JP2008269236A - Biometric authentication processing device, biometric authentication method, program for making the processor execute the method, and storage medium recording the program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a biometric authentication processing device, for reducing authentication time without requiring a user to input an ID in authentication using biological information, and to provide a biological authentication method, a program for making the device execute the method, and a storage medium storing the program. <P>SOLUTION: A database 43 stores a registration template of a biological image read by a biological information reading part 21 in association with an equipment specific ID number of a registration/authentication terminal device 2a-2f. In authentication, the database 43 is automatically retrieved on the basis of the equipment specific ID number of the terminal device 2a-2f used by a person to be authenticated, and registration templates are refined. As the equipment specific ID number, MAC addresses of the terminal devices 2a-2f and numbers assigned to the terminal devices 2a-2f are used. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a processing apparatus using biometric information, a biometric authentication method, a program for causing the apparatus to execute the method, and a recording medium on which the program is recorded, and more particularly, among a plurality of preregistered biometric information. The present invention relates to biometric authentication processing for quickly performing biometric information authentication.

  Conventionally, when providing credit account services that postpone payment for product purchases at financial institutions and commercial facilities, the service provider (organization, company) promptly authenticates the service user. For example, cash cards, credit cards, and the like are widely used as means for performing the above operations, and IC cards in which an IC chip is embedded are also used for enhancing security. The card usage does not stop there. For example, as a means of recording the cumulative number of points in providing the user with benefits (discounts, free gift exchanges, preferential sales of tickets, etc.) equivalent to the cumulative number of points, showing the actual product purchases at various commercial facilities. So-called point cards are used, so-called registration cards, passports, driver's licenses, etc. are used in advance as personal identification means in public facilities such as hospitals, government offices, airports (customs), police stations, and commercial rental business facilities. Prepaid cards, so-called prepaid cards, which are issued with a price corresponding to the amount of money and enable the use of goods, telephones, railroads, pachinko, etc. within the amount, are used.

  Since a card is issued for each service provider for a wide range of services that can be received in the life of the individual as described above, the number of cards owned by the individual is increasing. As a result, service users may feel inconvenience because it takes space to carry many of these cards, or it may be inconvenient to select an appropriate one from many cards when presenting the card. Therefore, a means for receiving the above-described various services without a card is desired.

  As means for making a card for personal authentication unnecessary, a technique using a user's fingerprint for authentication is disclosed (for example, Patent Document 1). Specifically, the fingerprint image of the customer who receives the service and its characteristics are registered in advance in the database of the processing device connected to the network, and the fingerprint image detected at the time of renting or selling the article is registered in advance. Whether or not the fingerprint image matches is searched based on the characteristics of the fingerprint, and the customer is authenticated if it matches, thereby eliminating the need to use the card.

  However, when there are a large number of fingerprint images registered in the database in advance in fingerprint authentication, 1: N verification is performed, and it takes a long time for authentication. In particular, in order to ensure high collation accuracy from the viewpoint of ensuring security, it is necessary to extract and collate more features of a fingerprint image of a predetermined size by finer image processing, which further increases the collation time. . Furthermore, the authentication time becomes longer as the number of users increases internationally.

  As a means for shortening the collation time for person collation, the ID assigned to each operator for the copying machine is stored in the storage means in association with the fingerprint image, and when the operator uses the copying machine, the fingerprint A technique is disclosed in which an ID is input together with an input, fingerprint image data corresponding to the ID is searched and acquired, and whether or not they match by 1: 1 verification is disclosed (for example, a background art column in Patent Document 2). ).

  However, in 1: 1 verification using the ID assigned to the service user from the service provider as a key, the service user needs to remember the ID or always carry a note of the ID, etc. This will increase the burden. For example, ID numbers of credit cards issued by many credit companies are accounted for, for example, around 16 digits of the card member number in consideration of the increase in the number of members. This ID number of around 16 digits is directly registered in the database. It is difficult to memorize the ID, and the ID number is entered while looking at the memo, and it takes time before the authentication is executed, and the possibility of erroneous input is increased. It will be lacking. In particular, it is difficult for elderly people who expect cardless benefits.

A first data group for storing fingerprint images of a small number of users who often use the copying machine when storing the fingerprint image in a database as a fingerprint collation means of the copying machine which reduces the ID input at the time of authentication with the above problem as much as possible And a second image data group that stores fingerprint images of a large number of other users. When collating fingerprint images, the first data group that is likely to match first is 1: A technique is disclosed in which N collation is performed, if the ID is not matched, the user is requested to input an ID, and 1: 1 collation with an image in the second data group corresponding to the ID is performed (for example, a patent) Reference 2).
Japanese Patent Laid-Open No. 2004-157821 JP 2006-202207 A (paragraphs [0004]-[0006], [0056])

  However, when an unspecified number of users use a means for performing a 1: N collation of fingerprint images first, and a 1: 1 collation if they do not match, the first and second based on the usage frequency are used. Is difficult, and the number of images in the second data group is also unspecified, so a large number of ID digits are required. As a result, the above-described 1: 1 collation using ID is performed. The problem still cannot be solved.

  The present invention was made to solve the above-mentioned problems, and in biometric information authentication, a biometric authentication processing device that realizes shortening of authentication time while eliminating the need for user ID input, An object is to provide a biometric authentication method, a program for causing the apparatus to execute the method, and a recording medium on which the program is recorded.

In order to achieve the above object, the present invention has the following configuration.
A first gist of the present invention is that a biometric image of a predetermined part of a registrant is used as a registration template, a registration template storage unit that stores registration templates for a plurality of registrants, and the plurality of registration templates. A registration search key storage unit that stores a plurality of registration search keys; a search processing unit that detects a registration search key that matches the received authentication search key from the plurality of registration search keys; And the registration search key is a device identification number of the registration device that has transmitted the registration template.

  The second gist of the present invention includes a verification processing unit that compares an authentication template, which is a biometric image of a predetermined part of the person to be authenticated, with the registration template in the registration template storage unit, and the verification processing unit includes: The biometric authentication according to the first aspect, wherein it is determined whether or not the authentication template matches the registration template associated with the registration search key detected by the search processing unit. In the processing unit.

  A third gist of the present invention resides in the biometric authentication processing device according to gist 1 or 2, wherein the device unique number is a MAC address.

  According to a fourth aspect of the present invention, there is provided an authentication template creation step for creating an authentication template from a biometric image of a predetermined part of the person to be authenticated, and an authentication search key acquisition step for acquiring the authentication search key for the person to be authenticated. A search step for detecting a registration search key including the authentication search key from among a plurality of registration search keys; and the authentication template is associated with the registration search key detected in the search step A verification step for determining whether or not the registered template matches the registered template, wherein the registration search key is a device unique number of the registration device that has transmitted the registration template, and the authentication search In the biometric authentication method, the key is a device unique number of the authentication device that has transmitted the authentication search key.

  According to a fifth aspect of the present invention, in the biometric authentication method according to the fourth aspect, the device unique number is a MAC address of the registration device and the authentication device.

