JP2012089063A - Composite authentication apparatus - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a composite authentication apparatus which is capable of improving convenience by relieving a registrant in which a personal rejection occurs, while ensuring security in the case where the personal rejection occurs.SOLUTION: A composite authentication apparatus includes a RFID tag which has specific ID information for identifying a person carrying a tag, RFID authentication means which performs RFID authentication by reading ID information of the RFID tag within a tag detection range, biological authentication means which performs biological authentication by reading human biological information, determination means which determines a success/failure of the final authentication on the basis at least of a RFID authentication result of the RFID authentication means and a biological authentication result of the biological authentication means. In the case where a predetermined temporary registration implementation condition containing at least the biological authentication result of the biological authentication means in a requirement is established, the determination means temporarily registers biological information and after the temporary registration, the biological authentication means performs biological authentication using the temporarily registered biological information.

Description

  The present invention relates to a composite authentication apparatus.

  Conventionally, as a personal authentication device, a biometric authentication device that performs personal authentication by acquiring biometric information of a person to be authenticated, and an RFID (Radio Frequency IDentification) tag that can read information in the tag for wireless communication There is known a composite authentication device that uses a combination of the above and the like.

  FIG. 14 shows an example of the configuration of this conventional composite authentication apparatus. In this figure, 6 is an RFID reading unit for reading ID information of an RFID tag within a tag detection range, and 7 is RFID registration information in which registered ID information that is an ID of a person permitted to pass is stored. A storage unit 8 is an RFID authentication unit that performs ID authentication processing by comparing the ID information sent from the RFID reading unit 6 with the registered ID information stored in the RFID registration information storage unit 7.

Also, 9 is a biometric information reading unit for reading biometric information, 10 is a biometric registration information storage unit that stores face images of persons who are permitted to pass as registered biometric information, and 11 is read by the biometric information reading unit 9. The biometric authentication unit performs biometric authentication processing by collating the biometric information obtained with the biometric information acquired from the biometric registration information storage unit 10.
Based on the ID authentication result and the biometric authentication result, 12 determines whether or not a predetermined determination condition for determining whether the final authentication is successful (whether passage is permitted) is satisfied. A determination unit 13 for displaying an authentication determination result in the determination unit 12 to an authentication operator; Part.

  Further, as another example of the conventional composite authentication device, for example, there is a device described in Patent Documents 1-3. The device disclosed in Japanese Patent Laid-Open No. 2005-228561 performs personal authentication by reading fingerprint biometric information from an RFID tag and collating it with fingerprint biometric information read by a fingerprint recognition device. If the authentication by the fingerprint is successful, a face image is further photographed and registered, and thereafter, personal authentication can be performed using the registered face image.

Japanese Patent Application Laid-Open No. 2004-228561 describes a technique in which authentication based on a unique ID recorded in an RFID tag and biometric authentication are used in combination.
Patent Document 3 describes a composite authentication apparatus that stores personal biometric information in a biometric information table in advance, reads biometric information corresponding to an ID read from an RFID tag, and performs collation. When the composite authentication apparatus described in Patent Document 3 reads an ID from an RFID tag, the biometric information corresponding to the ID is read from the biometric information table and stored in advance in the verification table. Then, when the biometric information is subsequently read by the biometric authentication device, the read biometric information is collated with the biometric information stored in the collation table.

JP 2005-293172 A JP 2006-119775 A JP 2007-066107 A

  By the way, in biometric authentication using biometric information for authentication, the status of biometric information used for authentication is not necessarily the same at the time of registration and at the time of verification, so the accuracy of authentication depends on the difference in this status. For this reason, there is a case where an identity rejection (FR: False Reject), which is a case where authentication is not permitted, occurs even though the registrant performs the verification operation.

  However, in the above-described conventional composite authentication apparatus, no consideration is given to how to deal with the case where the principal refusal occurs. Therefore, when a specific registrant has been continuously denied for some reason, the registrant has failed to authenticate many times even though it should have been authenticated. Therefore, there is a problem that convenience is significantly reduced. In particular, when a registrant's face image is used as biometric information, the registrant's face image is easily affected by the environment (for example, brightness) in which the face image is captured.

  The present invention has been made to solve such a problem. In the case where a registrant is rejected by a registrant, the registrant in which the refusal has occurred is remedied while ensuring security. Thus, a composite authentication apparatus that can improve convenience can be obtained.

  In the composite authentication apparatus according to the present invention, an RFID tag having unique ID information for identifying the owner of the tag, and RFID authentication for performing RFID authentication by reading the ID information of the RFID tag within a tag detection range Whether or not the final authentication has succeeded based at least on the means, the biometric authentication means for reading the biometric information of the person and performing biometric authentication, the RFID authentication result of the RFID authentication means and the biometric authentication result of the biometric authentication means Determination means for determining whether or not the determination means performs temporary registration of biometric information when a predetermined provisional registration execution condition including at least a biometric authentication result of the biometric authentication means is satisfied, The biometric authentication means is configured to perform biometric authentication using the temporary registration biometric information after the temporary registration.

  According to the present invention, in the composite authentication apparatus, when a registrant is rejected by a registrant, the registrant who has generated the refusal can be remedied and the convenience can be improved while ensuring security.

