JP2008217498A - Finger vein authentication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a finger vein authentication system capable of reducing the risk of spoofing to enhance security against information leakage. <P>SOLUTION: This finger vein authentication system is provided with information terminals 1, 4 connected with finger vein readers 2, 5 for reading a vein pattern of a finger, and communicated each other, and an authentication server 3 connected communicably to the respective information terminals 1, 4, for storing prescribed information including the vein patterns of the finger input from the information terminals 1, 4, and for authenticating the input vein patterns of the finger, based on at least the stored vein pattern of the finger, a finger vein registration means 11a registers the vein pattern of the finger in the authentication server 3, a finger vein request approval means 11b of the information terminal 1 requests an approval of the registered vein pattern of the finger to the information terminal 4 via the authentication server 3, a finger vein request approval means of the information terminal 4 assigns a condition, and a start-up/or-the-like control means 11c requests the authentication to the authentication server 3, using at least the approved vein pattern of the finger. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a finger vein authentication system using a finger vein pattern.

  In recent years, it has become a problem to steal another person's ID and password on a personal computer (PC) or a membership-based Web site, and impersonate the person and perform malicious acts. Such an act is referred to as “spoofing”, and in order to prevent spoofing, a technique for detecting and preventing unauthorized access in real time has been developed (see, for example, Patent Document 1).

Here, the technology described in Patent Document 1 detects in real time unauthorized access to confidential information files held by servers, clients, PCs, etc., based on the individual business schedule and separate file access permission. It is rejected and recorded as a log.
JP 2005-234729 A

  However, in the conventional finger vein authentication system, identity authentication is performed using an ID and a password, so that if a person is impersonated while a file access permission is issued, unauthorized access can be detected. However, there is a problem that the confidential information may be leaked and the confidential information may be leaked.

  In view of the above situation, an object of the present invention is to provide a finger vein authentication system that can improve the security against information leakage by reducing the possibility of impersonation.

In order to solve the above problems, the present invention provides the following configurations.
The invention according to claim 1 is communicably connected to an external device, and is connected to a finger vein reading device for reading a finger vein pattern so as to communicate, and at least transmits a finger vein pattern to the predetermined external device. Possible first and second information terminals are connected to each information terminal so as to be able to communicate, and receive and store predetermined information including a finger vein pattern from each information terminal, and at least store it. An authentication server configured to authenticate a finger vein pattern received based on a finger vein pattern, wherein the first information terminal specifies information for a user of the information terminal and information for specifying a reading finger; A first screen generating means for generating a first screen for inputting the information, and transmitting the information input via the first screen and the vein pattern of the reading finger to the authentication server for registration. A second screen for inputting information for identifying the user at the end is generated, and the information input via the second screen and a predetermined finger vein pattern are transmitted to the authentication server for authentication. Receiving a second screen generating means, generating a third screen for inputting information for specifying a user of the information terminal as an approval requester and information for specifying a finger for receiving the authentication; And a third screen generating means for transmitting information inputted via the screen and a finger vein pattern for receiving the authentication to the authentication server, wherein the authentication server is connected to the third screen generating means. The information inputted through the third screen and the finger vein pattern for receiving the authentication are received, and the verification target is stored based on the information inputted through the third screen. Finger vein pattern during the limit The authentication is performed for the finger vein pattern received based on the limited finger vein pattern stored by the self, and when the authentication is performed, the registration ID which is information for identifying the finger vein pattern stored by the collated self and the Means for transmitting information specifying an approval requester to the second terminal, and the second information terminal transmits the registration ID transmitted from the authentication server and information specifying the approval requester; , The received information is displayed, and the conditions for approval for the approval requester, the information specifying the user of the second information terminal as the approver, and the information specifying the reading finger of the approver are input. And a fourth screen generating means for transmitting the registration ID, the information input via the fourth screen, and the vein pattern of the approver's reading finger to the authentication server. And said The authentication server receives the registration ID transmitted from the fourth screen generating means, the information input via the fourth screen, and the vein pattern of the approver's reading finger, and the fourth screen The verification target is limited from among the finger vein patterns stored in the self based on the information input via the authentication, and the finger vein pattern of the approver is authenticated based on the limited finger vein pattern stored in the self When identifying and authenticating, the information identifying the finger vein pattern stored by the collated self, the registration ID of the received approval requester, and the approval condition for the approval requester are recorded in association with each other. Features.

