing) device via the external communication unit 17 that biometric authentication has failed. Or to the subject via the user notification unit 19 (step S88).

  In step S82, it is determined that the number of digits of the character string value of the user input number data 29 temporarily stored is below the digit number lower limit value data 31 stored in the data storage memory 13 in advance. If (NO in step S82), the process immediately proceeds to the processing operation shown in step S88.

  As described above, according to the first embodiment of the present invention, the number of digits of the user input number data 29 input by the subject to the biometric authentication device 10 through the user input unit 21 is the user registration table. Even if it is smaller than the user registration number data (33, 35, 37,...) Registered in 25, if it exceeds the digit number lower limit data 31, the biometric verification data and the biometric registration data Verification processing can be performed. In addition, since the subject does not have to completely remember his / her user registration number and only has to input a part of his / her user registration number, the convenience of the biometric authentication device 10 is improved. be able to.

  According to the present embodiment, it is possible to reduce the load of collation processing in the biometric authentication device 10 without impairing the convenience of the subject, and also reduce the possibility of recognizing another person as the person. Can do.

  Although the present embodiment has been described as reading the subject's fingerprint pattern or finger vein pattern as biometric information, other biometric information of the subject such as an iris may be read.

  The biometric authentication device 10 may be a dedicated device that only performs identity verification, or a device that has functions other than identity verification, such as entrance / exit management and financial transaction processing.

  FIG. 7 is a functional block diagram showing the overall configuration of the biometric authentication system according to the second embodiment of the present invention.

As shown in FIG. 7, the biometric authentication system includes a biometric authentication server 91 and a plurality of biometric authentication devices 93, 95, and 97 (in FIG. 7, for convenience of illustration and description, only three are shown). Composed. The biometric authentication server 91 and the plurality of biometric authentication devices 93, 95, and 97 are, for example, the Internet or LAN (local
The network is connected through a communication network 99 such as Area Network. In this embodiment, registration information relating to the subject (system user) is centrally managed in the biometric authentication server 91, and the biometric authentication server 91 cooperates with the biometric authentication devices 93, 95, and 97 through the communication network 99 ( By collaborating), the system as a whole fulfills the function of identity verification in the subject's biometric authentication process. For the communication network 99, another communication module other than the wired LAN module, the wireless LAN module, and the USB module can be used.

  In the present embodiment, the biometric authentication server 91 includes a data storage memory, a program storage memory, an external communication unit, and an arithmetic processing unit among the units included in the biometric authentication device 10 illustrated in FIG. These are indicated by a data storage memory 101, a program storage memory 103, an external communication unit 105, and an arithmetic processing unit 107, respectively. The above units are connected through a bus line 109. On the other hand, since the internal configuration of the biometric authentication device 93 is the same as the internal configuration of the biometric authentication device 10 shown in FIG. 2, the same reference numerals as those shown in FIG. The internal configuration of the other biometric authentication devices 95 and 97 shown in FIG. 7 is the same as the internal configuration of the biometric authentication device 93. Therefore, the internal configuration of the biometric authentication devices 95 and 97 is illustrated and described. Omitted.

  In FIG. 7, a user registration table 25 similar to that shown in FIG. 2 is stored in the data storage memory 101 (of the biometric authentication server 91). In the user registration table 25, user registration number data 33, 35, 37,... And biometric registration data 39, 41, 43, 45, 47, 49, 51, similar to those shown in FIG. , ..., and user information 53, 55, 57, 59, 61, 63, ... are registered in the above-described manner. In addition to the above, the data storage memory 101 further stores biometric verification data 27, user input number data 29, and digit number lower limit value data 31 similar to those shown in FIG.

The fingerprint pattern of the finger 65 or the finger vein pattern, which is the biometric information of the subject, is read by the biometric information sensor 11 of the biometric authentication device 93. The biometric information is transmitted from the biometric information sensor 11 to the biometric authentication server 91 through the external communication unit 17 and the communication network 99 under the control of the arithmetic processing unit 23. In the biometric authentication server 91, the external communication unit 10 is controlled under the control of the arithmetic processing unit 107.
5 receives the biometric information, and outputs the biometric information to the arithmetic processing unit 107 through the bus line 109. In the arithmetic processing unit 107, the arithmetic processing operation as described above is executed.