  A sixth aspect of the present invention resides in a program for causing a device to execute the biometric authentication method described in the fourth aspect or the fifth aspect.

  A seventh aspect of the present invention resides in a recording medium on which the program according to the sixth aspect is recorded.

  According to the first and fourth aspects of the present invention, since the device unique number as the registration search key stored in the registration search key storage unit is different for each registered device, registration is performed via the device unique number. Among the registration templates stored in the template storage unit, those registered by the registration device having the device unique number can be narrowed down. Therefore, at the time of authentication, the search processing unit detects a registration search key that matches the received authentication search key, thereby narrowing down the registration templates registered in the registration device corresponding to the authentication search key. Accordingly, at the time of authentication, since it can be limited to the collation processing with only the narrowed down templates from the registration templates stored in the registration template storage unit, the authentication time can be remarkably shortened.

  Since the device unique number is a number assigned to the device itself, the device itself can be managed (stored, acquired, detected, transmitted / received, etc.). Therefore, by using the device unique number as a search key, the registrant and the person to be authenticated do not need to input the device unique number as a search key at the time of registration or authentication of the registration template. Therefore, the person to be authenticated at the time of authentication can perform the authentication process for narrowing down the registration template by only reading the biometric information of the predetermined part (the process for creating the authentication template). Despite the simple procedure of the certifier, it is possible to realize a short time authentication.

  Furthermore, the biometric authentication processing apparatus can perform a process up to narrowing down the registration template corresponding to the apparatus unique number, and can perform a matching process between the registration template and the authentication template with a large processing burden in another apparatus. According to such a configuration, even when there are many authentication processes per unit time, since the collation process with a large processing load can be performed by another apparatus, the processing burden at the time of authentication of the biometric authentication processing apparatus can be reduced, The overflow of the biometric authentication processing apparatus can be avoided.

  In particular, the non-face-to-face authentication process via the Internet can be used borderless in terms of location and time, so the number of authenticated users per unit time may increase dramatically. It can respond to many authentication processing needs without causing overflow.

  According to the second aspect of the present invention, since the verification result can be provided to the authentication device used by the person to be authenticated for authentication, the authentication device can be made compact. In other words, a compact device can be used as the authentication terminal device. For example, authentication processing can be performed even with a compact portable device such as a mobile terminal or a mobile phone. For example, non-face-to-face authentication via the Internet can be realized with a simple device.

  According to the third and fifth aspects of the present invention, since the MAC address is assigned to the device in advance before the registration and authentication processing device is used for biometric authentication, the registration and authentication processing device is used for biometric authentication. Therefore, the device unique number can be easily obtained without requiring a new allocation process.

  According to the sixth and seventh aspects of the present invention, execution on various devices can be easily performed using such a program and a recording medium.

[First Embodiment]
Hereinafter, a first embodiment of an authentication system A using biometric information according to the present invention will be described with reference to FIGS.

  FIG. 1 is a schematic configuration diagram of an authentication processing system A that uses a registration / authentication terminal device 3a using biometric information according to the present embodiment.

  The authentication processing system A includes various processing terminals 2a to 2f having a registration / authentication terminal device 3a, a price replacement company 5A having a data recording processing device 5, an authentication server 5B, and a financial institution 7 having an authentication terminal device 3a. The online store 9 </ b> A and the public organization homepage 9 </ b> B are connected to the communication network 1 and configured to be able to transmit and receive data to and from each other via the communication network 1.

(Data communication network 1)
The data communication network 1 is only required to be able to perform data communication with the price changing company 5, the financial institution 7, the online store 9B, and the public organization homepage 9B, and a public line network using wired and / or wireless communication can be used. For example, the Internet, wireless communication, or a combination thereof can be used.

(Online commercial store 9A)
The online commercial store 9A is a store that conducts commercial transactions online, and does not limit the products and services provided regardless of the type of business. For example, the products and services to be provided include tangible objects and intangible objects such as data (moving image data such as television and movies, still image data such as photographs, program data, etc.), etc., and can be subject to commercial transactions. I just need it.

(Public organization homepage 9B)
The public organization homepage 9B is a homepage that provides services such as search, browsing, and provision of personal data, public data, authentication documents (passport, resident card, etc.), regardless of whether they are paid or free.

(Processing terminals 2a to 2f)
Each of the various terminals 2a to 2f having the registration / authentication terminal device 3a is a terminal that requires authentication for providing a user's service regardless of a paid service or a free service. In the present embodiment, as an example, various terminals 2a to 2f that perform online processing, face-to-face payment processing, prepaid payment processing, point processing, personal identification processing, and account use processing of a financial institution will be described below.

(Online processing terminal 2a)
The online processing terminal 2a is used for online payment processing for payment of goods for online merchandise store 9A or public organization homepage 9B via the communication network 1, payment for services, point processing for online approval processing, A terminal that performs information processing or the like (hereinafter referred to as “online processing”) on the homepage 9B, performs biometric authentication before executing online processing, and determines acceptance / denial of execution of online processing.

  Online payment processing includes credit payment processing, immediate payment processing, prepaid payment processing, and the like.

  In the credit settlement processing, for example, an online commercial store 9A (commercial service) is obtained by subtracting a service charge determined by a contract between the commercial owner of the online commercial store 9A and the price change company 5A from the user price from the price change company 5A (commercial). The payment is made in advance, and after the postponement period, the user price is withdrawn from the user account of the financial institution 7 and transferred to the price transfer company 5A.

  In the immediate settlement process, for example, the advance price obtained by subtracting the user price or the service charge from the user price is withdrawn from the user account of the financial institution 7 and transferred to the online commercial store 9A (commercial owner).

  The prepaid payment process is a payment process for a usage fee when paying a price corresponding to the amount in advance and receiving online merchandise and services within the amount.

  Online point processing is processing that accompanies online processing results (including paid and free), and includes, for example, point addition processing corresponding to the purchase price of goods in the online payment and benefits (discounts) corresponding to the cumulative number of points Point subtraction processing (hereinafter referred to as “point processing”) associated with the provision processing to the user.

  Information processing on the public organization homepage 9B includes retrieval and disclosure processing of personal information and public information, and processing for issuing authentication documents (passport, resident card, etc.). Public organizations include, but are not limited to, for example, the country, local governments, schools, hospitals, police, notary offices, NGOs, and the like.

  The online processing terminal 2a may be any device capable of purchasing a product at an online commercial store 9 or the like via the communication network 1 and searching for information on a public organization homepage 9B, a disclosure process, and the like. (Including terminals) (FIGS. 2, 4, and 5), Internet protocol (IP) telephones (including fixed telephones and mobile phones (FIG. 16)), TVs using Internet protocols (fixed TVs (FIG. 17) and portable TVs) Terminal devices that can be used for a predetermined period of time, including terminal devices that have been rented for a predetermined period of time regardless of whether they are free of charge or not. In the present embodiment, the online payment may be referred to as non-face-to-face payment.

