JP2008217257A - Processing apparatus for biometric authentication, biometric authentication method, program for causing apparatus to execute the method, and recording medium with the program recorded thereon - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a processing apparatus for biometric authentication, a biometric authentication method, a program for executing the method, and a recording medium with the program recorded thereon, facilitating users' input operations while ensuring matching accuracy and reducing authentication time in a trade-off relationship, in authentication using biometric information. <P>SOLUTION: A database 43 stores registration templates of biometric images read by a biometric information reading part 21 in association with registration telephone numbers. In authentication, an authenticated person places his/her registered region over the biometric information reading part 21 and enters an authentication telephone number. One or more registration telephone numbers stored in the database 43 coincident with the authentication telephone number are detected, and the registration templates associated with the detected registration telephone numbers are specified and collated with an authentication template. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a processing apparatus using biometric information, a biometric authentication method, a program for causing the apparatus to execute the method, and a recording medium on which the program is recorded, and in particular, in order to quickly authenticate biometric information, The present invention relates to a biometric authentication process or the like that narrows down candidates to be verified with the biometric information of the person to be authenticated from a plurality of registered biometric information registered in advance, and compares the narrowed-down registered biometric information with the biometric information of the person to be authenticated.

  Conventionally, when providing credit account services that postpone payment for product purchases at financial institutions and commercial facilities, the service provider (organization, company) promptly authenticates the service user. For example, cash cards, credit cards, and the like are widely used as means for performing the above operations, and IC cards in which an IC chip is embedded are also used for enhancing security. The card usage does not stop there. For example, as a means of recording the cumulative number of points in providing the user with benefits (discounts, free gift exchanges, preferential sales of tickets, etc.) equivalent to the cumulative number of points, showing the actual product purchases at various commercial facilities. So-called point cards are used, so-called registration cards, passports, driver's licenses, etc. are used in advance as personal identification means in public facilities such as hospitals, government offices, airports (customs), police stations, and commercial rental business facilities. Prepaid cards, so-called prepaid cards, which are issued with a price corresponding to the amount of money and enable the use of goods, telephones, railroads, pachinko, etc. within the amount, are used.

  Since a card is issued for each service provider for a wide range of services that can be received in the life of the individual as described above, the number of cards owned by the individual is increasing. As a result, service users may feel inconvenience because it takes space to carry many of these cards, or it may be inconvenient to select an appropriate one from many cards when presenting the card. Therefore, a means for receiving the above-described various services without a card is desired.

  As means for making a card for personal authentication unnecessary, a technique using a user's fingerprint for authentication is disclosed (for example, Patent Document 1). Specifically, the fingerprint image of the customer who receives the service and its characteristics are registered in advance in the database of the processing device connected to the network, and the fingerprint image detected at the time of renting or selling the article is registered in advance. Whether or not the fingerprint image matches is searched based on the characteristics of the fingerprint, and the customer is authenticated if it matches, thereby eliminating the need to use the card.

  However, when there are a large number of fingerprint images registered in the database in advance in fingerprint authentication, 1: N verification is performed, and it takes a long time for authentication. In particular, in order to ensure high collation accuracy from the viewpoint of ensuring security, it is necessary to extract and collate more features of a fingerprint image of a predetermined size by finer image processing, which further increases the collation time. . Furthermore, the authentication time becomes longer as the number of users increases internationally.

  As a means for shortening the collation time for person collation, the ID assigned to each operator for the copying machine is stored in the storage means in association with the fingerprint image, and when the operator uses the copying machine, the fingerprint A technique is disclosed in which an ID is input together with an input, fingerprint image data corresponding to the ID is searched and acquired, and whether or not they match by 1: 1 verification is disclosed (for example, a background art column in Patent Document 2). ).

  However, in 1: 1 verification using the ID assigned to the service user from the service provider as a key, the service user needs to remember the ID or always carry a note of the ID, etc. This will increase the burden. For example, ID numbers of credit cards issued by many credit companies are accounted for, for example, around 16 digits of the card member number in consideration of the increase in the number of members. This ID number of around 16 digits is directly registered in the database. It is difficult to memorize the ID, and the ID number is entered while looking at the memo, and it takes time before the authentication is executed, and the possibility of erroneous input is increased. It will be lacking. In particular, it is difficult for elderly people who expect cardless benefits.

A first data group for storing fingerprint images of a small number of users who often use the copying machine when storing the fingerprint image in a database as a fingerprint collation means of the copying machine which reduces the ID input at the time of authentication with the above problem as much as possible And a second image data group that stores fingerprint images of a large number of other users. When collating fingerprint images, the first data group that is likely to match first is 1: A technique is disclosed in which N collation is performed, if the ID is not matched, the user is requested to input an ID, and 1: 1 collation with an image in the second data group corresponding to the ID is performed (for example, a patent) Reference 2).
Japanese Patent Laid-Open No. 2004-157821 JP 2006-202207 A (paragraphs [0004]-[0006], [0056])

  However, when an unspecified number of users use a means for performing a 1: N collation of fingerprint images first, and a 1: 1 collation if they do not match, the first and second based on the usage frequency are used. Is difficult, and the number of images in the second data group is also unspecified, so a large number of ID digits are required. As a result, the above-described 1: 1 collation using ID is performed. The problem still cannot be solved.

  The present invention was made to solve the above-mentioned problems, and in the authentication using biometric information, it is used while ensuring the accuracy of matching and shortening the authentication time in a trade-off relationship. It is an object of the present invention to provide a biometric authentication processing device, a biometric authentication method, a program for causing the device to execute the method, and a recording medium on which the program is recorded.

In order to achieve the above object, the present invention has the following configuration.
A first gist of the present invention is that a biometric image of a predetermined part of a registrant is used as a registration template, a registration template storage unit that stores registration templates for a plurality of registrants, and the plurality of registration templates. A registration search key storage unit for storing a plurality of registration search keys; and a search processing unit for detecting a registration search key corresponding to the input authentication search key from the plurality of registration search keys; The search processing unit detects, for the authentication search key, a first registration search key and a second registration search key other than the first registration search key. This is a biometric authentication processing apparatus.

  The second gist of the present invention includes a verification processing unit that compares an authentication template, which is a biometric image of a predetermined part of the person to be authenticated, with the registration template in the registration template storage unit, and the verification processing unit includes: Whether or not the authentication template matches any of the first and second registration templates associated with the first and second registration search keys detected by the search processing unit. It exists in the processing apparatus for biometric authentication of the summary 1 characterized by determining.

  According to a third aspect of the present invention, there is provided the biometric authentication according to the first or second aspect, comprising an input unit for inputting the authentication search key and an image reading unit for acquiring the biometric image. In the processing unit.

  A fourth gist of the present invention resides in the biometric authentication processing apparatus according to any one of gist 1 to 3, wherein the authentication search key is a telephone number of a person to be authenticated.

  According to a fifth aspect of the present invention, a biometric image of a predetermined part of a registrant is used as a registration template, a registration template storage unit that stores registration templates for a plurality of registrants, and the plurality of registration templates. A registration search key storage unit for storing the registrant's phone number; and a first search phone number including an input authentication phone number among the plurality of phone numbers stored in the registration search key storage unit. And a search processing unit for detecting a telephone number.

  A sixth aspect of the present invention includes a verification processing unit that compares an authentication template that is a biometric image of a predetermined part of the person to be authenticated and the registration template in the template storage unit, and the verification processing unit includes the verification processing unit 6. The biometric authentication processing device according to claim 5, wherein it is determined whether or not the authentication template matches the first registration template associated with the first telephone number.

  The seventh gist of the present invention is the biometric authentication process according to gist 5 or 6, comprising an input unit for inputting the authentication telephone number and an image reading unit for acquiring the biometric image. In the device.

  The eighth gist of the present invention is an authentication template creation step for creating an authentication template from a biometric image of a predetermined part of the person to be authenticated, and an authentication search key acquisition step for acquiring the authentication search key for the person to be authenticated. A search step for detecting a registration search key including the authentication search key from among a plurality of registration search keys; and the authentication template is associated with the registration search key detected in the search step A matching step for determining whether or not the registered template matches the registered template, wherein the search step detects a plurality of registration search keys, and in the matching step, the authentication template includes the authentication template It is determined whether or not it matches any one of a plurality of registration templates associated with the plurality of registration search keys detected in the search step. In biometric authentication method characterized by.