  Similar processing is executed between the biometric authentication devices 95 and 97 and the biometric authentication server 91.

  FIG. 8 is a flowchart showing a biometric authentication processing procedure executed between the biometric authentication server 91 and the biometric authentication device 93 shown in FIG.

  In FIG. 8, first, in the biometric authentication device 93, the arithmetic processing unit 23 transmits the number input from the subject through the user input unit 21 to the biometric authentication server 91 through the communication network 99 (step S111). Next, the arithmetic processing unit 23 performs a predetermined arithmetic processing operation on the basis of the biological information such as the fingerprint pattern of the subject's finger 65 or the finger vein pattern input through the biological information sensor 11, thereby performing the biological operation. Generate verification data. Then, the biometric verification data is transmitted to the biometric authentication server 91 through the communication network 99 (step S112).

  On the other hand, when the biometric authentication server 91 receives the input number transmitted from the biometric authentication device 93 in step S <b> 111, the arithmetic processing unit 107 temporarily stores the input number as the user input number data 29 in the data storage memory 101. (Step S113). Next, the arithmetic processing unit 107 checks whether or not the number of digits of the character string value of the user input number data 29 exceeds the digit number lower limit value data 31 (step S114). If the number of digits of the character string value of the user input number data 29 exceeds the digit number lower limit data 31 as a result of this check (YES in step S114), the arithmetic processing unit 107 is biometric authentication in step S112. The biometric verification data transmitted from the device 93 is received, and the received biometric verification data is temporarily stored in the data storage memory 101 as the biometric verification data 27 (step S115).

  Next, the arithmetic processing unit 107 refers to the user registration table 25 and the user registration number including the character string value of the user input number data 29 temporarily stored in the data storage memory 101 in step S113. Search data (33, 35, 37, ...). Then, all the biometric registration data (39, 41, 43, 45, 47, 49, 51,...) Associated with the searched user registration number data (33, 35, 37,. Extract (step S116). Then, the biometric verification data 27 and the biometric registration data (39, 41, 43, 45, 47, 49, 51,...) Extracted in step S116 are sequentially verified, so-called 1: N. Collation is executed (step S117).

  If the 1: N collation in step S117 is successful (YES in step S118), the arithmetic processing unit 107 causes the biometric registration data (39, 41, 43, 45, 47) in which the collation is successful in the user registration table 25. , 49, 51,..., User information (any of 53, 55, 57, 59, 61, 63,...) Is acquired. Then, the acquired user information and the fact that the biometric authentication process was successful are transmitted to the biometric authentication device 93 through the communication network 99 (steps S119 and S120).

  On the other hand, if the 1: N verification in step S117 is unsuccessful (NO in step S118), the arithmetic processing unit 107 transmits information indicating that the biometric authentication process has failed to the biometric authentication device 93 via the communication network 99 ( Step S121, Step S122).

  In the biometric authentication device 93, the arithmetic processing unit 23 sends the above information from the biometric authentication server 91 (acquired user information and the fact that biometric authentication was successful or biometric authentication failed) to the user notification unit 19. The subject is notified through (step S123).

  If the number of digits of the character string value of the user input number data 29 does not exceed the digit number lower limit value data 31 (NO in step S114), the process immediately proceeds to the processing operation shown in step S121.

  In the processing procedure shown in FIG. 8, the biometric authentication device 93 generates biometric verification data from the subject's finger 65 through the biometric information sensor 11 and transmits the generated biometric verification data to the biometric authentication server 91. However, the biometric authentication device 93 transmits the raw biometric information (fingerprint pattern or finger vein pattern) input through the biometric information sensor 11 to the biometric authentication server 91. It may be possible to generate biometric verification data by executing predetermined arithmetic processing from the received biometric information.

  As described above, according to the second embodiment of the present invention, any number of biometric authentication devices (93, 95, 97,...) Are connected to the biometric authentication server 91 through the communication network 99 and used. It becomes possible to construct a biometric authentication system that centrally manages the person registration table 25 and the digit number lower limit data 31 by the biometric authentication server 91.