  The online payment process and the online point process can be processed in combination. In this case, either a common data recording processing apparatus 5 or a separate data recording processing apparatus 5 may be used.

(Settlement processing terminal 2b)
The settlement processing terminal 2b is a credit settlement process or a financial institution 7 that defers settlement of payment for purchase of goods at the commercial facility 3A, facility usage charges, etc. (payment between the service provider and the service user: face-to-face settlement). The terminal device enables immediate payment processing from the account of the user, performs the biometric authentication before executing the payment processing, and determines acceptance / denial of execution of the payment processing. In the present embodiment, the case where the service provider side (person, device) and the service user make a face-to-face payment may be referred to as face-to-face payment.

  In the credit settlement process, for example, the advance fee obtained by subtracting the service fee determined by the contract between the commercial facility 3A and the price change company 5A from the user price is repaid from the price change company 9 to the commercial facility 3A and postponed. After the period, the user price is withdrawn from the user account of the financial institution 7 and transferred to the price replacement company 5A. In the immediate settlement process, for example, the advance price obtained by subtracting the user price or service charge from the user price is withdrawn from the user account of the financial institution 7 and transferred to the commercial facility 3A.

(Prepaid payment processing terminal 2c)
The prepaid payment processing terminal 2c is a terminal device that pays a value corresponding to the amount in advance and performs payment for the purchase of the product, the device, and the usage fee of the facility within the amount, for example, the payment for the purchase of the product, telephone, traffic Prior to the settlement of use of an organization (railway, bus, aircraft, etc.), facility, game machine (pachinko, slot machine, game machine, amusement park game machine, etc.), the biometric authentication is performed and the prepaid settlement process is executed. To accept / deny.

  The prepaid processing terminal 2c is preferably placed at a service providing place. For example, in a store fee payment place, in a telephone (fixed phone or mobile phone), or in a usage fee payment device such as a transportation facility or game machine Or provided side by side.

(Point processing terminal 2d)
The point processing terminal 2d indicates the various payments (online payments, face-to-face payments, point payments, etc.), the purchase of goods in cash at various commercial facilities, and the facility usage results (including paid and free) in points. Terminal device used for addition processing, point subtraction processing (hereinafter referred to as “point processing”) associated with privilege provision processing to users of benefits (discounts, prize exchanges, preferential sales of tickets, etc.) equivalent to the accumulated number of points For example, before or after settlement, the biometric authentication is performed, and acceptance / denial of execution of the point service process is determined.

(Personal identification processing terminal 2e)
The personal identification processing terminal 2e is a terminal device for identifying an individual provided in a public facility such as a hospital, a government office, an airport (customs), a police station, or a commercial facility. Before the document provision process at the government office, the immigration process at the airport, the facility use process, and the article rental process (hereinafter referred to as “service provision process”), the biometric authentication is performed and the service provision process is executed. To accept / reject

(Financial institution account usage processing terminal 2f)
The financial institution account use processing terminal 2f is a terminal device used to use an account of a financial institution 7 such as a bank or a post office, and performs the biometric authentication before executing the account use processing such as deposit and withdrawal. Then, accept / deny execution of the account use process is determined. The financial institution account use processing terminal 2f may be provided in the financial institution 7 or alone.

  The processing in the processing terminals 2b to 2f can be processed in combination. In this case, either a common data recording processing device 5 or a separate data recording processing device 5 may be used. For example, the payment processing terminal 2b and the prepaid processing terminal 2c can perform point processing on the payment price. With such a configuration, after the biometric authentication is accepted, various settlement processes and point processes can be executed in parallel.

(Registration / authentication terminal device 3a)
Hereinafter, the registration / authentication terminal device 3a will be described using the online processing terminal 2a as an example. FIG. 2 is a schematic external view of a personal computer as the online processing terminal 2a, and FIG. 3 is a schematic block diagram of the registration / authentication terminal device 3a of the online processing terminal 2a.

  As illustrated in FIG. 3, the registration / authentication terminal device 3 a includes a control unit 11, a ROM 13, a RAM 15, a display unit 17, an input unit 19, a recording unit 21, a biometric information acquisition unit 23, an image processing unit 25, and a main function processing unit 31. , A communication processing unit 33, and a matching processing unit 47.

  The control unit 11 electrically controls the respective units in the registration / authentication terminal device 3a. The ROM 13 stores a program used for registration and authentication (verification) of biometric information. The RAM 15 reads and stores a corresponding program in the ROM 9 when the biometric information is registered and collated, and functions as a work area of the control unit 11. The recording and execution of the program are not limited to the ROM 13 and the RAM 15, and a hard disk or the like may be used.

  The display unit 17 (FIGS. 2 and 3) is a display unit for information required by the registrant when registering or authenticating biometric information, and does not limit the display format or the like. A display unit is used. The screen displayed on the display unit 17 during registration and authentication will be described later.

  The input unit 19 (FIGS. 2 and 3) is an input unit used by a user for inputting information necessary for registration or authentication. For example, a keyboard K, a mouse M (FIG. 2), a touch panel input unit, or the like can be used. The input unit 19 may be anything necessary for input to the registration screen 33 described later. Since the information input to the registration screen 33 differs depending on the usage mode of each processing terminal 2a to 2f, the contents constituting the input unit 19 for each processing terminal 2a to 2f can be arbitrarily configured.

  The biological information reading unit 21 (FIGS. 2 and 3) is a device that can read biological information as an image. As biometric information that can be read as an image, for example, blood vessels (for example, veins), fingerprints, palm shapes, faces, irises, and the like can be used. In this embodiment, the vein is used in consideration of high security and ease of use, but the present invention is not limited to this, and a combination of two or more pieces of biological information may be used.

  In this embodiment, a finger is used as a part to be read by the biological information reading unit 21 in consideration of readability. However, a back of the hand, a palm, or the like can be used, and the reading part is not limited.

  The biological information reading unit 21 includes a near infrared light source and an image sensor. Utilizing the property that reduced hemoglobin flowing through the vein absorbs light having a wavelength in the near-infrared light region (about 760 nm), the biological information reading unit 21 applies near-infrared light to the finger from the near-infrared light source, thereby increasing the amount of light. The absorbed vein part appears dark and the image is read by an image sensor and converted into an electrical signal. For example, a CCD (Charge Coupled Device) image sensor is used as the image sensor. The vein image reading method is not limited to the above configuration, and any method and means may be used as long as the vein pattern can be read. For example, the present invention is not limited to means using near-infrared light, and a method of reading reflected light of light irradiated on a reading site may be used. In addition, the biometric information reading unit 21 may have either a contact method in which a part to be read is brought into contact with the biometric information reading unit 21 or a non-contact type in which reading is performed without making contact with the biometric information reading unit 21. Note that the biological information reading unit 21 may execute a plurality of readings in order to accurately obtain the vein shape.