It is a top view which shows the structure outline of the composite authentication apparatus which concerns on Embodiment 1 of this invention. It is a block diagram which shows the whole structure of the composite authentication apparatus which concerns on Embodiment 1 of this invention. It is a figure explaining the operation | movement which leads to temporary registration implementation of the composite authentication apparatus which concerns on Embodiment 1 of this invention. It is a figure explaining the operation | movement in the temporary registration operation of the composite authentication apparatus which concerns on Embodiment 1 of this invention. It is a figure explaining the authentication operation | movement of the composite authentication apparatus which concerns on Embodiment 1 of this invention. It is a figure explaining the suspicious person registration operation | movement of the composite authentication apparatus which concerns on Embodiment 1 of this invention. It is a figure explaining the suspicious person detection operation | movement of the composite authentication apparatus which concerns on Embodiment 1 of this invention. It is a figure explaining the operation | movement which leads to temporary registration implementation at the time of the multiple tag detection of the composite authentication apparatus which concerns on Embodiment 1 of this invention. It is a flowchart which shows the flow of RFID detection and the authentication process of the composite authentication apparatus which concerns on Embodiment 1 of this invention. It is a flowchart which shows the flow of the collation schedule list update process of the composite authentication apparatus which concerns on Embodiment 1 of this invention. It is a flowchart which shows the flow of the biometrics authentication process of the composite authentication apparatus which concerns on Embodiment 1 of this invention. It is a flowchart which shows the flow of the temporary registration process of the composite authentication apparatus which concerns on Embodiment 1 of this invention. It is a flowchart which shows the flow of a suspicious person collation process of the composite authentication apparatus which concerns on Embodiment 1 of this invention. It is a block diagram which shows the whole structure of the conventional composite authentication apparatus.

  The present invention will be described with reference to the accompanying drawings. Throughout the drawings, the same reference numerals indicate the same or corresponding parts, and redundant description thereof will be simplified or omitted as appropriate.

Embodiment 1 FIG.
1 to 13 relate to Embodiment 1 of the present invention. FIG. 1 shows a schematic configuration of the composite authentication apparatus.
In FIG. 1, reference numeral 1 denotes a room that is one of the sections that are partitioned in the facility where the composite authentication apparatus is installed and in which entrance / exit restrictions are imposed. The room 1 is provided with an entrance for people to enter and exit the room 1. This doorway is opened and closed by the door 2. The door 2 can be locked and unlocked by an electric lock (not shown).

  A person who tries to enter and leave the room 1 through the door 2 carries an RFID tag 3 such as an ID card. In the RFID tag 3, an ID unique to each tag, which is an identifier for identifying the owner of the tag, is stored in advance as ID information. A composite authentication apparatus body 4 having an RFID tag reader function for reading ID information stored in the RFID tag 3 is installed on the door 2 or a wall surface near the door 2. The range in which the information stored in the RFID tag 3 can be read by the composite authentication apparatus body 4 is a substantially circular range centering on the composite authentication apparatus body 4. This range is shown as a tag detection range 5 in FIG.

  In addition to the RFID tag reader function described above, the composite authentication apparatus main body 4 also has a biometric authentication function. Here, a case where a face image obtained by photographing a human face is employed as biometric information used for biometric authentication will be described. It is also possible to photograph a human finger surface, eyes, etc. to obtain other biometric information such as fingerprints, irises, veins, etc., and use them for authentication. Of course, a plurality of biological information may be used in combination.

FIG. 2 is a block diagram showing the overall configuration of the composite authentication apparatus.
The composite authentication apparatus main body 4 includes an RFID reading unit 6 for reading ID information of the RFID tag 3 within the tag detection range 5. The RFID registration information storage unit 7 stores registered ID information that is an ID of a person permitted to pass. The ID information of the RFID tag 3 in the tag detection range 5 read by the RFID reading unit 6 is sent to the RFID authentication unit 8 for authenticating the RFID tag 3. Then, the RFID authentication unit 8 performs ID authentication processing by comparing the ID information sent from the RFID reading unit 6 with the registered ID information stored in the RFID registration information storage unit 7.

  The composite authentication apparatus body 4 is also provided with a biometric information reading unit 9 for reading biometric information. Here, since a human face image is adopted as the biometric information used for biometric authentication, the biometric information reading unit 9 is configured by, for example, a camera for photographing a human face image. This camera has a function of recognizing that a person's face is in the shooting range and shooting a person's face within the recognized shooting range.

The biometric registration information storage unit 10 stores face images of persons who are permitted to pass as registered biometric information. The biometric registration information storage unit 10 stores the face image and the ID information of the owner of the face image in association with each other.
The face image, which is biometric information recognized and photographed (read) by the biometric information reading unit 9, is sent to the biometric authentication unit 11 for performing biometric authentication. The biometric authentication unit 11 acquires from the biometric registration information storage unit 10 a face image (biometric registration information) that is permitted to pass. Then, biometric authentication processing is performed by comparing the biometric information read by the biometric information reading unit 9 with the biometric information acquired from the biometric registration information storage unit 10.