  According to a second aspect of the present invention, in the finger vein authentication system according to the first aspect, the second screen generation means displays the second screen twice, and the first display is made via the second screen. The inputted information and the finger vein pattern registered in the authentication server and not associated with the approval condition are transmitted to the authentication server for authentication, and the approval condition is displayed in the second display. A finger vein pattern collated with a finger vein pattern specified by the associated registration ID is transmitted to the authentication server for authentication.

  The invention according to claim 3 is the finger vein authentication system according to claim 1 or 2, wherein the approval condition is specified by a date and time, and the fourth screen generation means of the second terminal is the approver. The vein pattern of the reading finger of the approver registered in the authentication server and associated with the approval condition is transmitted to the authentication server as the vein pattern of the reading finger. .

  According to the first aspect of the present invention, a finger vein reading device that is communicably connected to an external device and that reads a finger vein pattern is communicably connected, and at least the finger vein pattern is connected to a predetermined external device. The first and second information terminals that can be transmitted are connected to each information terminal so as to be able to communicate with each other, receive predetermined information including the finger vein pattern from each information terminal, and store at least the stored finger. And an authentication server that authenticates the received vein pattern of the finger based on the vein pattern, and the first information terminal inputs information for identifying the user of the information terminal and information for identifying the reading finger Generating a first screen to be transmitted, and transmitting the information input via the first screen and the vein pattern of the reading finger to the authentication server for registration, and a user of the information terminal specific Second screen generating means for generating a second screen for inputting information to be transmitted, and transmitting the information input via the second screen and a predetermined finger vein pattern to the authentication server and receiving authentication And generating a third screen for inputting information for identifying the user of this information terminal as an approval requester and information for identifying a finger for receiving authentication, and the information input via the third screen And a third screen generating means for transmitting a finger vein pattern for receiving authentication to the authentication server, and the authentication server is input via the third screen from the third screen generating means Information and a finger vein pattern for receiving authentication are received. Based on the information inputted via the third screen, the verification target is limited from the finger vein patterns stored in itself, and the limited self Based on the finger vein pattern stored The received finger vein pattern is authenticated, and when it is authenticated, the registered ID that identifies the finger vein pattern stored by the collated self and the information that identifies the approval requester are transmitted to the second terminal. The second information terminal receives the registration ID transmitted from the authentication server and the information specifying the approval requester, displays the received information, and the conditions for approval and approval for the approval requester A fourth screen for inputting information for identifying the user of the second information terminal as the user and information for identifying the approver's reading finger is generated and entered through the registration ID and the fourth screen. A fourth screen generating means for transmitting information and the vein pattern of the approver's reading finger to the authentication server, and the authentication server inputs the registration ID transmitted from the fourth screen generating means via the fourth screen; Information read by approver Based on the information input via the fourth screen, the collation target is limited from among the finger vein patterns stored in the self, and based on the limited finger vein pattern stored in the self Authenticates the finger vein pattern of the approver and, when authenticated, the information that identifies the finger vein pattern stored by the collated self, the registration ID of the received approval requester, and the conditions for approval for the approval requester Therefore, it is possible to realize a finger vein authentication system that does not require an ID and a password for personal authentication, can reduce the possibility of impersonation, and can improve security against information leakage.

  According to the invention of claim 2, in addition to the effect of claim 1, the second screen generation means displays the second screen twice, and the first display is input via the second screen. Information and the finger vein pattern that is registered in the authentication server and not associated with the approval condition is sent to the authentication server for authentication, and in the second display, the approval condition is registered with the associated registration ID. Since the finger vein pattern to be matched with the specified finger vein pattern is transmitted to the authentication server for authentication, the possibility of impersonation can be further reduced.

