JP2009223772A - Authentication system, portable medium, authentication device and authentication method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication system, capable of performing authentication of each user without issuing a card medium to each of a plurality of users which need authentication. <P>SOLUTION: The authentication system includes a portable medium which can store information to be used by a plurality of users, and an authentication device which performs user authentication using the information stored in the portable medium. The portable medium includes a user information storage part which preliminarily stores, for each of the plurality of users, a plurality of pieces of authentication reference information that is a base for authenticating each user. The authentication device includes an authentication information input part which receives input of the authentication information from each user; and an authentication processing part which compares the authentication information input to the authentication information input part with each of the plurality of pieces of authentication reference information stored in the user information storage part to determined whether the authentication of the user is permitted or not. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an authentication system, a portable medium, an authentication device, and an authentication method for performing user authentication based on information stored in advance in a portable medium.

  Conventionally, a technique has been used in which user information is stored in advance in a portable medium such as an IC card, and the user is authenticated using the portable medium carried by the user. For example, for entrance / exit management of an office building or the like, a security gate provided with an authentication device is installed at the entrance of the office building, and authentication reference information such as fingerprint information of each user collected in advance is stored in advance for each user. Distribute the IC card. When the user passes the security gate, when the distributed IC card is brought close to the authentication device and the finger is brought close to a predetermined fingerprint reading device, the fingerprint reading device reads the fingerprint information. If the fingerprint information read from the user matches the authentication reference information stored in advance in the IC card, the authentication device opens the gate as authentication permission, and if it does not match, cannot open the gate as authentication rejection. Here, password information such as PIN (Personal Identification Number) may be used as information input to the authentication device when the user passes, in addition to biometric information such as fingerprint information.

  In addition to storing the authentication standard information corresponding to the user in such an IC card, whether authentication by the IC card itself is effective, for example, when the IC card is reported lost Identification information for identifying whether or not is stored. FIG. 7 is a diagram illustrating an example of data for storing identification information and authentication standard information stored in the IC card. For example, the system administrator registers the identification information given to the lost IC card in the authentication device when the IC card is lost, and the authentication device is lost corresponding to the registered identification information. It is configured to take measures such as denying authentication by an IC card and prohibiting traffic.

In addition, as an IC card that provides an authentication function, the invention disclosed in Patent Document 1 uses any credit card when a user carries a plurality of credit cards with respect to a credit card to which the IC card is applied. Focuses on being unable to judge whether it is appropriate. Therefore, in Patent Document 1, a single IC card is provided with a plurality of credit card functions, and based on the card usage information stored in the IC card, a user recommends a credit card recommended for use among the plurality of credit cards. The technology presented in is proposed.
Further, in Patent Document 2, when it is necessary to authenticate a user with a plurality of authentication information, a plurality of authentication information is provided on one IC card in order to prevent the user from having to carry a plurality of IC cards. A technique that makes it easy to store and select appropriate authentication information according to a scene has been proposed.
Further, in Patent Document 3, when a plurality of systems are to be used using the same IC card, the information stored in the IC card in advance is externally provided by providing the IC card itself with a security authentication function. There has been proposed a technique that can be used for a plurality of systems without being output and that can perform authentication with a high security level.
JP 2007-272728 A JP 2006-79592 A JP 2006-268570 A

However, in the method as described above, it is necessary to distribute at least one IC card to each of a plurality of users. Here, for example, a security gate of an office building is a regular employee who carries an IC card as needed to work in the office building, as well as a user who visits irregularly or regularly, such as a delivery company or a maintenance company of office equipment. Authentication may be performed. Particularly in recent years, it is desirable to perform security checks similar to regular employees for such users and record the entry / exit history due to the necessity of measures to prevent information leakage. In such a case, if the above-described method is applied, a corresponding IC card must be issued to each user who visits rarely. This complicates the management of issued IC cards and increases the amount of issued IC card media.
In addition, in the authentication performed by lending a plurality of IC cards in advance to an organizational unit such as a supplier, it is possible to identify which organization has been authenticated by the IC card lent to which organization, but which of the organizations belonging to the organization It cannot be identified whether it was used by a person.

  The present invention has been made in view of such a situation, and an authentication system that can appropriately authenticate each user without issuing a card medium to each of a plurality of users who need authentication, A portable medium, an authentication device, and an authentication method are provided.