  The ID authentication result in the RFID authentication unit 8 and the biometric authentication result in the biometric authentication unit 11 are sent to the determination unit 12. Whether or not the determination unit 12 satisfies a predetermined determination condition for determining whether or not the authentication is finally successful (whether passage is permitted) based on the ID authentication result and the biometric authentication result. Determine whether. If it is determined that the predetermined determination condition is satisfied, the passage is permitted. In this case, an unlocking command is sent from the determination unit 12 to an electric lock control unit (not shown) that controls the operation of the electric lock. Then, the electric lock control unit unlocks the electric lock according to the unlock command. If it is determined that the predetermined determination condition is not satisfied, the passage is not permitted. In this case, the unlocking command is not output and the electric lock is kept locked.

  The composite authentication apparatus body 4 is provided with a display unit 13. The display unit 13 displays the authentication determination result in the determination unit 12 to the authentication operator. That is, when the passage is permitted by the authentication determination in the determination unit 12, the fact that the authentication is successful and the passage is permitted is displayed. Further, if the passage is not permitted due to the authentication determination by the determination unit 12, the authentication is failed and the passage is not permitted is displayed.

  An authentication operation for the composite authentication apparatus main body 4 and an authentication result for the authentication operation are stored in the traffic information storage unit 14 as traffic information. In addition, when predetermined notification information is generated by the authentication operation, the authentication result, or the determination by the determination unit 12, the administrator notification unit 15 sends an administrator (not shown) to the administrator (of the composite authentication device) in the facility. The predetermined notification information is notified.

  The size of the tag detection range 5 formed around the composite authentication apparatus main body 4 is controlled by the RFID radio wave control unit 16. That is, the RFID radio wave control unit 16 controls the size of the tag detection range 5 by controlling the intensity of radio waves radiated from the RFID reading unit 6.

  Furthermore, the biometric registration information storage unit 10 is provided with a biometric registration information temporary storage unit 10a. The biometric registration information temporary storage unit 10a temporarily stores temporarily registered biometric information described later. The traffic information storage unit 14 is provided with a traffic information temporary storage unit 14a. This passage information temporary storage unit 14a temporarily stores, among the authentication results, in particular, records when biometric authentication in the biometric authentication unit 11 fails, in a state of being organized for each ID information. It is. The determination unit 12 determines whether or not to perform temporary registration based on the information stored in the traffic information temporary storage unit 14a. And when it determines with predetermined | prescribed provisional registration implementation conditions being satisfy | filled, biometric information is temporarily registered into the biometric registration information temporary storage part 10a.

  FIG. 3 shows an operation of the composite authentication apparatus for carrying out temporary registration, that is, an operation for determining temporary registration conditions. In this example, the total number of people registered in the biometric registration information storage unit 10 is five, and one RFID tag 3, that is, one authentication operator exists in the tag detection range 5. Will be described.

  Within the tag detection range 5, there is one authentication operator who has the RFID tag 3. The RFID reading unit 6 reads ID information from the RFID tag 3 within the tag detection range 5. Then, the RFID authentication unit 8 performs ID authentication for the read ID information while referring to the recorded contents of the RFID registration information storage unit 7. Here, it is assumed that ID information whose ID is “1” is stored in the RFID tag 3 and the ID authentication is successful.

  When this authentication operator comes in front of the composite authentication apparatus main body 4, the biometric information reading unit 9 reads the biometric information of the authentication operator (photographs a face image with a camera). Then, the biometric authentication unit 11 performs brute force verification between the read biometric information (biometric authentication operation execution verification data in the figure) and the biometric information registered in the biometric registration information storage unit 10. As a result of this collation, it is assumed that the read biometric information is equal to or less than the biometric authentication threshold for all of the biometric information stored in the biometric registration information storage unit 10 and becomes biometric authentication NG (failure).

  This biometric authentication NG (failure) is registered in the passage information temporary storage unit 14a together with the ID information of the biometric operator. At this time, biometric information (face image) at the time of biometric authentication NG is also stored. Here, it is assumed that the operator of “ID: 1” has performed the authentication operation three times at times 20:19:48, 20:20:04, and 20:21:15, and these three times result in biometric authentication NG. .

  The determination unit 12 determines whether or not a predetermined provisional registration execution condition is satisfied based on the storage contents of the passage information temporary storage unit 14a. Here, the predetermined provisional registration execution condition is that the biometric authentication NG occurs in the same ID within the temporary registration execution determination period which is a predetermined fixed period, or more than the predetermined number of temporary registration execution determination times. The condition is as follows. For example, it is assumed that the provisional registration execution determination period is 5 minutes and the temporary registration execution determination number is three. Looking at this condition in the example of FIG. 3, according to the information stored in the traffic information temporary storage unit 14a, the operator of ID: 1 continuously 3 times in about 2 minutes from the time 20:19:48. It is biometric authentication NG. That is, the provisional registration execution condition is satisfied. Therefore, the determination unit 12 determines that the provisional registration execution condition is satisfied, and the provisional registration operation is performed. On the other hand, even if there is biometric authentication NG, if there is no biometric authentication NG for the same ID within the temporary registration execution determination period, the provisional registration execution condition is not satisfied, and the composite authentication apparatus is normally used. The state of is maintained.