  According to a ninth aspect of the present invention, in the biometric authentication method according to the eighth aspect, the authentication search key is a telephone number of the person to be authenticated.

  According to a tenth aspect of the present invention, there is provided an authentication template creation step for creating an authentication template from a biometric image of a predetermined part of the person to be authenticated, and an authentication search key acquisition step for obtaining the authentication search key for the person to be authenticated. A search step for detecting a registration search key including the authentication search key from among a plurality of registration search keys; and the authentication template is associated with the registration search key detected in the search step A verification step for determining whether or not the registered template matches the registration template, wherein the authentication search key is a telephone number of the person to be authenticated.

  An eleventh aspect of the present invention is a biometric authentication method including a registration processing step and an authentication processing step, wherein the registration processing step creates a registration template from a biometric image of a predetermined part of a registrant. A registration search key acquisition step for acquiring a registration search key for the registrant; and a registration data storage step for storing the registration template and the registration search key in a recording unit in association with each other. The authentication processing step includes an authentication template creation step for creating an authentication template from a biometric image of a predetermined part of the person to be authenticated, an authentication search key acquisition step for acquiring an authentication search key for the person to be authenticated, A search step of detecting a registration search key including the authentication search key from the registration search key; and the authentication A matching step for determining whether or not the template matches the registration template associated with the registration search key detected in the search step, wherein the search step includes a plurality of registration searches. A biometric key is detected, and the collating step determines whether the authentication template matches any of a plurality of registration templates associated with the plurality of registration search keys. It is in the authentication method.

  In a twelfth aspect of the present invention, the registration search key is a telephone number of the registrant, and the authentication search key is a telephone number of the person to be authenticated. The biometric authentication method.

  A thirteenth aspect of the present invention is a biometric authentication method including a registration processing step and an authentication processing step, wherein the registration processing step creates a registration template from a biometric image of a predetermined part of a registrant. A creation step, a registration phone number acquisition step for acquiring the registration phone number of the registrant, and a registration data storage step for storing the registration template and the registration phone number in a recording unit in association with each other. The authentication processing step includes: an authentication template creating step for creating an authentication template from a biometric image of a predetermined part of the person to be authenticated; an authentication telephone number obtaining step for obtaining the authentication telephone number of the person to be authenticated; A search step of detecting a registration telephone number including the authentication telephone number from the registration telephone numbers; and the authentication Template, in the biometric authentication method and having a collating step of determining whether matches the registered template associated with said detected telephone number for registration in the search step.

  A fourteenth aspect of the present invention resides in a program for causing an apparatus to execute the biometric authentication method according to any one of the eighth to thirteenth aspects.

  A fifteenth aspect of the present invention resides in a recording medium on which the program according to the fourteenth aspect is recorded.

  According to the first to fourth aspects of the present invention, the first and second registration search keys are narrowed down by the authentication search key from among the plurality of registration search keys. The search can be narrowed down to the first and second registration templates corresponding to the first and second registration search keys. Therefore, even if the number of registration templates stored in the registration template storage unit is large, all the registration templates can be obtained by performing authentication using the narrowed first and second registration templates. Compared to the case where authentication is performed using a template, the authentication time can be significantly reduced.

  Further, according to the configuration of the first aspect, the first and second registration templates that perform processing up to the narrowing down of the first and second registration templates corresponding to the authentication search key in the biometric authentication processing apparatus are performed. The template and the authentication template can be collated with another device. According to such a configuration, even when there are many authentication processes per unit time, since the collation process with a large processing load can be performed by another apparatus, the processing burden at the time of authentication of the biometric authentication processing apparatus can be reduced, The overflow of the biometric authentication processing apparatus can be avoided.

  In particular, for example, non-face-to-face authentication processing via the Internet can be used borderless in terms of location and time, so the number of users to be authenticated per unit time may increase extremely. Can handle many authentication processing needs.

  In the case of the second gist, since the verification result can be provided to the authentication device used by the person to be authenticated for authentication, the authentication device can be made compact. In other words, a compact device can be used as the authentication terminal device. For example, authentication processing can be performed even with a compact portable device such as a mobile terminal or a mobile phone. For example, non-face-to-face authentication via the Internet can be realized with a simple device.

  In the case of the third aspect, it is not necessary to transfer the first and second registration templates, and the authentication time can be shortened.

  According to the fourth aspect of the present invention, since the telephone number is a relatively long number, it is memorized without taking a memo, and since there are few cases of overlapping, the search key for registration is effectively narrowed down. In other words, registration templates can be narrowed down and the authentication time can be shortened by a simple method.

  According to the fifth and sixth aspects of the present invention, the search processing unit detects the first telephone number including the authentication telephone number, so that the registration template used for authentication is based on the first telephone number. It can be detected. Therefore, even when the number of registration templates stored in the registration template storage unit is large, in order to narrow down the registration templates used for authentication, authentication is performed using all the registration templates. Compared to this, the authentication time can be significantly shortened.

  Although the phone number is a relatively long number, it is memorized without taking notes, and since there are few cases of duplication, it is possible to effectively narrow down the search key for registration, that is, narrow down the template for registration, The authentication time can be shortened by a simple method.

  Furthermore, according to the fifth aspect of the present invention, the biometric authentication processing apparatus narrows down the registration templates used for authentication, and the other apparatus performs collation processing between the registration template and the authentication template, which has a large processing burden. Can be configured to do. According to such a configuration, even when there are many authentication processes per unit time, since the collation process with a large processing load can be performed by another apparatus, the processing burden at the time of authentication of the biometric authentication processing apparatus can be reduced, The overflow of the biometric authentication processing apparatus can be avoided.

  In particular, because authentication processing using online processing terminals can be used borderless in terms of location and time, the number of authenticated users per unit time may increase significantly, and in such cases there will be no overflow. It can respond to many authentication processing needs.

  Further, according to the sixth aspect, since the verification result can be provided to the authentication device used by the person to be authenticated for authentication, the authentication device can be made compact. In other words, a compact device can be used as the authentication terminal device. For example, authentication processing can be performed even with a compact portable device such as a mobile terminal or a mobile phone. For example, non-face-to-face authentication via the Internet can be realized with a simple device.

  In the case of the seventh aspect, it is not necessary to transfer the first and second registration templates, and the authentication time can be shortened.

  According to the eighth and eleventh aspects of the present invention, the registration templates used in the collation step can be narrowed down by narrowing down a plurality of registration search keys with the search key for authentication in the search step. Therefore, even when the number of registration templates is large, it is only necessary to collate with the narrowed-down registration templates at the time of authentication, which is much higher than when authentication is performed using all the registration templates. The authentication time can be shortened.

  According to the ninth, tenth, twelfth and thirteenth aspects of the present invention, by using a telephone number as an authentication search key, authentication processing while looking at a memo is not required, and there are few cases of duplication. The search key for registration can be narrowed down effectively, that is, the template for registration can be narrowed down, and the authentication time can be shortened by a simple method.

  According to the fourteenth and fifteenth aspects of the present invention, execution on various devices can be easily performed using such a program and recording medium.

[First Embodiment]
Hereinafter, a first embodiment of an authentication system A using biometric information according to the present invention will be described with reference to FIGS.

  FIG. 1 is a schematic configuration diagram of an authentication processing system A that uses an authentication terminal device 3a using biometric information according to the present embodiment.

  The authentication processing system A includes various processing terminals 2a to 2f having an authentication terminal device 3a, a price replacement company 5A and an authentication server 5B having a data recording processing device 5, a financial institution 7 having an authentication terminal device 3a, an online The store 9 </ b> A and the public organization homepage 9 </ b> B are connected to the communication network 1 and configured to be able to transmit / receive data to / from each other via the communication network 1.

(Data communication network 1)
The data communication network 1 is only required to be able to perform data communication with the price changing company 5, the financial institution 7, the online store 9B, and the public organization homepage 9B, and a public line network using wired and / or wireless communication can be used. For example, the Internet, wireless communication, or a combination thereof can be used.