  The biometric information reading unit 21 illustrated in FIG. 2 is configured separately from the personal computer main body, but may be configured integrally with the personal computer main body as illustrated in FIG. Further, the biometric information reading unit 21 may be configured to be connected to a personal computer main body and incorporated in a device to be used. FIG. 5 shows a personal computer in which the biometric information reading unit 21 is incorporated in a mouse M. 4 and 5, the display unit 17 and the input unit 19 (keyboard K) are integrally configured in the main body. However, the configuration is not limited thereto, and the main unit, the display unit 17, and the input unit 19 are not limited thereto. In this case, the biological information reading unit 21 can be incorporated into the main body, the display unit 17, and / or the input unit.

  The biometric information reading unit 21 can be used for multi-purpose authentication. For example, it can be used for authentication (first use) for using a personal computer and authentication (second use) for settlement in online shopping.

  The information recording unit 23 stores personal information input from the input unit 19 and the like, a vein image read by the biometric information reading unit 21, and a device unique ID number (including codes and symbols) described later. This is the memory used for

  The image processing unit 25 extracts a vein shape and pattern (hereinafter referred to as “template”) from the image read by the biological information reading unit 21 by image processing. The template is not limited to the image obtained by performing image processing on the read image, but may be the read image itself.

  The communication processing unit 27 communicates information with the data recording processing device 5 (5a, 5b), the financial institution 7, the online store 9A, the public organization homepage 9B, etc. via the communication network 1 at the time of biometric information registration and authentication. Send and receive.

  The communication processing unit 27 has an identification (ID) number that is a unique physical address set to identify each communication device connected to the data communication network 1, for example, a MAC (Media Access Control) address. is doing.

  The MAC address is a unique value (vendor code, for example, upper 6 digits (24 bits)) assigned to each manufacturer (vendor) by IEEE (The Institute of Electrical and Electronics Engineers, Inc.) and the manufacturer. Is configured with a value (for example, lower 6 digits (24 bits)) uniquely assigned to the company's product. Accordingly, each of the processing terminals 2a to 2f (each communication processing unit 27) in FIG. 1 has a different device unique ID number (MAC address). The MAC address is used before the registration / authentication terminal device 3a is used for biometric authentication, for example, before the registration / authentication terminal device 3a (communication processing unit 27) is connected to the data communication network 1 or creating a registration template. The registration / authentication terminal device 3a (communication processing unit 27) is allocated in advance before the registration processing procedure.

  The collation processing unit 29 performs collation by image processing on a pre-registered registration template and authentication template, and matches or complete matches of a predetermined region with a predetermined threshold or more, or matches with a feature part with a predetermined threshold or more. Based on an arbitrary collation judgment criterion such as complete matching, matching / mismatch judgment is performed.

  The main function processing unit 31 is a processing unit that executes online processing (payment processing, information search processing, information disclosure processing, etc.) on the condition that matching is performed in the matching processing unit 29, that is, authentication is accepted.

(Registration screen 33)
FIG. 6 shows an example of a registration screen 33 displayed on the display unit 17 when the user's vein data is registered. The registration screen 33 has a personal information input field 33A, a finger vein registration field 33B, and an instruction input key field 33C.

  The personal information input field 33A includes a name field 33a, an address field 33b, a telephone number field 33c, an account field 33d, and a personal identification number for inputting a registrant's name, address, telephone number, financial institution account, and personal identification number. It has a column 33e. The personal information input field 33A can be added, changed, or deleted as appropriate according to the usage pattern. For example, a member number (ID number), nationality, etc. may be input to the above configuration.

  The finger vein registration column 33B includes a registration finger designation column 33f for designating a finger to be registered, a scroll key 33f1, a finger registration key 33g for instructing reading start of finger veins, and finger registration / designation specified in the registration finger designation column 33f. It has a status key 33h for displaying an unregistered status.

  The registration finger designation field 33f is a field for designating a finger to be registered. One registration finger designation field 33f may be used, but in this embodiment, two finger veins are registered in order to avoid a problem that authentication is denied due to injury of the registration finger or the like. However, the number of registered fingers may be one or three or more. For the designation of a finger in the registered finger designation field 33f, a name that can be designated by the scroll key 33f1 is displayed, and a desired finger can be selected.

  The finger registration key 33g is a key for instructing the start of reading by the biological information reading unit 21 of the finger vein designated in the registration finger designation field 33f. By a click operation (input) on the finger registration key 33g, the guidance screen 33D of FIG.

  The guide screen 33D includes a guide unit 33n, an image display unit 33o, a reading count instruction unit 33p, and a cancel key 33q. The guide unit 33n is a column that shows how to put a finger on the biometric information reading unit 21 with a picture, a photograph, or the like.

  The image display unit 33 o is a column for displaying the vein image read by the biometric information reading unit 21. The template generated by the image processing unit 25 may be displayed on the image display unit 33o.

  The read count instruction section 33p is a column indicating the read count. Although the registration finger may be read once, in the present embodiment, the registration finger is read a plurality of times, for example, three times in order to enable reliable generation of the registration template. When reading of the first registered finger is completed, the end of reading is notified by voice, the registration finger is once released from the biometric information reading unit 21, and the biometric information reading unit 21 is again exposed to the registration finger to perform reading twice. Further, the third reading is performed in the same manner. Each time a registered finger is read, the number of readings in the number-of-reading instruction section 33p is changed to indicate the current number of readings to the registrant.

  The cancel key 33q is a key for interrupting the reading process, and returns to the display of the registration screen 33 when the key is clicked.

  If the registered finger cannot be read by the biometric information reading unit 21 or if the registration finger vein registration template for the registered finger cannot be generated after reading the registered finger three times, an instruction to read it again is given. To do.

  When reading of the registration finger three times is completed and a registration template for the registration finger vein is generated, the guidance screen 33D of FIG. 7 disappears, the display returns to the display of FIG. 6, and the status key 33h is as shown in FIG. Changes from “unregistered” display to “registered display”.

  The instruction input key field 33C (FIG. 6) has a new registration instruction field 33i, a registration deletion instruction field 33j, a final registration instruction field 33k, an authentication test field 33l, and a registration end field 33m.

  The new registration instruction column 33i is a column that waits for a new registrant to display the registration screen 33. That is, when the new registration instruction field 33i is clicked, each field of the personal information input field 33A becomes blank, and the display of all the status keys 33h in the finger vein registration field 33B becomes “unregistered”.

  The registration deletion instruction column 33j is a column for instructing deletion of registered data from the data recording processing device 5. For example, by inputting the name desired to be deleted in the name field 33a and clicking the registration / deletion instruction field 33j, the data recording processing device 5 shifts to the process of deleting the registration data of the person who wants to delete.

  The final registration instruction column 33k is a column for registering the data input in the personal information input column 33A and the generated registration finger vein registration template in the data recording processing device 5.

  The authentication test column 33l is a key for executing a test as to whether or not a registered finger can be actually authenticated using a registration template formed by clicking the finger registration key 33g. By clicking the authentication test column 33l, the authentication guidance screen shown in FIG. 9 is displayed, and the biometric information reading unit 21 reads the registration finger along the guidance screen to generate a test template. The test template is collated with a registration template by a collation processing unit 29 described later, and a collation result is displayed. FIG. 10 shows a collation result when the registration template and the test template are collated based on a predetermined rule described later.

