JP2010092442A - Method, system for personal identification, determination device, terminal, server, program and recording medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a technology for personal identification in which high availability and high information security are combined and which can be attained at comparatively low cost. <P>SOLUTION: In a terminal 11, biological information on a person A who is a legitimate owner of the terminal 11 is stored in a state that the biological information is encrypted by an encryption key stored in a server 13. When terminal identification information and the encrypted biological information are received from the terminal 11, a determination device 12 transfers the received terminal identification information to the server 13. The server 13 transmits the stored encryption key to the determination device 12 by associating the encryption key with the terminal identification information received from the determination device 12. The determination device 12 decrypts the biological information received from the terminal 11 by the encryption key received from the server 13. The determination device 12 determines whether or not an owner of the terminal 11 is the person A by comparing the biological information obtained by decryption with biological information generated from photograph data of the owner of the terminal 11. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a method, system, determination device, terminal device, server device, program, and recording medium for identity authentication.

  Personal authentication is required in various situations in our lives, such as entrance / exit management and deposit / withdrawal management at ATMs. A method of authenticating a person a as a person A as a method of performing personal authentication by the apparatus when the person a to be authenticated has been able to correctly input a user name and password that only the person A knows into the apparatus. Has been used. In recent years, when it is determined that the person a to be authenticated has biometric information unique to the person A, a method of authenticating the person a as the person A (so-called biometric authentication) has been proposed and is being put into practical use. is there.

As a technique for personal authentication using biometric authentication, for example, in Patent Documents 1 and 2, biometric information for reference is stored in advance in a portable device such as an IC card, and obtained directly from an authorized owner of the portable device. There has been proposed a system for authenticating the owner of a portable device based on the result of comparing the biological information with the reference biological information stored in the portable device.
JP 2007-148480 A JP 2008-181295 A

  According to the techniques proposed in Patent Document 1 and Patent Document 2, since biometric information for reference is stored in a device carried by the owner, for example, when biometric authentication is performed, the biometric information for reference is remotely located. Compared with the case of acquiring from the arranged server device, the convenience that the time required for the personal authentication is expected to be shortened can be obtained. On the other hand, in the case of the techniques proposed in Patent Document 1 and Patent Document 2, the biometric information for reference is stored in the portable device by a malicious owner or the like as compared with the case where the biometric information for reference is centrally managed by the server device or the like. There is a high risk that the biometric information for reference will be tampered with, and information security must be lowered. In order to prevent such tampering, when taking measures such as giving the portable device high tamper resistance, the cost of the portable device increases.

  In view of the above situation, an object of the present invention is to provide a technique of personal authentication that has both high convenience and high information security and can be realized at a relatively low cost.

  In order to achieve the above object, the present invention provides identification information for identifying the own device or a proper owner of the own device, and unique information for reference that is information unique to the owner that can be acquired only from the valid owner. A first transmission step in which a terminal device storing encrypted unique information obtained by encrypting the information transmits the identification information and the encrypted unique information to a determination device; and A second transmission step of transmitting the identification information transmitted from the terminal device in one transmission step to a server device storing a decryption key in association with each of a plurality of identification information; and The third decryption key that is stored in association with the identification information transmitted from the determination device in the second transmission step among the plurality of decryption keys stored by the own device is transmitted to the determination device. Sending of And the determination device decrypts the encrypted unique information transmitted from the terminal device in the first transmission step using the decryption key transmitted from the server device in the third transmission step. A decoding step for generating reference specific information by converting the information into an identification step, and an acquisition step for acquiring the specific information for collation, which is information unique to the owner that can be acquired from only the owner of the terminal device by the determination device; The determination device is based on a result of comparison between the reference specific information generated in the decoding step and the verification specific information acquired in the acquisition step, and the owner is the same person as the rightful owner. There is provided a method for identity authentication comprising a determination step of determining whether or not there is.

  According to the above method, since the reference specific information necessary for performing the personal authentication in the determination device is stored in the terminal device that is normally close to the determination device, the determination device can easily acquire the reference specific information. It is highly convenient, and at the same time, the reference unique information stored in the terminal device is encrypted and cannot be decrypted in the terminal device. Therefore, a high-cost measure such as tamper resistance is applied to the terminal device. Therefore, it is possible to ensure high information security.

  The present invention also provides a system, a determination device, a terminal device, a server device, a program, and a recording medium for executing the above method.

[1. Embodiment]
[1.1. Overview]
Prior to detailed description of a personal authentication system according to an embodiment of the present invention, an outline of a personal authentication system according to the present invention will be described. FIG. 1 is a diagram showing a basic configuration of a personal authentication system 1 according to an embodiment of the present invention. The personal authentication system 1 includes a terminal device 11 to be carried by a person A who is a legitimate owner, and a determination device 12 that determines whether the person a who currently owns the terminal device 11 is the person A. And a server device 13 that manages a decryption key for decrypting the encryption of the unique information used for the determination.

  The unique information is information unique to the person that can be acquired only from a certain person. Specific examples thereof include (1) a password that only the person should know, and (2) only the person is in the body. This information is so-called biological information. Examples of biometric information that can be used for personal authentication include fingerprints, palm shapes, capillaries of the retina, histograms of shades of iris, face / figure shapes, vein shapes, voiceprints, ear shapes, DNA, There are handwriting, keystroke characteristics, lip movement characteristics, and blinking characteristics.

  In this specification, a person who possesses a terminal device but is uncertain whether or not it is a legitimate owner of the terminal apparatus is referred to as a “holder” and is distinguished from a “legitimate owner”.

  A terminal identification information for identifying the terminal device 11 from other terminal devices is stored in a ROM (Read Only Memory) 111 provided in the terminal device 11. The non-volatile storage unit 112 included in the terminal device 11 stores unique information, which is information that can be acquired only from the person A, in an encrypted state. Hereinafter, the encrypted unique information is referred to as “encrypted unique information”.

  The determination device 12 is a thin client that does not have a writable non-volatile storage unit, and can communicate with the terminal device 11 by wireless communication, and at the same time, communicates with the server device 13 via the Internet. Is possible. Communication between the determination device 12 and the server device 13 is protected by a VPN (Virtual Private Network).

  The non-volatile storage unit 131 included in the server device 13 has the encryption stored in the terminal device in association with the terminal identification information of the terminal device for each of the terminal devices of all users of the user authentication system 1. A decryption key for decrypting the unique information is stored. The decryption key is different for each terminal device. The decryption key stored in the server device 13 is generated by the server device 13 and transmitted to the determination device via the VPN communication during the operation of the personal authentication system 1 so as not to leak outside. It is managed.

  When the person a who is the owner of the terminal device 11 receives the personal authentication by the personal authentication system 1, the terminal device 11 transmits the terminal identification information and the encrypted unique information to the determination device 12. The determination device 12 transmits the terminal identification information received from the terminal device 11 to the server device 13. The server device 13 searches the nonvolatile storage unit 131 for a decryption key stored in association with the terminal identification information received from the determination device 12, and transmits the retrieved decryption key to the determination device 12.

  The determination device 12 decrypts the encrypted unique information received from the terminal device 11 using the decryption key received from the server device 13, and generates unencrypted unique information. Hereinafter, the unique information generated in this way is referred to as “reference unique information”.

  The determination device 12 receives the terminal identification information / encrypted unique information from the terminal device 11 described above, transmits the terminal identification information to the server device 13, receives the decryption key from the server device 13, and uses the decryption key. In parallel with the decryption of the encrypted unique information, the unique information acquisition unit 121 included in the determination device 12 is used to acquire unique information that can be acquired only from the person a who is the owner of the terminal device 11. Hereinafter, the acquired unique information is referred to as “matching unique information”.

  The determination device 12 compares the reference specific information and the verification specific information, and if the similarity is equal to or greater than a predetermined threshold, the person a who is the owner of the terminal device 11 is the rightful owner of the terminal device 11. It is determined that the person A is a person. In that case, the personal authentication of the person a is successful. On the other hand, if the similarity between the reference specific information and the verification specific information is less than a predetermined threshold, the personal authentication of the person a has failed.

  When the determination device 12 finishes the above-described series of personal authentication processing for the person a, the determination device 12 deletes all of the decryption key, the encryption unique information, and the reference unique information for the terminal device 11 from the volatile storage unit 122. Note that the determination device 12 does not transmit any of the information regarding the terminal device 11 to other devices including the terminal device 11 except when transmitting the information in the communication with the server device 13 described above. The above is the outline description of the personal authentication system according to the present invention.

  According to the personal authentication system of the present invention, since the encrypted unique information, which is the encrypted unique information for reference, is stored in the terminal device 11, the determination device 12 sends the unique reference information to the server device for personal authentication. It is not necessary to receive from 13, and the personal authentication can be performed in a short time.

  Further, the reference unique information stored in the terminal device 11 is encrypted, and a decryption key for decrypting the encrypted reference unique information is temporarily sent from the server device 13 to the determination device 12. Is not transmitted to any device including the terminal device 11. Therefore, it is impossible for a person other than the operator of the server device 13 to alter or steal the reference specific information. Therefore, for example, the identity authentication system according to the present invention is used to strictly authenticate the identity of the operator of the server device 13, and an anti-fraud measure such as recording an operation log by the operator is taken. The information security of the personal authentication system can be kept high.

[1.2. Basic registration system]
Hereinafter, as an embodiment of the present invention, the configuration and operation of a personal authentication system that employs biometric information as unique information will be described. In the following description, it is assumed that the biometric information employed as the unique information is the shape of the face / form and the shape of the palm vein. The shape of the face / figure and the shape of the palm vein are examples of biometric information used for personal authentication. As described above, other shapes such as fingerprints, retinal capillaries, iris density histograms, etc. Any biological information may be used as unique information in the present invention.

  In order to operate the personal authentication system according to the present invention, it is necessary for a user to register biometric information as reference specific information in advance. The initial registration of the reference specific information is performed by a specialized registration organization that ensures high reliability. If there is a certain degree of discrepancy between the reference specific information registered by the registered specialized institution and the person's current biological information due to age, injury, etc., the reference specialized information It is necessary to register for renewal.

  In order to reduce the frequency of renewal registration in a registration organization, biometric information acquired in daily personal authentication is additionally registered as auxiliary reference specific information and used for the next personal authentication, and the present invention is applied. The convenience of the personal authentication system can be improved. Hereinafter, the specific information for reference registered in the registration organization is referred to as “unique information for basic reference”, and the specific information for reference that is additionally registered along with daily personal authentication is referred to as “specific information for additional reference”. Call. The use of additional reference specific information will be described in a second embodiment described later.