  In order to solve the above-described problems, the present invention provides a portable medium that can be used by a plurality of users and can store information, and an authentication device that authenticates a user using information stored in the portable medium. The portable system includes a user information storage unit that stores in advance, for each user, a plurality of pieces of authentication reference information serving as a reference for authenticating each of a plurality of users. The authentication information input unit that accepts input of authentication information, the authentication information input to the authentication information input unit, and each of the plurality of authentication reference information stored in the user information storage unit are compared, and user authentication is permitted. And an authentication processing unit that determines whether or not to do so.

  Further, according to the present invention, the user information storage unit of the above-described portable medium stores authentication reference information corresponding to a plurality of users in association with identification information given in advance to the portable medium. An identification information storage unit that stores in advance information indicating whether authentication using the portable medium is invalid in association with identification information given to the portable medium, and an authentication processing unit of the authentication device Is characterized in that when the identification information that matches the identification information stored in the portable medium is stored in association with the information indicating invalidity in the identification information storage unit, it is determined that the authentication is not permitted. .

  Further, the present invention provides an authentication history information storage that stores, as authentication history information, authentication standard information that is determined to permit authentication when the authentication processing unit determines that the authentication of the user is permitted by the authentication processing unit. The authentication processing unit of the authentication device, when sequentially comparing the authentication information input to the authentication information input unit and each of the plurality of authentication reference information stored in the user information storage unit The authentication standard information that matches the authentication history information stored in the storage unit and the authentication standard information are sequentially compared with each other.

  In the present invention, the portable medium described above is used when a user corresponding to predetermined authentication standard information among a plurality of authentication standard information stored in the user information storage unit is authorized. It is possible to additionally write authentication standard information to the information storage unit.

  In addition, the present invention accepts an input of authentication information from a user, and compares the input authentication information with authentication standard information received from a portable medium to determine whether to permit user authentication. A portable medium that communicates with the apparatus, and includes a user information storage unit that stores in advance, for each user, a plurality of pieces of authentication reference information serving as a reference for authenticating each of a plurality of users.

  Moreover, this invention authenticates a user using the portable medium which memorize | stores beforehand for every user the some authentication reference information used as the reference | standard which authenticates each of several users, and the information memorize | stored in the portable medium. An authentication device, an authentication information input unit that receives input of authentication information from a user, authentication information input to the authentication information input unit, and each of a plurality of authentication reference information stored in a user information storage unit And an authentication processing unit that determines whether or not to permit user authentication.

  Moreover, this invention authenticates a user using the portable medium which memorize | stores beforehand for every user the some authentication reference information used as the reference | standard which authenticates each of several users, and the information memorize | stored in the portable medium. An authentication method using an authentication device, wherein an authentication information input unit of the authentication device accepts input of authentication information from a user, and an authentication processing unit receives authentication information input to the authentication information input unit; And comparing each of the plurality of pieces of authentication standard information stored in the portable medium to determine whether or not to permit user authentication.

  As described above, according to the present invention, the portable medium stores in advance a plurality of authentication standard information serving as a reference for authenticating each of a plurality of users, and the authentication device includes authentication information input from the user. Since the comparison with the authentication standard information stored in advance and determining whether or not to allow the user authentication, it is possible to authenticate a plurality of users using one portable medium, The user who has performed authentication can be identified.

  According to the present invention, the portable medium stores authentication standard information corresponding to a plurality of users in association with the identification information given in advance to the portable medium, and the authentication device is given to the portable medium. The identification information indicating whether or not the authentication using the portable medium is invalid is stored in advance in association with the identification information stored in the portable medium to be authenticated. Since it is determined that authentication is not permitted when stored in association with each other, it is determined that the identification information is invalid even when authentication standard information corresponding to a plurality of users is stored in the portable medium. Thus, authentication by a portable medium having identification information determined to be invalid can be rejected.

  Further, according to the present invention, when it is determined that the user authentication is permitted, the authentication standard information permitted to be authenticated is stored as the authentication history information, and the authentication information to be input and a plurality of pre-stored authentication standard information In order to compare each of the authentication criteria information, authentication criteria information that matches the authentication history information is sequentially compared with each authentication criteria information, so authentication criteria information for which authentication has been permitted in the past is given priority. Comparison processing can be performed. Thereby, for example, it is possible to sequentially perform comparison processing from authentication standard information that is frequently used and is likely to match, and when it is determined that authentication is permitted, processing until the determination is permitted Can be done quickly.

