JP2012161628A - Individual identification and health management system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an individual identification and health management system considering the relationship between individual identification and health management.SOLUTION: Biological information transmitted from a first section that acquires biological information for biometric identification is processed as health management information in a second section. A level sufficient for biometric identification and a level sufficient for health management information differ in the biological information. Condition information for acquiring biological information is acquired together. Health management information processing is performed as the one for an identified individual. A health management information processing section is invalidated when biometric identification cannot be performed by a biometric identification section.

Description

  The present invention relates to a personal authentication system, and more particularly to a personal authentication and health management system that obtains health management information together with personal authentication.

  In this field, various biometric authentication systems have been proposed for the prevention of spoofing during personal authentication and the simplicity of authentication. It has also been proposed to use biometric information acquired for authentication for health management.

  However, the association between personal authentication and health management and its utilization are not fully studied.

JP 2004-344375 A

  The problem to be solved by the present invention is to provide a personal authentication and health management system that takes into account the relationship between personal authentication and health management.

In order to solve the above-mentioned problem, the present invention obtains biometric information and uses a biometric authentication result based on the first portion, and biometric information transmitted from the first portion is processed as human body health management information. Provide personal authentication and health management system with part. This enhances the utility value of the biometric information acquired for personal authentication, and does not infringe the privacy of individuals when handling the biometric information as health management information.
According to a specific feature of the present invention, the transmitted biological information is processed as health management information by the second part, and is displayed as health management information, stored, collated, and displayed over time.
According to another specific feature of the present invention, the level of the acquired biometric information is sufficient for biometric authentication and the level sufficient for health management information. According to a more specific feature, it is used for biometric authentication regardless of whether biometric information is sufficient as health management information. According to a more specific feature, when the biometric information is used for biometric authentication when the health management information is insufficient, the fact is notified.
According to still another specific feature of the present invention, information for processing the transmitted biological information as health management information is received and held. This information can be received from outside such as medical institutions.
According to another feature of the present invention, there is provided a determination unit that determines whether or not to use the acquired biological information as health management information. This makes it possible to determine whether or not to transmit biometric information individually as health management information according to a contract with an individual.
According to another feature of the present invention, a condition information acquisition unit that acquires condition information for acquiring biological information is provided, and the value as health management information is increased by adding the condition information to the biological information.
This condition information is, for example, external conditions around the living body, and examples include weather conditions. In addition, the condition of the living body itself that does not have authentication information but affects the biometric information acquired for biometric authentication is an example of the condition information here. There are numbers.
According to another feature of the present invention, a biometric information acquisition unit is provided at each of a common entrance through which a plurality of persons enter and exit and an individual entrance at the back thereof, and biometric authentication is performed for each unlocking, and both A personal authentication and health management system that uses the biometric information obtained in step 1 as health management information is provided. This makes it possible to perform a cross check between biometric information and a causal relationship check of biometric information based on a difference in the exercise load of the same person through two entrances.
According to still another aspect of the present invention, personal authentication and health information processing are organically linked. For example, health management information processing is performed as an individual that has been personally authenticated. As another example, when the biometric authentication by the biometric authentication unit cannot be performed, the health management information processing unit is invalidated, and when the biometric authentication is completed, it is guaranteed that the health management information has been correctly acquired. As yet another example, the verification information necessary for personal authentication and the acquired health management information are recorded in association with each other.

  As described above, according to the present invention, it is possible to provide a personal authentication and health management system that takes into account the relationship between personal authentication and health management.

It is a drawing substitute photograph showing a block diagram of a biometric authentication and health management system. Example 1 It is a drawing substitute photograph showing a block diagram of a blood vessel sensor system. Example 1 It is the drawing substitute photograph which showed the block of the detailed structure of the unlocking authentication sensor. Example 1 It is the drawing substitute photograph which showed the basic flowchart of the in-room personal computer. Example 1 5 is a drawing substitute photograph showing a detailed flowchart of step S12 of FIG. Example 1 It is the drawing substitute photograph which showed the in-room personal computer flowchart when the authentication trigger was applied by the room door. Example 1 It is the drawing substitute photograph which showed the indoor personal computer flowchart when the authentication trigger was applied in the apartment entrance. Example 1 8 is a drawing-substituting photograph showing a detailed flowchart of step S47 of FIG. 6 or step S68 of FIG. Example 1 It is the drawing substitute photograph which showed the basic flowchart of the apartment management PC. Example 1 It is a drawing substitute photograph showing a condominium management PC flowchart when an authentication trigger is applied at the condominium entrance. Example 1 It is the drawing substitute photograph which showed the basic flowchart of the medical institution side computer. Example 1 It is the drawing substitute photograph which showed the transmission process flowchart of the medical institution side computer. Example 1 12 is a drawing substitute photograph showing a detailed flowchart of step S134 of FIG. Example 1 It is a drawing substitute photograph showing a block diagram of a biometric authentication and health management system. (Example 2) 5 is a drawing substitute photograph showing a detailed flowchart of step S11 of FIG. Example 1 FIG. 10 is a drawing substitute photograph showing a detailed flowchart of step S <b> 110 of FIG. 9. FIG. Example 1 It is the drawing substitute photograph which showed the indoor personal computer flowchart when the authentication trigger was applied in the apartment entrance. (Example 3) It is a drawing substitute photograph showing a condominium management PC flowchart when an authentication trigger is applied at the condominium entrance. (Example 3) 5 is a drawing substitute photograph showing a detailed flowchart of step S12 of FIG. Example 1 FIG. 9 is a drawing substitute photograph showing a detailed flowchart of step S <b> 84 in FIG. 8. FIG. Example 1 It is the drawing substitute photograph which showed the detailed schematic diagram of the entrance door. (Examples 1-4) It is the drawing substitute photograph which showed the data structure figure of personal authentication data and health management data. (Example 5)

INDUSTRIAL APPLICABILITY The present invention is suitable for implementing as a first part a common entrance lock control system in which a plurality of persons enter and exit, such as a condominium in which a large number of families are occupying and a building in which a large number of organizations are occupying. It is also suitable for implementing the bank's personal authentication system as the first part.
On the other hand, the second part is preferably implemented as each living room managed by a specific person entering and exiting a common entrance. It is also suitable to implement the second part as a mobile phone managed by an individual.