FIG. 4 explains the provisional registration operation in the composite authentication apparatus.
When the temporary registration operation is carried out, first, the composite authentication apparatus main body 4 reduces the tag detection range 5. The reduction of the tag detection range 5 is performed by controlling the radio wave intensity and the like emitted from the RFID reading unit 6 by the RFID radio wave control unit 16. At this time, the size of the tag detection range 5 is adjusted so that only one of the RFID tags 3 in front of the composite authentication apparatus main body 4 falls within the tag detection range 5. Specifically, the tag detection range 5 is reduced to a size of about a few centimeters in radius with the RFID reader 6 of the composite authentication apparatus body 4 as the center.

  On the other hand, in a normal state where the temporary registration operation is not performed, the tag detection range 5 is adjusted to a radius of about 1 m with the RFID reading unit 6 of the composite authentication apparatus body 4 as the center. Yes. A plurality of RFID tags 3 can exist simultaneously in the tag detection range 5 in a normal state where the temporary registration operation is not performed. When the RFID reading unit 6 detects a plurality of RFID tags 3 within the tag detection range 5, the RFID reading unit 6 can read ID information of the plurality of RFID tags 3 and realize so-called prefetching in subsequent biometric authentication.

  After the tag detection range 5 is reduced, temporary registration of biometric information is performed. First, ID information of the RFID tag 3 within the tag detection range 5 is read by the RFID reading unit 6. Next, the biometric information of the operator in front of the composite authentication apparatus body 4 is read by the biometric information reading unit 9 (the operator's face image is taken by the camera). Here, the tag detection range 5 is reduced to such an extent that only one RFID tag 3 in front of the composite authentication apparatus main body 4 falls within the tag detection range 5. Therefore, the holder of the RFID tag 3 read by the RFID reading unit 6 and the owner of the biological information read by the biological information reading unit 9 can be regarded as the same person.

  Therefore, the biometric information read here (temporary registration execution registration data in the figure) is registered (temporarily registered) in the biometric registration information temporary storage unit 10a in association with the read ID information. At this time, the expiration date of the temporary registration data is also registered. The expiration date is a time obtained by adding a temporary registration effective time which is a predetermined fixed time from a time when the temporary registration is performed.

  When the temporary registration of the biometric information is completed, the composite authentication apparatus main body 4 notifies the administrator of information related to the temporary registration from the administrator notification unit 15. The information related to the temporary registration is first the ID information stored in the biometric registration information temporary storage unit 10a for the temporary registration and the biometric information of the temporary registration execution registration data associated with the ID information. In addition, the authentication result information that is the biometric authentication NG of the ID for which the temporary registration is performed, which is stored in the traffic information temporary storage unit 14a, is also notified to the administrator. In this way, when temporary registration of biometric information and notification of temporary registration information are performed, the temporary registration operation ends.

  FIG. 5 is a diagram for explaining the authentication operation of the composite authentication apparatus. Here, as in the case of FIG. 3, the total number of people registered in the biometric registration information storage unit 10 is 5, and one RFID tag 3 having ID information “1” is included in the tag detection range 5. That is, a case where there is one authentication operator will be described as an example. The biometric registration information temporary storage unit 10a stores temporary registration data with an expiration date of 21:21:00 for ID: 1. Note that the tag detection range 5 has a normal size because it is in a normal state where provisional registration is not in progress.

  In this state, first, the RFID reader 6 reads the ID information “1” from the RFID tag 3 in the tag detection range 5. Then, the RFID authentication unit 8 performs ID authentication for the read ID information while referring to the recorded contents of the RFID registration information storage unit 7. If the ID authentication is successful, the biometric information reading unit 9 then reads the biometric information of the authentication operator. Then, the biometric authentication unit 11 performs brute force verification between the read biometric information (biometric authentication operation execution verification data in the figure) and the biometric information registered in the biometric registration information storage unit 10.

  When temporary registration data for which the expiration date for the ID authenticated by the RFID authentication unit 8 has not expired is stored in the biometric registration information temporary storage unit 10a, the biometric authentication unit 11 also stores the temporary registration data. Perform verification. Here, temporary registration data up to the expiration date 21:21:00 for ID: 1 is stored in the biometric registration information temporary storage unit 10a, and the authentication operation is performed at 20:21:15 within this expiration date. Suppose. If there is a match equal to or greater than a predetermined biometric authentication threshold value as a result of verification including valid temporary registration data, biometric authentication is OK (success), and the operator is permitted to pass.

  FIG. 6 explains the suspicious person registration operation of the composite authentication apparatus. As described above, when the biometric information is read by the biometric information reading unit 9 in a state where the RFID tag 3 is not detected within the tag detection range 5 (here, a human face is recognized in the captured image of the camera). ), It is presumed that the owner of the biometric information is a suspicious person who wants to be authenticated without having the RFID tag 3 (for example, the RFID tag 3 together with a legitimate registrant who has the RFID tag 3). So-called “symbiotic” etc. that the person who does not possess the property tries to pass.

  When the biometric information is read by the biometric information reading unit 9 in a state where the ID information is not read, the biometric information (biometric authentication operation execution verification data in the figure) is verified. In this verification, brute force verification is performed between the biometric information and the registered biometric information stored in the biometric registration information storage unit 10. In addition, when valid biometric information of a suspicious person is already registered in the biometric registration information temporary storage unit 10a, the biometric information of the suspicious person stored in the biometric registration information temporary storage unit 10a is also verified by brute force verification. Added as an opponent. In the example of FIG. 6, the expiration date of the suspicious person 1 stored in the biometric registration information temporary storage unit 10a is 21:21:00, and the detection time of the biometric information in question is 20:31:15. is there. Therefore, the biometric information of the suspicious person 1 is also a collation partner.