  In addition, when a person is successfully authenticated, personal information such as the person's name and address is often used. Therefore, by registering such basic personal information in advance, the convenience of the personal authentication system according to the present invention can be enhanced. Basic personal information is highly versatile and requires high reliability. Therefore, it is desirable that registration of basic personal information is performed by a registration institution as in the case of registration of basic reference specific information.

  On the other hand, the personal information used only in a specific system such as a bank account number can be additionally registered only for a person using the specific system, so that the convenience of the personal authentication system according to the present invention is achieved. The sex can be further enhanced. Hereinafter, basic personal information registered in a specialized registration organization is referred to as “basic personal information”, and personal information additionally registered in a specific system is referred to as “additional personal information”. The use of additional personal information will also be described in a second embodiment described later.

  The configuration and operation of the basic registration system 2 that is managed by a registration institution and is a system for registering basic reference specific information and basic personal information will be described below.

[1.2.1. Constitution]
FIG. 2 is a diagram schematically showing the configuration of the basic registration system 2. The basic registration system 2 includes a terminal device 21, a registration determination device 22, and a server device 23. The terminal device 21 and the server device 23 of the basic registration system 2 correspond to the terminal device 11 and the server device 13 of the personal authentication system 1, respectively.

  FIG. 3 is a diagram schematically showing the configuration of the terminal device 21. The terminal device 21 is a portable communication device that complies with, for example, PHS (Personal Handy-phone System) specifications, and performs wireless communication with the registration determination device 22. The terminal device 21 is encrypted with a control unit 211 that controls the operation of each component of the terminal device 21, a ROM 212 that stores terminal identification information, and a volatile storage unit 213 that the control unit 211 uses as a work area. The non-volatile storage unit 214 that can store the reference unique information (encrypted unique information) and the encrypted personal information (hereinafter referred to as “encrypted personal information”), and the registration determination device 22 store the data. A transmission unit 215 that transmits data, a reception unit 216 that receives data from the registration determination device 22, and an operation unit 217 that outputs a predetermined signal to the control unit 211 in accordance with a user operation of the terminal device 21 (for example, a keypad) And a display unit 218 that displays information using graphics, characters, or the like under the control of the control unit 211. A program for instructing the processing of the control unit 211 is stored in the ROM 212, for example.

  FIG. 4 is a diagram schematically illustrating the configuration of the registration determination device 22. The registration determination device 22 is used as a work area by the control unit 221 that controls the operation of each component of the registration determination device 22, the ROM 222 that stores a program instructing the processing of the control unit 221, and the control unit 221. The volatile storage unit 223, an operation unit 224 (for example, a keyboard or a mouse) that outputs a predetermined signal to the control unit 221 according to the operation of the registration determination device 22, and a figure, a character, or the like according to the control of the control unit 221 And a display unit 225 for displaying information.

  The control unit 221 performs processing according to the program to generate a face / form feature information generation unit that generates face / form feature information that is biometric information about the face / form, and a vein feature that is biometric information about the palm vein. Whether the vein characteristic information generation unit that generates information, the decryption unit that decrypts the encrypted unique information and the encrypted personal information, and the reference unique information registered by comparing the biometric information have a predetermined accuracy It functions as a determination unit that determines whether or not.

  The registration determination device 22 further includes a terminal communication unit 226 that performs wireless communication with the terminal device 21 and an Internet communication unit 227 that performs communication with the server device 23 via the Internet. ing. Each of the terminal device communication unit 226 and the Internet communication unit 227 includes a transmission unit that transmits data to a communication partner device and a reception unit that receives data from the communication partner device.

  The registration determination device 22 further includes a face / form photo photographing unit 228 and a vein photo photographing unit 229 as means for acquiring biometric information of a person to be registered. The face / form photography unit 228 shoots the illumination unit that irradiates the face / body of the subject with light having a predetermined wavelength and intensity, and the face / form of the subject that is illuminated by the illumination unit from various angles. And a camera group. For example, one camera constituting the camera group of the face / form photograph photographing unit 228 is provided at a grid point of, for example, an elevation angle of 10 degrees and an azimuth angle of 10 degrees on a camera installation table having a shape obtained by dividing a spherical surface having a radius of 5 meters into four. It is arranged one by one.

  FIG. 5 is a diagram schematically showing the shape of the camera installation base on which the camera group of the face / form photo photographing unit 228 is arranged. For example, in FIG. 5, when the position P is a reference point (azimuth angle 0 degree, elevation angle 0 degree), the position C is a lattice point (azimuth angle 30 degrees, elevation angle 60 degrees). Therefore, the face / form photograph taken by the camera placed at the position C in the state where the subject stands at the position O which is the center of the spherical surface of the camera mounting base and faces the azimuth of 90 degrees is the face / form photograph of the subject. The body is taken from the upper left. Each camera in the camera group included in the face / form photo photographing unit 228 photographs a subject at the same time under the control of the control unit 221. By such photographing, a group of face / form pictures, which is a collection of face / form pictures taken from various angles, can be obtained.

  The vein photography unit 229 includes an illumination unit that irradiates the palm of the subject with light having a predetermined wavelength and intensity, and a camera group that photographs the veins of the palm of the subject irradiated with light from the illumination unit from a plurality of angles. It has. The illumination unit of the vein photography unit 229 and the camera group are arranged to face each other with a glass table on which the palm of the subject is placed, and simultaneously image the veins of the palm of the subject under the control of the control unit 221. By such photographing, a vein photograph group that is a collection of vein photographs obtained by photographing the veins of the palm of the subject from a plurality of angles is obtained.

  The face / form photography unit 228 and the vein photography unit 229 constitute a unique information generation unit together with the face / form feature information generation unit and the vein feature information generation unit realized by the control unit 221 according to processing according to a program.

  FIG. 6 is a diagram schematically illustrating the configuration of the server device 23. The server device 23 stores a control unit 231 that controls the operation of each component of the server device 23, a volatile storage unit 232 that the control unit 231 uses as a work area, and a program that instructs the processing of the control unit 231. A non-volatile storage unit 233, a transmission unit 234 that transmits data to the registration determination device 22, and a reception unit 235 that receives data from the registration determination device 22. The nonvolatile storage unit 233 can further store terminal identification information, encrypted unique information and encrypted personal information, and a key used for encryption / decryption of the encrypted unique information and encrypted personal information for each terminal device. It is.

  The control unit 231 performs processing according to the program, thereby generating a key generation unit that generates a key used for encryption / decryption, an encryption unit that encrypts the reference unique information and personal information, and terminal identification It functions as a search unit that searches for a decryption key related to a specific terminal device using information as a search key.

[1.2.2. Operation]
7 to 9 are flowcharts showing the operation of the basic registration system 2. The transmission unit of the terminal-unit communication unit 226 of the registration determination device 22 transmits a simultaneous call signal to all the terminal devices at a sufficiently short predetermined time interval (step S101). The strength of the radio wave is adjusted so that the general paging signal transmitted by the registration determination device 22 reaches, for example, a range of about 0.5 meters. The operator of the registered specialized institution places the terminal device 21 at a position within 0.5 meters from the transmission unit of the terminal device communication unit 226. As a result, when the terminal device 21 receives the general call signal, the terminal device 21 transmits the terminal identification information stored in the ROM 212 to the registration determination device 22 (step S102).

  When receiving the terminal identification information from the terminal device 21, the registration determining device 22 transmits a signal indicating completion of preparation for receiving personal information to the terminal device 21 (step S <b> 103). When the terminal device 21 receives a signal indicating completion of preparation for receiving personal information, the terminal device 21 displays a screen for prompting input of the personal information on the display unit 218. The personal information registered in the basic registration system 2 is basic personal information, such as the name, address, date of birth, gender, and nationality of the legitimate owner of the terminal device 21 (hereinafter referred to as “person A”). . The person A operates the operation unit 217 to input his / her basic personal information to the terminal device 21 (step S104), and performs a transmission operation. In response to the transmission operation, the transmission unit 215 transmits the input basic personal information to the registration determination device 22 (step S105).

  The registration determination device 22 displays the basic personal information received from the terminal device 21 on the display unit 225 (step S106), and prompts confirmation by the operator of the registration determination device 22. For example, the operator confirms the consistency between the information described in the identification card or the like possessed by the person A and the information displayed on the display unit 225, and then performs a transmission operation. In response to the transmission operation, the transmission unit of the Internet communication unit 227 transmits the terminal identification information received in step S102 and the basic personal information received in step S105 to the server device 23 (step S107). All communication between the registration determination device 22 and the server device 23 is protected by VPN.

  When the server device 23 receives the terminal identification information and the basic personal information from the registration determination device 22, the server device 23 transmits a signal indicating completion of preparation for receiving the unique information to the registration determination device 22 (step S108). When the registration determination device 22 receives a signal indicating the completion of preparation for receiving the unique information, the registration determination device 22 displays a screen for prompting the user to take a face / form photo on the display unit 225 (step S109). The operator of the registration determination device 22 instructs the person A to stand at the position O (see FIG. 5) in response to the screen prompting the user to take a face / form photo, and confirms that the person A has stood at the position O. After that, the operation unit 224 is operated to instruct the registration determination apparatus 22 to take a face / form photo. In response to this instruction, the face / form photo photographing unit 228 performs face / form photo photography and generates a face / form data group indicating the face / form of the person A viewed from various angles (step S110).

  Subsequently, the control unit 221 generates face / figure feature information indicating the features of the face / figure indicated by the face / figure data with respect to each face / figure data included in the face / figure data group generated in step S110. (Step S111). The face / form feature information is information indicating the relative positional relationship of facial parts such as eyes, nose and mouth, and information indicating the shape of the face and body contour.

  Subsequently, the registration determination device 22 displays a screen for prompting vein photography on the display unit 225 (step S112). The operator of the registration determination device 22 instructs the person A to place the palm on the glass table of the vein photography unit 229 in response to the display for prompting the vein photography, and the person A places the palm on the glass table. After confirming that it has been placed, the operation unit 224 is operated to instruct the registration determination apparatus 22 to take a vein photograph. In response to this instruction, the vein photography unit 229 performs vein photography to generate a vein data group indicating the palm veins of the person A (step S113).

  Subsequently, for each vein data included in the vein data group generated in step S113, the control unit 221 generates vein feature information indicating the vein features indicated by the vein data (step S114). The vein feature information is information indicating the shape of a vein having a thickness greater than or equal to a predetermined threshold, for example. The registration determining device 22 transmits the face / form feature information group generated in step S111 and the vein feature information group generated in step S114 to the server device 23 as basic reference unique information of the person A (step S115). .