  According to the invention of claim 3, in addition to the effect of claim 1 or claim 2, the approval condition is specified by the date and time, and the fourth screen generation means of the second terminal is the reading finger of the approver. Since the vein pattern of the approver's reading finger registered in the authentication server and associated with the approval conditions is transmitted to the authentication server as the vein pattern of the authentication, the security against information leakage is further improved. Can do.

Hereinafter, embodiments of the present invention will be described with reference to the drawings showing examples.
FIG. 1 is a block diagram schematically showing an embodiment of a finger vein authentication system according to the present invention. As shown in FIG. 1, the finger vein authentication system is connected to finger vein readers 2 and 5 for reading a finger vein pattern, and communicates with information terminals 1 and 4 that can communicate with each other, and with each information terminal 1 and 4. Authentication that is connected to each other and stores predetermined information including the finger vein pattern input from the information terminals 1 and 4 and authenticates the finger vein pattern input based on at least the stored finger vein pattern And a server 3. Here, the information terminals 1 and 4 and the authentication server 3 are connected so as to be able to communicate with each other via a predetermined communication line 6 such as a LAN (Local Area Network), for example. Authentication is sent to the authentication server 3 for authentication.

  Each of the information terminals 1 and 4 is composed of, for example, a general computer, and has a terminal main body 10 having a login control unit 11 that functions based on a built-in program, and input means 12 composed of, for example, a keyboard 12a and a mouse 12b And a display 13.

  The login control unit 11 requests finger vein registration means 11a for registering the finger vein pattern of the user of the information terminals 1 and 4 in the authentication server 3 and the approval of the use of the information terminals 1 and 4 or from others. It consists of a finger vein request approval means 11b for approving or denying use of a request, and an activation management means 11c for managing login etc. after obtaining approval for use of the information terminals 1 and 4, The functions of the means 11a to 11c are realized based on built-in programs.

  The finger vein registration means 11a creates and displays an operator confirmation finger vein setting registration screen for allowing the user to input information in order to register the vein pattern of the user's finger in the authentication server 3. FIG. 2 is an explanatory diagram showing an example of an operator confirmation finger vein setting registration screen created by the finger vein registration means. As shown in FIG. 2, the operator confirmation finger vein setting registration screen 20 includes a user name (hereinafter, the user is referred to as a registrant), a department name, a hand, and a finger to be read (hereinafter, referred to as a registrant). , Simply referred to as “reading finger”) fields 21 to 24 are displayed.

  Here, in the field 23, “right hand” or “left hand” in the pull-down menu can be input. In the field 24, any one of “little finger”, “ring finger”, “middle finger”, “index finger”, and “thumb” in the pull-down menu can be input. The operator confirmation finger vein setting registration screen 20 also displays an “OK” button 25 for approving the input and a “cancel” button 26 for canceling the input. Hereinafter, information configured by setting values in the fields 21 to 24 is simply referred to as “registered finger information”.

  When the “OK” button 25 is pressed, the finger vein registration unit 11a controls the finger vein readers 2 and 5 to read and input the finger vein pattern, and the finger vein pattern is input to the binary data. And is transmitted to the authentication server 3 together with information for specifying the screen and registration finger information.

  The finger vein request approval unit 11b creates and displays an access finger vein approval request setting screen that allows the user to input information in order to receive approval for use of the information terminals 1 and 4. FIG. 3 is an explanatory diagram showing an embodiment of an access finger vein approval request setting screen created by the finger vein request authentication means. In the finger vein approval request setting screen 30 for access, as shown in FIG. 3, the user name (hereinafter referred to as the user approval request and approval) is displayed in the same manner as the operator confirmation finger vein setting registration screen. Fields 31 to 34 for inputting a department name, a hand, and “reading finger” are displayed.

  The access finger vein approval request setting screen 30 also displays an “OK” button 35 for approving the input and a “cancel” button 36 for canceling the input. Hereinafter, information constituted by setting values in the fields 31 to 34 is simply referred to as “requester finger information”. When the “OK” button 35 is pressed, the finger vein request approval unit 11b controls the finger vein readers 2 and 5 to read and input the finger vein pattern, and converts the finger vein pattern into binary data. The information is converted and transmitted to the authentication server 3 together with information specifying the screen and requester finger information.