(Online commercial store 9A)
The online commercial store 9A is a store that conducts commercial transactions online, and does not limit the products and services provided regardless of the type of business. For example, the products and services to be provided include tangible objects and intangible objects such as data (moving image data such as television and movies, still image data such as photographs, program data, etc.), etc., and can be subject to commercial transactions. I just need it.

(Public organization homepage 9B)
The public organization homepage 9B is a homepage that provides services such as search, browsing, and provision of personal data, public data, authentication documents (passport, resident card, etc.), regardless of whether they are paid or free.

(Processing terminals 3a-3f)
The various terminals having the authentication terminal device 3a are terminals that require authentication for providing a user's service regardless of a paid or free service. In the present embodiment, as an example, various terminals 2a to 2f that perform online processing, face-to-face payment processing, prepaid payment processing, point processing, personal identification processing, and account use processing of a financial institution will be described below.

(Online processing terminal 2a)
The online processing terminal 2a is used for online payment processing for payment of goods for online merchandise store 9A or public organization homepage 9B via the communication network 1, payment for services, point processing for online approval processing, A terminal that performs information processing or the like (hereinafter referred to as “online processing”) on the homepage 9B, performs biometric authentication before executing online processing, and determines acceptance / denial of execution of online processing.

  Online payment processing includes credit payment processing, immediate payment processing, prepaid payment processing, and the like.

  In the credit settlement processing, for example, an online commercial store 9A (commercial service) is obtained by subtracting a service charge determined by a contract between the commercial owner of the online commercial store 9A and the price change company 5A from the user price from the price change company 5A (commercial). The payment is made in advance, and after the postponement period, the user price is withdrawn from the user account of the financial institution 7 and transferred to the price transfer company 5A.

  In the immediate settlement process, for example, the advance price obtained by subtracting the user price or the service charge from the user price is withdrawn from the user account of the financial institution 7 and transferred to the online commercial store 9A (commercial owner).

  The prepaid payment process is a payment process for a usage fee when paying a price corresponding to the amount in advance and receiving online merchandise and services within the amount.

  Online point processing is processing that accompanies online processing results (including paid and free), and includes, for example, point addition processing corresponding to the purchase price of goods in the online payment and benefits (discounts) corresponding to the cumulative number of points Point subtraction processing (hereinafter referred to as “point processing”) associated with the provision processing to the user.

  Information processing on the public organization homepage 9B includes retrieval and disclosure processing of personal information and public information, and processing for issuing authentication documents (passport, resident card, etc.). Public organizations include, but are not limited to, for example, the country, local governments, schools, hospitals, police, notary offices, NGOs, and the like.

  The online processing terminal 2a may be any device capable of purchasing a product at an online commercial store 9 or the like via the communication network 1 and searching for information on a public organization homepage 9B, a disclosure process, and the like. (Including terminals) (FIGS. 2, 4, and 5), mobile phones (FIG. 19), TVs (FIG. 20), etc. Any terminal device that can be used for a period of time may be used. In the present embodiment, the online payment may be referred to as non-face-to-face payment.

  The online payment process and the online point process can be processed in combination. In this case, either a common data recording processing apparatus 5 or a separate data recording processing apparatus 5 may be used.

(Settlement processing terminal 2b)
The settlement processing terminal 2b is a credit settlement process or a financial institution 7 that defers settlement of payment for purchase of goods at the commercial facility 3A, facility usage charges, etc. (payment between the service provider and the service user: face-to-face settlement). The terminal device enables immediate payment processing from the account of the user, performs the biometric authentication before executing the payment processing, and determines acceptance / denial of execution of the payment processing. In the present embodiment, the case where the service provider side (person, device) and the service user make a face-to-face payment may be referred to as face-to-face payment.

  In the credit settlement process, for example, the advance fee obtained by subtracting the service fee determined by the contract between the commercial facility 3A and the price change company 5A from the user price is repaid from the price change company 9 to the commercial facility 3A and postponed. After the period, the user price is withdrawn from the user account of the financial institution 7 and transferred to the price replacement company 5A. In the immediate settlement process, for example, the advance price obtained by subtracting the user price or service charge from the user price is withdrawn from the user account of the financial institution 7 and transferred to the commercial facility 3A.

(Prepaid payment processing terminal 2c)
The prepaid payment processing terminal 2c is a terminal device that pays a value corresponding to the amount in advance and performs payment for the purchase of the product, the device, and the usage fee of the facility within the amount, for example, the payment for the purchase of the product, telephone, traffic Prior to the settlement of use of an organization (railway, bus, aircraft, etc.), facility, game machine (pachinko, slot machine, game machine, amusement park game machine, etc.), the biometric authentication is performed and the prepaid settlement process is executed. To accept / deny.

  The prepaid processing terminal 2c is preferably placed at a service providing place. For example, in a store fee payment place, in a telephone (fixed phone or mobile phone), or in a usage fee payment device such as a transportation facility or game machine Or provided side by side.

(Point processing terminal 2d)
The point processing terminal 2d indicates the various payments (online payments, face-to-face payments, point payments, etc.), the purchase of goods in cash at various commercial facilities, and the facility usage results (including paid and free) in points. Terminal device used for addition processing, point subtraction processing (hereinafter referred to as “point processing”) associated with privilege provision processing to users of benefits (discounts, prize exchanges, preferential sales of tickets, etc.) equivalent to the accumulated number of points For example, before or after settlement, the biometric authentication is performed, and acceptance / denial of execution of the point service process is determined.

(Personal identification processing terminal 2e)
The personal identification processing terminal 2e is a terminal device for identifying an individual provided in a public facility such as a hospital, a government office, an airport (customs), a police station, or a commercial facility. Before the document provision process at the government office, the immigration process at the airport, the facility use process, and the article rental process (hereinafter referred to as “service provision process”), the biometric authentication is performed and the service provision process is executed. To accept / reject

(Financial institution account usage processing terminal 2f)
The financial institution account use processing terminal 2f is a terminal device used to use an account of a financial institution 7 such as a bank or a post office, and performs the biometric authentication before executing the account use processing such as deposit and withdrawal. Then, accept / deny execution of the account use process is determined. The financial institution account use processing terminal 2f may be provided in the financial institution 7 or alone.

  The processing in the processing terminals 2b to 2f can be processed in combination. In this case, either a common data recording processing device 5 or a separate data recording processing device 5 may be used. For example, the payment processing terminal 2b and the prepaid processing terminal 2c can perform point processing on the payment price. With such a configuration, after the biometric authentication is accepted, various settlement processes and point processes can be executed in parallel.

(Authentication terminal device 3a)
Hereinafter, the online processing terminal 2a will be described as an example of the authentication terminal device 3a. FIG. 2 shows a schematic external view of a personal computer as the online processing terminal 2a, and FIG. 3 shows a schematic block diagram of the authentication terminal device 3a of the online processing terminal 2a.

  As shown in FIG. 3, the authentication terminal device 3a includes a control unit 11, a ROM 13, a RAM 15, a display unit 17, an input unit 19, a recording unit 21, a biological information acquisition unit 23, an image processing unit 25, a main function processing unit 31, and a communication. It has a processing unit 33 and a collation processing unit 47.

  The control unit 11 electrically controls each of the units in the authentication terminal device 3a. The ROM 13 records a program used when registering and collating biometric information. The RAM 15 reads and stores a corresponding program in the ROM 9 when the biometric information is registered and collated, and functions as a work area of the control unit 11. The recording and execution of the program are not limited to the ROM 13 and the RAM 15, and a hard disk or the like may be used.

  The display unit 17 (FIGS. 2 and 3) is a display unit for information required by the registrant when registering or authenticating biometric information, and does not limit the display format or the like. A display unit is used. The screen displayed on the display unit 17 during registration and authentication will be described later.

  The input unit 19 (FIGS. 2 and 3) is an input unit used by a user for inputting information necessary for registration or authentication. For example, a keyboard K, a mouse M (FIG. 2), a touch panel input unit, or the like can be used.

  The biological information reading unit 21 (FIGS. 2 and 3) is a device that can read biological information as an image. As biological information that can be read as an image, for example, veins, fingerprints, palm shapes, faces, irises, and the like can be used. In this embodiment, the vein is used in consideration of high security and ease of use, but the present invention is not limited to this, and a combination of two or more pieces of biological information may be used.