  The registration end column 33m (FIG. 6) is a column for closing the registration screen 33. This key is finally clicked after the template is registered.

  The registration screen 33, the guide screen 33D, the authentication test guide screen shown in FIG. 9, the display of the authentication result shown in FIG. 10, and the like are not limited to such a configuration, and can be added, changed, and deleted as appropriate.

(Authentication screen 35)
FIG. 11 shows an example of an authentication guidance screen 35 displayed on the input unit 17 by executing the authentication program.

  The authentication guidance screen 35 is used for instructing authentication cancellation, an image guiding unit 35a that shows how to put a finger on the biometric information reading unit 21 with a picture, a photograph, and the like, a character guiding unit 35b that shows a message to the person to be authenticated in characters, and The cancel key 35b is provided. The authentication guidance screen 35 may be used for guidance by voice.

  According to the authentication guide screen 35, the person to be authenticated holds his / her finger over the biometric information reading unit 21 to start reading a vein, generating an authentication template, and executing an authentication process. As a result of the authentication process, in the case of “accept”, the process shifts to an online process, and in the case of “No”, a display screen indicating “authentication denied” (not shown) and a finger reading instruction again can be displayed. The authentication guidance screen 35 is not limited to the above-described configuration, and can be changed as appropriate.

(Data recording processor 5)
The data recording processing device 5 (5a, 5b: FIG. 1) uses the unique ID number of the registration / authentication terminal device 3a of each processing terminal 2a to 2f and the biometric authentication using the registration / authentication terminal device 3a of each processing terminal 2a to 2f. The registration template read and transmitted at the time of image registration and the registration data input and transmitted on the registration screen 33 (personal information, prepaid amount, number of points, etc.) are stored and managed in association with each other.

  The data recording processing device 5 includes a shared device 5a that centrally manages data from a plurality of types of processing terminals 2a to 2f (terminals having different owners), and a plurality of processing terminals of the same type (services and service providers are the same). Alternatively, it can be configured as a dedicated device 5b that specially manages data from a partially shared terminal. FIG. 1 shows a case where the shared device 5a is provided in the price replacement company 9, and the dedicated device 5b is provided in the authentication server 5B dedicated to each processing terminal.

  FIG. 12 shows a block diagram of the data recording processing device 5. The data recording processing device 5 includes a control unit 37, a ROM 39, a RAM 41, a database 43, a search processing unit 45, and a communication processing unit 49.

  The control unit 37 electrically and organically controls the respective units in the data recording processing device 5. The ROM 39 stores a program used for biometric information registration processing and collation processing. The RAM 41 reads out and stores a corresponding program in the ROM 39 when the biometric information registration process and collation process are executed, and functions as a work area of the control unit 37. The recording and execution of the program are not limited to the ROM 39 and RAM 41, and a hard disk or the like may be used.

  As shown in FIG. 13, the database 43 includes a search key storage unit 43a, a template storage unit 43b, and a personal information storage unit 43c.

  The search key storage unit 43a stores the device unique ID numbers of the processing terminals 2a to 2f. In the present embodiment, the MAC address of each communication processing unit 27 of each processing terminal 2a to 2f is stored.

  The template storage unit 43b stores the shape and pattern of the vein (registration template) read by the biometric information reading unit 21 and image-processed by the image processing unit 25 (FIG. 3) when input to the registration screen 33. .

  The personal information storage unit 43c stores personal information, prepaid amount, number of points and the like input in the personal information input field 33A (FIG. 6).

  In the database 43, those of the same registrant are stored in association among the search key storage unit 43a, the template storage unit 43b, and the personal information storage unit 43c. The database 43 may not be divided into the search key storage unit 43a, the template storage unit 43b, and the personal information storage unit 43c.

  The search processing unit 45 (FIG. 12) searches for a registration device unique ID number (registration MAC address) that completely matches the authentication device unique ID number (authentication MAC address) when biometric information is authenticated, as a search key storage unit 45a. It is a processing part to detect from.

  The communication processing unit 49 is connected to the authentication communication network 1 and transmits / receives data to / from the authentication terminal device 3a, the financial institution 7, the online store 9A, the public organization homepage 9B, and the like at the time of biometric authentication registration and authentication.

(Registration procedure processing)
Next, the procedure for registering authentication biometric information will be described with reference to the flowchart of FIG. For convenience of explanation, a case where the online processing terminal 2a is used will be described as an example.

  First, when a user desires a registration procedure, registration is performed by operating the input unit 19 (FIGS. 2 and 3) by the registrant himself or a service provider of each terminal (hereinafter abbreviated as “registrant etc.”). The program is read from the ROM 13 to the RAM 15 and executed by the control unit 11, and the registration screen 33 (FIG. 6) is displayed on the display unit 17 (step S1). Note that the registration program may be executed in advance, and the registration screen 33 may be displayed on the display unit 17 without the operation of the input unit 19 to enter a personal information input and vein reading waiting state.

  The registrant or the like inputs the personal information input field 33A (step S2), and the vein is read by holding the finger designated by the registrant in the registered finger designation field 33f over the biometric information reading unit 21. (Step S3).

  In the execution of vein reading in step S3, the biological information reading unit 21 (FIGS. 2 and 3) applies near-infrared light to the finger to supplement the vein image, and the image processing unit 25 (FIG. 3) performs image processing. To create a registration template.

Further, the device unique ID number (registration device unique ID number) of the online processing terminal 2a is acquired (step S4). In the present embodiment, the MAC address of the communication processing unit 27 of the online processing terminal 2a is automatically acquired as the device unique ID number without any input operation by the registrant. Note that the MAC address is data required for data transmission / reception between the processing terminal 2a and the data recording processing device 5 via the communication network 1, and step S4 includes a MAC address acquisition step in the transmission side address creation stage. .
Note that the order of steps S2 to S4 is not limited to this, and the order may be arbitrarily changed or performed in parallel.

  When the entry and vein reading in the personal information input field 33A (FIG. 6) is completed, the device unique ID of the online processing terminal 2a is registered together with the registration control information by a click operation to the final registration instruction field 33k (FIG. 6) of the registrant. The number, personal information, and registration template are transmitted to the data recording processing device 5 (FIGS. 1 and 15) via the communication processing unit 27 (FIG. 3) and the communication network 1 (step S5). Note that the transmission of the device unique ID number in step S5 can be replaced by transmission of the transmission side address when a MAC address is used as the device unique ID number.

  The data recording processing device 5 (FIG. 12) associates the received device unique ID number with the search key storage unit 43a of the database 43, the registration template with the template storage unit 43b, and the personal information with the personal information storage unit 43c. And stored (step S6). When a MAC address is used as the device unique ID number, the received MAC address as the device address on the transmitting side can be stored in the search key storage unit 43a as the device unique ID number.

  When the registration of the device unique ID number, registration template, and personal information in the database 43 is completed, the data recording processing device 5 returns a registration completion notification to the online processing terminal 2a (FIG. 1) that has transmitted the registration processing command. (Step S7).