  As a result of this collation, the biometric information read in the state where the ID information is not read matches the biometric information registered in the biometric registration information storage unit 10 and the biometric registration information temporary storage unit 10a. Can be determined that the biometric information read by the biometric information reading unit 9 belongs to a new suspicious person. Therefore, the biometric information is registered in the biometric registration information temporary storage unit 10a as a new suspicious person (suspicious person 2). At this time, the expiration date of the suspicious person registration data is also registered. The expiration date is a time obtained by adding a suspicious person registration effective time which is a predetermined fixed time from the time when the suspicious person registration is performed.

  When the suspicious person registration is performed, the fact that the suspicious person registration has been performed, the biometric information of the suspicious person registration, the expiration date, and the like are notified via the administrator notification unit 15.

  FIG. 7 explains the suspicious person detection operation of the composite authentication apparatus. When the biometric authentication operation is performed in a state where the RFID tag 3 is not detected within the tag detection range 5 and the biometric information is read by the biometric information reading unit 9 (a human face is recognized in the captured image of the camera) ), As described above, brute force matching between the biometric information (biometric authentication operation execution verification data in the figure) and the registered biometric information stored in the biometric registration information storage unit 10 is performed. In addition, when valid biometric information of a suspicious person is already registered in the biometric registration information temporary storage unit 10a, the biometric information of the suspicious person stored in the biometric registration information temporary storage unit 10a is also verified by brute force verification. Added as an opponent.

  In the example of FIG. 7, the validity period of the suspicious person 1 stored in the biometric registration information temporary storage unit 10a is 21:21:00 and the validity period of the suspicious person 2 is 21:31:00. The detection time of the living body information is 20:31:15. Therefore, the biometric information of the suspicious person 1 and the suspicious person 2 is also a collation partner.

  And as a result of collation in such a biometric authentication part 11, the biometric information read by the biometric information reading part 9 is the biometric information of the suspicious person 1 memorize | stored in the biometric registration information temporary storage part 10a, and a biometric authentication threshold value. Assume that the above agreement is found. In this case, the determination unit 12 determines that the biometric authentication operator is the suspicious person 1. And it notifies that the suspicious person 1 was detected via the administrator notification part 15. In this case, of course, authentication is NG.

  By the way, as described above, in this composite authentication apparatus, a plurality of RFID tags 3 can exist in the tag detection range 5 at a normal time during the temporary registration operation. When the biometric authentication operation is performed in a state where the plurality of RFID tags 3 are detected and the biometric authentication operation is NG, the RFID tag among the plurality of RFID tags 3 is determined by the operator who performed the biometric authentication operation. The question is whether it is the third owner. This is because it is necessary to determine the ID that has become biometric authentication NG in order to perform the provisional registration described above.

  FIG. 8 shows an operation leading to provisional registration when such a plurality of tags are detected. In this example, the total number of people registered in the biometric registration information storage unit 10 is 5, and there are two RFID tags 3, that is, two authentication operators, in the tag detection range 5. Will be described. These RFID tags 3 have ID information of ID “1” and ID “2”, respectively.

  First, the RFID reader 6 reads ID information from the two RFID tags 3 in the tag detection range 5. Then, the RFID authentication unit 8 performs ID authentication for the read ID information while referring to the recorded contents of the RFID registration information storage unit 7. The ID information read here is ID “1” and ID “2”. If this ID authentication is successful, then biometric authentication is performed. In other words, the biometric information of the biometric authentication operator in front of the composite authentication apparatus main body 4 is read by the biometric information reading unit 9. Then, the biometric authentication unit 11 performs brute force verification between the read biometric information (biometric authentication operation execution verification data in the figure) and the biometric information registered in the biometric registration information storage unit 10.

  As a result of this collation, it is assumed that the biometric information read is equal to or less than the biometric authentication threshold for all the biometric information stored in the biometric registration information storage unit 10 and becomes biometric authentication NG. In this case, the fact that the biometric authentication is NG is registered in the passage information temporary storage unit 14a. At this time, this biometric authentication NG is stored in the passage information temporary storage unit 14a together with the ID information of the biometric operator in order to be used for determining whether the provisional registration execution condition is satisfied. However, since the composite authentication apparatus main body 4 is in a state of detecting two pieces of ID information, it is necessary to determine which ID information operator of these ID information is the biometric authentication operator. .

  The determination of which ID information operator is the biometric authentication operator is performed as follows. That is, in the previous verification of biometric authentication, the read biometric information (biometric authentication operation execution verification data) and the biometric information registered in the biometric registration information storage unit 10 both have a matching degree equal to or less than the biometric authentication threshold. It became biometric authentication NG. However, since the biometric authentication operator is either ID “1” or ID “2”, the determination unit 12 stores the read biometric information (biometric authentication operation execution verification data) and biometric registration information. The degree of coincidence (score) with the biometric information of ID “1” registered in the unit 10, the read biometric information (biometric authentication operation execution verification data), and the ID “registered in the biometric registration information storage unit 10” The degree of coincidence (score) with the biological information of “2” is compared. The ID of the person with the better match score (score) (that is, the person who is more likely to be the person) is set as the ID of the biometric operator.