  Further, according to the present invention, when authentication of a user corresponding to predetermined authentication standard information among a plurality of authentication standard information stored in the user information storage unit is permitted, Since additional writing of authentication standard information is made possible, when providing a portable medium to a specific organization, for example, if authentication of a reliable administrator of the organization is permitted, user information is sent to the administrator. It is possible to perform an operation of giving the authority to perform additional writing of the authentication standard information to the storage unit and delegating the management of the authentication standard information stored in the portable medium to the administrator.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings.
FIG. 1 is a block diagram showing the configuration of the authentication system according to the present embodiment.
The authentication system of the present embodiment includes an IC card 100, an authentication device 200, and a gate 300.
The IC card 100 is a portable medium in which an IC chip having functions for storing and calculating information is incorporated, and includes a user information storage unit 110 and an IC card communication unit 120. Here, the portable medium is a portable information processing medium.
The user information storage unit 110 stores a plurality of user information in association with the identification information given to the IC card 100. FIG. 2 is a diagram illustrating a data example of information stored in the user information storage unit 110. As illustrated in FIG. 2, the user information storage unit 110 stores user information including a name, a affiliation, and authentication reference information in association with one piece of identification information. The identification information is uniquely given among the plurality of IC cards 100 that exist. When the user loses the IC card 100, for example, the authentication by the IC card 100 having the identification information of the lost IC card 100 is invalidated. Even if a person tries to use it for authentication, the authentication can be rejected.

  In the user information, the name is the name of the user. The affiliation is information indicating the affiliation of the user, for example. For example, when the IC card 100 is distributed to users belonging to a specific company, information indicating the affiliation and location of the user within the company is applied. The authentication standard information is password information such as a predetermined PIN, or biometric information such as fingerprint information, iris information, and vein information collected in advance from a user and converted into digital information, and is used as an authentication template when performing authentication processing. Used. In the present embodiment, fingerprint information is applied to the authentication standard information.

  Thus, in the present embodiment, a plurality of user information associated with one piece of identification information is stored in one IC card 100. In this way, for example, when the dispatch source is the same user but a different user visits from time to time, such as a delivery company, one IC card 100 for each of all users who may visit. For example, the number of IC cards 100 corresponding to the number of people who visit the building at a time may be issued. In this case, a plurality of users can share and use one IC card 100. Although one IC card 100 is illustrated in FIG. 1, a plurality of necessary cards may be prepared in this way.

  The IC card communication unit 120 performs information communication with the authentication device 200. In this embodiment, the IC card communication unit 120 performs non-contact wireless communication with the authentication device 200, and the IC card 100 is a non-contact type IC card. The IC card may be applied.

  The gate 300 is a security gate provided at the entrance of a security area where user traffic is managed by the IC card 100 and the authentication device 200. The gate 300 has a flap that opens and closes depending on the result of the authentication process performed by the authentication device 200. When the user authentication is permitted, the flap is opened to allow the user to pass, and if the authentication is rejected, It operates to close the flap and prevent the user from passing.

The authentication device 200 performs user authentication processing based on information read from the IC card 100. The authentication device 200 includes an authentication device communication unit 210, an authentication processing unit 220, an authentication information input unit 230, an authentication history storage unit 240, and an identification information storage unit 250.
The authentication device communication unit 210 performs wireless communication with the IC card communication unit 120 of the IC card 100.
The authentication information input unit 230 receives input of authentication information from the user. In the present embodiment, the authentication information input unit 230 includes a fingerprint sensor that reads the fingerprint information of the user by bringing the finger close to the user, and acquires authentication information obtained by converting the fingerprint information read by the fingerprint sensor into digital information. .
The authentication history storage unit 240 stores, as authentication history information, information indicating authentication reference information corresponding to the authentication information permitted for authentication by the authentication processing unit 220.

  The identification information storage unit 250 stores identification information indicating whether or not the IC card 100 to which the identification information is assigned is invalid in association with the identification information to be assigned to each of the plurality of IC cards 100. For example, when the administrator of the authentication system receives a notification that the IC card 100 has been lost from a user who has distributed the IC card 100, the authentication system administrator authenticates the identification information given to the lost IC card 100 in association with the invalid information. The information is stored in the identification information storage unit 250 of the device 200. The identification information stored in the identification information storage unit 250 is read by the authentication processing unit 220 described later, and is controlled so as not to permit authentication of the IC card 100 having the invalid identification information. Here, the identification information storage unit 250 may store information indicating validity or invalidity in association with all issued authentication information, or may store only identification information that has become invalid. If identification information is stored in the storage unit 250, it may be configured to indicate that it is invalid.