  The online processing terminal 2a that has received the registration completion notification from the data recording processing device 5 displays a registration completion (not shown) on the display unit 17 (FIGS. 2 and 3) (step S8), and ends the registration process. If an error occurs in any of the registration processes, the display unit 17 can be notified of this and the error overcoming method can be displayed on the display unit 17.

(Certification procedure processing)
Next, the authentication procedure process will be described with reference to the flowchart of FIG. For convenience of explanation, a case where the online processing terminal 2a is used will be described as an example.

  First, when a person to be authenticated (user) desires an authentication procedure, the user himself / herself or a service provider (hereinafter referred to as “authenticated person or the like”) in the online processing terminal 2a inputs the input unit 19 (FIG. 2). 3), the control unit 11 reads and executes the authentication program from the ROM 13 to the RAM 15, and displays the authentication screen 35 (FIG. 11) on the display unit 17 (FIGS. 2 and 3) (step S10). The authentication program 35 may be executed to display the authentication screen 35 on the display unit 17 without operating the input unit 19.

  Next, according to the guidance on the authentication screen 35, the registered finger designated by the person to be authenticated in the registration finger designation field 33f is held over the biometric information reading unit 21 (FIGS. 2 and 3) so that the vein of the part can be read. It is executed (step S11).

  The reading of the finger vein designated in the registered finger designation field 33f (FIG. 6) is performed by the biometric information reading unit 21 (FIGS. 2 and 3) irradiating the finger with near-infrared light and acquiring a vein image of the part, The image processing unit 25 performs image processing on the authentication template to generate an authentication template. Completion of the extraction of the authentication template may be notified to the user by voice, display, or the like. Note that a plurality of readings may be executed when creating the authentication template.

  Further, according to the authentication program, the device unique ID number (authentication device unique ID number) of the online processing terminal 2a is acquired under the control of the control unit 11 (step S12). In the present embodiment, the MAC address of the communication processing unit 27 of the online processing terminal 2a is automatically acquired as a device unique ID number without any input operation of the person to be authenticated. Note that the MAC address is data necessary for the processing terminal 2a to transmit and receive data to and from the data recording processing device 5 via the communication network 1, and step S12 includes a MAC address acquisition step in the transmission side address creation stage. . Note that the order of step S11 and step S12 may be reversed or simultaneous.

  After acquiring the device unique ID number (authentication device unique ID number), the device unique ID number together with the control information of the authentication process is transmitted to the data recording processing device 5 (FIG. 3) via the communication processing unit 27 (FIG. 3) and the communication network 1. 1, 12) (step S13). Note that the transmission of the device unique ID number in step S13 can be substituted by transmission of the transmission side address when a MAC address is used as the device unique ID number.

  The timing of transmitting the device unique ID number to the data recording processing device 5 (step S13) is any opportunity before the vein reading execution (step S11), in parallel with step S11, or after the end of step S11. You may go to

  The data recording processing device 5 stores the received device unique ID number in the search processing unit 45 (FIG. 12). When the MAC address is used as the device unique ID number, the received MAC address as the transmission device address can be stored in the search processing unit 45 as the authentication device unique ID number.

  The search processing unit 45 detects from the search key storage unit 43a a registration device unique ID number that completely matches the received authentication device unique ID number (step S14), and detects one or more (one or more) detected registrations. All the registration templates (detection registration templates) associated with the device unique ID numbers are detected from the template storage unit 43b (step S15).

  Next, the data recording processing device 5 sends one or more (one or more) detected registration templates (hereinafter referred to as “detection registration template”) to the online processing terminal 2a that has transmitted the control information for the authentication processing. Is returned (transmitted) to the registration / authentication terminal device 3a (FIG. 3) (step S16). The detection registration template transmitted to the online processing terminal 2a may or may not be attached with corresponding personal information depending on the processing purpose. When the personal information is not transmitted together with the template, the personal information of the collated template can be transmitted to the online processing terminal 2a as necessary.

  The detection registration template received by the online processing terminal 2a is transmitted to the matching processing unit 29 (FIG. 3). The collation processing unit 29 collates the received detection registration template and the authentication template by image processing, and performs a predetermined collation judgment criterion (a predetermined area equal to or greater than a predetermined threshold or a predetermined area complete match, or a feature Matching / mismatching judgment is performed based on the matching of a part exceeding a predetermined threshold or complete matching (step S17: FIG. 15). If the collation results match, authentication is accepted, and if the collation results do not match, authentication is denied.

  The online processing terminal 2a shifts to execution of an approval process, an information search process, an information disclosure process, and the like of the main function processing unit 31 (FIG. 3) on the condition that the authentication is accepted (step S18: FIG. 15). For example, based on purchase information at the online store 9A (FIG. 1), personal information stored in the personal information storage unit 43c (FIG. 13), etc., the online payment process is executed. If the authentication is negative, execution of online processing (decision processing, information search processing, information disclosure processing, etc.) may be rejected, and re-authentication execution, re-registration processing, etc. may be guided.

  When receiving the other biometric authentication service attached to the amount of the online payment processing, for example, the point processing service, when using the data recording processing device 5a common to the online payment processing, the point is not re-authenticated. Proceed to processing. On the other hand, when receiving another biometric authentication service attached to the amount of the online payment processing, for example, the point processing service, when using the data recording processing device 5b separate from the online payment processing, the person already authenticated Since the device unique ID number and the authentication template are acquired (steps S11 and S12), steps S13 to S17 are executed in parallel or with a time difference with the data recording processing device 5b, and point processing is executed. The

  In the above description, a personal computer (including portable terminals, FIGS. 2, 4, and 5) has been described as the online processing terminal 2a. However, the present invention is not limited to this, and purchase of goods at the online commercial store 9A via the communication network 1 is possible. Or a processing device that can receive service on the public organization homepage 9B, that is, a processing device having a device-specific ID number on the communication network 1, for example, a mobile phone (FIG. 16), a television (FIG. 17). Or the like. FIG. 17 illustrates a television remote controller R in which a biological information reading unit 21 is incorporated.

  An existing device may be used for the display unit 17 and the input unit 19. The display screen can be shared as the display unit 17 or the input unit 19. Further, as the display unit 17 and the input unit 19, a biometric authentication dedicated device including the display unit 17, the input unit 19, and / or the biometric information reading unit 21 as shown in FIG. 18 can be used.

(effect)
With the configuration described above, the person to be authenticated can be authenticated simply by holding the biometric information over the biometric information reading unit 21 at the time of authentication at each of the processing terminals 2a to 2f. Authentication processing without input operation can be realized.

  The registration template to be verified with the authentication template is used as a search key from the plurality of registration templates (M) stored in the data recording processing device 5 as the device unique ID numbers of the processing terminals 2a to 2f. In order to narrow down to one or more (1 or more) detection registration templates (N, N <M, N is an integer of 1 or more), all the registration templates (M pieces) recorded in the data recording processing device 5 are used. ) And the authentication template, the authentication time can be significantly shortened.