  In this way, when the biometric authentication operator ID is determined, the biometric authentication operator ID, the time when the biometric authentication NG is reached, the biometric authentication NG, and the fact that the biometric authentication NG is established. The biometric information at the time of biometric authentication NG is registered in the passage information temporary storage unit 14a. Here, it is assumed that the operator of “ID: 1” has performed the authentication operation three times at times 20:19:48, 20:20:04, and 20:21:15, and these three times result in biometric authentication NG. .

  The determination unit 12 determines whether or not a predetermined provisional registration execution condition is satisfied based on the storage contents of the passage information temporary storage unit 14a. Here, as in the previous example of FIG. 3, the predetermined temporary registration execution condition is the predetermined number of temporary registration execution determination times within the temporary registration execution determination period which is a predetermined fixed period for the same ID. The biometric authentication NG is generated as described above. For example, the provisional registration execution determination period is 5 minutes, and the provisional registration execution determination number is three consecutive times. According to the information stored in the passage information temporary storage unit 14a, the operator of ID: 1 has been biometric authentication NG three times continuously in about 2 minutes from the time 20:19:48, and the provisional registration execution condition is be satisfied. Therefore, the determination unit 12 determines that the provisional registration execution condition is satisfied, and the provisional registration operation is performed.

FIG. 9 is a flowchart showing the flow of RFID detection / authentication processing of the composite authentication apparatus.
First, when the composite authentication apparatus main body 4 is powered on, an RFID detection process is performed to determine whether or not the RFID tag 3 exists in the tag detection range 5 in step S1. Next, in step S2, it is confirmed whether or not the RFID tag 3 has been detected. These steps S1 and S2 are repeated until the RFID tag 3 can be detected.

  If the RFID tag 3 can be detected in step S2, the process proceeds to step S3. In step S <b> 3, the RFID reading unit 6 reads ID information stored in the RFID tag 3 detected in step S <b> 2 and reads registration data from the RFID registration information storage unit 7. In subsequent step S <b> 4, the RFID authentication unit 8 performs the RFID authentication process by comparing the ID information read from the RFID tag 3 with the registration data read from the RFID registration information storage unit 7. In subsequent step S5, it is confirmed whether or not RFID authentication is possible (successful) as a result of the RFID authentication process in step S4.

  In step S5, if RFID authentication is not possible and RFID authentication has failed, the process returns to step S1. On the other hand, if the RFID authentication is possible and the RFID authentication is successful, the process proceeds to step S6. In this step S6, the ID that succeeded in the RFID authentication in the previous step S5 is additionally registered in the first collation plan list that lists the IDs that are to be collated in biometric authentication. After step S6, the process returns to step S1, and the above processing is repeated.

FIG. 10 is a flowchart showing the flow of the collation schedule list update process of the composite authentication apparatus.
First, when the composite authentication apparatus main body 4 is powered on, it is confirmed in step S7 whether or not a predetermined time has elapsed. And the process from step S8 to S11 is performed in order for this predetermined fixed time. The predetermined fixed time is, for example, about several hundred milliseconds.

  In step S8 transferred from step S7, the update process of the collation scheduled list is started. In the next step S9, the first verification schedule list additionally registered in the operation flow of FIG. 9 is read. In subsequent step S10, the registration contents of the second collation schedule list are overwritten with the read registration contents of the first collation schedule list. Then, in the subsequent step S11, the registered content of the first collation schedule list is deleted. After step S11, the process returns to step S7, and the above processing is repeated. In this way, the registered content of the second collation schedule list can always keep the latest state of the RFID tag 3 existing in the tag detection range 5.

FIG. 11 is a flowchart showing the flow of biometric authentication processing of the composite authentication apparatus.
First, when the power of the composite authentication apparatus body 4 is turned on, the biometric information reading unit 9 performs biometric information detection processing in step S12. Then, in the subsequent step S13, it is confirmed whether or not the biological information has been detected as a result of the biological information detection process. If it is confirmed in step S13 that biometric information has not been detected, the process returns to step S12. On the other hand, if it is confirmed that the biological information can be detected, the process proceeds to step S14.

  In step S <b> 14, the biometric authentication unit 11 collates the biometric information read by the biometric information reading unit 9 with the biometric information stored in the biometric registration information storage unit 10 and performs biometric authentication processing. In subsequent step S15, it is confirmed whether or not biometric authentication is possible (successful) as a result of the biometric authentication process in step S14. In step S15, when it is confirmed that the biometric authentication is successful, the process proceeds to step S16, and the registered content of the second collation schedule list is read.

  In step S17 following step S16, it is confirmed whether or not the ID that has been confirmed to be successful in biometric authentication in the previous step S15 matches the ID registered in the second matching schedule list. In step S17, when it is confirmed that the ID confirmed that the biometric authentication is successful matches the ID registered in the second collation schedule list, the process proceeds to step S18. In this step S18, an unlocking process is performed. After step S18, the process proceeds to step S23. On the other hand, if it is confirmed in step S17 that the ID confirmed to have succeeded in biometric authentication does not match the ID registered in the second collation schedule list, step S18 is skipped and the process proceeds to step S23. And migrate.