  When receiving the basic reference unique information, the control unit 231 of the server device 23 generates a key for encryption / decryption unique to the terminal device 21 (step S116). Currently, a common key method (symmetric key method) and a public key method (asymmetric key method) are widely used as encryption methods. Any encryption method may be employed in the personal authentication system according to the present invention. When the common key method is adopted, a common key is generated in step S116. The common key is one key that serves as both an encryption key for encryption and a decryption key for decryption. On the other hand, if the public key method is adopted, a private key / public key pair is generated in step S116. Usually, the public key is used as an encryption key for encryption, and the secret key is used as a decryption key for decryption.

  Using the generated encryption key (common key or public key), control unit 231 encrypts the basic personal information received in step S107 and the basic reference unique information received in step S115 (step S117). . Hereinafter, the encrypted basic personal information is referred to as “encrypted basic personal information”, and the encrypted basic reference unique information is referred to as “encrypted basic unique information”. The transmitting unit 234 transmits the encrypted basic personal information and the encrypted basic unique information to the registration determination device 22 (step S118). When the personal authentication system according to the present invention adopts the public key method, the transmission unit 234 transmits the public key generated in step S116 together in step S118.

  The registration determining device 22 transmits the encrypted basic personal information and the encrypted basic unique information (and public key) received from the server device 23 in step S118 to the terminal device 21 (step S119). The terminal device 21 stores the received encrypted basic personal information and encrypted basic unique information (and public key) in the nonvolatile storage unit 214 (step S120).

  Subsequently, the basic registration system 2 performs a biometric authentication test using the encrypted basic unique information stored in the terminal device 21. The terminal device 21 reads the terminal identification information stored in the ROM 212 and the encrypted basic unique information stored in the nonvolatile storage unit 214, and transmits them to the registration determination device 22 (step S121). The registration determination device 22 transmits the terminal identification information received in step S121 to the server device 23 (step S122).

  Upon receiving the terminal identification information in step S122, the server device 23 transmits the decryption key (common key or secret key) generated in step S116 to the registration determination device 22 (step S123). The control unit 221 of the registration determination apparatus 22 decrypts the encrypted basic unique information received in step S121 using the decryption key received in step S123, and generates unencrypted basic reference unique information ( Step S124).

  Subsequently, the registration determination device 22 repeats the same processing as that in steps S109 to S114 described above (steps S125 to S130). The unique information generated in the processes of steps S125 to S130, more specifically, the face / form feature information group generated in step S127 and the vein feature information group generated in step S130 are the unique information for matching described above. It becomes.

  Subsequently, the control unit 221 of the registration determination device 22 compares the basic reference specific information generated in step S124 with the verification specific information generated in steps S127 and S130, and calculates their similarity. (Step S131). The control unit 221 determines whether or not the calculated similarity is equal to or greater than a predetermined threshold (step S132), and when it is determined that the similarity is equal to or greater than the predetermined threshold (step S132; Yes), the test authentication is successful. Is sent to the server device 23 (step S133). When the server device 23 receives the notification indicating the successful test authentication, the server device 23 associates the terminal identification information received in step S107 with the key (common key or private key / public key pair) generated in step S116, and step S117. The encrypted basic unique information and the encrypted basic personal information generated in step 1 are stored in the nonvolatile storage unit 233 (step S134).

  The server device 23 stores a log indicating that the terminal identification information, the key, the encrypted basic unique information, and the encrypted basic personal information are newly registered for the terminal device 21 together with the time information at which step S134 is executed, and the nonvolatile storage unit 233. (Step S135).

  On the other hand, if it is determined in step S132 that the similarity of the unique information is less than the predetermined threshold (step S132; No), the basic registration system 2 returns the process to step S109 to generate the encrypted basic unique information and the biometrics. Redo the authentication test. The above is the description of the operation related to the initial registration of the basic registration system 2.

  The basic registration system 2 is also used for registration (update registration) for updating the encrypted basic unique information when the encrypted basic unique information stored in the terminal device 21 becomes old due to aging or the like. The The operation of the basic registration system 2 at the time of update registration is almost the same as the operation at the time of the initial registration described above, but at the time of update registration, there is no need to newly register personal information, and the already stored personal information is maintained. Is done. Further, the old basic unique information may be discarded at the time of update registration. However, if there is a utility value such as use at the time of data consistency verification, the terminal device 21 and the server device 23 are used as a kind of additional unique information. It may be left in.

[1.3. First embodiment of personal authentication system]
Hereinafter, as one example of the personal authentication system according to the present invention, the configuration and operation of an opening system 3 that uses the personal authentication system according to the present invention to determine whether or not to open a building will be described.

[1.3.1. Constitution]
FIG. 10 is a diagram schematically illustrating the configuration of the gate opening system 3. The opening system 3 includes a terminal device 31, a determination device 32, and a server device 33 that correspond to the terminal device 11, the determination device 12, and the server device 13 (see FIG. 1) of the personal authentication system 1, respectively. However, in the gate opening system 3, there is a possibility that a plurality of owners who possess the terminal device 31 come closer to the gate of the building one after another. In FIG. 10, the plurality of terminal devices 31 are the terminal device 31a and the terminal device. 31b and the terminal device 31c are illustrated. The owners of the terminal device 31a, the terminal device 31b, and the terminal device 31c are a person a, a person b, and a person c, respectively.

  The opening system 3 further stores a list of names and addresses (hereinafter referred to as “permitted person list”) of persons managed by the company using the building and permitted to enter the building. In-house server device 34, main gate device 35 that opens the gate (hereinafter referred to as “main gate”) when a person who is permitted to enter the building succeeds in biometric authentication by face / form photograph, and entry is permitted. A sub-gate device 36 is provided that opens a gate (hereinafter referred to as “sub-gate”) when a person who has succeeded in biometric authentication by vein photography.

  The configurations of the terminal device 31 and the server device 33 of the opening system 3 are the same as the configurations of the terminal device 21 and the server device 23 of the basic registration system 2, respectively. In the opening system 3, the terminal device 31 and the server device 33 have completed initial registration by the basic registration system 2.

  FIG. 11 is a diagram schematically illustrating the configuration of the determination device 32. In the opening system 3, the determination device 32 includes a control unit 320, a ROM 321, a volatile storage unit 322, and an internet communication unit 325. These components are the same as the control unit 221, the ROM 222, the volatile storage unit 223, and the Internet communication unit 227 included in the registration determination device 22. However, the Internet communication unit 325 can communicate with the in-house server device 34 in addition to the server device 33 via the Internet.

  The determination device 32 further includes a terminal device communication unit 324 that communicates with the terminal device 31. The terminal device communication unit 324 is similar to the terminal device communication unit 226 of the registration determination device 22, but the terminal device communication unit 324 includes two transmission units, a first transmission unit and a second transmission unit. Yes. The first transmission unit is arranged near the main gate, and in addition to normal data transmission to the terminal device 31, for example, a predetermined paging signal having a radio field intensity different from about 5 meters, about 3 meters, and about 0.5 meters is predetermined. Can be sent sequentially at intervals of. Further, the second transmitter is arranged near the sub-category, and, in addition to normal data transmission to the terminal device 31, for example, can send a general paging signal with a radio field intensity of about 0.5 meters at a predetermined time interval. it can. The frequency of the carrier and the signal content of these general call signals are the same as the general call signal transmitted by the registration determination device 22. Hereinafter, the simultaneous call signals having a reach distance of about 5 meters, about 3 meters, and about 0.5 meters are respectively referred to as “simultaneous call signal (5 m)”, “simultaneous call signal (3 m)”, “simultaneous call signal (0. 5m) ".

  The determination device 32 further includes a face / form photo photographing unit 326. The face / form photo photographing unit 326 includes a camera 3261 and a distance sensor 3262 for measuring the distance to the subject. The camera 3261 and the distance sensor 3262 are arranged, for example, at the upper center of the main gate. When the distance from the gate to the subject reaches 5 meters, for example, by the distance sensor 3262, the camera 3261 captures the face / form of the subject. Is done.

  The determination device 32 further includes a vein photography unit 327. In addition to the camera 3271, the vein photography unit 327 includes an infrared sensor 3272 that detects that the palm of the subject is placed on the glass table. When the hand of the subject is detected by the infrared sensor 3272, the palm vein is imaged by the camera 3271.

  The determination device 32 further includes a sound generation unit 323 that generates a voice message to the owner of the terminal device 31, a main gate device transmission unit 328 that transmits a main gate opening instruction to the main gate device 35, and a sub-gate device 36. A sub-gate device transmitting unit 329 for transmitting a sub-gate opening instruction.

[1.3.2. Operation]
12 to 15 are flowcharts showing the operation of the opening system 3. In the opening system 3, a common key method is adopted as an example. First, the determination device 32 transmits a request for the entry permitted person list to the in-house server device 34 (step S201). When the in-house server device 34 receives the transmission request for the admission permitted person list, it transmits the admission permitted person list to the determination device 32 (step S202). The communication between the determination device 32 and the in-house server device 34 is protected by VPN.

  Upon receiving the admission permitted person list, the determination device 32 uses, for example, the simultaneous call signal (5 m), the simultaneous call signal (3 m), and the simultaneous call at predetermined time intervals using the first transmission unit of the terminal device communication unit 324. The sending of the paging signal (0.5 m), the paging signal (5 m),. Here, the directivity of the radio wave is adjusted so that the general paging signal transmitted from the first transmission unit of the terminal device communication unit 324 has an azimuth angle of about 30 degrees, for example. The time interval of the general call signal transmitted from the first transmission unit of the terminal device communication unit 324 satisfies the condition that it is possible to distinguish which general call signal the response from the terminal device 31 is a response to. A sufficiently short time interval within the range.

  Now, it is assumed that the person a is approaching the main gate from the front. When the terminal device 31a carried by the person a reaches a position about 5 meters before the main gate, the terminal device 31a responds to the simultaneous call signal (5m) transmitted from the determination device 32 (step S203), The terminal identification information stored in the ROM 212 is transmitted to the determination device 32 (step S204).

  When the determination device 32 receives the terminal identification information transmitted from the terminal device 31a as a response to the simultaneous call signal (5m), the determination device 32 determines whether the received terminal identification information has already been received or not. If so, the terminal identification information is transmitted to the server device 33 (step S205). If the terminal identification information received in step S204 has already been received, the determination device 32 has already transmitted the terminal identification information to the server device 33, and therefore does not repeat the transmission in step S205.