  In this embodiment, a finger is used as a part to be read by the biological information reading unit 21 in consideration of readability. However, a back of the hand, a palm, or the like can be used, and the reading part is not limited.

  The biological information reading unit 21 includes a near infrared light source and an image sensor. Utilizing the property that reduced hemoglobin flowing through the vein absorbs light having a wavelength in the near-infrared light region (about 760 nm), the biological information reading unit 21 applies near-infrared light to the finger from the near-infrared light source, thereby increasing the amount of light. The absorbed vein part appears dark and the image is read by an image sensor and converted into an electrical signal. For example, a CCD (Charge Coupled Device) image sensor is used as the image sensor. The vein image reading method is not limited to the above configuration, and any method and means may be used as long as the vein pattern can be read. For example, the present invention is not limited to means using near-infrared light, and a method of reading reflected light of light irradiated on a reading site may be used. In addition, the biometric information reading unit 21 may have either a contact method in which a part to be read is brought into contact with the biometric information reading unit 21 or a non-contact type in which reading is performed without making contact with the biometric information reading unit 21. Note that the biological information reading unit 21 may execute a plurality of readings in order to accurately obtain the vein shape.

  The biometric information reading unit 21 illustrated in FIG. 2 is configured separately from the personal computer main body, but may be configured integrally with the personal computer main body as illustrated in FIG. Further, the biometric information reading unit 21 may be configured to be connected to a personal computer main body and incorporated in a device to be used. FIG. 5 shows a personal computer in which the biometric information reading unit 21 is incorporated in a mouse M. 4 and 5, the display unit 17 and the input unit 19 (keyboard K) are integrally configured in the main body. However, the configuration is not limited thereto, and the main unit, the display unit 17, and the input unit 19 are not limited thereto. In this case, the biological information reading unit 21 can be incorporated into the main body, the display unit 17, and / or the input unit.

  The biometric information reading unit 21 can be used for multi-purpose authentication. For example, it can be used for authentication (first use) for using a personal computer and authentication (second use) for settlement in online shopping.

  The information recording unit 23 is a memory used for storing personal information input from the input unit 19 or the like, a vein image read by the biological information reading unit 21, or the like.

  The image processing unit 25 extracts a vein shape and pattern (hereinafter referred to as “template”) from the image read by the biological information reading unit 21 by image processing. The template is not limited to the image obtained by performing image processing on the read image, but may be the read image itself.

  The communication processing unit 27 transmits / receives information to / from the data recording processing device 5, the financial institution 7, the online store 9, and the like via the communication network 1 at the time of registration and authentication of biometric information.

  The collation processing unit 29 performs collation by image processing on a pre-registered registration template and authentication template, and matches or complete matches of a predetermined region with a predetermined threshold or more, or matches with a feature part with a predetermined threshold or more. Based on an arbitrary collation judgment criterion such as complete matching, matching / mismatch judgment is performed.

  The main function processing unit 31 is a processing unit that executes online processing (payment processing, information search processing, information disclosure processing, etc.) on the condition that matching is performed in the matching processing unit 29, that is, authentication is accepted.

(Registration screen 33)
FIG. 6 shows an example of a registration screen 33 displayed on the display unit 17 when the user's vein data is registered. The registration screen 33 has a personal information input field 33A, a finger vein registration field 33B, and an instruction input key field 33C.

  The personal information input field 33A includes a name field 33a, an address field 33b, a telephone number field 33c, an account field 33d, and a personal identification number for inputting a registrant's name, address, telephone number, financial institution account, and personal identification number. It has a column 33e. The personal information input column 33A only needs to have at least the telephone number column 33c, and other configurations can be added, changed, and deleted as appropriate according to the usage pattern. For example, only the telephone number column 33c may be configured, or a member number (ID number), nationality, etc. may be input to the above configuration.

  The finger vein registration column 33B includes a registration finger designation column 33f for designating a finger to be registered, a scroll key 33f1, a finger registration key 33g for instructing reading start of finger veins, and finger registration / designation specified in the registration finger designation column 33f. It has a status key 33h for displaying an unregistered status.

  The registration finger designation field 33f is a field for designating a finger to be registered. One registration finger designation field 33f may be used, but in this embodiment, two finger veins are registered in order to avoid a problem that authentication is denied due to injury of the registration finger or the like. However, the number of registered fingers may be one or three or more. For the designation of a finger in the registered finger designation field 33f, a name that can be designated by the scroll key 33f1 is displayed, and a desired finger can be selected.

  The finger registration key 33g is a key for instructing the start of reading by the biological information reading unit 21 of the finger vein designated in the registration finger designation field 33f. By a click operation (input) on the finger registration key 33g, the guidance screen 33D of FIG.

  The guide screen 33D includes a guide unit 33n, an image display unit 33o, a reading count instruction unit 33p, and a cancel key 33q. The guide unit 33n is a column that shows how to put a finger on the biometric information reading unit 21 with a photograph or the like.

  The image display unit 33 o is a column for displaying the vein image read by the biometric information reading unit 21. The template generated by the image processing unit 25 may be displayed on the image display unit 33o.

  The read count instruction section 33p is a column indicating the read count. Although the registration finger may be read once, in the present embodiment, the registration finger is read a plurality of times, for example, three times in order to enable reliable generation of the registration template. When reading of the first registered finger is completed, the end of reading is notified by voice, the registration finger is once released from the biometric information reading unit 21, and the biometric information reading unit 21 is again exposed to the registration finger to perform reading twice. Further, the third reading is performed in the same manner. Each time a registered finger is read, the number of readings in the number-of-reading instruction section 33p is changed to indicate the current number of readings to the registrant.

  The cancel key 33q is a key for interrupting the reading process, and returns to the display of the registration screen 33 when the key is clicked.

  If the registered finger cannot be read by the biometric information reading unit 21 or if the registration finger vein registration template for the registered finger cannot be generated after reading the registered finger three times, an instruction to read it again is given. To do.

  When reading of the registration finger three times is completed and a registration template for the registration finger vein is generated, the guidance screen 33D of FIG. 7 disappears, the display returns to the display of FIG. 6, and the status key 33h is as shown in FIG. Changes from “unregistered” display to “registered display”.

  The instruction input key field 33C includes a new registration instruction field 33i, a registration deletion instruction field 33j, a final registration instruction field 33k, an authentication test field 33l, and a registration end field 33m.

  The new registration instruction column 33i is a column that waits for a new registrant to display the registration screen 33. That is, when the new registration instruction field 33i is clicked, each field of the personal information input field 33A becomes blank, and the display of all the status keys 33h in the finger vein registration field 33B becomes “unregistered”.

  The registration deletion instruction column 33j is a column for instructing deletion of registered data from the data recording processing device 5. For example, by inputting the name desired to be deleted in the name field 33a and clicking the registration / deletion instruction field 33j, the data recording processing device 5 shifts to the process of deleting the registration data of the person who wants to delete.

  The final registration instruction column 33k is a column for registering the data input in the personal information input column 33A and the generated registration finger vein registration template in the data recording processing device 5.

  The authentication test column 33l is a key for executing a test as to whether or not a registered finger can be actually authenticated using a registration template formed by clicking the finger registration key 33g. By clicking the authentication test column 33l, the authentication guidance screen shown in FIG. 9 is displayed, and the biometric information reading unit 21 reads the registration finger along the guidance screen to generate a test template. The test template is collated with a registration template by a collation processing unit 29 described later, and a collation result is displayed. FIG. 10 shows a collation result when the registration template and the test template are collated based on a predetermined rule described later.

  The registration end column 33m is a column for closing the registration screen 33. This key is finally clicked when registering a template.

  The registration screen 33, the guide screen 33D, the authentication test guide screen shown in FIG. 9, the display of the authentication result shown in FIG. 10, and the like are not limited to such a configuration, and can be added, changed, and deleted as appropriate.

(Example of registration phone number input)
FIGS. 11A to 11D show examples of inputting telephone numbers (registration telephone numbers) to be entered in the telephone number column 33c (FIG. 6). Registration phone numbers can include country code, area code, city code, and subscriber number, and any higher number (country code side is higher, subscriber number side is lower) Whether it is included in the number can be determined according to the expected number of registrants, authentication scale (system scale) convenience of registrants, and the like.