FIG. 1 is a block diagram of a biometric authentication / health management system according to a first embodiment of the present invention, illustrating an implementation in an apartment in which a plurality of families are occupying.
The apartment 1 has a plurality of households, but in FIG. 1, the A room 2 where the A family resides, the B room 3 where the B family resides, and the C room where the C family resides. Only 4 is shown, and other rooms are omitted. The system in the A room 2 is controlled by the A personal computer 5, and the configuration of the room will be described later. The B room 3 and the C room 4 have the same configuration as that of the A room 2, but the illustration is omitted except for the B personal computer 6 and the C personal computer 7 that control the system in each room. Are also omitted to avoid duplication.
In the system of the first embodiment, the living rooms 2, 3, and 4 are also linked to the apartment entrance lock control system 8 and the medical institution 9, and details thereof will be described later.
In the following description, the control means in the room is a personal computer such as the A personal computer 5. However, in implementing the present invention, a computer provided in the room exclusively for the system may be used instead of a general-purpose personal computer. It is possible to use various control means as long as they have other equivalent functions.

In the A room 2, the entrance door 10 is provided with a door lock 11. The door lock 11 is automatically locked every time the entrance door 10 is closed, and the A personal computer 5 controls whether the door can be unlocked from the outside. The control unit 12 of the A personal computer 5 receives information from the home unlocking authentication sensor 13 that performs biometric authentication of a person who desires to unlock the front door 10, and registers this in the authentication verification data holding unit 14 in advance. The verification verification data is verified. As a result of the verification, if it is authenticated that the person is qualified to enter the A room, an unlock signal is sent to the door lock 11.
The home unlocking authentication sensor 13 has a blood vessel sensor that optically detects blood vessel information of a human finger inserted at a predetermined position. Upon receiving the blood information obtained from the blood vessel sensor, the control unit 12 extracts a blood vessel pattern therefrom, and determines whether this is the same as the blood vessel pattern of someone in the family registered in the authentication verification data holding unit 14. . And if it is the same, it will authenticate that it is a member of the family with entry qualification, and will send an unlocking signal to the door lock 11.

  The information on the blood vessels of the finger detected by the home unlocking authentication sensor 13 includes not only the blood vessel pattern but also information on pulse waves that cause blood pulsation in the human finger. The control unit 12 obtains blood component information such as oxygen saturation and blood vessel youth information from the pulse wave signal. Since the blood component information and blood vessel youth information are personal health management data, the control unit 12 sends these information to the personal health database 15 for each individual who has been authenticated and stores them.

The control unit 12 further collates the health management data such as the blood component information and the blood vessel youth with the individual health collation data registered in the health collation data holding unit 16. The health verification data holding unit 16 registers not only the value itself as a health index, but also verification time-dependent change data regarding the change with time of the value. Accordingly, the control unit 12 collates the current health management data sent from the home unlocking authentication sensor 13 with the health collation data, and changes with time of the health index based on the data accumulated in the personal health database 15 Is compared with the temporal change data for verification registered in the health verification data holding unit 16, and verification is performed from the viewpoint of the speed of change with time of the value serving as the health index. The collation result of the health index value and the collation result of the health index over time are displayed on the television 17. With regard to this display, for example, when it is recognized that there is an abnormality as a result of the collation, a warning of “health abnormality” is automatically issued when the switch of the television 17 is turned on.
In addition, since the health check result is displayed even for the family members, there is privacy, so that the information may be individually sent to the mobile phone held by each family member. In this case, by looking at the display unit of his / her mobile phone, the health condition can be confirmed by himself / herself, for example, every time he / she enters the room. Implementation using a mobile phone will also be described in detail in Example 2 below.

As described above, the home unlocking authentication sensor 13 of the present invention has a dual function of biometric personal authentication and health management data acquisition for door lock unlocking. Therefore, normally, when both of these are successful, the A personal computer 5 sends an unlock signal to the door lock 11.
However, if you can authenticate yourself to unlock the door lock, you can achieve the immediate purpose of entering the room, so if you have succeeded in personal authentication but could not acquire enough information from the viewpoint of obtaining health management data Even so, the A personal computer 5 sends an unlock signal to the door lock 11. However, since the user expects that the health management data can be acquired at the same time when the door lock is unlocked, in this case, the entrance door 10 displays a warning message about the failure and the cause of the health management data acquisition. Do. The user who sees this warning can check by inserting a finger into the home unlocking approval sensor 13 again when he / she places importance on the acquisition of health care data. I understand only the cause of the problem and enter room A for the time being, and try to change the way I insert my fingers to eliminate the cause of failure from the next entry.

The home unlocking authentication sensor 13 may employ a sensor that obtains fundus information by photographing a human eye instead of a blood vessel sensor that optically detects blood vessel information. As for the fundus information, since the retina pattern is biometric authentication data and the fundus image has health information, the biometric authentication for unlocking the door and the health of the person are the same as described for finger blood vessel information above. Management can be performed simultaneously. In addition, since the voiceprint sensor can acquire biometric authentication data and health management information, the voiceprint sensor can be employed as the home unlocking authentication sensor 13. Furthermore, in the case of a voice print sensor, if a sensor for an exhalation component is also provided, the alcohol concentration can be checked, and the causal relationship between drinking and health can be checked.
The home unlocking authentication sensor 13 is not limited to those exemplified above, and various sensors capable of simultaneously obtaining biometric authentication and the health management data of the person can be employed. For example, not only a non-contact type but also a type that contacts the skin is possible, and not only a type that uses light and sound, but also a type that detects a reaction signal by flowing a weak current through a living body. is there. Moreover, not only can any one of the sensors be employed alone, but a plurality of sensors can be combined to increase the accuracy of biometric authentication and to obtain abundant health management data.

Furthermore, not only when combining sensors that can simultaneously obtain biometric authentication and the data of the person's health management, but also with both of these functions and only data for either biometric authentication or health management. Combination with a sensor that can obtain the above is also possible. For example, as a sensor for health management only, a sensor for detecting body temperature by image processing and another sensor having both functions may be combined. In addition, a fingerprint sensor that is a biometric authentication only sensor and another sensor having both functions may be combined.
The home unlocking authentication sensor 13 as a whole has only to have biometric authentication and health management functions. Therefore, a combination of a sensor having only a biometric authentication function and a sensor having only a health management data acquisition function can be used for home opening. It is also possible to use the lock authentication sensor 13. Furthermore, when it is configured so that the health management data is naturally acquired during the authentication operation, the authentication function is not limited to biometric authentication, but a conventional authentication means such as a personal identification number or an IC card is adopted. May be.