  On the other hand, if it is confirmed in step S15 that biometric authentication has failed, the process proceeds to step S19, and the registered content of the second collation schedule list is read. In step S20 following step S19, it is confirmed whether or not one or more IDs that are confirmed to have failed in the biometric authentication in the previous step S15 are included as IDs registered in the second verification schedule list. Is done. If it is confirmed in step S20 that one or more IDs that have been confirmed to have failed in biometric authentication are included as IDs registered in the second verification schedule list, the process proceeds to step S21. . In this step S21, temporary registration processing shown in the flowchart of FIG. 12 is executed. After step S21, the process proceeds to step S23.

  On the other hand, if it is confirmed in step S20 that one or more IDs confirmed to have failed in biometric authentication are not included as IDs registered in the second verification schedule list, the process proceeds to step S22. move on. In step S22, the suspicious person collation process shown in the flowchart of FIG. 13 is executed. After step S22, the process proceeds to step S23.

  In step S23 transferred from step S18, S21, or S22, the authentication operation performed as described above and the authentication result of the authentication operation are stored in the traffic information storage unit 14 as traffic information. In subsequent step S24, a process for displaying the result of the authentication operation so far on the display unit 13 is performed.

FIG. 12 is a flowchart showing the flow of temporary registration processing in step S21 of FIG.
First, in step S25, the determination unit 12 reads the traffic information stored in the traffic information temporary storage unit 14a. Next, in step S <b> 26, the determination unit 12 acquires predetermined temporary registration execution conditions that are set in advance. In subsequent step S27, the determination unit 12 determines whether or not the provisional registration execution condition is satisfied based on the storage content of the passage information temporary storage unit 14a. If it is determined in step S27 that the provisional registration execution condition is not satisfied, the provisional registration process ends, and the process returns to step S23 in FIG.

  On the other hand, if it is determined in step S27 that the provisional registration execution condition is satisfied, the process proceeds to step S28. In step S28, the antenna operation of the RFID reader 6 is controlled by the RFID radio wave controller 16, and the tag detection range 5 is reduced. As described above, the reduction of the tag detection range 5 is adjusted so that only one of the RFID tags 3 in front of the composite authentication apparatus main body 4 falls within the tag detection range 5. Is done.

  In a succeeding step S29, it is confirmed whether or not a predetermined temporary registration execution limit time has not yet timed out. In step S29, when it is confirmed that the temporary registration execution limit time has not yet timed out, the process proceeds to step S30, and the biometric information detection process by the biometric information reading unit 9 is performed. In subsequent step S31, it is confirmed whether or not biometric information can be detected. In step S31, if the biological information can be detected, the process proceeds to step S32.

  In step S32, the registered content of the second collation schedule list is read out. In subsequent step S33, it is confirmed whether or not the number of IDs registered in the second collation schedule list is one. In step S33, when it is confirmed that the number of IDs registered in the second collation schedule list is 1, the process proceeds to step S34. In step S34, a process of temporarily registering the biometric information detected in step S30 in the biometric registration information temporary storage unit 10a is performed.

  On the other hand, if biometric information cannot be detected in step S31, and if it is confirmed in step S33 that the number of IDs registered in the second collation schedule list is not 1, the process returns to step S29. The biometric information detection process is repeated until the provisional registration execution time limit times out.

  After step S34 and when it is confirmed in step S29 that the temporary registration execution limit time has timed out, the process proceeds to step S35. In step S <b> 35, the result of the above temporary registration process is notified via the administrator notification unit 15. In subsequent step S36, the antenna operation of the RFID reader 6 is controlled by the RFID radio wave controller 16, and the tag detection range 5 is restored to the normal state. Then, the temporary registration process ends, and the process returns to step S23 in FIG.

FIG. 13 is a flowchart showing the flow of the suspicious person verification process in step S22 of FIG.
First, in step S37, the biometric information stored in the biometric registration information temporary storage unit 10a as the suspicious person is read. In the subsequent step S38, the biometric information read by the biometric information reading unit 9 and the biometric information read from the biometric registration information temporary storage unit 10a as the suspicious person in the previous step S37 are collated to perform biometric authentication processing. .

  Then, in the subsequent step S39, it is confirmed whether or not the biometric information read by the biometric information reading unit 9 is authenticated in accordance with the biometric information of the suspicious person in the biometric registration information temporary storage unit 10a. In step S39, when the biometric information read by the biometric information reading unit 9 is authenticated by matching the biometric information of the suspicious person in the biometric registration information temporary storage unit 10a, the process proceeds to step S41, where it has already been registered. It is notified via the administrator notification unit 15 that a suspicious person is detected. And it returns to step S23 of FIG.

  On the other hand, if the biometric information read by the biometric information reading unit 9 does not match the biometric information of the suspicious person in the biometric registration information temporary storage unit 10a and is not authenticated in step S39, an unregistered suspicious person is detected. As a result, the process proceeds to step S40. In this step S40, the biometric information read by the biometric information reading unit 9 is registered in the biometric registration information temporary storage unit 10a as that of a new suspicious person. And it progresses to step S41, and after notifying via the management notification part 15 notifying that suspicious person registration was newly performed, it returns to step S23 of FIG.