  When receiving the terminal identification information in step S205, the server device 33 transmits the common key stored in association with the received terminal identification information together with the received terminal identification information to the determination device 32 (step S206). The determination device 32 temporarily stores the common key received from the server device 33 in step S206 in association with the terminal identification information in the volatile storage unit 322 (step S207). When a plurality of terminal devices 31 enter the area where the general call signal (5 m) reaches at the same time, the volatile storage unit 322 of the determination device 32 is associated with each of the terminal identification information of the plurality of terminal devices 31. Different common keys are stored. The number of terminal identification information and common key pairs that can be temporarily stored in the volatile storage unit 322 by the determination device 32 is limited to, for example, 30 pairs, and the determination device 32 has more pairs of terminal identification information and common keys. If received, the pair received first is discarded and the newly received pair is temporarily stored.

  When the person a further approaches the main gate and the terminal device 31a reaches a position about 3 meters before the main gate, the terminal device 31a receives the simultaneous call signal (3m) (step S208) transmitted from the determination device 32. In response, the terminal identification information stored in the ROM 212 is transmitted again to the determination device 32 (step S209).

  When the determination device 32 receives the terminal identification information transmitted from the terminal device 31a as a response to the general call signal (3m), whether or not the received terminal identification information has already been received as a response to the general call signal (3m). If it has not been received, a transmission request for the encrypted basic unique information and the encrypted basic personal information is transmitted to the terminal device 31a that is the transmission source of the terminal identification information (step S210). If the terminal identification information received in step S209 has already been received as a response to the general call signal (3m), the determination device 32 has already encrypted the basic identification information for the terminal device 31a that is the transmission source of the terminal identification information. Since the transmission request for the information and the encrypted basic personal information has been transmitted, the transmission in step S210 is not repeated.

  When receiving the transmission request in step S210, the terminal device 31a transmits the encrypted basic unique information and the encrypted basic personal information together with the terminal identification information to the determination device 32 (step S211). The determination device 32 searches the common key temporarily stored in step S207 for the common key associated with the terminal identification information received in step S211 and uses the searched common key to receive the key in step S211. The encrypted basic unique information and the encrypted basic personal information are decrypted (step S212). By the decryption in step S212, basic reference unique information and basic personal information are generated.

  The determination device 32 temporarily stores the basic reference unique information and the basic personal information generated in step S212 in the volatile storage unit 322 in association with the terminal identification information received in step S211 (step S213). When a plurality of terminal devices 31 simultaneously enter the area where the general call signal (3 m) reaches, the volatile storage unit 322 of the determination device 32 associates each of the terminal identification information of the plurality of terminal devices 31 with each other. Different basic reference unique information and basic personal information are stored. The number of terminal identification information, basic reference unique information, and basic personal information that can be temporarily stored in the volatile storage unit 322 by the determination device 32 is limited to, for example, 10 pairs. When a pair of information, basic reference specific information and basic personal information is received, the earliest received pair is discarded and the newly received pair is temporarily stored.

  On both sides in front of the main gate, for example, guide poles for arranging people heading for the main gate in a line are installed. When the person a further approaches the main gate according to the guide pole and becomes the head of the line of people heading to the main gate, and the terminal device 31a reaches a position of about 0.5 meters from the main gate, the terminal device 31a determines In response to the simultaneous call signal (0.5 m) transmitted from the device 32 (step S214), the terminal identification information stored in the ROM 212 is transmitted again to the determination device 32 (step S215).

  When the determination device 32 receives the terminal identification information transmitted from the terminal device 31a as a response to the general call signal (0.5m), the received terminal identification information has already been received as a response to the general call signal (0.5m). If it is not received, it corresponds to the terminal device 31a using the terminal identification information received in step S215 from the basic reference unique information temporarily stored in step S213 as a search key. The basic reference unique information is searched (step S216). If the terminal identification information received in step S215 has already been received as a response to the general call signal (0.5 m), the determination device 32 has already searched for the basic reference specific information corresponding to the terminal device 31a. Therefore, the process of step S216 is not repeated.

  The series of processes in steps S203 to S216 described above are basic reference specific information obtained by decrypting encrypted basic specific information stored in the terminal device 31 carried by the person standing in front of the main gate device 35. It is processing for acquiring. The opening system 3 performs a process for acquiring facial / form feature information of a person standing in front of the main gate in parallel with a series of processes for acquiring the basic reference specific information. The face feature information is a kind of the specific information for matching described above.

  When the person a approaches the main gate and the terminal device 31a reaches a position about 5 meters before the main gate, the camera 3261 takes a face / figure photograph of the person a based on the distance measurement of the distance sensor 3262, The face / form data of the person a is generated (step S221). The control unit 221 of the determination device 32 generates face / form feature information indicating the face / form feature indicated by the face / form data generated by the camera 3261 (step S222).

  The determination device 32 temporarily stores the face / form feature information generated in step S222 in the volatile storage unit 322 (step S223). The processes in steps S221 to S223 are performed for all persons who have passed the line about 5 meters before the main gate. For example, the number of face / form feature information that can be temporarily stored in the volatile storage unit 322 in step S223 by the determination device 32 is limited to 30, and the determination device 32 generates more face / form feature information than the number. The face / form feature information generated first is discarded, and the newly generated face / form feature information is stored. Hereinafter, the face / form feature information temporarily stored in the volatile storage unit 322 is referred to as “matching face / form feature information”. The processes in steps S221 to S223 are face / form feature information acquisition processes performed in parallel with the basic reference specific information acquisition process.

  When the determination device 32 completes the processing of step S216 and step S223, the determination device 32 includes the plurality of matching face / form feature information temporarily stored in the volatile storage unit 322 and the basic reference specific information searched in step S216. A plurality of face / form feature information (hereinafter referred to as “reference face / form feature information”), respectively, and a matching face / form feature information and a reference face / A combination with the appearance feature information is specified (step S231).

  For example, if 172 face / form feature information is included in the reference face / form feature information group and 30 pieces of collation face / form feature information are temporarily stored in the volatile storage unit 322, step S231 is performed. In order to perform the above process, it is necessary to perform a comparison process for 172 × 30 = 5160 combinations of face / form feature information. In order to perform these comparison processes as a whole in a short time, for example, the determination device 32 first determines the relative position relationship between the eyes and nose, the shape of the body contour, etc. included in the face / form feature information for verification. The direction of the face when the face / form data used to generate the matching face / form feature information is photographed is specified.

  For example, regarding the first matching face / figure feature information out of thirty pieces of matching face / figure feature information, the subject is identified when the face / figure data used to generate the matching face / figure feature information is generated. If it is determined that the camera is oriented (azimuth angle 40 degrees, elevation angle 20 degrees), then the determination device 32 determines the face / form data of the reference face / form feature information group (azimuth angle 40 degrees, elevation angle 20 degrees). The reference face / figure feature information generated by the process is extracted. The determination device 32 determines whether or not there is a degree of similarity equal to or greater than a predetermined threshold between the reference face / form feature information extracted as described above and the first matching face / form feature information. The determination device 32 determines the direction of the 2nd to 30th matching face / figure feature information and the reference face / figure feature information, until a pair of face / figure feature information having a similarity equal to or greater than a predetermined threshold is found. Repeat the comparison process.

  In this way, the determination device 32 can complete the process of step S231 by performing the comparison process for 30 sets of face / form feature information at the maximum. Note that the above comparison processing may be performed individually for each of the face and the entire body in order to cope with a case where a photograph of the subject is taken with the face facing a direction different from the body direction. .

  In step S231, the determination device 32 succeeds in identifying the matching face / form feature information having a similarity equal to or higher than a predetermined threshold with the reference face / form feature information of the terminal device 31a (step S232; Yes), it is determined that the person a is a legitimate owner of the terminal device 31a. That is, the person a has been successfully authenticated. Accordingly, the determination device 32 searches the basic personal information of the person a from the basic personal information temporarily stored in step S213 using the terminal identification information received in step S215 as a search key, and then uses the basic personal information of the person a as the basic personal information. It is determined whether the included name / address is included in the permitted entry list received in step S202 (step S233).

  When the name and address of the person a are included in the admission permitted person list (step S233; Yes), the determination device 32 transmits an instruction to open the main gate to the main gate device 35 (step S234). In response to the opening instruction, the main gate device 35 opens the main gate, and the person a can enter the building. In this case, the determination device 32 transmits the name and address of the person a and the time information at which the process of step S234 is performed as entrance permission information to the in-house server device 34 (step S235).

  On the other hand, if the name and address of the person a is not included in the admission permitted person list (step S233; No), the determination device 32 uses the pronunciation unit 323, for example, “I'm sorry but admission is not permitted. “Please ask the person in charge at the main building.” (Step S236). In that case, the determination device 32 transmits the name and address of the person a and the time information at which the process of step S236 is performed to the in-house server device 34 as entry refusal information (step S237). In addition, the entrance permission information and the entry refusal information transmitted to the in-house server device 34 in step S235 or step S237 are used for visitor management of this building.

  In step S231, if the identification of the matching face / form feature information having a similarity equal to or higher than a predetermined threshold with the reference face / form feature information of the terminal device 31a fails, the person a based on the face / form photo The person's authentication has failed. However, since the biometric authentication based on the face / form picture is affected by clothes and the like, the accuracy is not necessarily high. Accordingly, when the determination device 32 fails in the determination in step S231 (step S232; No), the sound generation unit 323 is used, for example, “Sorry, the person authentication failed. Sorry to trouble you, but in the box next to the subgate, The voice message such as “Please enter” is pronounced, and the person “a” is prompted to authenticate himself / herself based on the vein photograph (step S238).

  When the person a places his / her palm on the glass table of the vein photography unit 327 arranged beside the sub-gate according to the voice message in step S238, the infrared sensor 3272 detects it. Using the detection of the infrared sensor 3272 as a trigger, the camera 3271 takes a vein picture of the palm of the person a, and generates vein data indicating the vein of the palm of the person a (step S239). The control unit 221 of the determination device 32 generates vein feature information indicating the feature of the vein indicated by the vein data generated by the camera 3271 (step S240). The vein feature information generated in this way is a kind of collation specific information.

  In parallel with the processing of step S239 and step S240, the second transmission unit provided in the terminal device communication unit 324 of the determination device 32 transmits a simultaneous call signal (0.5 m) at a sufficiently short predetermined time interval ( Step S251). When the person a approaches the vein photography unit 327 arranged beside the sub-gate in accordance with the voice message in step S238 and the terminal device 31a enters the range of about 0.5 meters from the second transmission unit, the terminal device 31a A signal (0.5 m) is received, and terminal identification information is transmitted as a response to the terminal device 31 (step S252).