  If you increase the number of digits in the registration phone number, you can also use a large number of digits for the authentication phone number used for authentication. Accordingly, the number of biological images to be collated (number of registration templates) is narrowed down and reduced. Therefore, verification (authentication) time can be shortened.

  For example, if the user knows the country code or if the country code is automatically known from the personal information, the user can enter the country code or automatically assign the country code to the higher area code. By registering (FIG. 11A), biometric authentication can be performed efficiently even for a registrant or a database with a large international authentication scale. For example, authentication such as entry / exit permission and passage permission can be quickly performed without a passport.

  The phone number is usually required to specify the contact information. For example, the area code is the area code to the subscriber number or the city area code to the subscriber number, and can be appropriately determined according to the authentication scale. In consideration of shortening the verification (authentication) time, it is desirable to use the area code to the subscriber number as the registration telephone number (FIGS. 11B and 11C).

  In addition, since the registration phone number is used as a search key, if there is no need to specify the contact information, it is not necessary to add the area code or city code, and the phone number is registered only with the subscriber number. (Fig. 11 (d)). For example, by registering only a range that is remembered by a user such as an elderly person, for example, a local station number to a subscriber number or a subscriber number, the convenience of an elderly person or the like can be enhanced.

(Authentication screen 35)
FIG. 8 shows an example of an authentication screen 35 displayed on the input unit 17 when the person to be authenticated is desired to perform vein authentication. The authentication screen 35 has a telephone number input field 35a, an enter key 35b, and a cancel key 35c.

  The telephone number input field 35a is a field for inputting the telephone number (authentication telephone number) of the person to be authenticated. An example of telephone number input will be described later.

  The enter key 35b is a key for instructing the end of the input to the telephone number input field 35a, and the vein reading guide screen 35B of FIG. 13 is displayed by the input of the enter key 35b.

  The guidance screen 35B shows how to put a finger on the biological information reading unit 21 with a photograph or the like. Then, when the person to be authenticated holds his / her finger over the biometric information reading unit 21, reading of a vein, generation of an authentication template, and execution of authentication processing are started. If the result of the authentication process is “accept”, the online process can be followed, and if the result is an authentication result, a “no” display (not shown) and a display screen indicating a finger reading instruction again can be displayed.

  The cancel key 35c is a key for correcting and deleting the telephone number input in the telephone number input field 35a. The authentication screens 35 and 35B are not limited to the above configuration, and can be changed as appropriate.

(Example of authentication phone number input)
FIG. 14 shows an input example of the authentication telephone number in the telephone number input field 35a of FIG. Hereinafter, an example of inputting the authentication telephone number when “01234456789” shown in FIG. 11B is input as the registration telephone number will be described.

  As an authentication telephone number input method, a complete match (FIG. 14A) in which the registered phone number is input in all digits or a partial match input method in which only some digits are input can be used (FIG. 14B). To (f)).

  In the partial match input (for example, “2345678”), when only a number constituting a part of the registered telephone number is input (“2345678”, FIG. 14B), the authentication telephone number is included in the registered telephone number. In the case of a telephone number that constitutes a part of the telephone number, for example, the relative position in the registered telephone number of the authentication telephone number may be indicated by an unspecified mark “*”.

  In the case of using the unspecified mark “*”, for example, only a predetermined digit on the lower side of the registered telephone number is input to match the back (for example, “* 6789”: FIG. 14D), and the upper side of the registered telephone number. Forward matching (for example, “012345678 *”: FIG. 14 (e)), middle matching for inputting only predetermined digits in the middle of the registration phone number (for example, “* 2345678 *”: FIG. 14 (c) )) Input method. According to the configuration using the unspecified mark “*”, the relative position information in the registration phone number of the authentication phone number is added to the search information by the unspecified mark “*”. Compared to the case where “*” is not used, it is possible to narrow down the registered telephone numbers to be detected.

  In the input method of the backward match, the forward match, and the intermediate match, the relative position information in the registration phone number of the authentication phone number is indicated using the unspecified mark “*”. For example, the input in FIG. 14B may be “** 2345678 *” (FIG. 14F). With this configuration, it is possible to further narrow down registration telephone numbers.

  An existing keyboard key, such as a “#” key, may be substituted for the decision key 35 b of the authentication screen 35.

(Data recording processor 5)
The data recording processing device 5 (5a, 5b: FIG. 1) includes a registration template read at the time of registration of a biometric authentication image in the authentication terminal device 3a of each processing terminal 2a to 2f, and registration data input on the registration screen 33. Etc. (personal information (including registration phone number), prepaid amount, number of points, etc.) are stored and managed in association.

  The data recording processing device 5 is a dedicated device that manages the data of the authentication terminal devices 3a of the plurality of processing terminals 2a to 2f in a centralized manner and the authentication device 3a of each processing terminal 2a to 2f. The apparatus 5b can be configured. FIG. 1 shows a case where the shared device 5a is provided in the price replacement company 9, and the dedicated device 5b is provided in the authentication server 5B dedicated to each processing terminal.

  In the case of using the shared device 5a, the user can request a plurality of types of authentication processing at the plurality of processing terminals 2a to 2f by a single biometric information registration process, so that the cardless authentication that is convenient for the user is possible. You can build a system. In particular, as shown in FIG. 1, when the price change company 9 centrally manages the shared device 5a, the user can perform online authentication service, face-to-face payment service, prepaid with many authentication opportunities through one-time biometric authentication registration processing. It is possible to receive a payment service efficiently and is highly convenient for the user.

  When receiving a service requiring a plurality of biometric authentications, for example, when receiving an online payment service and a point service thereof, if the data recording processing device 5 registered for each service is different, one time is required. In this authentication, authentication processing is performed with the separate data recording processing devices 5.

  FIG. 15 shows a block diagram of the data recording processing device 5. The data recording processing device 5 includes a control unit 37, a ROM 39, a RAM 41, a database 43, a search processing unit 45, and a communication processing unit 49.

  The control unit 37 electrically and organically controls the respective units in the data recording processing device 5. The ROM 39 stores a program used for biometric information registration processing and collation processing. The RAM 41 reads out and stores a corresponding program in the ROM 39 when the biometric information registration process and collation process are executed, and functions as a work area of the control unit 37. The recording and execution of the program are not limited to the ROM 39 and RAM 41, and a hard disk or the like may be used.

  As shown in FIG. 16, the database 43 includes a search key storage unit 43a, a template storage unit 43b, and a personal information storage unit 43c.

  The search key storage unit 43a stores the registration telephone number input in the telephone number field 33c of the personal information input field 33A (FIG. 6).

  The template storage unit 43b stores the shape and pattern of the vein (registration template) read by the biometric information reading unit 21 and image-processed by the image processing unit 25 (FIG. 3) when input to the registration screen 33. .

  The personal information storage unit 43c stores personal information other than the telephone number in the information input in the personal information input field 33A (FIG. 6), a prepaid amount, the number of points, and the like.

  In the database 43, those of the same registrant are stored in association among the search key storage unit 43a, the template storage unit 43b, and the personal information storage unit 43c. The database 43 may not be divided into the search key storage unit 43a, the template storage unit 43b, and the personal information storage unit 43c.

  The search processing unit 45 (FIG. 15) stores a registration phone number that completely matches the authentication phone number and / or a registration phone number that includes the authentication phone number as a search key when biometric information is authenticated. It is a processing unit that detects one or more (one or more) from the unit 45a.

  The communication processing unit 49 is connected to the authentication communication network 1 and transmits / receives data to / from the authentication terminal device 3a, the financial institution 7, the online store 9 and the like at the time of biometric authentication registration and authentication.

(Registration procedure processing)
Next, the procedure for registering authentication biometric information will be described with reference to the flowchart of FIG. For convenience of explanation, a case where the online processing terminal 2a is used will be described as an example.

  First, when a user desires a registration procedure, registration is performed by operating the input unit 19 (FIGS. 2 and 3) by the registrant himself or a service provider of each terminal (hereinafter abbreviated as “registrant etc.”). The program is read from the ROM 13 to the RAM 15 and executed by the control unit 11, and the registration screen 33 (FIG. 6) is displayed on the display unit 17 (step S1). Alternatively, the registration program may be executed in advance, and the registration screen 33 may be displayed on the display unit 17 without operating the input unit 19 to enter a personal information including a telephone number and wait for reading veins.