  The authentication processing unit 220 reads the identification information stored in the IC card 100 via the authentication device communication unit 210, and the same identification information as the read identification information corresponds to information indicating invalidity in the identification information storage unit 250. An identification information determination process is performed to determine whether the information is attached and stored. Here, if the same identification information as the identification information read from the IC card 100 is stored in association with the information indicating invalidity in the identification information storage unit 250, the authentication processing unit 220 ends the authentication. On the other hand, if the same identification information as the identification information read from the IC card 100 is not stored in the identification information storage unit 250 in association with the information indicating invalidity, the authentication processing unit 220 determines that the identification information is valid.

  If the authentication processing unit 220 determines that the identification information stored in the IC card 100 is valid, the authentication processing unit 220 performs an authentication process using the authentication information. In the authentication process, the authentication processing unit 220 compares each of the plurality of authentication reference information read from the IC card 100 via the authentication device communication unit 210 with the authentication information input to the authentication information input unit 230. Further, the authentication processing unit 220 determines that authentication is permitted when there is authentication standard information that exceeds a predetermined threshold and matches the authentication information. Further, the authentication processing unit 220 determines that the authentication is rejected when the authentication reference information does not match the authentication information exceeding a predetermined threshold.

  Here, the comparison process between the authentication standard information and the authentication information performed by the authentication processing unit 220 calculates the degree of coincidence, and a plurality of authentication standard information read from the IC card 100 as in the present embodiment. The comparison processing between each and the authentication information places a heavy load on the calculation unit and may increase the processing time. Therefore, the authentication processing unit 220 according to the present embodiment refers to the authentication history information stored in the authentication history storage unit 240, and performs the authentication processing with priority from the authentication reference information that is frequently permitted for authentication.

Next, an operation example in which the authentication system according to the present embodiment performs user authentication processing will be described with reference to FIG.
Here, it is assumed that the user's fingerprint information is collected in advance, and the IC card 100 storing the authentication standard information which is digitized fingerprint information is distributed to the user. When the user passes through the gate 300, the user brings the IC card 100 close to the authentication device 200 installed in the IC card 100. When the IC card 100 enters the area where it can communicate with the authentication device 200, the IC card communication unit 120 of the IC card 100 reads the identification information stored in the user information storage unit 110 and transmits it to the authentication device 200 (step). S1).

  When the authentication device communication unit 210 of the authentication device 200 receives the identification information transmitted from the IC card 100, the authentication processing unit 220 refers to the information stored in the identification information storage unit 250 and performs an identification information determination process. (Step S2). If the authentication processing unit 220 determines that the identification information transmitted from the IC card 100 is invalid (step S2—invalid), the authentication device 200 ends the authentication process (step S3). In this case, the gate 300 is not opened.

  On the other hand, if the authentication processing unit 220 determines that the identification information transmitted from the IC card 100 is valid in step S <b> 2, the authentication device communication unit 210 of the authentication device 200 transmits information indicating validity to the IC card 100. (Step S2-Effective). When the IC card 100 receives information indicating validity from the authentication device communication unit 210, the IC card communication unit 120 transmits a plurality of authentication reference information stored in the user information storage unit 110 to the authentication device 200 ( Step S4).

  When the authentication device communication unit 210 of the authentication device 200 receives the authentication reference information transmitted from the IC card 100, the authentication information input unit 230 receives an input of authentication information from the user. When the user brings a finger close to the authentication information input unit 230, the authentication information input unit 230 acquires the fingerprint information of the user, and converts the acquired fingerprint information into digital information as authentication information (step S5). And the authentication process part 220 performs the authentication process which compares the some authentication reference information received from the IC card 100 at step S4, and the authentication information input into the authentication information input part 230 at step S5 (step S6). . Here, the authentication processing unit 220 refers to the authentication history information read from the authentication history storage unit 240, and sequentially starts from authentication standard information with a high frequency of authentication among a plurality of authentication standard information received from the IC card 100. The comparison process with the authentication information is performed.

Then, the authentication processing unit 220 rejects authentication if there is no authentication standard information that matches the authentication information input to the authentication information input unit 230 and exceeds a predetermined threshold among the authentication standard information received from the IC card 100. (Step S6-Reject), and the authentication apparatus 200 ends the authentication process (Step S7). In this case, the gate 300 is not opened. On the other hand, if there is authentication criterion information that matches the authentication information input to the authentication information input unit 230 beyond a predetermined threshold among the authentication criterion information received from the IC card 100 by the authentication processing unit 220 in step S6. Then, it is determined that authentication is permitted (step S6-permitted).
And the authentication process part 220 memorize | stores the authentication reference | standard information determined with authentication permission by step S6 in the authentication log | history memory | storage part 240 as authentication log | history information (step S8). And if the authentication process part 220 determines with authentication permission, the authentication apparatus 200 will open the gate 300 (step S9).