The A personal computer 5 further has a user authentication sensor 18 for authenticating whether or not there is an access right when using the personal computer. The user authentication sensor 18 also has a biometric authentication function. In addition to the finger blood vessel information acquisition function similar to that already described, the user authentication sensor 18 has a biometric authentication function that matches the circumstances specific to personal computer use, such as the blood vessel information of the palm with a mouse. ing. When the mouse has a biometric authentication function, the biometric authentication can be repeated not only at the time when the use of the personal computer is disclosed but also during the use, and health management data can be continuously acquired. In this way, biometric authentication data and health management data can be acquired at the same time during user authentication using a personal computer.
Handling of signals from the user authentication sensor 18, verification with authentication verification data registered in the authentication verification data holding unit 14, verification with health verification data registered in the health verification data holding unit 16, and personal health management data The accumulation in the health database 15 is the same as that described in relation to the home unlocking authentication sensor 13, and thus description thereof is omitted to avoid duplication. However, the user authentication sensor 18 is different only in that the control unit 12 permits the use of the A personal computer when authenticated as a user by verification with the authentication verification data in the authentication verification data holding unit 14.

In addition to the unlocking management function of the door lock 11 of the front door 10 and the user authentication function of the A personal computer 5, the A personal computer 5 is linked to the management personal computer 19 used in the entrance lock control system 8 of the apartment 1. Also have.
The condominium entrance lock control system 8 is provided with an entrance lock 20, which is automatically locked every time the condominium entrance is closed, and the management personal computer 19 controls the unlocking from the outside. The management A personal computer 19 receives information from the business-use unlocking authentication sensor 21 that performs biometric authentication for a person who wishes to unlock the condominium entrance, and uses this information for all the rooms participating in the condominium entrance lock control system 8. Send to your computer. In FIG. 1, information from the business unlocking authentication sensor 21 is sent to the A personal computer 5 in the A room 2, the B personal computer 6 in the B room 3, and the C personal computer 7 in the C room 4. If the lock control system 8 is subscribed, the same information is sent to the personal computers in those rooms. The business unlocking authentication sensor 21 has a function common to that of the home unlocking authentication sensor 13, but has a high specification with a higher level sensing function.

In the above configuration, for example, the information from the business unlocking authentication sensor 21 sent to the A personal computer 5 in the A room 2 is the authentication verification data previously registered in the authentication verification data holding unit 14 by the control unit 12. Matched. As a result of the verification, if it is verified that the person is qualified to enter the apartment, the management personal computer 19 is notified of the result, and the management personal computer 19 sends an unlocking signal to the entrance lock 20 in response to this notification. . On the other hand, if it does not match the authentication verification data, the management personal computer 19 is notified of the mismatch. In this case, the management personal computer 19 does not send an unlock signal to the entrance lock 20 at least according to an instruction from the A room 2.
The same is performed between the personal computers in all the rooms participating in the condominium entrance lock control system 8 such as the B room 3 and the C room 4 and the management personal computer 19. Then, the management personal computer 19 sends an unlock signal to the entrance lock 20 when an authentication result indicating that the person is qualified to enter the condominium is notified from the personal computer in any room. On the other hand, if there is a notification that all the rooms do not match the authentication verification data, the management personal computer 19 does not send an unlock signal to the entrance lock 20. Then, an entry refusal is displayed at the entrance of the apartment.

Even if there is no notification from any of the rooms to the management PC, the management PC 19 does not send an unlock signal to the entrance lock 20 if there is a notification that all the other rooms do not match the authentication verification data. . In this case as well, the entry refusal is displayed at the apartment entrance. If the person who sees this indication is a resident who is qualified to enter the condominium, it can be determined that some system failure has occurred in his / her room, so the entrance can be done by means such as entering a separate PIN or inserting an IC card. The lock 20 can be unlocked and a temporary entry can be made. You can also take steps to restore the system.
In addition, in the display of entry refusal, no information on whether there is a notification of authentication verification data mismatch from all the rooms or whether there is a system failure is not disclosed at all. Also, the management personal computer 19 itself is designed so that it does not know which room the notification of the authentication verification result belongs to.

  As described above, the management personal computer 19 of the condominium entrance lock control system 8 does not have a function of recording or collating authentication verification data of residents in each room, and merely notifies the verification result from each room. Due to such considerations, authentication verification data for biometric authentication related to privacy such as blood vessel patterns and fundus patterns is kept in each room. In addition, since the management personal computer 19 itself does not have a collation function and it is not known from which room the collation result came from, the data acquired by the business unlocking sensor 21 does not know who belongs, and privacy is protected. The

  The business unlocking authentication sensor 21 can acquire not only authentication information but also health management information, like the home unlocking authentication sensor 13. Therefore, the health management similar to that described for the home unlocking sensor 13 can be performed by the business unlocking authentication sensor 21. Regarding the handling of signals from the business unlocking authentication sensor 21, collation with health collation data registered in the health collation data holding unit 16, and accumulation of health management data in the personal health database 15, home unlocking authentication Since it is the same as that of the sensor 13, further description is abbreviate | omitted.

  As described above, the commercial unlocking authentication sensor 21 is a high-spec one having a function common to the household unlocking authentication sensor 13 and a higher-level sensing function. The collation data held in the authentication collation data holding unit 14 and the health collation data holding unit 16 and the personal health database 15 handling these pieces of information also correspond to the advanced sensing function of such a commercial unlocking authentication sensor 21. It has become a thing.

Moreover, about the function common between the business use unlocking authentication sensor 21 and the home use unlocking authentication sensor 13, a double check is performed about the same health index. That is, for a resident heading to the A room, the health index is first obtained by the business unlocking authentication sensor 21 at the entrance of the apartment, and then the same is used by the home unlocking authentication sensor 13 at the entrance door 10 of the A room 2. Health index can be acquired. Thereby, the detection accuracy of the same health index can be improved.
Furthermore, the causal relationship in the same health index can be checked between the detection result at the apartment entrance and the detection result at the front door. Specifically, after acquiring the health management data in a calm state at the entrance of the apartment, if you go up the stairs and reach the entrance door of the A room 2, the same health management data will be displayed under the exercise load. Since they can be acquired, the causal relationship between the calm state and the exercise load state can be checked by comparing the two. The difference in exercise load can be grasped by the detected pulse rate or the like.
Conversely, if you climb the hill and return to the condominium, you will get the management data at the condominium entrance with the exercise load applied, and then return to the A room 2 after returning to a calm state in the elevator. Can obtain the same health management data after recovering from exercise load at the front door.
In this way, combining the health management data acquired at the entrance of the apartment with the health management data acquired at the entrance door, using each person's life patterns and the living conditions of the apartment and the room, etc. A wealth of health management data can be acquired.