  The finger vein request approval unit 11b creates an access finger vein approval setting registration screen for displaying requester finger information or information for specifying the requester finger and inputting an approval condition. FIG. 4 is an explanatory diagram showing an embodiment of an access finger vein approval setting registration screen created by the finger vein request authentication means. In the access finger vein approval setting registration screen 40, as shown in FIG. 4, fields 41a to 41c for displaying a registration ID, an approval requester name, and a department name that can specify requester finger information, and an approver An approver name, a department name, a hand, a reading finger, and fields 42a, 42b, 43a, 43b, and 44 to 46 for inputting the date and time when login is permitted are displayed. On the access finger vein approval setting registration screen 40, an “OK” button 47 for approving the input and a “cancel” button 48 for canceling the input are also displayed. Hereinafter, information constituted by setting values in the fields 42a, 42b, 43a, 43b, and 44 to 46 is simply referred to as “approval condition information”.

  Here, the fields 43a and 43b for inputting a hand and a reading finger can be set from the pull-down menu as in the access finger vein approval request setting screen 30. In the field 44 for inputting the date, “Month”, “Tue”, “Wed”, “Thu”, “Fri”, and “Weekday (Monday-Friday)” including these, and Other than these, "Saturday", "Sunday", "Holiday", and "Saturday Sunday Holiday" can be set. In the fields 45 and 46, the approved use start time and use end time are input, respectively.

  When the “OK” button 47 is pressed, the finger vein request approval unit 11b controls the finger vein reading device to read and input the finger vein pattern, and converts the finger vein pattern into binary data. , The information identifying the screen, the registration ID in the screen 40, and the approval condition information are transmitted to the authentication server 3, and the authentication server 3 is updated in response to this and the approval process is completed. Notify the client. The notification may be performed, for example, using e-mail or any other suitable method.

  For example, the activation management unit 11c creates a login screen and displays it on the display 14, and manages the login of the information terminals 1 and 4 and the like. Hereinafter, the management target is limited to login. 5 and 6 are explanatory diagrams showing an embodiment of a login screen generated by a management means such as activation. A login screen (1) 50 shown in FIG. 5 is a screen that is displayed first at the time of login. In this screen (1) 50, a field 51 for inputting a user name and a department name for identifying the user 100 is displayed. , 52, an “OK” button 53 for approving the input, and a “Cancel” button 54 for canceling the input.

  The login screen (2) 60 shown in FIG. 6 is a screen displayed next to the login screen (1). This screen (2) 60 is used in the same manner as the login screen (1) 50. The fields 61 and 62 for inputting the user name and the department name for identifying the person 100, the “OK” button 63 for approving the input, and the “Cancel” button 64 for canceling the input are displayed.

  Hereinafter, each of the information constituted by the setting values in the fields 51 and 52 of the screen (1) 50 and the information constituted by the setting values in the fields 61 and 62 of the screen (2) 60 will be referred to as “person identification information”. . When the “OK” buttons 53 and 63 are pressed, the activation management unit 11c controls the finger vein reader to read and input the finger vein pattern, and converts the finger vein pattern into binary data. Then, the information is transmitted to the authentication server 3 together with the information for identifying the screen and the person identification information.

  Prior to the description of login management of the information terminals 1 and 4, data managed by the authentication server 3 in a table will be described. FIG. 7 is a diagram illustrating an example of a finger vein registration table and a finger vein approval table managed by the authentication server. In the finger vein registration table 71, as shown in FIG. 7, for each registration ID 71a that can be uniquely identified, the registrant name 71b, department name 71c, hand 71d, finger 71e, finger vein data (finger vein pattern) 71f and approval ID 71g are recorded. Here, the finger vein registration table 71 is created for each registrant. In addition, as shown in FIG. 7, the finger vein approval table 72 represents an approved registration ID 72b, an approver registration ID 72c, and a date and time as an approval condition for each uniquely identifiable approval ID 72a. A date (day of week) 72d, a start time 72e, and an end time 72f are recorded.