  FIG. 9 is a functional block diagram showing the overall configuration of the biometric authentication apparatus according to the third embodiment of the present invention.

  In the present embodiment, the configuration is different from the biometric authentication device 10 shown in FIG. 2 in that the illegal biometric verification data list 129 is stored in the data storage memory 127 of the biometric authentication device 125. Since the other configuration is the same as that shown in FIG. 2, in FIG. 9, the same components as those shown in FIG. 2 are denoted by the same reference numerals, and detailed description thereof is omitted.

  In FIG. 9, the unauthorized biometric matching data list 129 is a predetermined calculation process based on the biological information (such as a fingerprint pattern or finger vein pattern) of the subject output from the biological information sensor 11 by the calculation processing unit 23. This is a list necessary for determining (by the arithmetic processing unit 23) whether or not the biometric verification data generated by executing is biometric verification data of an unauthorized subject. One or a plurality (arbitrary number) of illegal biological subject verification data 131, 133, 135, 137,... Are stored in the illegal biological subject verification data list 129.

  In the unauthorized biometric verification data list 129, the arithmetic processing unit 23 stores the biometric verification data 29 of the subject who failed the biometric authentication process, and the illegal biometric verification data (131, 133, 135, 137,. It will be added and saved as.

  FIG. 10 is a flowchart illustrating a biometric authentication processing procedure executed by the arithmetic processing unit 23 illustrated in FIG. 9.

  In FIG. 10, when a subject inputs a user number to the biometric authentication device 125 through the user input unit 21, the arithmetic processing unit 23 uses the user number as user input number data 29 to the data storage memory 13. Temporarily save (step S141). Next, the arithmetic processing unit 23 increases the number of digits of the character string value of the user input number data 29 temporarily stored above the digit number lower limit value data 31 stored in the data storage memory 13 in advance. It is checked whether it is rotating (step S142). If it is determined as a result of this check that the number is higher (YES in step S142), the arithmetic processing unit 23 determines that the subject's biological body (such as a fingerprint pattern or finger vein pattern) input from the biological information sensor 11 is used. Read information. Then, by performing predetermined arithmetic processing based on the biometric information, biometric matching data 27 is generated, and the biometric matching data 27 is temporarily stored in the data storage memory 13 (step S143).

  Next, the arithmetic processing unit 23 sequentially performs the biometric matching data 27 and the illegal biometric matching data (131, 133, 135, 137,...) Stored in the illegal biometric matching data list 129. A so-called 1: N collation is performed (step S144). If the 1: N collation in step S144 is successful, that is, the biometric matching data 27 is stored in the unauthorized biometric matching data list 129 (131, 133, 135, 137, ..)) (YES in step S145), the biological subject verification data 27 is the biological subject verification data (illegal biological subject verification data) of an unauthorized subject. Therefore, the arithmetic processing unit 23 transmits the fact that the biometric authentication has failed to the external (information processing) device via the external communication unit 17 or notifies the subject via the user notification unit 19. (Step S151).

  On the other hand, if the 1: N collation in step S144 is unsuccessful, that is, the biometric collation data 27 is stored in the invalid biometric collation data list 129 (131, 133, 135, 137,...) (NO in step S145), the biological subject verification data 27 is not an unauthorized subject's biological subject verification data (illegal biological subject verification data). Become. Therefore, the arithmetic processing unit 23 refers to the user registration table 25, and the user registration number data including the character string value of the user input number data 29 temporarily stored in the data storage memory 13 in step S141. (33, 35, 37, ...) is searched. Then, all the biometric registration data (39, 41, 43, 45, 47, 49, 51,...) Associated with the searched user registration number data (33, 35, 37,. Extract (step S146). Then, so-called 1: N that sequentially collates the biometric matching data 27 with each biometric registration data (39, 41, 43, 45, 47, 49, 51,...) Extracted in step S146. Collation is executed (step S147).