  In particular, the device unique ID number is basically the only number all over the world. Among the registration templates stored in the data recording processing device 5, the device unique ID number is duplicated using the same processing terminal. Since the registration template is limited to the registration template of the person who performed the registration process, it is possible to narrow down the registration templates to be collated with the authentication template for each processing terminal, and the authentication processing time can be significantly shortened.

  Further, if the processing terminal 2 is for personal use, the registered device unique ID number is the only one in the search key storage unit 43a, or one registration template (personal registration template) in the search processing at the time of authentication. And the authentication time can be further shortened.

  Therefore, even when registration plates for an unspecified number of users on a global scale are registered in the data recording processing device 5, by using the device unique ID number as a search key, it is possible to narrow down registration templates to be verified at the time of authentication. It is possible to implement a quick verification and authentication process with a simple device.

  Further, since the device unique ID number is a number assigned to the registration / authentication terminal device 3a of each of the processing terminals 2a to 2f, the device itself can be managed (stored, acquired, detected, transmitted / received, etc.). Therefore, by using the device unique ID number as the search key, the registrant and the person to be authenticated do not need to input the device unique ID number as the search key when registering or authenticating the registration template. Therefore, the person to be authenticated at the time of authentication can perform the authentication process accompanied by the process of narrowing down the registration template by performing only the process necessary for creating the authentication template. Accordingly, the authentication time can be shortened despite the simplified procedure of the person to be authenticated required at the time of authentication.

  The MAC address as the device unique ID number is used before the registration / authentication terminal device 3a is used for biometric authentication, for example, before the registration / authentication terminal device 3a is connected to the data communication network 1 or creation / registration processing of a registration template. Since the device is pre-allocated before the procedure, when the registration / authentication terminal device 3a is used for biometric authentication, the device unique number can be easily obtained and used without requiring a new allocation process. it can.

  In addition, a plurality of online stores 9A, public organization homepages, and the like perform authentication processing using a single common data recording processing device 5 (shared device 5a) so that the user can register once. Since a plurality of types of authentication processes can be received by the process, a cardless authentication system that is highly convenient for the user can be constructed. In particular, when using the shared device 5a that is centrally managed by the price reimbursement company 5A, the user can efficiently receive a payment service, a prepaid payment service, etc. with many authentication opportunities through one registration process. It is possible to construct a cardless authentication system that is convenient for users.

  Further, even when receiving a service in which registration templates are registered in different data recording processing devices 5a, 5b, etc., a plurality of authentications are obtained by creating a single authentication template (reading biometric information). I can do this.

  Further, even when the number of registration templates registered in the data recording processing devices 5a and 5b (FIG. 1) is large, collation processing between a detection registration template and an authentication template, which has a large processing load, is performed on each processing terminal 2a. By performing on the 2f side, it is possible to avoid the concentration of the verification processing load on the data recording processing devices 5a and 5b, and even when the number of authentications per unit time increases, the system down due to the overflow of the authentication processing can be avoided, A highly reliable cardless authentication system can be provided.

  In particular, since the online processing device 2a can be used borderless with respect to location and time, the number of authenticated users per unit time may increase extremely. By performing the collation processing with the online processing device 2a, system down can be avoided even when there are many authentication needs, and stable online processing can be provided.

  In the first embodiment, the collation processing unit 29 is provided in the registration / authentication terminal device 3a. However, the present invention is not limited to this, and the collation processing unit 29 is provided in the data recording processing device 5. It is good. Hereinafter, a configuration in which the collation processing unit 29 is provided in the data recording processing device 5 will be described as a second embodiment.

[Second Embodiment]
An authentication processing system B that uses a registration / authentication terminal device 3b using biometric information according to a second embodiment of the present invention will be described with reference to FIGS. In the second embodiment, the same components as those in the first embodiment are denoted by the same reference numerals, and the description thereof is omitted.

  19 shows a schematic configuration diagram of the authentication processing system B, FIG. 20 shows a block diagram of the registration / authentication terminal device 3b, and FIG. 21 shows a data recording processing device according to the second embodiment of the present invention. 5c is a block diagram, and FIG. 22 is a flowchart of the authentication procedure process according to the second embodiment of the present invention.

  The difference from the first embodiment is that the registration / authentication terminal device 3b is not provided with a verification processing unit as shown in FIG. 20, and the verification processing unit 29 is replaced with a data recording processing device 5c as shown in FIG. It is in the point provided in. Therefore, in the authentication procedure processing according to the second embodiment, as shown in FIG. 22, the authentication template is transmitted to the data recording processing device 5c (step S13b).

  The search processing unit 45 of the data recording processing device 5c (FIG. 21) detects a registration device unique ID number that matches the authentication device unique ID number (MAC address) from the search key storage unit 43a (step S14: FIG. 22). ) All the registration templates associated with the detected registration device unique ID number are detected from the template storage unit 43b (step S15).

  The matching processing unit 29 (FIG. 21) collates the authentication template and the detection registration template detected by the search processing unit 45 (step S15) by image processing, and performs a predetermined match determination criterion (a predetermined threshold value of a predetermined region). Based on the above-mentioned coincidence, complete match of a predetermined region, or match of a feature part over a predetermined threshold or complete match of a feature part, etc., matching / mismatch determination is performed (step S17).

  The data recording processing device 5c returns an authentication result (acceptance / denial or determination result) to the registration / authentication terminal device 3b that has transmitted the control information for the authentication processing based on the result of the collation judgment of the collation processing unit 29 (step) S17b).

  The registration / authentication terminal device 3b (FIG. 19) that has received the authentication result from the data recording processing device 5c moves to the execution of the main function processing unit 31 on the condition that the authentication is accepted (step S18). If the authentication is not accepted, the execution of the main function processing unit 31 is rejected, and the processing unique to the processing terminals 2a to 2f, such as the execution of the authentication again and the registration processing, is performed thereafter.

  According to the configuration of the present embodiment, in addition to the operational effects of the first embodiment, the data recording processing device 5c is provided with the collation processing unit 29 (FIG. 21) that collates the registration template and the authentication template. Thus, the registration / authentication terminal device 3b can be made compact, and the registration / authentication terminal device 3b can be applied to many terminal devices 2a to 2f. For example, the registration / authentication terminal device 3b can be incorporated into a portable terminal or a cellular phone (FIG. 16) where a compact configuration is desired while maintaining the compact configuration. Therefore, cardless authentication can be provided to the user on many occasions, and a highly convenient cardless authentication system can be constructed.

  In the first to second embodiments, the MAC address of each communication processing unit 27 is used as the device unique ID number of each of the processing terminals 2a to 2f (registration / authentication terminal devices 3a and 3b) in FIGS. However, the device unique ID numbers of the processing terminals 2a to 2f (registration / authentication terminal devices 3a and 3b) are not limited thereto. Another example of the device unique ID number will be described below as a third embodiment.