  Furthermore, since the health condition may depend on the season and weather conditions such as temperature, humidity, and wind speed, the home unlocking authentication sensor 13 and the commercial unlocking authentication sensor 21 obtain health management data. In addition to providing a function to record the date and time data of the time, sensors for seasons and weather conditions are provided. By combining with these functions, more abundant health management data can be acquired. In particular, since the commercial unlocking authentication sensor 21 faces the outdoors, more abundant information can be acquired. Moreover, since the conditions such as temperature and humidity are different between the entrance of the apartment and the entrance door of each living room, the same health management data can be compared with respect to these condition changes.

As described above, the cooperation between the A room 2 and the condominium entrance lock control system 8 is similarly performed between the B room 3 and the C room 4 and the condominium entrance lock control system 8. For this reason, the system of each living room is operated by the standard which can mutually cooperate in the apartment at least. Therefore, a system check is performed when entering a condominium, and the system of each room is upgraded in conjunction with the upgrade of the condominium entrance lock control system.
In addition, when moving, apart from unlocking authentication, it is desirable to continue to use the personal health database and health verification data even at the new location. Therefore, at least the health management system is operated according to a general standard that can be used even if the residence such as an apartment changes.

  Next, cooperation with a medical institution will be described by taking A room 2 as an example. The A personal computer 5 exchanges information with the large computer 22 of the medical institution 9 via the Internet. In order to maintain security, the information to be exchanged is encrypted, and the patient authentication is fully implemented by a biometric authentication system using the user authentication sensor 18 of the A personal computer 5.

The health verification data of the health verification data holding unit 16 is registered by the health verification data registration unit 23 of the medical institution 9. This is because a patient who visits the medical institution 9 can automatically register his / her own health management data based on an instruction from the health verification software 24 using an automated device. Moreover, even if the numerical values are the same, the judgment of the health level differs depending on the individual. Therefore, the health check data is registered after the doctor 25 has actually examined as necessary. At that time, information for distinguishing whether the health management data is automatically registered or the health collation data registered after the judgment of the doctor is entered, and is reflected when collating later.
The registered patient health check data is transmitted to the A personal computer 5 at the patient's home under the control of the control unit 26 and stored in the health check data holding unit 16. In addition, in the health verification software for handling the health verification data, a necessary part of the A personal computer 5 is also transmitted and installed in the control unit 12.

The raw data obtained from the home unlocking authentication sensor 13, the business unlocking authentication sensor 21 and the user authentication sensor 18, and the data stored in the personal health database 15 are stored in real time on the large computer 22 of the medical institution 9. It is transmitted and accumulated in the general health database 27.
The collation result with the health collation data holding unit 16 is also transmitted to the large computer 22 of the medical institution 9 as an auxiliary. This is because collation with the health collation data can be performed by the health collation software 24 of the medical institution, but it is more efficient to receive notification of the result of collation already performed in the A personal computer 5. Of course, collation of advanced health management data that cannot be handled by the A personal computer 5 is handled for the first time by the health collation software 24 of the large computer 22. The result is also accumulated in the general health database 27.

  The data of each patient stored in the general health database 27 is output to the diagnosis input / output unit 28 at hand of the doctor 25 in order to obtain a diagnosis of the doctor 25 periodically. The diagnosis result of the doctor 25 is input to the diagnosis input / output unit 28 and stored in the general health database 27.

The collation results of the health collation software 24 accumulated in the general health database 27 and the diagnosis results by the doctor 25 are periodically sent to the A personal computer 5, and the patient views the diagnosis results on the display unit of the home A personal computer 5 or the television 17. be able to.
In addition, whenever an abnormality requiring urgency is recognized based on the result of collation by the health collation software 24 or the result of diagnosis by the doctor 25, the large computer 22 notifies the A personal computer 5 accordingly.

  The above cooperation between the medical institution 9 and the A room 2 is common to the B room 3 and the C room 4. In order to maintain such a system, each living room is operated according to a standard that allows mutual cooperation with the medical institution 9 as well as the condominium entrance lock control system.

  Since the health management data of a large number of patients is accumulated in the general health database 27 of the medical institution 9, based on the statistical processing, the position of the health management data of a specific patient in terms of the average value and distribution is determined. Reference information can be provided. In addition, from the viewpoint of statistical processing, it is possible to more objectively diagnose whether the health management data of a specific patient is in a normal range or an abnormal range. The medical institution 9 also distributes such service information to the A personal computer 5. In the statistical processing, every measure is taken for the privacy information protection of each patient.

The health verification software 24 of the medical institution is deeply related to the health management data acquisition function of the home unlocking authentication sensor 13, the business unlocking authentication sensor 21, and the user authentication sensor 18. Therefore, whenever these sensors are changed or a sensor with a new function is introduced, it is necessary to maintain the function so that the health verification software 24 of the medical institution 9 can deal with these sensors. For this reason, the large computer 22 of the medical institution 9 and the A personal computer, B personal computer, C personal computer, etc. of each living room, and the large computer 22 of the medical institution 9 and the management personal computer 19 of the condominium entrance lock control system are always linked in software update. Keep.
Conversely, the home unlocking authentication sensor 13, the business unlocking authentication sensor 21, and the user authentication sensor 18 may be changed to ones with higher performance and higher functionality by a proposal from the medical institution 9 side. Is called. In that case, the medical institution 9 provides each sensor and driver software for the sensor for a fee. In addition, if a maintenance contract is made with the medical institution 9, it is possible to receive a free offer each time the sensor and its driver software are improved.

  Each patient may change medical facilities depending on circumstances such as his / her intention or moving. In that case, the patient desires to continue to use his / her health management database stored in the general health database 27 at the new medical institution. Therefore, the system that handles the comprehensive health database 27 is operated according to a general standard that can be used continuously even if the medical institution 9 changes.

  FIG. 2 is a system block diagram showing a blood vessel sensor system used in the home unlocking authentication sensor 13, the business unlocking authentication sensor 21, and the user authentication sensor 18 for biometric authentication and health management data acquisition. 2, description will be made based on the case of the home unlocking authentication sensor 13, and the same reference numerals are given to the blocks common to FIG.