  The authentication server 3 receives information specifying the screen 20 from the information terminals 1 and 4, registration finger information, and finger vein pattern, updates the registration ID for each reception, and receives the received data as a registrant name 71 b, Records in correspondence with the department name 71c, hand 71d, finger 71e, and finger vein data 71f. When data about an unregistered user is received, a finger vein registration table 71 is newly generated for the user. Here, the authentication server 3 may store predetermined data such as a user list or access this data, and determine whether or not to newly generate the finger vein registration table 71.

  The authentication server 3 also receives information specifying the screen 30 from the information terminal, the requester finger information, and the finger vein pattern, and searches for the registration ID based on the requester finger information. Authentication is performed on the received finger vein pattern based on the registered finger vein pattern, and when the authentication is performed, this registration ID is transmitted to the information terminal of the approver. Here, when the registration ID is not retrieved and when authentication is not obtained, the subsequent processing is not performed.

  The authentication server 3 also receives information specifying the screen 40 from the information terminal, registration ID, approval condition information, and finger vein pattern, searches the registration ID based on the approval condition information, and uses this registration ID. Authentication is performed on the received finger vein pattern based on the registered finger vein pattern, and when the authentication is performed, the searched registration ID is transmitted to the information terminal of the approver. Here, when the registration ID is not appropriate and when the authentication is not obtained, the subsequent processing is not performed.

  The authentication server 3 further receives information identifying the screens 50 and 60 from the information terminals 1 and 4, identification information, and finger vein patterns, and is identified based on the identification information and identification information. The finger vein pattern received based on the finger vein pattern is authenticated, and whether or not authentication is possible is returned to the information terminals 1 and 4.

  For management of login of the information terminals 1 and 4, first, the activation management means 11c displays the login screen (1) 50 shown in FIG. 5 to input the person identification information for identifying the user, and the finger vein The readers 2 and 5 are controlled to read and input the finger vein pattern, and the screen (1) 50 identifying information, the person identifying information, and the finger vein pattern are transmitted to the authentication server 3 for authentication. .

  Hereinafter, the finger vein pattern in which the approval ID is recorded in the finger vein registration table 71 (hereinafter referred to as an approved registered vein pattern) and the finger vein of only the registered finger having no approval ID recorded therein. It is assumed that a pattern (hereinafter referred to as an unapproved registered vein pattern) is recorded. Here, the authentication for the screen (1) 50 may be performed for an unapproved registered vein pattern, for example. When the authentication server 3 receives the information related to the screen (1) 50, the authentication server 3 performs authentication as described above and returns whether or not authentication is possible to the information terminals 1 and 4.

  Subsequently, the activation management unit 11c performs the same processing as the screen (1) 50 on the login screen (2) 60 shown in FIG. Here, the authentication for the screen (2) 60 may be performed for an approved registered vein pattern, for example. The activation management unit 11c activates the information terminals 1 and 4 when authentication corresponding to the screen (2) 60 is obtained from the authentication server 3, and operates when authentication is not obtained for any screen. Stop.

Hereinafter, processing performed by the finger vein authentication system according to the present invention will be described. Here, the transmission of the information specifying each of the screens 20 to 60 to the authentication server is not described below for the convenience of explanation, but is performed as described above.
FIG. 8 is a flowchart for explaining processing performed on the operator confirmation finger vein setting registration screen. First, the vein registration unit 11a creates an operator confirmation finger vein setting registration screen 20 and displays it on the display 13 (S101). Here, “PC” in FIG. 8 indicates the information terminals 1 and 4, “SRV” indicates the authentication server 3, and so on. Next, the vein registration unit 11a waits for the “OK” button 25 to be pressed (S102), and when it is pressed, performs finger vein reading and transmission processing in step S110.

  FIG. 9 is a flowchart for explaining the finger vein reading and transmitting process. In the finger vein reading and transmitting process, the vein registration unit 11a first controls the finger vein reading device 2 to read and input a finger vein pattern (S201). Next, the vein registration unit 11a converts the obtained finger vein pattern into binary data (S202) and transmits it to the authentication server 3 together with other data (registered finger information in the case of step S110) (S203).