  The determination device 32 transmits the terminal identification information received from the terminal device 31a to the server device 33 (step S253). The server device 33 searches the common key corresponding to the terminal device 31a using the terminal identification information received from the determination device 32 as a search key, and transmits the common key of the searched terminal device 31a to the determination device 32 (step S254). Subsequently, the determination device 32 transmits a transmission request for the encrypted basic personal information and the encrypted basic unique information to the terminal device 31a (step S255), and the terminal device 31a responds to the transmission request with the encrypted basic unique information and the encrypted basic unique information. Basic personal information is transmitted to the determination device 32 (step S256).

  The determination device 32 uses the common key received in step S254 to decrypt the encrypted basic unique information and the encrypted basic personal information received in step S256, and generates reference basic unique information and basic personal information (step S257). ). The determination device 32 includes the vein feature information (reference vein feature information) generated in step S240 and each of the plurality of vein feature information (reference vein feature information) included in the reference basic unique information generated in step S257. Are compared to determine whether or not their similarity is equal to or greater than a predetermined threshold (step S261).

  The determination device 32 determines in step S261 that there is a plurality of reference vein feature information having a similarity equal to or higher than a predetermined threshold with the verification vein feature information (step S262; Yes). The person a is determined to be a legitimate owner of the terminal device 31a. That is, the person a has been successfully authenticated. Accordingly, the determination device 32 determines whether or not the name / address included in the basic personal information of the person a generated in step S257 is included in the admission permitted person list received in step S202 (step S263).

  When the name and address of the person a are included in the admission permitted person list (step S263; Yes), the determination device 32 transmits a subgate opening instruction to the subgate device 36 (step S264). In response to the opening instruction, the main gate device 35 opens the main gate, and the person a can enter the building. In this case, the determination device 32 transmits the name and address of the person a and the time information at which the process of step S264 is performed as entrance permission information to the in-house server device 34 (step S265).

  On the other hand, when the name and address of the person a are not included in the admission permitted person list (step S263; No), the determination device 32 uses the pronunciation unit 323, for example, “I'm sorry but admission is not permitted. If you use the main building, please ask the person in charge. "(Step S266). In this case, the determination device 32 transmits the name and address of the person a and the time information at which the process of step S266 is performed to the in-house server device 34 as entry refusal information (step S267). Note that the admission permission information and the entry refusal information transmitted to the in-house server device 34 in step S265 or step S267 are used for managing the visitors of this building.

[1.4. Second embodiment of personal authentication system]
Hereinafter, as another embodiment of the personal authentication system according to the present invention, the configuration and operation of an immigration system 5 using the personal authentication system according to the present invention for immigration will be described.

[1.4.1. Constitution]
FIG. 16 is a diagram schematically showing the overall configuration of the immigration system 5. The immigration system 5 carries out personal authentication of the terminal device 51 carried by the person undergoing immigration and the person undergoing immigration and enables the immigration officer to view the personal information of the person when the personal authentication is successful. A determination device 52, a server device 53 that generates and manages a key for encrypting / decrypting unique information and personal information for each of all terminal devices 51, and an entry / exit history and visa information. The departure control server device 54 and a gate device 55 for controlling the passage of the applicant for entry are provided. The terminal device 51 and the determination device 52 are capable of wireless communication, and between the determination device 52 and the server device 53 and between the determination device 52 and the immigration server device 54, communication protected by VPN is performed via the Internet. Is possible.

  In the opening system 3, for example, it is assumed that a public key method is adopted. In the opening system 3, the terminal device 51 and the server device 53 have completed initial registration by the basic registration system 2.

  The configuration of the terminal device 51 and the configuration of the server device 53 are the same as the configuration of the terminal device 21 (see FIG. 3) and the configuration of the server device 23 (see FIG. 6) of the basic registration system 2. The configuration of the determination device 52 is substantially the same as the configuration of the determination device 32 of the opening system 3 (see FIG. 11), but the determination device 52 does not include the sound generation unit 323 included in the determination device 32. This is because the immigration section 323 is not necessary in the immigration process because the immigration officer can communicate the necessary message verbally. The determination device 52 includes a gate device transmission unit instead of the main gate device transmission unit 328 and the sub gate device transmission unit 329 included in the determination device 32. This is because it is only necessary for an immigration officer to pass through one gate.

  The determination device 52 also functions as an encryption unit that encrypts the additional personal information and the additional unique information using the public key received from the terminal device 51 by processing according to the program.

[1.4.2. Operation]
The operation of the immigration system 5 will be described below. As an example, it is assumed that a person b carrying the terminal device 51B is scheduled to enter X country. The person b usually needs to have a visa issued in advance at the X Embassy in his country. The Embassy of Country X is provided with a visa issuing system using the personal authentication system according to the present invention, and the person b receives the personal authentication using the encryption basic unique information stored in the terminal device 51B.

  After it is confirmed that the person b is the person B who is a legitimate owner of the terminal device 51B, the visa issuer of the X country embassy performs a predetermined examination and there is a problem in the entry of the person B into the country X. If not, using the visa issuance system, the basic personal information of the person B generated from the encrypted basic personal information stored in the terminal device 51B, together with the visa number issued to the person B, immigration control It transmits to the server apparatus 54.

  Along with the transmission of the visa number to the immigration server device 54, the visa issuing system encrypts the visa number issued to the person B using the public key stored in the terminal device 51B, and then the terminal device 51B and the server Transmit to device 53. The terminal device 51B and the server device 53 register the encrypted visa number received from the visa issuing system as encrypted additional personal information regarding the terminal device 51B. Hereinafter, the encrypted additional personal information is referred to as “encrypted additional personal information”. In addition, in order to distinguish the type of additional personal information, for example, additional personal information related to a visa number is called “additional personal information (visa number)” and the encrypted information is referred to as “encrypted additional personal information ( Visa number) ”.

  In the immigration system 5, in addition to the additional personal information (visa number), additional personal information (crime history) and additional personal information (immigration / departure history) are used. Therefore, in addition to the encrypted basic personal information and the encrypted additional personal information (visa number) registered at the X Embassy, the terminal device 51B includes the encrypted additional personal information (crime) indicating the criminal history of person B. History) and encrypted additional personal information (entry / exit history) indicating the entry / exit history of person B are stored.

  Person B, after receiving a visa at the X Embassy, travels to X and undergoes immigration in X. Of the operation flow of the immigration system 5 when the person B undergoes immigration, the part related to the personal authentication of the owner of the terminal device relates to the opening system 3 in steps S203 to S232 in the flow shown in FIGS. And it is substantially the same as step S239-step S262. The operation flow of the personal authentication of the immigration system 5 is different from the operation flow shown in FIGS. 12 to 15 in that in steps S210 to S213 and steps S255 to S257, in addition to the encrypted basic personal information, encryption is performed. Additional personal information (visa number), encrypted additional personal information (crime history), and encrypted additional personal information (entry / exit history) are only transmitted / received and temporarily stored.

  If the person authentication by the immigration system 5 fails and it is determined that the owner of the terminal device 51B is not a legitimate owner of the terminal device 51B, the owner of the terminal device 51B is denied entry or immigration Further investigation will be conducted by the government. On the other hand, when the person authentication by the immigration system 5 is successful and it is determined that the person B is a legitimate owner of the terminal device 51B, the immigration system 5 displays the personal information of the person B, additional personal information (entry Processing such as departure history) update.

  FIG. 17 is a flowchart showing the operation of the immigration system 5 after the person B has been successfully authenticated. The determination device 52 transmits the basic personal information of the person B to the immigration control server device 54 (step S501). The immigration server device 54 searches for the visa number issued to the person B using the received basic personal information as a search key, and then transmits the searched visa number to the determination device 52 (step S502). The determination device 52 is a visa indicated by the visa number received from the immigration server 54 and the additional personal information (visa number) obtained by decrypting the encrypted additional personal information (visa number) received from the terminal device 51B. The number is collated (step S503).

  The determination device 52 displays the basic personal information of the person B, additional personal information (visa number), additional personal information (crime history), additional personal information (entry / exit history), and the collation result of step S503 on the display unit ( Step S504).

  The immigration officer determines whether or not to permit entry of person B based on the information displayed on the display unit of determination device 52. When the immigration officer rejects entry of the person B (step S505; No), the determination device 52 transmits the entry rejection information including the basic personal information of the person B and the current time information to the immigration control server device 54. (Step S506). If the immigration officer approves the entry of the person B (step S505; Yes), the determination device 52 sends the entry permission information including the basic personal information of the person B and the current time information to the immigration management server device 54. Transmit (step S507). The entry permission information and the entry refusal information transmitted to the entry / exit management server device 54 are used for grasping the current entry person, and are transmitted to, for example, a visa issuance system and used when a visa is issued in the future.

  When the entry of the person B is permitted, the determination device 52 updates the additional personal information (immigration / departure history) by adding information indicating entry into the country X to the additional personal information (immigration / departure history) (step) S508). Subsequently, the determination device 52 transmits a public key transmission request to the terminal device 51B (step S509). In response to the public key transmission request, the terminal device 51B transmits the public key to the determination device 52 (step S510). When receiving the public key from the terminal device 51B, the determination device 52 encrypts the additional personal information (immigration / departure history) updated in step S509 with the received public key, and generates encrypted additional personal information (immigration / departure history). (Step S511).

  Further, the determination device 52 includes the verification specific information generated when the person B is authenticated, that is, the face / form feature information and vein feature information generated from the face / form photograph and vein photograph obtained by photographing the current person B. Is encrypted with the public key received in step S510 (step S512). The unique information encrypted in step S512 is additional unique information used as reference unique information in future personal authentication. Hereinafter, the encrypted additional unique information is referred to as encrypted additional unique information.

  The additional unique information is biometric information acquired by the system managed by an organization other than the registered specialized institution along with the authentication process, so it is less reliable than the basic unique information, but is newer than the basic unique information. Biometric information. Therefore, for example, when the identity of a person who has been a person fails to authenticate himself / herself based on facial / figure feature information, such as when the contour of the face has changed due to aging since registration at the registration institution, additional uniqueness By using the information in an auxiliary manner, it is possible to reduce such failure of personal authentication.

  For example, in the authentication of a person required for a ticket gate at a station, a processing speed faster than high reliability is required. Accordingly, a personal authentication system that frequently fails in personal authentication based on face / form feature information and requires personal authentication using vein feature information is not practical. Therefore, even if the user authentication based on the face / figure feature information included in the basic unique information fails, if the user authentication based on the face / figure feature information included in the additional specific information is successful, the ticket gate is opened. The utility of the personal authentication system according to the present invention can be improved. On the other hand, when high reliability is required for personal authentication, such as immigration, the basic specific information and the additional specific information may be used according to the required security level, such as not using additional specific information. desirable.