  The registrant or the like inputs the personal information input field 33A including the registrant's telephone number (registration telephone number) as a search key (step S2), and the registrant designates the designation specified in the registration designation field 33f. Is read over the living body information reading unit 21 (step S3). Note that the order of steps S2 and S3 may be reversed.

  In the execution of vein reading in step S3, the biological information reading unit 21 (FIGS. 2 and 3) applies near-infrared light to the finger to supplement the vein image, and the image processing unit 25 (FIG. 3) performs image processing. To create a registration template.

  When the input of the personal information input field 33A including the telephone number (FIG. 6) and the vein reading are completed, the registration operation information and the registration information are registered by clicking on the final registration instruction field 33k (FIG. 6) of the registrant. The control information, personal information, and registration template are transmitted to the data recording processing device 5 (FIGS. 1 and 15) via the communication processing unit 27 (FIG. 3) and the communication network 1 (step S4).

  In the data recording processing device 5 (FIG. 15), the received registration telephone number is stored in the search key storage section 43a of the database 43, the registration template is stored in the template storage section 43b, and personal information other than the telephone number is stored in the personal information storage section. 43c is stored in association with each other (step S5).

  When the registration of the registration telephone number, registration template, and personal information in the database 43 is completed, the data recording processing device 5 returns a registration completion notification to the online processing terminal 2a (FIG. 1) that has transmitted the registration processing instruction. (Step S6).

  The online processing terminal 2a that has received the registration completion notification from the data recording processing device 5 displays registration completion (not shown) on the display unit 17 (FIGS. 2 and 3) (step S7), and ends the registration process. If an error occurs in any of the registration processes, the display unit 17 can be notified of this and the error overcoming method can be displayed on the display unit 17.

(Certification procedure processing)
Next, the authentication procedure process will be described with reference to the flowchart of FIG. For convenience of explanation, a case where the online processing terminal 2a is used will be described as an example.

  First, when a person to be authenticated (user) desires an authentication procedure, the person to be authenticated or a service provider of each terminal (hereinafter referred to as “authenticated person”) inputs the input unit 19 (FIGS. 2 and 3). The controller 11 reads out and executes the authentication program from the ROM 13 to the RAM 15 and displays the authentication screen 35 (FIG. 12) on the display unit 17 (FIGS. 2 and 3) (step S10). The authentication screen 35 may be displayed on the display unit 17 without any operation of the input unit 19.

  Next, when a telephone number is input by the person to be authenticated in the telephone number input field 35a of the authentication screen 35 and the input of the authentication telephone number is determined by the determination key 35b (step S11), the vein reading of FIG. The guide screen 35B is displayed.

  The vein of the part is read by holding the registration finger designated by the person to be authenticated in the registration finger designation field 33f over the biometric information reading unit 21 (FIGS. 2 and 3) (step S12). Note that the order of steps S11 and S12 may be reversed.

  The reading of the finger vein designated in the registered finger designation field 33f (FIG. 6) is performed by the biometric information reading unit 21 (FIGS. 2 and 3) irradiating the finger with near-infrared light and acquiring a vein image of the part, The image processing unit 25 performs image processing on the authentication template to generate an authentication template. Completion of the extraction of the authentication template may be notified to the user by voice, display, or the like. Note that a plurality of readings may be executed when creating the authentication template.

  When the determination key 35b is clicked after the authentication telephone number is input to the telephone number input field 35a (FIG. 12), the input authentication telephone number is sent together with the control information of the authentication process to the communication processing unit 27 ( 3) and the data recording processing device 5 (FIGS. 1 and 10) via the communication network 1 (step S13).

  The transmission of the authentication telephone number to the data recording processing device 5 (step S13) may be performed after the input of the authentication telephone number (step S11). That is, when the authentication telephone number is input (step S11) before the vein reading execution (step S12), the authentication telephone number is transmitted to the data recording processing device 5 by the vein reading execution (step S12). It may be performed before S12), in parallel with step S12, or at any opportunity after the end of step S12. When the authentication telephone number is input (step S11) after the vein reading execution (step S12), the authentication telephone number is transmitted to the data recording processing device 5 (step S13). After execution (step S12) and input of an authentication telephone number (step S11).

  The data recording processing device 5 stores the received authentication telephone number in the search processing unit 45 (FIG. 15).

  The search processing unit 45 detects from the search key storage unit 43a one or more (one or more) registration phone numbers that exactly match the received authentication phone number or includes the authentication phone number in one copy (step S40). S14) All the registration templates (detection registration templates) associated with the detected one or more (one or more) registration phone numbers are detected from the template storage unit 43b (step S15).

  Next, the data recording processing device 5 controls the one or more (one or more) registration templates (hereinafter referred to as “detection registration template”) detected based on the received control information of the authentication process. It transmits to the online processing terminal 2a (FIG. 3) which transmitted information (step S16). The detection registration template transmitted to the online processing terminal 2a may or may not be attached with corresponding personal information depending on the processing purpose. When the personal information is not transmitted together with the template, the personal information of the collated template can be transmitted to the online processing terminal 2a as necessary.

  The detection registration template received by the online processing terminal 2a is transmitted to the matching processing unit 29 (FIG. 3). The collation processing unit 29 collates the received detection registration template and the authentication template by image processing, and performs a predetermined collation judgment criterion (a predetermined area equal to or greater than a predetermined threshold or a predetermined area complete match, or a feature) Matching / non-matching judgment is performed based on the matching of the part exceeding a predetermined threshold or complete matching (step S17: FIG. 13). If the collation results match, authentication is accepted, and if the collation results do not match, authentication is denied.

  The online processing terminal 2a shifts to execution of a decision process, an information search process, an information disclosure process and the like of the main function processing unit 31 (FIG. 3) on the condition that the authentication is accepted (step S18: FIG. 13). For example, based on purchase information at the online store 9 (FIG. 1), personal information stored in the personal information storage unit 43c (FIG. 11), etc., the process proceeds to execution of online payment processing. If the authentication is negative, execution of online processing (decision processing, information search processing, information disclosure processing, etc.) may be rejected, and re-authentication execution, re-registration processing, etc. may be guided.

  When receiving the other biometric authentication service attached to the amount of the online payment processing, for example, the point processing service, when using the data recording processing device 5a common to the online payment processing, the point is not re-authenticated. Proceed to processing. On the other hand, when receiving another biometric authentication service attached to the amount of the online payment processing, for example, the point processing service, when using the data recording processing device 5b separate from the online payment processing, the person already authenticated Since the telephone number and the authentication template are acquired (steps S11 and S12), steps S13 to S17 are executed with the data recording processing device 5b, and point processing is executed.

  In the above description, a personal computer (including a portable terminal, FIGS. 2, 4, and 5) has been described as the online processing terminal 2a. However, the present invention is not limited to this, and purchase of goods at the online commercial store 9 via the communication network 1 is possible. In addition, any processing device that can receive the provision of services on the public organization homepage 9B may be used. FIG. 15 shows a television remote controller R in which a biological information reading unit 21 is incorporated.

  The display part 17 and the input part 19 can use the thing of a various form according to the usage form of each processing terminal 2a-2f. For example, in the above description, the case where the display unit 17 and the input unit 19 are used in common during registration and authentication has been described. However, the display unit 17 and the input unit 19 used during registration and authentication may be configured separately. .

  An existing device may be used for the display unit 17 and the input unit 19. For example, a number key and / or a display screen used in a ticket issuing machine or a telephone can be shared as the display unit 17 and the input unit 19. Further, as the display unit 17 and the input unit 19, a dedicated device including the display unit 17, the input unit 19, and / or the biological information reading unit 21 as shown in FIG. 21 can be used.

(effect)
With the configuration described above, the person to be authenticated inputs a telephone number at the time of authentication at each of the processing terminals 2a to 2f, and holds a predetermined part over the biological information reading unit 21 so that the biological information reading unit 21 reads the biological information. Authentication can be obtained only with this, and cardless authentication can be realized.

  A registration template to be verified with the authentication template is selected from a plurality of registration templates (M) stored in the data recording processing device 5 using the authentication telephone number of the person to be authenticated as a search key. In order to narrow down to the above (one or more) detection registration templates (N, N <M, N is an integer of 1 or more), all the registration templates (M) recorded in the data recording processing device 5 are authenticated. The authentication time can be significantly shortened compared with the case of collating with a template for use.