In FIG. 2, a blood vessel sensor 31 is provided in the household unlocking authentication sensor 13 and is in a portion where a person's finger for biometric authentication is inserted. It has a light source and a light receiving part. The output of the blood vessel sensor 31 is sent to the A personal computer 5 and processed by the image processing unit 32 in the control unit 12. Hereinafter, functions in the control unit 12 are actually executed by software. In FIG. 2, functions executed by such software are described as blocks such as “image processing unit 32”. .
Needless to say, the functions of the control unit 12 can be executed by hardware, or can be executed by a combination of hardware and software.

The blood vessel pattern extraction unit 33 extracts a blood vessel pattern based on the image processed by the image processing unit 32. The extracted blood vessel pattern is collated with the registered pattern 35 held in the authentication collation data holding unit 14 by the collation / identity determination unit 34 of the control unit 12, and whether or not the person who has requested authentication is the same is whether or not both are the same. judge. When it is determined that the user is the person, the control unit 12 sends an unlocking signal to the door lock 11.
The personal identification information by the collation / person identification unit 34 is also sent to the personal health database 15 and used for managing who belongs to the health management data described later.

  On the other hand, the pulse wave detection unit 36 of the control unit 12 detects the pulse wave of arterial blood based on the image processed by the image processing unit 32. The detected pulse wave is analyzed by the waveform analysis unit 37 of the control unit 12 and compared with the reference waveform 39 held in the authentication verification data holding unit 14 by the first health determination unit 38. The blood vessel youth information based on the comparison result is stored in the personal health database 15 together with the personal identification information from the verification / identity determination unit 34. As described above, this determination result is also displayed on the television 17.

  Further, the pulse wave detected by the pulse wave detection unit 36 is analyzed by the component analysis unit 40 of the control unit 12 to detect arterial blood components such as oxygen saturation. The detected arterial blood component is compared with the reference component 42 held in the authentication verification data holding unit 14 by the second health determination unit 41. Then, blood component information based on the comparison result is accumulated in the personal health database 15 together with the personal identification information from the collation / identity determination unit 34. The determination result of the second health determination unit 41 is also displayed on the television 17.

  The determination result of the first health determination unit 38 and the determination result of the second health determination unit 41 accumulated in the personal health database 15 are transmitted to the medical institution 9 by the control unit 12. As described above, the determination result of the first health determination unit 38 and the determination result itself of the second health determination unit 41 are also transmitted to the medical institution 9 in real time.

  Note that the pulse wave signal from the pulse wave detection unit 36 is also input to the verification / identity determination unit 34 as an auxiliary. Then, even if the blood vessel pattern extracted by the blood vessel pattern extraction unit 33 matches the registered pattern 35 held in the authentication verification data holding unit 14, the verification / identity determination unit 34 detects the pulse wave signal from the pulse wave detection unit 36. If there is no input, the identity is not determined, and the control unit 12 does not send an unlock signal to the door lock 11. This is to prevent the door lock from being unlocked by a blood vessel pattern forged with a substance having no biological reaction.

FIG. 3 is a block diagram showing a detailed configuration of the unlocking authentication sensor. 3 will be described based on the case of the business unlocking authentication sensor 21, and the same reference numerals are given to the same blocks as in FIG. 1, and the description will be omitted if unnecessary.
In the business unlocking authentication sensor 21, the constituent parts are unitized so as to be replaceable, and the sensor unit 51 is unitized so that the replacement in case of failure is possible. In addition, the external shape and electrical connection are standardized so as to be compatible with replacement when upgrading. In addition, the portion where the finger of the person who seeks authentication is inserted is configured as a protection unit 52 such as a transparent cover for protecting the sensor unit 51 from dirt from the outside. It is a replaceable unit. The sensor unit 51 and the protection unit 52 can be independently replaced.

The control unit 53 of the management personal computer 19 is connected to the sensor unit 51 and controls the function of the sensor unit 51 and receives the detected signal. Also, it is checked whether the sensor unit 51 is functioning normally. .
The control unit 53 of the management personal computer 19 is further connected to the protection unit 52 and checks whether the protection unit 52 is dirty or damaged. As a result, it is possible to cope with performance deterioration in an environment exposed to the outdoors and to quickly deal with damage caused by mischief.
The protection unit 52 may be checked for dirt or damage by directly connecting the protection unit 52 and the control unit 53 as described above. Instead, the output from the sensor unit 51 is output by the control unit 53. Analysis may be performed to indirectly estimate the contamination or damage of the protection unit from the state of the output decrease.
The control unit of the management personal computer also performs initial operation confirmation when the sensor unit 51 or the protection unit 52 is replaced. Specifically, in order to compensate for variations in performance and operation of the sensor unit 51 and the protection unit 52, a predetermined initial operation is performed for confirmation and adjustment of output calibration or the like is performed according to the result.

  As described above, the entrance refusal display unit 54, when there is a notification that the authentication verification data does not match from all the rooms, or when there is no notification from any room due to a system failure, Display. The auxiliary authentication unit 55 is configured as a personal identification number input unit, an IC card insertion unit, or the like, and copes with a case where a resident of an apartment with an entry qualification cannot enter the apartment due to a system failure.

The health data acquisition failure display unit 56 displays a warning about the cause and the cause when the personal authentication is successful but sufficient information cannot be acquired from the viewpoint of acquiring the health management data. As described above, this display allows the user who expects to obtain the health management data to notice the failure.
Thus, the health data acquisition failure display unit 6 serves as a notification unit that notifies the user when the biological information is insufficient as health management information. As a notification means, a warning sound or the like can be employed in addition to visual display.

The condominium entrance lock control system 8 acquires biometric information including health management information by the business unlocking authentication sensor 21, but its use is performed exclusively on the A room 2 side. Therefore, the health data acquisition failure display unit 6 determines whether or not the display should be performed on the A personal computer side of the A room 2, and notifies only the result to the apartment entrance lock control system 8 and fails to acquire the health data. This is displayed on the display unit 56.
However, it is also possible for the apartment entrance lock control system 8 to determine whether the biometric information acquired by the business unlocking authentication sensor 21 is sufficient as health management information based on the output level. Therefore, it may be configured to control whether or not to display the health data acquisition failure display unit 56 based on the management personal computer 19's own judgment. It should be noted that the display of the health data acquisition failure display unit 56 may be controlled using the management PC 19's own judgment and the instruction from the A PC 5 together.