  If the 1: N collation in step S147 is successful (YES in step S148), the arithmetic processing unit 23 stores the biometric registration data (39, 41, 43, 45, 47) in the user registration table 25 in which the collation is successful. , 49, 51,..., User information (any of 53, 55, 57, 59, 61, 63,...) Is acquired. Then, the acquired user information and successful biometric authentication are transmitted to the external (information processing) device via the external communication unit 17, or to the subject via the user notification unit 19. Notification is made (step S149).

  On the other hand, if the 1: N collation in step S148 is unsuccessful (NO in step S148), the biometric collation data 27 is biometric collation data (unauthorized biometric collation data) of an unauthorized subject. It will be. Therefore, the arithmetic processing unit 23 performs a process of additionally storing the biometric matching data 27 as the illegal biometric matching data in the illegal biometric matching data list 129 (step S150), and that biometric authentication has failed. Is transmitted to the external (information processing) device via the external communication unit 17 or is notified to the subject via the user notification unit 19 (step S151).

  In step S142, it is determined that the number of digits of the character string value of the user input number data 29 temporarily stored is below the digit number lower limit value data 31 stored in the data storage memory 13 in advance. If (NO in step S142), the process immediately proceeds to the processing operation shown in step S151.

  As described above, according to the third embodiment of the present invention, the arithmetic processing unit 23 of the biometric authentication device 125 refers to or updates the unauthorized biometric matching data list 129 of the data storage memory 13. Thus, it is possible to prevent an unauthorized biometric authentication process from being performed by a subject who is not registered in the user registration table 25. Therefore, the performance of the biometric authentication process in the biometric authentication device 125 can be improved.

  FIG. 11 is a functional block diagram showing an overall configuration of a biometric authentication system according to the fourth embodiment of the present invention.

  In this embodiment, the data storage memory 163 of the biometric authentication server 161 stores an unauthorized biometric matching data list 165 similar to the unauthorized biometric matching data list 129 shown in FIG. The configuration is different from the biometric authentication system. Since the other configuration is the same as that shown in FIG. 7, the same components as those shown in FIG. 7 are denoted by the same reference numerals in FIG. 11 and their detailed description is omitted.

  Also in this embodiment, as in the third embodiment described above, the arithmetic processing unit 107 of the biometric authentication server 161 refers to or updates the unauthorized biometric matching data list 165 of the data storage memory 163. Thus, it is possible to prevent an unauthorized biometric authentication process from being performed by a subject who is not registered in the user registration table 25. Therefore, it is possible to improve the performance of biometric authentication processing in the biometric authentication system.

  The preferred embodiments of the present invention have been described above, but these are merely examples for explaining the present invention, and the scope of the present invention is not limited to these embodiments. The present invention can be implemented in various other forms.

The figure which shows the mismatch degree distribution in the collation result of to-be-collated data and registered data as an example of the calculation process prior to the process which confirms whether a subject is the person. 1 is a functional block diagram showing the overall configuration of a biometric authentication device according to a first embodiment of the present invention. Explanatory drawing which showed the relationship between this user input number data and biometrics registration data in case the character string value which the user input number data described in FIG. 2 hold | maintains is "123". Explanatory drawing which showed the relationship between this user input number data and biometrics registration data in case the character string value which the user input number data described in FIG. 2 hold | maintains is "12". Explanatory drawing which shows an example of the screen transition displayed on the user alerting | reporting part (liquid crystal display) described in FIG. 2 (biometric authentication apparatus). The flowchart which shows the process sequence of the biometrics authentication which the arithmetic processing part described in FIG. 2 performs. The functional block diagram which shows the whole structure of the biometric authentication system which concerns on the 2nd Embodiment of this invention. The flowchart which shows the process sequence of the biometric authentication performed between the biometric authentication server described in FIG. The functional block diagram which shows the whole structure of the biometrics apparatus which concerns on the 3rd Embodiment of this invention. The flowchart which shows the process sequence of the biometrics authentication which the arithmetic processing part described in FIG. 9 performs. The functional block diagram which shows the whole structure of the biometric authentication system which concerns on the 4th Embodiment of this invention.