  Returning to FIG. 8, next, the authentication server 3 receives the data from the vein registration unit 11 a transmitted in step S <b> 110, updates the registration ID, and corresponds the received data in the finger vein registration table 71. The location is set (S121). Note that the processing for unregistered persons is performed as described above. This completes the registration of the finger vein pattern.

  FIG. 10 is a flowchart for explaining processing performed on the access finger vein approval request setting screen and the access finger vein approval setting registration screen. Hereinafter, the information terminal of the approval requester is referred to as the first terminal 1, the information terminal of the approver is referred to as the second terminal 4, and FIG. 10 shows PC (1) and PC (2), respectively. First, the finger vein request approval unit 11b creates an access finger vein approval request setting screen 30 and displays it on the display 13 (S301).

  Next, the finger vein request approval unit 11b waits for the “OK” button 35 to be pressed (S302), and when it is pressed, performs finger vein reading and transmission processing in step S310. In the finger vein reading / transmission process in step S310, the finger vein request approving means 11b first controls the finger vein reading device 2 to read and input the finger vein pattern, and the obtained finger vein pattern is binary-coded. The data is converted and transmitted to the authentication server 3 together with the requester finger information. Here, the approval requester places the finger set on the access finger vein approval request setting screen 30, that is, the finger requesting approval of use, on the finger vein reader 2.

  Next, the authentication server 3 receives the data from the finger vein request approval unit 11b transmitted in step S310, and determines whether or not the received data is registered in the finger vein registration table 71 (S321). . Specifically, the authentication server 3 searches the registration ID based on the requester finger information, and authenticates the received finger vein pattern based on the finger vein pattern registered with the registration ID.

  When it is determined that the data received in step S321 is not registered in the finger vein registration table 71, the process returns to step S301 and the above processes are repeated. When determining that it is registered, the authentication server 3 transmits the searched registration ID, approval requester name, and department name to the information terminal 4 of the approver (S322).

  Next, the information terminal 4 of the approver receives the data from the authentication server 3 transmitted in step S322, and the finger vein request approval unit (not shown) of the information terminal 4 displays the finger vein approval setting registration screen for access. 40 is created and data corresponding to the corresponding fields 41a to 41c in the screen 40 is set and displayed on the display 13 (S323).

  Next, the finger vein request approval unit waits for the “OK” button 47 to be pressed (S324), and when it is pressed, performs finger vein reading and transmission processing in step S330. In the finger vein reading / transmission process in step S330, first, the finger vein reading device 2 is controlled to read and input the finger vein pattern, and the obtained finger vein pattern is converted into binary data. Together with the registration ID and approval condition information. Here, the finger set on the access finger vein approval request setting screen 40 is a finger already registered by the approver, and the approver places this finger on the finger vein reader 2.

  Next, the authentication server 3 receives the data from the information terminal 4 of the approver transmitted in step S330, and determines whether or not the received data is registered in the finger vein registration table 71 (S341). . Specifically, the authentication server 3 searches the registration ID based on the approval condition information, and authenticates the received finger vein pattern based on the finger vein pattern registered with the registration ID.

  When it is determined that the data received in step S341 is not registered in the finger vein registration table 71, the processing returns to step S323 and the above processing is repeated. When the authentication server 3 determines that it is registered, the authentication server 3 updates the approval ID, and sets the registration ID of the approval requester, the registration ID of the approver, and the date / time as the approval condition in the finger vein approval table 72. The corresponding fields 72b to 72f are recorded (S342), and the updated information is recorded in the corresponding approval ID 71g of the finger vein registration table 71 (S343).

  FIG. 11 is a flowchart for explaining processing performed on the login screen (1) and the login screen (2). The startup management unit 11c first creates a login screen (1) 50 and displays it on the display 13 (S401). Here, a person who intends to log in (hereinafter referred to as a logged-in person) inputs a user name and a department name.

  Next, the activation management unit 11c waits for the “OK” button 53 to be pressed (S402), and when it is pressed, performs finger vein reading and transmission processing in step S410. In the finger vein reading / transmission process in step S410, the activation management unit 11c first controls the finger vein reading device 2 to read and input a finger vein pattern, and the obtained finger vein pattern is binary data. And transmitted to the authentication server 3 together with the identification information. Here, the log-in person places a finger on the finger vein reader 2 in which the unapproved registered vein pattern is registered in the finger vein registration table 71.