  The determination device 52 transmits the encrypted additional personal information (immigration history) generated in step S511 and the encrypted additional unique information generated in step S512 to the terminal device 51B (step S513). The terminal device 51B stores the received encrypted additional personal information (immigration / departure history) and the encrypted additional unique information in the nonvolatile storage unit (step S514).

  In addition, the determination device 52 transmits the encrypted additional personal information (immigration history) generated in step S511 and the encrypted additional unique information generated in step S512 to the server device 53 (step S515). The server device 53 stores the received encrypted additional personal information (entry / exit history) and encrypted additional unique information in association with the terminal identification information of the terminal device 51B in the nonvolatile storage unit (step S516).

  When the above series of processing is completed, the immigration officer operates the operation unit of the determination device 52 and instructs opening of the gate. In response to the operation, the determination device 52 transmits a gate opening instruction to the gate device 55 (step S517), and the gate device 55 opens the gate according to the opening instruction received from the determination device 52. As a result, person B can enter country X.

[1.5. Repairing terminal device information]
In order to perform personal authentication in the personal authentication system according to the present invention, the encrypted unique information, the encrypted personal information, and the public key when the public key method is adopted are stored in each terminal device. Often, it is not necessary to store the copy in the server device. However, as shown in the basic registration system 2, the opening system 3 and the immigration system 5 described above, if a copy of the information stored in the terminal device is stored in the server device, it is stored in the terminal device for some reason. When the stored information is damaged or lost, the information can be easily restored, and the convenience of the personal authentication system according to the present invention can be enhanced.

[1.5.1. Operation]
The restoration of the terminal device information using the information stored in the server device can be executed using the basic registration system 2 in the registration specialized organization. However, when information is restored, the server device 23 also functions as a decryption unit that decrypts the encrypted unique information and the encrypted personal information stored in the nonvolatile storage unit 233 by processing according to the program. Hereinafter, the operation of the basic registration system 2 in the case where information restoration of the terminal device 21C brought into the registration organization by the person c is performed will be described.

  18 to 20 are flowcharts showing the operation of the basic registration system 2 when the information of the terminal device 21 is restored. In response to the operation of the operator of the basic registration system 2, the registration determination device 22 transmits a terminal identification information transmission request to the terminal device 21C (step S601). In response to the transmission request from the registration determination device 22, the terminal device 21C transmits the terminal identification information stored in the ROM 212 to the registration determination device 22 (step S602).

  The registration determination device 22 determines whether the terminal identification information has been successfully received from the terminal device 21 (step S603). This is because, for example, the terminal device 21C may fail due to dropping or the like, and terminal identification information may not be read / transmitted correctly. When the terminal device 21C fails to receive the terminal identification information from the terminal device 21C (step S603; No), the display unit 225 of the registration determination device 22 displays a screen that prompts input of the name and address of the owner of the terminal device 21. It is displayed (step S604). According to the display in step S604, the operator asks the person c for his / her name and address, inputs the name and address answered by the person c to the registration determination device 22, and then performs an input completion operation (step S605). In response to the input completion operation, the registration determination device 22 transmits the input name and address to the server device 23 (step S606).

  When the terminal device 21C has successfully received the terminal identification information from the terminal device 21C (step S603; Yes), the registration determination device 22 transmits the received terminal identification information to the server device 23 (step S607).

  As described above, the server device 23 associates a plurality of pieces of terminal identification information with the non-volatile storage unit 233 in association with a plurality of terminal identification information, a pair of a common key or a secret key / public key, and encryption unique information (encryption basic unique information and encryption Encryption additional unique information) and encrypted personal information (encrypted basic personal information and encrypted additional personal information) are stored. Hereinafter, each piece of information stored in association with the terminal identification information is referred to as “terminal information”.

  The server device 23 determines whether the information received from the registration determination device 22 in step S606 or step S607 is terminal identification information (step S608). When the information received from the registration determination device 22 is terminal identification information (step S608; Yes), the server device 23 receives the received terminal identification from the plurality of terminal information stored in the nonvolatile storage unit 233. Terminal information corresponding to the information is searched (step S609). Subsequently, the server device 23 decrypts the encrypted basic unique information included in the terminal information searched in step S609 with the common key or the secret key included in the searched terminal information (step S610). By the decoding in step S609, reference basic specific information corresponding to the terminal device 21C is obtained.

  On the other hand, when the information received from the registration determination device 22 is not terminal identification information (step S608; No), the server device 23 selects, for example, a terminal from among a plurality of terminal information stored in the nonvolatile storage unit 233. One of the identification information is selected in the alphabetical order from the beginning, and the encrypted basic personal information included in the selected terminal information is decrypted with the secret key included in the selected terminal information (step S611). Subsequently, the server device 23 determines whether or not the name / address included in the basic personal information obtained by the decryption in step S611 matches the name / address received in step S606 (step S612).

  When the name / address received from the registration determination device 22 in the determination in step S612 does not match the name / address obtained by the decryption (step S612; No), the server device 23 stores data in the nonvolatile storage unit 233. The next terminal information is selected from the plurality of stored terminal information, and step S611 and step S612 are repeated for the selected terminal information.

  If the name / address received from the registration determination device 22 in the determination in step S612 matches the name / address obtained by decryption (step S612; Yes), it is included in the terminal information that includes the name / address. The encrypted basic unique information is decrypted with the common key or the secret key included in the terminal information (step S613). By the decryption in step S613, reference basic unique information corresponding to the name / address described by the person c is obtained. The server device 23 transmits the reference basic unique information obtained by decoding in step S610 or step S613 to the registration determination device 22 (step S614).

  When receiving the reference basic unique information from the server device 23, the registration determination device 22 captures the face / appearance photograph group and the vein photograph group of the person c, and acquires the matching unique information of the person c. The process for acquiring the unique information for verification (steps S615 to S620) is performed in steps S125 to S130 (or steps S109 to S114) in the registration process performed by the basic registration system 2 shown in FIGS. It is the same.

  The registration determination device 22 includes the reference basic unique information received from the server device 23 in step S614 and the matching unique information generated in steps S617 and S620 (the face / form feature information group and vein feature information group for matching). ) And a determination is made as to whether or not there is a degree of similarity equal to or greater than a predetermined threshold value between these pieces of information (step S621).

  If it is determined in step S621 that the unique information does not have a similarity greater than or equal to a predetermined threshold (step S621; No), the person c is not a valid owner of the terminal device 21C, or the person c is There will be an error in the name and address described, and the basic registration system 2 will not restore the information. On the other hand, if it is determined in step S621 that the unique information has a similarity greater than or equal to a predetermined threshold (step S621; Yes), the person c is a valid owner of the terminal device 21C or a person It was confirmed that the name and address stated by c were correct. Therefore, the registration determination device 22 displays a screen indicating that the personal authentication is successful on the display unit 225 (step S622).

  When the screen prompting the input of the name and address is displayed in the previous step S604, the operator of the registration determination device 22 discards the failed terminal device 21C because there is some failure in the hardware of the terminal device 21C. Then, a new terminal device 21C to be replaced with it is prepared.

  If the terminal device 21C is not exchanged (step S623; No), the registration determination device 22 receives the terminal identification information received from the terminal device 21C in step S602 in response to a predetermined operation by the operator of the basic registration system 2. Is transmitted to the server device 23 (step S624).

  On the other hand, when the terminal device 21C is exchanged (step S623; Yes), the registration determination device 22 transmits terminal identification information to the new terminal device 21C in accordance with a predetermined operation of the operator of the basic registration system 2. The request is transmitted (step S625), and the new terminal device 21C transmits the terminal identification information stored in the ROM 212 to the registration determination device 22 in response to the transmission request (step S626). The registration determination device 22 transmits the terminal identification information received from the new terminal device 21C in step S626 to the server device 23 together with the name and address input in step S605 (step S627).

  The server device 23 determines whether or not the name / address is included in the information received from the registration determination device 22 in step S624 or step S627 (step S628). If it is determined in step S628 that the name / address is not included (step S628; No), the server device 23 matches the terminal identification information of the terminal information searched in step S609 with the terminal identification information received in step S624. After confirming this, all information except the common key or secret key included in the terminal information is transmitted to the registration determination device 22 (step S629).

  On the other hand, if it is determined in step S628 that the name / address is included (step S628; Yes), the server device 23 receives the name / address included in the terminal information that matches the name / address in step S612. After confirming that the received name and address match, the terminal identification information associated with the terminal information (that is, the terminal identification information of the old terminal device 21C) is received as the terminal identification information (that is, the terminal identification information received in step S627) The terminal information is rewritten to the new terminal device 21C (step S630). Then, the server device 23 transmits all information except the common key or the secret key included in the terminal information associated with the rewritten terminal identification information to the registration determination device 22 (step S629).

  The registration determination device 22 transmits the information received from the server device 23 in step S629 to the terminal device 21C (step S631), and the terminal device 21C stores the information received from the registration determination device 22 in the nonvolatile storage unit 214. (Step S632). Thus, the repair of the terminal device 21C is completed.

  As described above, by storing a copy of the encrypted unique information and the encrypted personal information individually stored in the terminal device in the server device, the user of the personal authentication system according to the present invention can When a device breaks down, it is always a new terminal device, or when there is no failure in the terminal device but the stored information is damaged, it is always encrypted in the terminal device that was used. Unique information and encrypted personal information can be restored.

[2. Modified example]
The above-described embodiments can be variously modified within the scope of the technical idea of the present invention. In addition, specific numerical values used in the above-described embodiments are illustrative examples, and the present invention should not be construed in a limited manner by those numerical values. A modification is shown below.

  Many steps included in the operation flow in the above-described embodiment can obtain the same result even if the temporal context is changed, and these changes are within the scope of the technical idea of the present invention. For example, either step S513 or step S515 in FIG.

  The encryption method employed in the above-described embodiment is an example, and any encryption method may be employed in the implementation of the present invention. For example, a combination of a common key method and a public key method may be used, a method of enhancing the security by further encrypting the key with another key, a method of performing multi-stage encryption / decryption, etc. Also good. Further, in order to increase the strength of encryption, the key may be periodically exchanged, or encryption may be performed again using a key different from the key previously used when updating the information.