Explanation of symbols

10, 93, 95, 97, 125 Biometric authentication device 11 Biometric information sensor 13, 101, 127, 163 Data storage memory 15, 103 Program storage memory 17, 105 External communication unit 19 User notification unit 21 User input unit 23, 107 arithmetic processing unit 24s, 109 bus line 91, 161 biometric authentication server 99 communication network

Claims (11)

In the biometric authentication device that performs the necessary processing for biometric authentication of the subject using the biometric information of the subject,
A character string data discriminating unit for discriminating whether or not the character string data input by the subject satisfies a predetermined standard;
When the character string data determining unit determines that the input character string data satisfies a predetermined standard, it corresponds to the input character string data from among a plurality of character string data registered for each device user. A character string data search part for searching for what to do,
A biometric information collation unit that collates the input biometric information of the subject and the biometric information of the device user registered in association with the character string data searched by the character string data search unit;
Based on the verification result between the biological information in the biological information verification unit, a subject validity determination unit that determines the validity of the subject;
A biometric authentication device. The biometric authentication device according to claim 1,
The character string data searched by the character string data search unit from among a plurality of character string data registered for each individual device user matches the input character string data or includes the input character string data. A biometric authentication device. The biometric authentication device according to claim 1,
A biometric authentication apparatus, wherein the biometric information includes a subject's fingerprint pattern or finger vein pattern. The biometric authentication device according to claim 1,
A biometric authentication device in which the character string data is numerical data of a plurality of digits. The biometric authentication device according to claim 4, wherein
The predetermined standard used by the character string data determination unit to determine the input character string data is a lower limit value of the number of digits of numerical data of a plurality of digits,
A biometric authentication device in which search processing by the character string data search unit is performed only when the number of digits of the numerical data input by the subject exceeds the lower limit of the number of digits. The biometric authentication device according to claim 1,
A biometric authentication apparatus configured to register biometric information determined to be illegal as illegal biometric information when the legitimacy determination unit determines that the input biometric information of the subject is illegal. The biometric authentication device according to claim 6.
When biometric information of a subject is input, the biometric information is collated with the one or more registered illegal biometric information, and the biometric information is registered as a result of the collation. A biometric authentication device that performs a verification process by the biometric information verification unit only when it is determined that the biometric information does not match the illegal biometric information. One or more biometric authentication devices, and a biometric authentication server connected to the biometric authentication device through a communication network,
The biometric authentication device is
A transmission unit that transmits character string data input by the subject and biometric information of the subject to the biometric authentication server through the communication network;
The biometric authentication server is
A character string data determination unit for determining whether the character string data received from the biometric authentication device satisfies a predetermined criterion;
When the character string data determining unit determines that the input character string data satisfies a predetermined standard, it corresponds to the input character string data from among a plurality of character string data registered for each device user. A character string data search part for searching for what to do,
A biometric information collation unit that collates the input biometric information of the subject and the biometric information of the device user registered in association with the character string data searched by the character string data search unit;
Based on the verification result between the biological information in the biological information verification unit, a subject validity determination unit that determines the validity of the subject;
A transmission unit that transmits the determination result by the subject validity determination unit to the biometric authentication device through the communication network;
A biometric authentication system. The biometric authentication system according to claim 8, wherein
When the biometric information of the subject received from the biometric authentication device is determined to be illegal by the legitimacy determination unit, the biometric information determined to be illegal is registered as the illegal biometric information. Authentication system. The biometric authentication device according to claim 9, wherein
When the biometric information of a subject is received from the biometric authentication device, the biometric information is collated with the one or more registered illegal biometric information, and as a result of the collation, the biometric information is A biometric authentication system in which collation processing by the biometric information collation unit is performed only when it is determined that the biometric information does not match the registered illegal biometric information. In a biometric authentication method for performing a process necessary for biometric authentication of a subject using biometric information of the subject,
Determining whether the character string data input by the subject meets a predetermined criterion;
When it is determined that the input character string data satisfies a predetermined standard in the step of determining the character string data, the input character string is selected from a plurality of character string data registered for each device user. Searching for corresponding data,
In the step of determining the character string data, the input biometric information of the subject and the biometric information of the device user registered in association with the character string data searched by the character string data search unit; A step of matching
Determining the legitimacy of the subject based on the result of matching between the biological information in the biological information matching unit;
A biometric authentication method comprising:

Images