  The external condition sensor 57 further detects weather conditions such as temperature, humidity, and wind speed. The control unit 53 associates the output of the external condition sensor with information from the sensor unit, and the date and time when the health management data is acquired. Along with the data, it is sent to A PC 5.

  The human sensor 58 detects when a person stands in a predetermined area of the apartment entrance and triggers the operation of the authentication sensor.

  The configuration of the sensor unit 51 and the protection unit 52 in the commercial unlocking authentication sensor 21 of FIG. 3 is similar to the entrance rejection display unit 54, auxiliary authentication unit 55, health data acquisition failure display unit 56, external condition sensor 57, and human sensor 58 in FIG. Is also provided.

FIG. 4 is a basic flowchart showing the function of the control unit 12 in the A personal computer in the A room 2. This basic flowchart is repeatedly executed as appropriate under the control of the OS of the A personal computer.
When the function of the basic flowchart starts, it is checked in step S1 whether the business unlocking authentication sensor 21 has been changed. If there is a change, new software is provided from the management personal computer 19 in step S2, the software of the A personal computer 5 is automatically rewritten so that the information of the business unlocking authentication sensor 21 can be processed, and the process proceeds to step S3. If there is no change in the commercial unlocking authentication sensor 21, the process directly proceeds to step S3.

  In step S3, it is checked whether the processing software of the management personal computer 19 has been upgraded. If there is a version upgrade, new software related to the version upgrade is provided from the management personal computer 19 in step S4, the software of the A personal computer 5 is automatically rewritten, and the process proceeds to step S5. If there is no version upgrade, the process proceeds directly to step S5.

  In step S5, it is checked whether there is any new health verification data registered in the health verification data registration unit 23 of the medical institution 9. If there is new health check data, the data is automatically input to the health check data holding unit 16 in step S6, and the process proceeds to step S7. If there is no newly registered health verification data, the process proceeds directly to step S7.

In step S7, it is checked whether the health verification software 24 of the medical institution 9 has been upgraded. If there is a version upgrade, new software related to the version upgrade is provided from the large computer 22 of the medical institution 9 in step S8, the software of the A personal computer 5 is automatically rewritten, and the process proceeds to step S9. If there is no version upgrade, the process proceeds directly to step S9.
In step S7, specifically, the latest health verification software 24 of the medical institution 9 is compared with the software of the A personal computer 5, and if both are different, it is determined that the health verification software has been upgraded. In this way, whether or not there is a version upgrade is not a problem of when the version has been upgraded on the medical institution 9 side, but depends on what software is currently on the A personal computer 5 side. Accordingly, if the A room 2 newly joins the home health management system and no health check software is installed on the A personal computer, it is determined that the version has been upgraded. The latest health verification software of the medical institution 9 is provided to the A personal computer 5 and automatically installed.

  A step S9 checks whether or not the household unlocking authentication sensor 13 has been changed. If there is a change, processing for installing driver software for the home unlocking authentication sensor is performed in step S10, and the process proceeds to step S11. If there is no change in the household unlocking authentication sensor 13, the process proceeds directly to step S11.

  In step S11, a process of newly registering the unlocking verification verification data in the verification verification data holding unit 14 of the A personal computer 5 is performed. This process is performed when a family moves into a condominium, when the number of families requiring new registration increases, or when the business unlocking authentication sensor 21 or the home unlocking authentication sensor 13 is changed and a new function is added. This occurs when When registering authentication verification data anew, the procedure differs between when registering for the home unlocking authentication sensor 13 and when registering for the business unlocking authentication sensor 21. It will be described later.

  Next, a sensor check process is performed in step S12. Step S12 is for checking whether the sensor operates normally in the initial state when the unlocking authentication sensor is changed in Step S1 or Step S9, and always checking whether the sensor has a failure or deterioration. It is necessary. Details thereof will be described later.

In step S13 following step 12, system start processing is performed, details of which will be described later. When the process of step S13 ends, the process proceeds to step S14, and the authentication trigger is set to a standby state. In the authentication trigger standby state, specifically, when a person stands in front of the entrance door, this is automatically detected and the A personal computer 5 is made to wait so that the trigger is activated and the authentication function can be started. In the authentication trigger standby state, when the management personal computer 19 recognizes this when a person stands at the apartment entrance and notifies the A personal computer 5 to that effect, the A personal computer 5 is set so that the trigger is triggered and the authentication function is started. Wait.
When a trigger is activated in the authentication trigger standby state, the A personal computer 5 identifies whether authentication by the home unlocking sensor 13 is requested or a notification is received from the management personal computer 19 and separately performs an authentication flow. to go into. Although details will be described later, if the A personal computer 5 is in use when such a trigger is applied, a display indicating that the trigger has been applied is displayed on the display of the A personal computer 5.

FIG. 5 shows the details of the system start process of step S12 in the function of the control unit 12 in the A personal computer of the A room 2 of FIG. 4 When the system start process starts, some unlocking is performed on the authentication verification data holding unit 14 in step S21. Check whether authentication verification data is registered. If unlocking verification collation data is registered, in step S22, the entrance door unlocking state is entered for each individual corresponding to the unlocking authentication collation data.

  Next, it progresses to step S23 and it is checked whether A room 2 has joined the apartment entrance lock control system 8. FIG. If it is already subscribed, the process proceeds to step S25 as a waiting state for unlocking the apartment entrance for each individual corresponding to the authentication verification data registered in the verification authentication data holding unit 14 in step S24. If the A room 2 has not yet joined the apartment entrance lock control system 8 in step S23, the process directly proceeds to step S25. In this case, unlocking by biometric authentication is only the entrance door 10 of the A room 2, and there is no qualification for unlocking the apartment entrance by biometric authentication.

In step S25, it is checked whether or not the A room 2 has joined the home health management system managed by the medical institution 9. If subscribed, in step S26, a function for first storing the health management data of the health management data in the individual health database 15 for each individual corresponding to the authentication verification data registered in the verification authentication data holding unit 14 is in a standby state. And
Next, in step S27, the function of displaying the change over time of the sensor output accumulated in the individual-specific health management data holding unit 15 on the television is also set in a standby state. This is because the functions up to here are possible even without the health verification data.