  Next, the authentication server 3 receives the data from the activation management unit 11c transmitted in step S410, and determines whether or not the received data is registered in the finger vein registration table 71 (S421). Specifically, the authentication server 3 identifies a registrant based on the person identification information, and authenticates the received finger vein pattern based on the registered registrant finger vein pattern.

  When it is determined that the data received in step S421 is registered in the finger vein registration table 71, the authentication server 3 sets an approval ID in the finger vein registration table 71 corresponding to the registered finger vein pattern. It is determined whether or not (S422). When it is determined in step S422 that the approval ID has not been set, the authentication server 3 transmits information (authentication notification) indicating that authentication has been made to the activation management unit 11c (S423), and the activation management unit 11c logs in The display screen (2) is displayed on the display 13 (S423).

  When the authentication server 3 determines in step S421 that the received data is not registered in the finger vein registration table 71 and when it is determined in step S422 that the approval ID is set, the authentication server 3 displays information indicating that authentication is not performed. The activation management unit 11c transmits the information to the activation management unit 11c and causes the display 13 to display it (S450). Here, the activation management unit 11c may stop the information terminal thereafter.

  Next, the activation management unit 11c waits for the “OK” button 63 to be pressed (S424), and when it is pressed, performs finger vein reading and transmission processing in step S430. In the finger vein reading / transmission process in step S430, the activation management unit 11c first controls the finger vein reading device 2 to read and input the finger vein pattern, and the obtained finger vein pattern is binary data. And transmitted to the authentication server 3 together with the identification information. Here, the log-in person places a finger on the finger vein reader 2 in which the approved registered vein pattern is registered in the finger vein registration table 71.

  Next, the authentication server 3 receives the data from the activation management unit 11c transmitted in step S430, and determines whether or not the received data is registered in the finger vein registration table 71 (S441).

  When it is determined that the data received in step S441 is registered in the finger vein registration table 71, the authentication server 3 sets an approval ID in the finger vein registration table 71 corresponding to the registered finger vein pattern. It is determined whether or not (S442). When it is determined in step S442 that the approval ID has been set, the authentication server 3 transmits information (authentication notification) indicating authentication to the activation management unit 11c (S443), and the activation management unit 11c The activation of the terminal 1 is started (S444).

  When the authentication server 3 determines in step S441 that the received data is not registered in the finger vein registration table 71, and determines in step S442 that the approval ID is not set, the authentication server 3 displays information indicating that authentication is not performed. The activation management unit 11c transmits the information to the activation management unit 11c and causes the display 13 to display it (S450). Here, the activation management unit 11c may stop the information terminal thereafter.

  In the above, the example applied when logging in the finger vein authentication system of the present invention has been described, but the present invention is similarly applied when accessing other devices. In this case, the other apparatus may be configured to be accessed from the information terminal of the user in the same manner as in the case of the above-described login and for example by obtaining authentication using a different finger.

It is a block block diagram which shows typically one Example of the finger vein authentication system by this invention. It is explanatory drawing which shows one Example of the finger vein setting registration screen for operator confirmation which a finger vein registration means produces. It is explanatory drawing which shows one Example of the finger vein approval request setting screen for access which a finger vein request authentication means produces. It is explanatory drawing which shows one Example of the finger vein approval setting registration screen for access which a finger vein request authentication means produces. It is explanatory drawing which shows one Example of the screen for login (1) which a management means, such as starting, produces | generates. It is explanatory drawing which shows one Example of the screen for login (2) which a management means, such as starting, produces | generates. It is a figure which shows one Example of the finger vein registration table and finger vein approval table which an authentication server manages. It is a flowchart for demonstrating the process performed regarding the finger vein setting registration screen for operator confirmation. It is a flowchart for demonstrating a finger vein reading transmission process. It is a flowchart for demonstrating the process performed regarding the finger vein approval request setting screen for access and the finger vein approval setting registration screen for access. It is a flowchart for demonstrating the process performed regarding the screen for login (1) and the screen for login (2).