  In the above example, the authentication processing unit is provided in the authentication device 200. However, such an authentication processing unit may be provided in the IC card 100. FIG. 4 is a diagram illustrating a configuration example of the authentication system when the authentication processing unit is provided in the IC card 100. Here, the same components as those in the example shown in FIG. 1 are denoted by the same reference numerals, and the description thereof is omitted. The IC card 100 further includes an authentication processing unit 130.

  In the identification information determination process in the authentication system shown in FIG. 4, the authentication device communication unit 210 transmits the identification information read from the identification information storage unit 250 to the IC card 100. When the IC card communication unit 120 of the IC card 100 receives the identification information transmitted from the authentication device 200, the authentication processing unit 130 performs an identification information determination process. If the authentication processing unit 130 determines that the identification information determination process is valid, the IC card communication unit 120 stores the authentication information input from the user in the authentication information input unit 230 of the authentication device 200 and the authentication history storage unit 240. Received authentication history information. The authentication processing unit 130 performs authentication processing using the authentication information and authentication history information received by the IC card communication unit 120 and the authentication reference information read from the user information storage unit 110. If the authentication processing unit 130 of the IC card 100 determines that authentication is permitted, the IC card communication unit 120 transmits information indicating authentication permission to the authentication device 200, and the authentication device 200 opens the gate 300.

Further, as shown in FIG. 5, the user information storage unit 110 may store identification information for each user information. In this case, since the amount of identification information managed as an authentication system is larger than that in the example in FIG. 2, the example in FIG. 2 can perform authentication processing more efficiently. Can be set.
In addition to the data example shown in FIG. 5, the user information storage unit 110 may store a card serial number common to all user information, as shown in FIG. If the identification information is managed in association with the card serial number in this manner, for example, when the IC card 100 is lost, all of the plurality of identification information corresponding to the lost card serial number are invalidated. Thus, a plurality of identification information can be managed collectively.

  In addition, when a predetermined user authentication is permitted among a plurality of user information stored in the user information storage unit 110, the user information can be additionally written to the user information storage unit 110. May be. For example, when the IC card 100 according to the present embodiment is issued to an organization such as a specific company, the authority to add or delete user information stored in the IC card 100 is given to a specific reliable person of the organization. . In this way, even when there is a change in user information associated with specific identification information, the management of the change is delegated to the organization that issued the IC card, and the transfer destination can flexibly respond to the user's change. Registration information can be changed.

  In the present embodiment, the IC card 100 is applied as a portable medium for storing user information. However, various media including an IC chip such as an RFID may be applied. For communication with the authentication device, human body communication or various types of wireless communication may be applied.

  Thus, conventionally, the use of non-contact IC cards has been expanded in the field of entrance and exit management due to the purpose of improving convenience and cost reduction. In addition, due to information leakage prevention measures and the like, it has been required to keep a strict record of entering and leaving the room. For this reason, IC cards have been distributed not only to employees but also to everyone who may enter or leave the room.

  In the prior art, there has been a method for enabling the functions of a plurality of IC cards owned by one user to be used with one IC card. However, in such a conventional technology, it is necessary to distribute the IC card to all users, and it is difficult to reduce the number of distribution cards and to manage a large number of IC cards. There was a problem such as. In particular, it is difficult to prepare an IC card corresponding to each user for an IC card lent to a business operator, etc., and lending is performed in a lender by business unit, and which user is the actual user is a system There was a case that could not be identified above. For example, it is assumed that ten IC cards each having identification information from “001” to “010” are lent together to Company F. One day, Mr. X of Company F enters and exits the A building using the “001” IC card, and the next day, Mr. Y of Company F uses the “001” IC card to the A building. The next day, Mr. Z of Company F uses the “002” IC card to enter and exit the B building. Was recorded as. In order to avoid this, it is possible to lend an IC card to an individual unit, but in this case, it is necessary to distribute the IC card to all persons who may enter or leave the room, and there is a possibility of entering or leaving the room. It was necessary to register validity / invalidity of identification information in all gates.