  In particular, phone numbers are memorized without taking notes, although they are relatively long numbers, and there are few people with duplicate phone numbers (excluding country codes) with the same family or foreigners. This is a valid number as a search key. Therefore, even when registration plates for an unspecified number of users on a global scale are registered in the data recording processing device 5, it is possible to sufficiently narrow down registration templates to be collated at the time of authentication by using a telephone number as a search key. Therefore, quick verification and authentication processing can be realized with a simple device. The telephone number is a multi-digit number that can be easily used by elderly people, and is a convenient number as a search key.

  In addition, the authentication phone number input at the time of authentication is not for accepting only the phone number for registration completely for the purpose of search use. For example, even if the area number is unknown, it is possible to perform authentication even when the area number is unknown, thereby reducing the burden on the user at the time of input.

  In addition, by automatically assigning the country code to the top of the phone number at the time of registration and storing the registration phone number in the template storage unit 43b, authentication at the airport can also be searched including the country code. Thus, even if the number of registered users is large, authentication can be executed in a short time.

  In addition, a plurality of authentication terminal devices 3a of the plurality of processing terminals 2a to 2f perform authentication processing by using a single common data recording processing device 5 (shared device 5a) that is centrally managed. Since a plurality of types of authentication processes can be received by the plurality of processing terminals 2a to 2f by one registration process, a cardless authentication system that is highly convenient for the user can be constructed. In particular, when using the shared device 5a that is centrally managed by the price reimbursement company 5A, the user can efficiently receive face-to-face and non-face-to-face payment services, prepaid payment services, etc. with many authentication opportunities by one registration process. It is possible to construct a cardless authentication system that is convenient for the user.

  Further, even when the number of registration templates registered in the data recording processing device 5 (FIG. 1) is large, collation processing between a detection registration template and an authentication template with a large processing load is performed on each processing terminal 2a to 2f side. By doing this, it is possible to avoid the concentration of the verification processing burden on the data recording processing device 5, and even if the number of authentications per unit time increases, the system down due to the overflow of authentication processing can be avoided, and the reliability is high. A cardless authentication system can be provided.

  In particular, since the online processing device 2a can be used borderless with respect to location and time, the number of authenticated users per unit time may increase extremely. By performing the collation processing with the online processing device 2a, system down can be avoided even when there are many authentication needs, and stable online processing can be provided.

  In the first embodiment, the verification processing unit 29 is provided in the authentication terminal device 3a. However, the present invention is not limited thereto, and the verification processing unit 29 may be provided in the data recording processing device 5. Good. Hereinafter, a configuration in which the collation processing unit 29 is provided in the data recording processing device 5 will be described as a second embodiment.

[Second Embodiment]
An authentication processing system B that uses an authentication terminal device 3b using biometric information according to a second embodiment of the present invention will be described with reference to FIGS. In the second embodiment, the same components as those in the first embodiment are denoted by the same reference numerals, and the description thereof is omitted.

  FIG. 22 shows a schematic configuration diagram of the authentication processing system B, FIG. 23 shows a block diagram of the authentication terminal device 3b according to the second embodiment of the present invention, and FIG. 24 shows the second configuration of the present invention. The block diagram of the data recording processing apparatus 5c which concerns on embodiment is shown, and FIG. 25 has shown the flowchart of the authentication procedure process which concerns on the 2nd Embodiment of this invention.

  The difference from the first embodiment is that the authentication terminal device 3b is not provided with a verification processing unit as shown in FIG. 23, and the verification processing unit 29 is provided in the data recording processing device 5c as shown in FIG. It is in the point. Therefore, in the authentication procedure process according to the second embodiment, as shown in FIG. 25, an authentication template is also transmitted to the data recording processing apparatus 5c in addition to the authentication telephone number (step S13b).

  The search processing unit 45 of the data recording processing apparatus 5c (FIG. 24) detects one or more (one or more) registration phone numbers including the authentication phone number from the search key storage unit 43a (step S14: FIG. 25). Then, all the registration templates associated with the detected registration telephone number are detected from the template storage unit 43b (step S15).

  The collation processing unit 29 (FIG. 24) collates the authentication template and the detection registration template detected by the search processing unit 45 by image processing, and performs a predetermined match determination criterion (a match of a predetermined region with a predetermined threshold value or more). Matching / mismatching of collation is performed based on a complete match of a predetermined region, a match of a feature part exceeding a predetermined threshold or a complete match of a feature part, etc. (step S17).

  The data recording processing device 5c returns an authentication result (acceptance / denial or determination result) to the authentication terminal device 3b that has transmitted the authentication control information based on the result of the collation determination by the collation processing unit 29 (step S17b).

  Upon receiving the authentication result from the data recording processing device 5c, the authentication terminal device 3b (FIG. 18) proceeds to the execution of the main function processing unit 31 on the condition that the authentication is accepted (step S18). If the authentication is not accepted, the execution of the main function processing unit 31 is rejected, and the processing unique to the processing terminals 2a to 2f, such as the execution of the authentication again and the registration processing, is performed thereafter.

  According to the configuration of the present embodiment, the authentication terminal device 3b can be made compact by providing the data recording processing device 5c with the verification processing unit 29 (FIG. 24) that performs verification between the registration template and the authentication template. The authentication terminal device 3b can be applied to many terminal devices 2a to 2f. For example, the authentication terminal device 3b can be incorporated into a mobile terminal or mobile phone (FIG. 14) where a compact configuration is desired while maintaining the compact configuration. Therefore, cardless authentication can be provided to the user on many occasions, and a highly convenient cardless authentication system can be constructed.

  The data recording processing devices 5a to 5c according to the first and second embodiments are connected to the processing terminals 2a to 2f via the communication network 1, but the connection relationship with the processing terminals 2a to 2f is as follows. For example, the data recording processing device is provided in the authentication terminal device or the processing terminals 2a to 2f, or the authentication terminal devices 3a and 3b and a dedicated line such as a local area network (LAN) or WAN ( It may be configured to connect via a wide area network. Hereinafter, as a third embodiment, a configuration in which the data recording processing device is provided in the authentication terminal device will be described.

[Third Embodiment]
An authentication processing system C that uses an authentication terminal device 3c using biometric information according to a third embodiment of the present invention will be described with reference to FIGS. Note that in the third embodiment, identical symbols are assigned to configurations identical to those in the first and second embodiments and descriptions thereof are omitted.

  26 shows a schematic configuration diagram of the authentication processing system C, FIG. 27 shows a block diagram of the authentication terminal device 3c, FIG. 28 shows a flowchart of registration procedure processing according to the embodiment of the present invention, and FIG. 3 shows a flowchart of authentication procedure processing according to an embodiment of the invention.

  The difference from the first and second embodiments is that, as shown in FIG. 27, the database 43 and the search processing unit 45 are provided in the authentication terminal device 3c, and the authentication terminal device 3c performs the process of narrowing down the registration template. Is also in the point to do. Therefore, the registration process does not include steps S4 and S6 of FIG. 17 as shown in FIG. 28, and the authentication process does not include steps S13 and S16 of FIG. 18 as shown in FIG.

  According to the configuration of the third embodiment, the authentication telephone number, the registration template, and the authentication template at the time of authentication are not transmitted / received via the communication network 1, so that the authentication time can be shortened. Thus, a compact configuration can be achieved, and the cost can be reduced.

  In the first to third embodiments, at the time of authentication, the search key of the registration template, that is, the input of the authentication telephone number and the reading process of the biometric information are described. However, in order to ensure security. In addition, as shown in FIG. 6, a password number field 33e is provided on the registration screen 33, and a password, a password, etc. are required to be entered during registration, and a password, password, etc. are required to be entered on the authentication screen 35 (FIG. 12). It is good also as a structure. For example, before or after matching the detection registration template detected with the authentication phone number and the authentication template, the registered password is checked against the password entered at the time of authentication, etc. The security can be improved by adding the match to the condition for accepting the authentication. It should be noted that by performing collation of the code number before collation between the registration template and the authentication template, a narrowing effect can be expected and the authentication time can be shortened.