Explanation of symbols

DESCRIPTION OF SYMBOLS 1, 4 Information terminal 2, 5 Finger vein reader 3 Authentication server 6 Communication line 10 Terminal main body 11 Login control part 11a Finger vein registration means 11b Finger vein request approval means 11c Management means for starting, etc. 12 Input means 12a Keyboard 12b Mouse 13 Display 20 Finger vein setting registration screen for operator confirmation 21-24, 31-34, 42a, 42b, 43a, 43b, 44-46, 51, 52, 61, 62 Input field 25, 26, 35, 36, 47, 48 , 53, 54, 63, 64 Buttons 30 Access finger vein approval request setting screen 40 Access finger vein approval setting registration screen 41a-41c Display field 50, 60 Login screen 71 Finger vein registration table 71a-71g, 72a-72f Field 72 Finger vein approval table 100 User

Claims (3)

First and second connected to an external device in a communicable manner and connected to a finger vein reading device for reading a finger vein pattern in a communicable manner so that at least the finger vein pattern can be transmitted to the predetermined external device. An information terminal,
The finger veins connected to each information terminal so as to be communicable and receive and store predetermined information including finger vein patterns from each information terminal, and received based on at least the stored finger vein patterns An authentication server for authenticating the pattern,
The first information terminal is
A first screen for inputting information for specifying a user of the information terminal and information for specifying a reading finger is generated, and the information input via the first screen and the vein pattern of the reading finger are First screen generation means for transmitting and registering to the authentication server;
A second screen for inputting information specifying the user of the information terminal is generated, and the information input via the second screen and a predetermined finger vein pattern are transmitted to the authentication server. A second screen generating means for receiving authentication;
Information that is input via the third screen by generating a third screen for inputting information for specifying the user of the information terminal as the approval requester and information for specifying the finger for receiving the authentication And a third screen generating means for transmitting a finger vein pattern for receiving the authentication to the authentication server,
The authentication server is
Based on the information input via the third screen and the vein pattern of the finger for receiving the authentication received from the third screen generating means and based on the information input via the third screen Then, the target of collation is limited from the finger vein patterns stored by itself, and the received finger vein pattern is authenticated based on the limited finger vein pattern of the stored self. Means for transmitting a registration ID, which is information for specifying a vein pattern of a finger, and information for specifying the approval requester to the second terminal;
The second information terminal is
The registration ID transmitted from the authentication server and the information specifying the approval requester are received, the received information is displayed, the conditions for approval for the approval requester, and the second information terminal as the approver Generating a fourth screen for inputting information for identifying a user and information for identifying the reading finger of the approver; the registration ID; information input via the fourth screen; and the approver A fourth screen generating means for transmitting the reading finger vein pattern to the authentication server,
The authentication server receives the registration ID transmitted from the fourth screen generation means, information input via the fourth screen, and a vein pattern of the approver's reading finger, Based on the information input via the screen, the verification target is limited from among the finger vein patterns stored in the finger, and the finger vein pattern of the approver is authenticated based on the limited finger vein pattern stored in the self When the authentication is performed and authenticated, information for specifying the vein pattern of the finger stored by the collated self, the registration ID of the received requester of the approval, and the approval condition for the approval requester are recorded in association with each other A finger vein authentication system.   The second screen generation means displays the second screen twice, and associates the information input through the second screen with the first display and the registration condition and the approval condition. The finger vein pattern that has not been sent is sent to the authentication server for authentication, and in the second display, the finger vein pattern that is matched with the finger vein pattern specified by the registration ID associated with the approval condition is displayed. The finger vein authentication system according to claim 1, wherein the finger vein authentication system is configured to be authenticated by transmitting a vein pattern to the authentication server.   The approval condition is specified by date and time, and the fourth screen generation means of the second terminal is registered in the authentication server as the vein pattern of the read finger of the approver and associated with the approval condition The finger vein authentication system according to claim 1 or 2, wherein the finger vein authentication system is configured to transmit a vein pattern of an approver's reading finger to the authentication server.

Images