  The composite authentication device configured as described above performs RFID authentication by reading the RFID tag 3 having unique ID information for identifying the tag holder and the ID information of the RFID tag 3 within the tag detection range 5. RFID authentication means (RFID reading unit 6, RFID registration information storage unit 7 and RFID authentication unit 8) to perform, and biometric authentication unit (biological information reading unit 9, biometric registration information storage unit 10) that performs biometric authentication by reading human biometric information. And a biometric authentication unit 11), a determination unit (determination unit 12) for determining whether or not the final authentication is successful based at least on the RFID authentication result of the RFID authentication unit and the biometric authentication result of the biometric authentication unit The determination means performs temporary registration of biometric information when a predetermined provisional registration execution condition including at least the biometric authentication result of the biometric authentication means is satisfied, Authentication means, temporarily registered after and performs biometric authentication using the biometric information of the temporary registration.

  For this reason, in the case where an individual refusal has occurred a plurality of times in a certain registrant, the registrant in which the refusal has occurred can be remedied and convenience can be improved while ensuring security.

  Further, when the biometric information is read by the biometric authentication means in a state where the RFID tag 3 is not detected within the tag detection range 5, the determination means uses the read biometric information as the suspicious person's biometric information. The biometric authentication unit registers the suspicious person when the biometric information is read by the biometric authentication unit in a state where the RFID tag 3 is not detected in the tag detection range 5 after the biometric information of the suspicious person is registered. By performing biometric authentication using the biometric information, it is possible to detect a suspicious person who is trying to successfully authenticate by receiving biometric authentication without possessing the RFID tag 3. It is possible to improve.

DESCRIPTION OF SYMBOLS 1 Room 2 Door 3 RFID tag 4 Composite authentication apparatus main body 5 Tag detection range 6 RFID reading part 7 RFID registration information storage part 8 RFID authentication part 9 Biometric information reading part 10 Biometric registration information storage part 10a Biometric registration information temporary storage part 11 Biometrics Authentication unit 12 Determination unit 13 Display unit 14 Traffic information storage unit 14a Traffic information temporary storage unit 15 Administrator notification unit 16 RFID radio wave control unit

Claims (10)

An RFID tag having unique ID information for identifying the owner of the tag;
RFID authentication means for reading the ID information of the RFID tag within a tag detection range and performing RFID authentication;
Biometric authentication means for reading biometric information of a person and performing biometric authentication;
Determination means for determining whether or not final authentication is successful based on at least the RFID authentication result of the RFID authentication means and the biometric authentication result of the biometric authentication means,
The determination unit performs temporary registration of biometric information when a predetermined temporary registration execution condition including at least the biometric authentication result of the biometric authentication unit is satisfied,
The biometric authentication unit performs biometric authentication using the biometric information of the temporary registration after the temporary registration.   The composite authentication apparatus according to claim 1, wherein the biometric information of temporary registration is valid for a predetermined temporary registration valid time from the time of temporary registration. When the biometric information is read by the biometric authentication means in a state where the RFID tag is not detected within the tag detection range, the determination means uses the read biometric information as the biometric information of the suspicious person. Register as information,
When the biometric information is read by the biometric authentication means in a state where the RFID tag is not detected within the tag detection range after the biometric information of the suspicious person is registered, The composite authentication apparatus according to claim 1, wherein biometric authentication is performed using biometric information of a suspicious person.   The composite authentication apparatus according to claim 3, wherein the biometric information of the suspicious person is valid for a predetermined suspicious person registration valid time from the time of registration.   2. The provisional registration execution condition is that biometric authentication fails for the same ID information within a predetermined temporary registration execution determination period by a predetermined number of temporary registration execution determination times or more. The composite authentication apparatus according to claim 4. A temporary storage means for temporarily storing records when the biometric authentication in the biometric authentication means fails, in a state where the records are arranged for each ID information;
6. The composite authentication apparatus according to claim 5, wherein the determination unit determines whether or not the provisional registration execution condition is satisfied based on information stored in the temporary storage unit. Comprising tag detection range control means for controlling the size of the tag detection range of the RFID authentication means,
When it is determined by the determination means that the provisional registration execution condition is satisfied, only one of the RFID tags possessed by the biometric authentication operator is detected by the tag detection range control means. The composite authentication apparatus according to claim 5, wherein the composite authentication apparatus is reduced so as to fall within a range. 8. The composite authentication according to claim 7, wherein the tag detection range is restored to a normal size when a predetermined provisional registration execution limit time elapses from when the tag detection range is reduced by the tag detection range control means. apparatus.   In a state where a plurality of RFID tags are detected within the tag detection range, when biometric authentication in the biometric authentication unit fails, the ID information of the operator who has failed in biometric authentication is used as the degree of match in biometric authentication. The composite authentication apparatus according to claim 5, wherein the composite authentication apparatus is determined based on:   An administrator notification means is provided for notifying the administrator of the composite authentication device of the fact that the provisional registration of the biometric information has been performed and the biometric information on which the provisional registration has been performed. The composite authentication apparatus according to any one of claims 1 to 9.

Images