[Third Embodiment]
The authentication biometric information registration procedure processing according to the third embodiment of the present invention will be described with reference to the flowchart of FIG. In the present embodiment, only differences from the first and second embodiments will be described, and description of common parts will be omitted.

  In the third embodiment of the present invention, the MAC address of each communication processing unit 27 used as the device unique ID number of each processing terminal 2a to 2f (registration / authentication terminal devices 3a and 3b) in FIGS. The data recording processing devices 5a to 5c are configured so that device unique ID numbers are assigned to the processing terminals 2a to 2f.

Example 1
In the registration process of the first embodiment, during the initial registration procedure from the processing terminals 2a to 2f to the data recording processing devices 5a to 5c, as shown in step S7b of FIG. The data is transmitted from the processing devices 5a to 5c to the processing terminals 2a to 2f.

  The device unique ID number transmitted in step S7b is stored in the information recording unit 23 of the registration / authentication terminal devices 3a and 3b.

  In the authentication procedure processing of the first embodiment, the device unique ID number (assigned device unique ID number) assigned from the information recording unit 23 is obtained when the device unique ID number (authentication device unique ID number) is obtained in step S12. Is done.

(Example 2)
In the second embodiment, when the processing terminals 2a to 2f access the data recording processing devices 5a to 5c for the first time (except in the case of the first embodiment), the device unique ID number is changed from the data recording processing devices 5a to 5c to the processing terminal. 2a to 2f.

  The transmitted device unique ID number is stored in the information recording unit 23 of the registration / authentication terminal devices 3a and 3b.

  In the authentication procedure processing according to the second embodiment, the device unique ID number (assigned device unique ID number) assigned from the information recording unit 23 is obtained when the device unique ID number (authentication device unique ID number) is obtained in step S12. Is done.

  In the first to third embodiments, the MAC address and the assigned device unique ID number assigned from the data recording processing devices 5a to 5c have been described as the device unique ID number. However, the present invention is not limited to this. Numbers, codes, and symbols that can distinguish the terminals 2a to 2f can be used.

  In the first to third embodiments, it has been described that only the biometric information reading process is performed at the time of authentication. However, in order to ensure security, the password number field 33e is displayed on the registration screen 33 as shown in FIG. It is also possible to provide a configuration that requires the input of a personal identification number, personal identification code, etc. at the time of registration, and requires the input of the personal identification number, personal identification code, etc. on the authentication screen 35 (FIG. 11). For example, before or after matching the detection registration template detected by the authentication device unique ID number with the authentication template, the registered password is checked against the password entered at the time of authentication. Security can be improved by adding a match such as a number to the conditions for accepting authentication. It should be noted that by performing collation of the code number before collation between the registration template and the authentication template, a narrowing effect can be expected and the authentication time can be shortened.

It is a schematic block diagram of the authentication processing system A using the authentication terminal device using the biometric information which concerns on the 1st Embodiment of this invention. It is an external view of the personal computer as the online processing terminal 2a which concerns on the 1st Embodiment of this invention. It is a block diagram of the registration and authentication terminal device 3a which concerns on the 1st Embodiment of this invention. It is an external view of the other personal computer as the online processing terminal 2a which concerns on the 1st Embodiment of this invention. It is an external view of the other personal computer as the online processing terminal 2a which concerns on the 1st Embodiment of this invention. It is explanatory drawing of the registration screen 33 which concerns on the 1st Embodiment of this invention. It is explanatory drawing of the guidance screen 33D which concerns on the 1st Embodiment of this invention. It is explanatory drawing of the status key 33h of the said registration screen 33. FIG. It is a reading guidance screen of a registration finger displayed in an authentication test at the time of registration concerning a 1st embodiment of the present invention. It is a result screen of the authentication test at the time of registration which concerns on the 1st Embodiment of this invention. It is a reading guidance screen of a registration finger at the time of authentication concerning a 1st embodiment of the present invention. It is a block diagram of the data recording processing apparatus 5 which concerns on the 1st Embodiment of this invention. It is a block diagram of the database 43 which concerns on the 1st Embodiment of this invention. It is a flowchart of the registration procedure process which concerns on the 1st Embodiment of this invention. It is a flowchart of the authentication procedure process which concerns on the 1st Embodiment of this invention. It is a front view of the mobile telephone as the online processing terminal 2a which concerns on the 1st Embodiment of this invention. It is an external view of the television as the online processing terminal 2a which concerns on the 1st Embodiment of this invention. It is a front view of the exclusive device provided with the display part 17, the input part 19, and the biometric information reading part 21 of the registration and authentication terminal device 3a which concerns on the 1st Embodiment of this invention. It is a schematic block diagram of the authentication processing system B using the registration and authentication terminal device 3b using the biometric information which concerns on the 2nd Embodiment of this invention. It is a block diagram of the registration and authentication terminal device 3b which concerns on the 2nd Embodiment of this invention. It is a block diagram of the data recording processing apparatus 5c which concerns on the 2nd Embodiment of this invention. It is a flowchart of the authentication process which concerns on the 2nd Embodiment of this invention. It is a flowchart of the registration procedure process which concerns on the 3rd Embodiment of this invention.

Explanation of symbols

A, B Authentication processing systems 3a-3c Registration / authentication terminal devices 5a-5c Data recording processing devices 13, 39 ROM
21 Biometric information reading unit 23 Information recording unit 25 Image processing unit 27 Communication processing unit 29 Collation processing unit 43 Database 43a Search key storage unit 43b Template storage unit 45 Search processing unit

Claims (7)

A registration template storage unit that stores a registration image of a plurality of registrants using a biometric image of a predetermined part of the registrant as a registration template;
A registration search key storage unit that stores a plurality of registration search keys in association with the plurality of registration templates;
A search processor for detecting a registration search key that matches the received authentication search key from the plurality of registration search keys;
The biometric authentication processing device, wherein the registration search key is a device unique number of a registration device that has transmitted the registration template. A verification processing unit that compares an authentication template that is a biometric image of a predetermined part of the person to be authenticated and the registration template in the registration template storage unit;
The verification processing unit determines whether or not the authentication template matches a registration template associated with the registration search key detected by the search processing unit. The biometric authentication processing apparatus according to 1.   The biometric authentication processing device according to claim 1, wherein the device unique number is a MAC address. An authentication template creating step for creating an authentication template from a biometric image of a predetermined part of the person to be authenticated;
An authentication search key acquisition step of acquiring an authentication search key of the person to be authenticated;
A search step of detecting a registration search key including the authentication search key from among a plurality of registration search keys;
A verification step of determining whether the authentication template matches the registration template associated with the registration search key detected in the search step;
Have
The registration search key is a device unique number of a registration device that has transmitted the registration template,
The biometric authentication method, wherein the authentication search key is a device unique number of an authentication device that has transmitted the authentication search key.   The biometric authentication method according to claim 4, wherein the device unique number is a MAC address of the registration device and the authentication device.   A program for causing a device to execute the biometric authentication method according to claim 4 or 5.   A recording medium on which the program according to claim 6 is recorded.

Images