  In the above-described embodiment, the number of the common key or the secret key and the public key used for one terminal device is one. However, the present invention is not limited to this, and different keys or key pairs are used depending on the type of information. You may make it use. FIG. 21 is a diagram schematically showing information stored in the terminal device 61 and the server device 63 when the public key method is adopted in the personal authentication system according to the present invention and the key is changed for each type of information. is there. When the common key method is adopted in the personal authentication system according to the present invention, the terminal device 61 shown in FIG. 21 does not store the public key, and the server device 63 uses the common key instead of the private key / public key pair. May be stored.

  When a different key is assigned for each type of information, in the terminal device 61 and the server device 63, each information and key is stored in association with information type identification information for identifying them from other information and keys. Yes. In the example of FIG. 21, for example, encrypted vein characteristic information and a public key (or a private key / public key pair) assigned to the information are identified by information type identification information “002”.

  When a different key is assigned for each type of information, the determination device 62 receives only information of the minimum type necessary for the processing of the determination device 62 from the terminal device 61, and decrypts the information. Only the server device 63 is configured to receive the information, so that it is possible to avoid the inconvenience that unnecessary information is inadvertently decrypted by the determination device 62.

  For example, when the determination device 62 authenticates the person using only the face / form feature information of the basic unique information and needs to browse the name, age, gender, and past history as the personal information, the determination device 62 is the terminal device 61. And 001, 003, 005, 006, 208 is transmitted to the server device 63 as information type identification information. The terminal device 61 transmits information to be searched to the determination device 62 using the information type identification information received from the determination device 62 as a search key. The server device 63 transmits a secret key to be searched to the determination device 62 using the information type identification information received from the determination device 62 as a search key. The determination device 62 decrypts the information received from the terminal device 61 with the secret key received from the server device 63, and obtains information necessary for processing.

  When a different key is assigned for each type of information, when new type of additional personal information needs to be registered, or when additional specific information is newly registered, the information is encrypted by the determination device 62. In this case, the determination device 62 requests the server device 63 for information type identification information and key generation. In response to the request, the server device 63 generates new information type identification information and a key (or key pair), and transmits the generated information type identification information and an encryption key (public key or common key) to the determination device 62. . In a system employing a public key method, even when additional personal information or the like is encrypted in the terminal device 61, the terminal device 61 similarly releases the information type identification information and the information from the server device 63 via the determination device 62. Get the key. The determination device 62 or the terminal device 61 encrypts additional personal information using the encryption key acquired from the server device 63 as described above. The above is the description of the modification of the embodiment of the present invention in which a different key is assigned for each type of information.

  Furthermore, another modification is shown. Some steps included in the operation flow in the above-described embodiment can be replaced by other processes without losing technical significance, and such changes are also within the scope of the technical idea of the present invention. .

  For example, in the above-described embodiment, the unique information and the personal information stored in the server device have been described as being stored in an encrypted state, but are stored in an unencrypted state and stored in the terminal device. You may comprise so that it may encrypt when encryption is required for information restoration etc. The place where the unique information or the personal information is encrypted may be the determination device or the server device. Furthermore, when the public key method is adopted, the unique information or personal information may be encrypted with the public key in the terminal device. In that case, the control unit of the terminal device also functions as an encryption unit by processing according to the program. Further, the place where the unique information or the personal information is decrypted may be the determination device or the server device. When both the terminal device and the server device store the public key, the determination device may acquire the public key from any device.

  The principle of the present invention is that no decryption key capable of decrypting personal information stored in the terminal device is passed to the terminal device. However, there is no problem even if personal information that does not require confirmation by a third party, such as hobby information of the owner of the terminal device, is decrypted in the terminal device. Therefore, the server device generates a different common key for each type of personal information. For personal information that does not require confirmation by a third party, the terminal device uses the common key transmitted from the server device to May be encrypted. The personal information thus encrypted is transmitted and stored in the server device.

  In the embodiment described above, identification information stored in advance in the ROM of the terminal device is used as identification information for identifying a person's key, unique information, personal information, etc. from those of other persons. However, the identification information that can be used in the present invention is not limited thereto. For example, by storing encrypted unique information, encrypted personal information, etc. in a recording medium such as a flash memory card that is detachably connected to the main body of the terminal device, the identification information unique to the recording medium is stored in the terminal identification information. It may replace with and may be used.

  Further, for example, the server device assigns arbitrary identification information to the terminal device or the owner of the terminal device at the time of initial registration, the identification information assigned by the terminal device is stored in the nonvolatile storage unit, and is used instead of the terminal identification information. Also good. In that case, if the identification information is rewritten by the user or the like, the user cannot use the personal authentication system according to the present invention, but the specific information and personal information are not leaked to others, and the person who is not the user Since the user cannot be impersonated, the security level is not lowered as compared with the case of using identification information stored in a non-rewritable state in the ROM or the like of the terminal device.

  In the above-described embodiment, the terminal device is a wireless portable terminal that conforms to the PHS specification, but is not limited thereto. For example, although the convenience is somewhat impaired, a configuration in which the terminal device is connected to the determination device via a communication cable and wired communication is performed between the terminal device and the determination device may be employed. Further, the communication method between the determination device and the server device is not limited to that via the Internet. For example, these devices may be connected for communication by a dedicated line.

  In the above-described embodiment, a method using a general paging signal with different radio field strengths is adopted as a method of identifying a terminal device possessed by a person who is a subject of personal authentication from a plurality of terminal devices. Not limited to that. For example, a person standing in the front row in front of the gate may operate a terminal device owned by the person to transmit the identification information to the determination device.

  The terminal device, the determination device, and the server device constituting the personal authentication system according to the present invention function as a constituent device of the personal authentication system according to the present invention by the control unit included in each device performing processing according to the program. Although described as a thing, you may make it each of each function structure part implement | achieved by the control part implement | achieve in each apparatus by hardware.

  In the above-described embodiment, the determination device (or the determination device for registration) includes the face / form photograph photographing unit and the vein photograph photographing unit as components, but the determination device according to the present invention constitutes these means. It is not provided as an element, and information such as face / form data and vein data is acquired from an external photographing device, and specific information such as face / form feature information and vein feature information is generated using the acquired information. Alternatively, unique information such as face / form feature information and vein feature information generated by an external device may be simply acquired by the receiving unit.

  In the embodiment described above, when the personal authentication is successful by comparing the reference specific information and the verification specific information, the subsequent personal information (name and address) of the person is used to perform subsequent processing (specifically, the gate). It was decided to make a judgment on whether or not However, personal information (including basic personal information) does not necessarily have to be used in processing after successful authentication. For example, in the first embodiment, the terminal identification information of persons who have been successfully authenticated is included in the admission-permitted person list instead of the names and addresses of persons who are permitted to enter. A configuration may be adopted in which whether or not the gate is opened is determined based on whether or not the permitted person list is included. In such a configuration, personal information is not necessary. When personal information is not used in the processing after the personal authentication, leakage of personal information due to some accident can be prevented.

  In the embodiment described above, an example in which biological information is used as unique information has been shown. However, the unique information that can be used in the present invention is not limited to biometric information. For example, a password known only to a legitimate owner may be used in the present invention instead of or in addition to biometric information. As described above. If a password is leaked compared to biometric information, it is possible to impersonate another person, but it is easier to generate unique information for reference and specific information for verification than when biometric information is used, and the size of the information is generally small. The advantage is that the information can be easily and accurately compared. Therefore, in an embodiment that does not cause much problem even if the accuracy of personal authentication is low, it may be desirable to use a password as unique information instead of biometric information. Also, in some cases, it is desirable to use personal authentication with a password together to compensate for the low accuracy of personal authentication using biometric information.

  When the password is used as the unique information in the present invention, the determination device determines whether the password stored in advance in the terminal device and the password input by the owner of the terminal device are determined by the determination device. The success or failure of personal authentication will be decided. The operation means for the owner of the terminal device to input the password may be, for example, an operation unit such as a keypad provided in the terminal device, or an operation unit such as a keyboard connected to or built in the determination device. May be.

  For example, an example of using a password instead of biometric information in the first embodiment will be described. The owner of the terminal device can input a password to the terminal device, for example, from a position near the gate. When the password is input by the holder, the terminal device temporarily stores the input password in the volatile storage unit for a predetermined period (for example, 3 minutes). For example, when the terminal device reaches a position of about 5 meters before the gate, the terminal device responds to the simultaneous call signal (5 m) sent from the determination device, and if the password is stored in the volatile storage unit, the password is stored. Is transmitted to the determination device. On the other hand, when the password is not stored in the volatile storage unit, the terminal device displays a message prompting the input of the password on the display unit. When the owner of the terminal device inputs a password to the terminal device in response to the message, the input password is transmitted from the terminal device to the determination device. The determination device acquires the password transmitted from the terminal device in this way and uses it as verification specific information.

  A keyboard connected to the determination device is arranged in front of the gate. Instead of inputting the password to the terminal device as described above, the terminal device owner can also input the password to the keyboard in front of the gate. The password input by the owner of the terminal device using the keyboard in front of the gate is used as verification specific information in the determination device. In such a configuration, the user can enter the password to the terminal device and pass through the gate smoothly, or the user can enter the password on the keyboard in front of the gate and take the trouble of taking out the terminal device from the bag, for example. It can be omitted.

  The terminal device and the server device according to the present invention may be realized by causing a general computer having a communication function to execute a program. In addition, the determination apparatus according to the present invention connects a device for acquiring unique information such as a face / figure photography unit and a vein photography unit to a general computer having a communication function, and causes the computer to execute a program. May be realized. The present invention also provides a program that is executed by a computer and realizes a terminal device, a determination device, and a server device according to the present invention. In addition, the present invention also provides a recording medium that is executed by a computer and records a program for realizing the terminal device, the determination device, and the server device according to the present invention in a computer-readable manner. Furthermore, the present invention also provides a method for personal authentication executed by the above-described personal authentication system.

[3. Supplementary explanation]
The present invention relates to a technique for authenticating whether or not a combination of a terminal device holder and a terminal device is valid by using unique information of a valid owner of the terminal device. Therefore, in the present invention, identification information for identifying a person's key, unique information, personal information, etc. from those of another person is identification information unique to the terminal device and at the same time a valid owner of the terminal device. It is also unique identification information. That is, in the present invention, whether such identification information is regarded as terminal identification information for identifying a terminal device or user identification information for identifying an owner of a terminal device, there is a technical difference between them. Absent. If a single user owns multiple terminal devices, keys, unique information, personal information, etc. related to the multiple terminal devices must be synchronized in order to maintain data consistency. It is equivalent that different terminal identification information is assigned to and associated with each other and that the same user identification information is assigned to different terminal devices owned by the same user.