It is a schematic block diagram of the authentication processing system A using the authentication terminal device using the biometric information which concerns on the 1st Embodiment of this invention. It is an external view of the personal computer as the online processing terminal 2a which concerns on the 1st Embodiment of this invention. It is a block diagram of the authentication terminal device 3 which concerns on the 1st Embodiment of this invention. It is an external view of the other personal computer as the online processing terminal 2a which concerns on the 1st Embodiment of this invention. It is an external view of the other personal computer as the online processing terminal 2a which concerns on the 1st Embodiment of this invention. It is explanatory drawing of the registration screen 33 which concerns on the 1st Embodiment of this invention. It is explanatory drawing of the guidance screen 33D which concerns on the 1st Embodiment of this invention. It is explanatory drawing of the status key 33h of the said registration screen 33. FIG. It is a reading guidance screen of a registration finger displayed in an authentication test at the time of registration concerning a 1st embodiment of the present invention. It is a result screen of the authentication test at the time of registration which concerns on the 1st Embodiment of this invention. It is explanatory drawing of the input example of the telephone number for registration which concerns on the 1st Embodiment of this invention. It is explanatory drawing of the authentication screen 35 which concerns on the 1st Embodiment of this invention. It is a reading guidance screen of a registration finger at the time of authentication concerning a 1st embodiment of the present invention. It is explanatory drawing of the example of input of the telephone number for authentication which concerns on the 1st Embodiment of this invention. It is a block diagram of the data recording processing apparatus 5 which concerns on the 1st Embodiment of this invention. It is a block diagram of the database 43 which concerns on the 1st Embodiment of this invention. It is a flowchart of the registration procedure process which concerns on the 1st Embodiment of this invention. It is a flowchart of the authentication procedure process which concerns on the 1st Embodiment of this invention. It is a front view of the mobile telephone as the online processing terminal 2a which concerns on the 1st Embodiment of this invention. It is an external view of the television as the online processing terminal 2a which concerns on the 1st Embodiment of this invention. It is a front view of the exclusive device provided with the display part 17, the input part 19, and the biometric information reading part 21 of the authentication terminal device 3 which concerns on the 1st Embodiment of this invention. It is a schematic block diagram of the authentication processing system B using the authentication terminal device 3b using the biometric information which concerns on the 2nd Embodiment of this invention. It is a block diagram of the authentication terminal device 3b which concerns on the 2nd Embodiment of this invention. It is a block diagram of the data recording processing apparatus 5c which concerns on the 2nd Embodiment of this invention. It is a flowchart of the authentication process which concerns on the 2nd Embodiment of this invention. It is a schematic block diagram of the authentication processing system C using the authentication terminal device 3c using the biometric information which concerns on the 3rd Embodiment of this invention. It is a block diagram of the authentication terminal device 3c which concerns on the 3rd Embodiment of this invention. It is a flowchart of the registration process which concerns on the 3rd Embodiment of this invention. It is a flowchart of the authentication process which concerns on the 3rd Embodiment of this invention.

Explanation of symbols

A, B, C Authentication processing systems 3a-3c Authentication terminal devices 5a-5c Data recording processing devices 13, 39 ROM
19 Input unit 21 Biometric information reading unit 25 Image processing unit 29 Collation processing unit 43 Database 43a Search key storage unit 43b Template storage unit 45 Search processing unit

Claims (15)

A registration template storage unit that stores a registration image of a plurality of registrants using a biometric image of a predetermined part of the registrant as a registration template;
A registration search key storage unit that stores a plurality of registration search keys in association with the plurality of registration templates;
A search processing unit that detects a registration search key corresponding to the input authentication search key from among the plurality of registration search keys;
The search processing unit detects a first registration search key and a second registration search key other than the first registration search key with respect to the authentication search key. Biometric authentication processing device. A verification processing unit that compares an authentication template that is a biometric image of a predetermined part of the person to be authenticated and the registration template in the registration template storage unit;
The verification processing unit matches one of the authentication template and the first and second registration templates associated with the first and second registration search keys detected by the search processing unit. The processing apparatus for biometric authentication according to claim 1, wherein it is determined whether or not to do so. An input unit for inputting the search key for authentication;
An image reading unit for acquiring the biological image;
The biometric authentication processing device according to claim 1, wherein the biometric authentication processing device is provided.   4. The biometric authentication processing apparatus according to claim 1, wherein the authentication search key is a telephone number of a person to be authenticated. A registration template storage unit that stores a registration image of a plurality of registrants using a biometric image of a predetermined part of the registrant as a registration template;
A registration search key storage unit that stores the telephone number of the registrant in association with the plurality of registration templates;
And a search processing unit for detecting a first phone number including the input authentication phone number from the plurality of phone numbers stored in the registration search key storage unit. Authentication processing device. A verification processing unit that compares an authentication template that is a biometric image of a predetermined part of the person to be authenticated with the registration template in the template storage unit;
6. The biological body according to claim 5, wherein the verification processing unit determines whether or not the authentication template matches a first registration template associated with the first telephone number. Authentication processing device. An input unit for inputting the authentication telephone number;
An image reading unit for acquiring the biological image;
The processing apparatus for biometric authentication according to claim 5 or 6, characterized by comprising: An authentication template creating step for creating an authentication template from a biometric image of a predetermined part of the person to be authenticated;
An authentication search key acquisition step of acquiring an authentication search key of the person to be authenticated;
A search step of detecting a registration search key including the authentication search key from among a plurality of registration search keys;
A verification step of determining whether the authentication template matches the registration template associated with the registration search key detected in the search step;
Have
In the search step, a plurality of registration search keys are detected,
In the collation step, it is determined whether or not the authentication template matches any of a plurality of registration templates associated with the plurality of registration search keys detected in the search step. Biometric authentication method.   9. The biometric authentication method according to claim 8, wherein the authentication search key is a telephone number of the person to be authenticated. An authentication template creating step for creating an authentication template from a biometric image of a predetermined part of the person to be authenticated;
An authentication search key acquisition step of acquiring an authentication search key of the person to be authenticated;
A search step of detecting a registration search key including the authentication search key from among a plurality of registration search keys;
A verification step of determining whether the authentication template matches the registration template associated with the registration search key detected in the search step;
Have
The biometric authentication method, wherein the authentication search key is a telephone number of the person to be authenticated. In a biometric authentication method comprising a registration processing step and an authentication processing step,
The registration processing step includes
A registration template creation step for creating a registration template from a biometric image of a predetermined part of the registrant;
Obtaining a search key for registration for obtaining a search key for registration of the registrant;
A registration data storage step of associating the registration template with the registration search key and storing it in a recording unit;
Have
The authentication processing step includes
An authentication template creating step for creating an authentication template from a biometric image of a predetermined part of the person to be authenticated;
An authentication search key acquisition step of acquiring an authentication search key of the person to be authenticated;
A search step for detecting a search key for registration including the search key for authentication from the search key for registration;
A verification step of determining whether the authentication template matches the registration template associated with the registration search key detected in the search step;
Have
In the search step, a plurality of registration search keys are detected,
In the verification step, it is determined whether or not the authentication template matches any of a plurality of registration templates associated with the plurality of registration search keys. The registration search key is a phone number of the registrant,
The biometric authentication method according to claim 11, wherein the authentication search key is a telephone number of the person to be authenticated. In a biometric authentication method comprising a registration processing step and an authentication processing step,
The registration processing step includes:
A registration template creation step for creating a registration template from a biometric image of a predetermined part of the registrant;
Obtaining a registration phone number for obtaining a registration phone number of the registrant;
A registration data storage step of associating the registration template with the registration telephone number and storing it in a recording unit;
Have
The authentication processing step includes
An authentication template creating step for creating an authentication template from a biometric image of a predetermined part of the person to be authenticated;
An authentication telephone number acquisition step of acquiring the authentication telephone number of the person to be authenticated;
A search step of detecting a registration telephone number including the authentication telephone number from among the registration telephone numbers;
A verification step for determining whether the authentication template matches the registration template associated with the registration telephone number detected in the search step;
A biometric authentication method characterized by comprising:   A program for causing a device to execute the biometric authentication method according to any one of claims 8 to 13.   A recording medium on which the program according to claim 14 is recorded.

Images