Therefore, according to the present embodiment, by using an IC card that stores a plurality of pieces of authentication standard information and identification information associated therewith, the IC card can be shared by a plurality of users and the user is specified on the system. It is possible to provide an authentication system that can Furthermore, using such an IC card, it is possible to increase the speed of verification in the authentication process by providing a function of verifying the verification process and changing the comparison order according to the use history of the IC card up to the previous time. . In addition, according to such an IC card, it is possible to pass using a single IC card in a security gate to which a two-person rule is applied so that it cannot be opened unless two persons are successfully authenticated.
As described above, according to the present embodiment, it is possible to reduce the amount of IC cards distributed for the authentication system and to identify the user who passes. Furthermore, the number of identification information data for each user can be reduced.

It is a figure which shows the terminal structure of the authentication system by one Embodiment of this invention. It is a figure which shows the example of data memorize | stored in the user information storage part by one Embodiment of this invention. It is a figure which shows the operation example of the authentication system by one Embodiment of this invention. It is a figure which shows the terminal structure of the authentication system by one Embodiment of this invention. It is a figure which shows the example of data memorize | stored in the user information storage part by one Embodiment of this invention. It is a figure which shows the example of data memorize | stored in the user information storage part by one Embodiment of this invention. It is a figure which shows the example of data memorize | stored in the IC card by a prior art.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 IC card 110 User information storage part 120 IC card communication part 130 Authentication processing part 200 Authentication apparatus 210 Authentication apparatus communication part 220 Authentication processing part 230 Authentication information input part 240 Authentication history storage part 250 Identification information storage part 300 Gate

Claims (7)

An authentication system comprising: a portable medium that can be used by a plurality of users and capable of storing information; and an authentication device that authenticates the user using information stored in the portable medium,
The portable medium is
A user information storage unit that stores a plurality of pieces of authentication standard information that serves as a reference for authenticating each of the plurality of users in advance for each user;
The authentication device
An authentication information input unit that receives input of authentication information from the user;
The authentication information input to the authentication information input unit is compared with each of the plurality of authentication standard information stored in the user information storage unit to determine whether or not to allow the user authentication. An authentication processing unit;
An authentication system comprising: Of the portable medium,
The user information storage unit stores the authentication standard information corresponding to the plurality of users in association with identification information given in advance to the portable medium,
The authentication device
An identification information storage unit that stores in advance information indicating whether or not authentication using the portable medium is invalid in association with the identification information given to the portable medium;
The authentication processing unit of the authentication device authenticates when identification information that matches the identification information stored in the portable medium is stored in association with information indicating invalidity in the identification information storage unit. The authentication system according to claim 1, wherein the authentication system is determined not to be permitted. The authentication device
An authentication history information storage unit for storing, as authentication history information, the authentication reference information determined to permit the authentication when the authentication processing unit determines to permit the user authentication;
When the authentication processing unit of the authentication device sequentially compares the authentication information input to the authentication information input unit and each of the plurality of authentication reference information stored in the user information storage unit, the authentication history The authentication standard information that matches the authentication history information stored in the information storage unit is sequentially compared with each of the authentication standard information and the authentication information. The authentication system according to any one of claims. The portable medium is
The authentication standard information to the user information storage unit when the authentication of the user corresponding to the predetermined authentication standard information among the plurality of authentication standard information stored in the user information storage unit is permitted. 4. The authentication system according to claim 1, wherein the additional writing is enabled. 5. Communication with an authentication apparatus that accepts input of authentication information from a user and compares the input authentication information with authentication standard information received from a portable medium to determine whether or not to allow authentication of the user. A portable medium to perform,
A portable medium comprising: a user information storage unit that stores in advance, for each user, a plurality of pieces of authentication reference information serving as a reference for authenticating each of the plurality of users. A portable medium that stores a plurality of pieces of authentication standard information as a reference for authenticating each of a plurality of users in advance for each user, and an authentication apparatus that authenticates the user using information stored in the portable medium. And
An authentication information input unit that receives input of authentication information from the user;
The authentication information input to the authentication information input unit is compared with each of the plurality of authentication standard information stored in the user information storage unit to determine whether or not to allow the user authentication. An authentication processing unit;
An authentication device comprising: A portable medium that stores in advance a plurality of authentication standard information that is a standard for authenticating each of a plurality of users for each user, and an authentication device that authenticates the user using information stored in the portable medium The authentication method used,
Of the authentication device,
An authentication information input unit accepting input of authentication information from the user;
Whether or not the authentication processing unit compares the authentication information input to the authentication information input unit with each of the plurality of authentication reference information stored in the portable medium, and permits authentication of the user. Determining whether or not
An authentication method comprising:

Images