It is the figure which showed the basic composition of the personal authentication system concerning the embodiment of the present invention. It is the figure which showed typically the structure of the basic registration system concerning embodiment of this invention. It is the figure which showed typically the structure of the terminal device concerning embodiment of this invention. It is the figure which showed typically the structure of the determination apparatus for registration concerning embodiment of this invention. It is the figure which showed typically the shape of the camera installation base by which the camera group of the face / form photography part concerning embodiment of this invention is arrange | positioned. It is the figure which showed typically the structure of the server apparatus concerning embodiment of this invention. It is the flowchart which showed operation | movement of the basic registration system concerning embodiment of this invention. It is the flowchart which showed operation | movement of the basic registration system concerning embodiment of this invention. It is the flowchart which showed operation | movement of the basic registration system concerning embodiment of this invention. It is the figure which showed typically the structure of the opening system concerning embodiment of this invention. It is the figure which showed typically the structure of the determination apparatus concerning embodiment of this invention. It is the flowchart which showed operation | movement of the gate opening system concerning embodiment of this invention. It is the flowchart which showed operation | movement of the gate opening system concerning embodiment of this invention. It is the flowchart which showed operation | movement of the gate opening system concerning embodiment of this invention. It is the flowchart which showed operation | movement of the gate opening system concerning embodiment of this invention. It is the figure which showed typically the whole structure of the immigration system concerning embodiment of this invention. It is the flowchart which showed operation | movement of the immigration system concerning embodiment of this invention. It is the flowchart which showed operation | movement of the basic registration system concerning embodiment of this invention. It is the flowchart which showed operation | movement of the basic registration system concerning embodiment of this invention. It is the flowchart which showed operation | movement of the basic registration system concerning embodiment of this invention. It is the figure which showed typically the information preserve | saved at a terminal device and a server apparatus in the modification of embodiment of this invention.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Identity authentication system, 2 ... Basic registration system, 3 ... Opening system, 5 ... Immigration system, 11 ... Terminal device, 12 ... Determination device, 13 ... Server device, 21 ... Terminal device, 22 ... Registration determination device, DESCRIPTION OF SYMBOLS 23 ... Server apparatus, 31 ... Terminal apparatus, 32 ... Determination apparatus, 33 ... Server apparatus, 34 ... In-house server apparatus, 35 ... Main gate apparatus, 36 ... Sub-gate apparatus, 51 ... Terminal apparatus, 52 ... Determination apparatus, 53 ... Server Device ... 54 ... Immigration server device, 55 ... Gate device, 61 ... Terminal device, 62 ... Judgment device, 63 ... Server device, 111 ... ROM, 112 ... Nonvolatile storage unit, 121 ... Unique information acquisition unit, 122 ... Volatile memory unit 131... Nonvolatile memory unit 211... Control unit 212... ROM 213. Volatile memory unit 214. Communication unit 217 ... Operation unit 218 Display unit 221 Control unit 222 ROM 223 Volatile storage unit 224 Operation unit 225 Display unit 226 Terminal device communication unit 227 Internet communication unit, 228 ... face / figure photography unit, 229 ... vein photography unit, 231 ... control unit, 232 ... volatile storage unit, 233 ... nonvolatile storage unit, 234 ... transmission unit, 235 ... reception unit, 320 ... Control unit, 321 ... ROM, 322 ... Volatile storage unit, 323 ... Sound generation unit, 324 ... Terminal communication unit, 325 ... Internet communication unit, 326 ... Face / picture photography unit, 327 ... Vena photography unit 328... Main gate device transmitter, 329 .sub.sub gate device transmitter, 3261... Camera, 3262... Distance sensor, 3271.

Claims (14)

Identification information for identifying the own device or the authorized owner of the own device and encrypted unique information obtained by encrypting the unique information for reference, which is information unique to the owner that can be obtained only from the authorized owner A first transmission step in which the stored terminal device transmits the identification information and the encrypted unique information to the determination device;
Second transmission in which the determination device transmits the identification information transmitted from the terminal device in the first transmission step to a server device storing a decryption key in association with each of a plurality of identification information. Steps,
The server device stores, in the determination device, a decryption key stored in association with the identification information transmitted from the determination device in the second transmission step among a plurality of decryption keys stored in the own device. A third sending step for sending;
The determination device decrypts the encrypted unique information transmitted from the terminal device in the first transmission step by using the decryption key transmitted from the server device in the third transmission step. A decoding step for generating reference specific information;
An acquisition step in which the determination device acquires specific information for collation that is information unique to the owner that can be acquired only from the owner of the terminal device;
Based on a comparison result between the reference specific information generated in the decryption step and the verification specific information acquired in the acquisition step by the determination device, the owner is the same person as the rightful owner And a determination step for determining whether or not. A plurality of terminal devices, a determination device, and a server device;
Each of the plurality of terminal devices includes identification information for identifying the own device or a proper owner of the own device, and reference specific information that is information unique to the owner that can be acquired only from the proper owner of the own device. A storage unit that stores encrypted unique information obtained by encryption; and a transmission unit that transmits the identification information and the encrypted unique information stored in the storage unit of the own device to the determination device. ,
The determination device includes identification information for identifying the one terminal device or a valid owner of the one terminal device from one terminal device of the plurality of terminal devices, and a valid owner of the one terminal device. Receiving device receiving means for receiving the encrypted unique information obtained by encrypting the reference unique information that is unique to the owner that can be obtained only from the terminal, and the identification information received by the receiving device receiving means To the server apparatus, to the server apparatus receiving means for receiving a decryption key transmitted from the server apparatus in response to transmission of the identification information by the server apparatus transmission means, Using the decryption key received by the server-device receiving means, the encrypted unique information received by the terminal-device receiving means is decrypted to thereby verify the correctness of the one terminal device. Decoding means for generating the reference unique information that is information unique to the owner that can be obtained only from the owner, and information unique to the owner that can be obtained only from the owner of the one terminal device In the comparison result between the acquisition means for acquiring the verification specific information and the reference specific information that is information specific to the owner that can be acquired only from the rightful owner of the one terminal device and the verification specific information Determination means for determining whether or not the owner is the same person as the rightful owner of the one terminal device,
The server device includes: a storage unit that stores a decryption key in association with each of a plurality of pieces of identification information that respectively identify the plurality of terminal devices; a reception unit that receives one piece of identification information from the determination device; And a transmitting means for transmitting to the determination device a decryption key stored in association with the one identification information among the plurality of decryption keys stored in the storage means. It is obtained by encrypting identification information for identifying the terminal device or a legitimate owner of the terminal device and reference unique information that is unique to the owner that can be obtained only from the legitimate owner from the terminal device. Receiving terminal receiving means for receiving the encrypted unique information,
A server device transmitting means for transmitting the identification information to the server device;
A server reception unit for receiving a decryption key transmitted from the server device in response to transmission of the identification information by the server device transmission unit;
Decryption means for generating the reference unique information by decrypting the encrypted unique information using the decryption key;
Acquisition means for acquiring specific information for collation that is information specific to the owner that can be acquired only from the owner of the terminal device;
A determination device comprising: determination means for determining whether or not the owner is the same person as the legitimate owner based on a comparison result between the reference specific information and the verification specific information. The terminal device receiving means receives encrypted personal information obtained by encrypting the personal information of the rightful owner from the terminal device,
The decryption means generates the personal information by decrypting the encrypted personal information using a decryption key transmitted from the server apparatus and received by the server apparatus reception means. Judgment device. The decryption key transmitted from the server device in response to the transmission of the identification information by the server device transmission means is a public key private key,
The terminal device receiving means receives a public key paired with the secret key from the terminal device,
The determination apparatus according to claim 3, further comprising an encryption unit that encrypts information using the public key. Identification information for identifying the own device or the authorized owner of the own device, and encrypted unique information obtained by encrypting the unique information for reference, which is information unique to the owner that can be acquired only from the authorized owner Storage means for storing
A terminal device comprising: transmission means for transmitting the identification information and the encrypted unique information to a determination device. The storage means stores encrypted personal information obtained by encrypting personal information of the rightful owner,
The terminal device according to claim 6, wherein the transmission unit transmits the encrypted personal information to the determination device. The storage means stores a public key that is paired with a secret key used to generate the encrypted unique information by encrypting the reference unique information;
The terminal device according to claim 6, wherein the transmission unit transmits the public key to the determination device. Acquired from only a plurality of identification information, a common key of a common key system corresponding to each of the plurality of identification information, and an authorized owner of the terminal device identified by the identification information for each of the plurality of identification information Storage means for storing the reference unique information that is unique to the owner or the encrypted unique information obtained by encrypting the reference unique information with the common key corresponding to the identification information,
Receiving means for receiving one piece of identification information from the determination device;
A server device comprising: a transmission unit configured to transmit, to the determination device, a common key stored in association with the one identification information among a plurality of common keys stored in the storage unit. For each of the plurality of identification information, the storage means is obtained by encrypting the personal information of the right owner of the terminal device identified by the identification information or the personal information with the common key corresponding to the identification information. The server apparatus according to claim 9, wherein the encrypted personal information is stored in association with the identification information. Acquired only from the rightful owner of the terminal device identified by the plurality of identification information, the public key secret key corresponding to each of the plurality of identification information, and each of the plurality of identification information. In association with reference unique information that is unique to a unique owner or encrypted unique information obtained by encrypting the reference unique information with a public key paired with the secret key corresponding to the identification information Storage means for storing;
Receiving means for receiving one piece of identification information from the determination device;
A server apparatus comprising: a transmission unit configured to transmit a secret key stored in association with the one identification information among the plurality of secret keys stored in the storage unit to the determination device. The storage means, for each of the plurality of identification information, the personal information of the legitimate owner of the terminal device identified by the identification information or the public information that makes the personal information paired with the secret key corresponding to the identification information The server device according to claim 11, wherein encrypted personal information obtained by encryption with a key is stored in association with the identification information. It is obtained by encrypting identification information for identifying the terminal device or a legitimate owner of the terminal device and reference unique information that is unique to the owner that can be obtained only from the legitimate owner from the terminal device. Receiving the encrypted unique information,
Processing for transmitting the identification information to a server device;
Processing for receiving a decryption key transmitted from the server device in response to transmission of the identification information to the server device;
Processing for generating the reference unique information by decrypting the encrypted unique information using the decryption key;
A process of acquiring specific information for collation that is information specific to the owner that can be acquired only from the owner of the terminal device;
A program for causing a computer to execute a process of determining whether or not the owner is the same person as the legitimate owner based on a comparison result between the reference specific information and the verification specific information.   A computer-readable recording medium on which the program according to claim 13 is recorded.

Images