Next, in step S28, it is checked whether the health verification data registered in the health verification data registration unit 23 of the medical institution 9 is held in the health verification data holding unit 16. If there is the health verification data, the process proceeds to step S29, and the sensor output and the health stored in the individual health management data holding unit 15 for each individual corresponding to the authentication verification data registered in the verification authentication data holding unit 14 and the health. The function for collating with the collation data is set to the standby state.
Next, in step S30, the function of displaying the collation result on the television is also set in a standby state, and the process proceeds to step S31.

If no unlocking authentication verification data is registered in the authentication verification data holding unit 14 in step S21, the subsequent functions of the unlocking system cannot be performed, and the process jumps directly to step S31.
If the A room 2 has not joined the home health management system in step S25, the subsequent health management function cannot be executed, and the process jumps directly to step S31.
Furthermore, if the health verification data registered in the health verification data registration unit 23 of the medical institution 9 is not held in the health verification data holding unit 16 in step S28, the subsequent verification function cannot be executed. Jump to step S31.

  From step S31, the personal computer user authentication function is entered. In step S31, it is checked whether or not verification data for personal computer user authentication is registered in the authentication verification data holding unit 14. If the personal computer user verification data is registered, in step S32, access authentication to the personal computer is put on standby for each individual corresponding to the personal computer user verification data, and the process proceeds to step S33. On the other hand, if verification data for personal computer user authentication is not registered in the authentication verification data holding unit 14 in step S31, the system start function is immediately terminated because the subsequent functions are unnecessary, and the process proceeds to step S14 in FIG. To do.

  In step S33, it is checked whether the user authentication function of the A personal computer 5 is subscribed to the home health management system managed by the medical institution 9. If it has been subscribed, in step S34, the health management data is stored in the personal health database 15 and registered in the verification authentication data holding unit 14 for each individual corresponding to the verification verification data registered in the verification authentication data holding unit 14. The health management function such as verification with the verified verification data is put into a standby state, and the system start function is terminated. On the other hand, if the user authentication function of the A personal computer 5 has not joined the home health management system in step S33, the system start function is immediately terminated.

  In FIG. 5, accumulation of health management data and waiting for collation are collectively described as step S34. However, in detail, also in step S34, first, the health management data storage function and the temporal change display function are set to the standby state as in step S26, and then the health verification data storage unit 16 stores the health verification data as in step S28. Check the presence / absence and set the verification function to the standby state.

FIG. 6 is a flowchart showing the function of the control unit 12 in the A personal computer in the A room 2 when a person stands in front of the entrance door and an authentication trigger is activated.
When this trigger is applied, in step S41, first, it is checked whether or not a predetermined time has elapsed since a person stood in front of the entrance door. If the predetermined time has not elapsed, the process proceeds to step S42, and it is checked whether or not a finger has been inserted into the household unlocking authentication sensor 13. If there is no insertion of the finger, the process returns to step S41, and the insertion of the finger is awaited until a predetermined time elapses.

If a finger is inserted in step S42, the process proceeds to step S43, and it is checked whether it matches any of the unlocking authentication collation data held in the authentication collation data holding unit 14. If there is a match, the process proceeds to step S44, and it is checked whether or not the home unlocking authentication sensor 13 has successfully acquired the health management data. The case of not succeeding is a case where the information obtained by the home unlocking authentication sensor 13 is sufficient for unlocking verification but insufficient for health management data. Thus, there is a difference between the level obtained for the unlocking authentication sensor 13 for home use and the level sufficient for the unlocking verification and the level sufficient for the health management data. The latter requires higher accuracy and takes more time to acquire information. Therefore, if the insertion time of the finger is short, even if it is determined in step S43 that the unlocking authentication verification data match, the home unlocking authentication sensor 13 has failed to obtain the health management data, even in step S44. A determination may be made.
If it is confirmed in step S44 that the health management data has been successfully acquired, the process proceeds to step S45, where the acquired data is stored in the personal health database 15. The data stored in the personal health database 15 is transmitted to the large computer 22 in real time at the stage of step S45 in accordance with a contract with the medical institution 9, and is also stored in the general health database 27. As a result, the contents of the personal health database are backed up, and it is possible to cope with moving and the like.

  Next, in step S46, it is checked whether or not there is collation data in the health collation data holding unit 16, and if there is data, the process proceeds to step S47 to perform collation processing with the acquired data. In step S48, it is checked whether there is an abnormality in the health management data as a result of the collation. If there is an abnormality, the process proceeds to step S49. When the television 17 is switched on, it is prepared to automatically issue a “health abnormality” warning, and the process proceeds to step S50. If there is no abnormality in step S48, the process proceeds directly to step S50. In displaying the “health abnormality”, since it is already known in step S43 who the data is, “who is the health abnormality” can be displayed.

In the display on the television, in addition to the above configuration, if there is new data that should be alerted in step S48 even if it is not abnormal, it can be configured to display it in step S49.
Also, in step S49, instead of preparing to automatically issue a “health abnormality” warning when the television 17 is turned on, the switch of the television 17 is forcibly turned on immediately in case of high urgency. You may comprise so that a display may be started.
Further, it is possible to configure whether or not the display in step S49 is performed for each individual of the A room 2 in advance as desired.

In step S50, the collation result in step S47 is stored in the personal health database. The collation result data stored in the personal health database 15 is also transmitted to the large computer 22 in real time at the stage of step S50 according to a contract with the medical institution 9, and is also stored in the general health database 27. Information indicating that an abnormality has been detected in step S48 is also transmitted to the large computer 22 and stored in the general health database 27 at the same time.
Through the above processing, the process reaches step S51 to instruct the door lock 11 to unlock. The door lock 11 performs unlocking according to the instruction. After unlocking the door lock 11, it is checked again in step S52 whether a predetermined time has elapsed since a person stood in front of the entrance door. If the predetermined time has elapsed, the entrance door unlocking process is terminated. The meaning of step S52 will be described later.
If there is no collation data in the health collation data holding unit 16 in step S46, the collation-related processing is unnecessary, and therefore the process directly goes to step S51 to instruct the door lock 11 to unlock.

On the other hand, if acquisition of health management data fails in step S44, a message indicating that data acquisition has failed is displayed in step S53, and the reason is displayed in step S54, and the process proceeds to step S51. Thus, even when the acquisition of the health management data fails, the door lock unlocking instruction itself is given.
A user who sees the data acquisition failure display and the reason for entering the room through the front door should insert the finger into the home unlocking approval sensor 13 again and check if the acquisition of health management data is important. Want. Step S52 is provided for this purpose. When a predetermined time has not elapsed since the person stood in front of the door, the process returns from step S41 to step S42, and it is possible to start again from the insertion of the finger. If the predetermined time has passed, the unlocking process is terminated. However, if you want to redo the acquisition of health management data, you must leave the entrance door, approach the entrance door again, and re-apply the trigger shown in FIG. That's fine.
If the user who has seen the data acquisition failure display in step S53 is in a hurry, he or she may enter the A room 5 as it is. In this case, it is only necessary to understand the reason for failure displayed in step S54 and to insert the finger with care to remove the reason for failure from the next entry.

In step S41, when a predetermined time has passed without inserting a finger after a person stands in front of the door, the process proceeds to step S55, and a room entry rejection display is performed. Next, after displaying the reason for refusal that the finger is not inserted in step S56, the process proceeds to step S57.
In step S57, auxiliary authentication for inputting a personal identification number or inserting an IC card is made possible. If the auxiliary authentication is successful, the process proceeds to step S51 to instruct door unlocking. However, when step S51 is reached via step S57, the signal can be distinguished from the case via step S50 or step S54. Step S57 is merely an auxiliary means, and is dangerous from the viewpoint of security. Therefore, the unlocking record is left on the basis of the distinguishable signal and a warning is given if necessary.
If the auxiliary authentication is not performed or if the auxiliary authentication fails, the unlocking process is terminated through step S52, so that the door lock is not unlocked.

In step S43, when the unlocking verification collation data does not match or the finger is inserted but the data necessary for the collation is not acquired, the process proceeds to step S55 and the room entry rejection display is performed. Next, in step S56, a reason display indicating that the unlocking verification collation data does not match or a reason why data necessary for collation is not acquired is displayed.
Thereafter, the process proceeds to step S57, where auxiliary authentication for inputting a personal identification number, insertion of an IC card, etc. is enabled. If the auxiliary authentication is successful, the process proceeds to step S51 to instruct unlocking of the door lock. When the auxiliary authentication is not performed or when the auxiliary authentication fails, the process proceeds to step S52.
In this case, if the predetermined time has not elapsed in step S52, the process returns to step S42 through step S41. If the finger is improperly inserted, the step is displayed if the finger is reinserted with reference to the reason display in step S56. It is also possible to proceed from step S43 to step S44.

Here, a supplementary explanation will be given of the significance that step S43 is provided before step S44 and is configured so that the health management data acquisition flow cannot be entered unless the unlocking verification collation data matches. The first reason is that when the unlocking verification verification data do not match, it is a meaningless person who obtains health management data.
However, more importantly, health management data is not acquired when there is no match with the unlocking verification verification data for an individual who should have matched the unlocking verification verification data with correct finger insertion. Is a point. In other words, the match with the unlocking verification verification data has the meaning of guaranteeing that the finger has been inserted correctly. It is significant to prevent inaccurate health management data from being acquired.
In other words, when it is possible to perform biometric authentication and perform health management information processing based on the acquired biometric information, if the biometric authentication cannot be performed, the health management information processing unit is invalidated. Ensures reliability.

FIG. 7 is a flowchart showing the function of the control unit 12 when the management personal computer 19 detects that a person has stood in front of the apartment entrance and an authentication trigger is applied to the A personal computer 5 that has received this notification. Since the operation is almost the same as that in FIG. 6, most of the explanation is omitted and only the different part is commented.
In step S42 of FIG. 6, the finger insertion is checked, but in the case of FIG. 7, the management personal computer 19 performs this check. Accordingly, in step S62 of FIG. 7, it is checked whether or not finger data has been received from the business unlocking authentication sensor 21 of the management personal computer 19.

  Step S64 is added in FIG. 7. If the unlocking authentication data matches in step S63, it means that the resident of the A room 2 has returned to the entrance of the apartment, and this is notified to the A room 2. To generate a signal for As a method of using this return notification signal, for example, the husband's return home is notified in advance to the wife in the A-room 2. In the case of being alone, the air conditioner in the A room 2 and the lighting are switched on by a return home notification signal.

In FIG. 7, there are steps related to the display similar to those performed in steps S53, S54, S55, and S56 of FIG. 6, but in the case of FIG. 7, the management personal computer 19 executes these displays. Therefore, the A personal computer 5 only transmits information for display by the management personal computer 19 in step S74, step S75, step S76, and step S77.
In FIG. 6, after the entry refusal reason display in step S56, step S57 for unlocking the door lock by matching the auxiliary authentication is placed. On the other hand, in the condominium entrance lock control system, the unlocking control based on the auxiliary authentication coincidence is performed exclusively by the management personal computer 19. Therefore, in FIG. Transition.

Further, the unlocking process similar to step S51 of FIG. 6 is also performed in FIG. 7, but in the case of FIG. 7, since the management personal computer 19 issues the unlocking instruction, the A personal computer 5 in step S72 The transmission process of the entrance lock unlocking signal to 19 is performed.
The signal transmitted in step S72 is a very important signal for security that is directly linked to the apartment entrance door lock unlocking instruction. Therefore, in step S72, careful consideration is given based on the instruction from the management personal computer 19 received together with the finger data in step S62. Transmission processing is performed. First, the entrance lock unlocking signal is encrypted by the encryption code instructed by the management personal computer 19. Further, the transmission timing is also performed within an extremely short time width indicated by the management personal computer 19. These points will be described in more detail with reference to FIG.
The functions in FIG. 7 other than the commented part are basically the same as those in FIG.

FIG. 8 is a flowchart showing details of the collation processing performed by the control unit 12 in step S47 of FIG. 6 or step S68 of FIG.
When the collation process starts, first, in step S81, it is checked whether there is past accumulated data in the personal health database 15. If there is past accumulated data, the process proceeds to step S82 to check whether a predetermined accumulation period has elapsed. This is for checking whether or not a meaningful time period for analyzing and collating accumulated data has elapsed.
If a sufficient accumulation period that is meaningful for performing analysis and collation of accumulated data has elapsed, the process proceeds to step S83, and necessary accumulated data is called from the personal health database 15. The called accumulated data is subjected to accumulated data collation processing in step S84. In this accumulated data collation process, processing is performed including the data acquired this time. The collation regarding the accumulated data is thus completed, and the process proceeds to step S85. The accumulated data processing in step S84 will be described later in detail because there are various collations such as changes over time and seasonal changes.
If there is no past accumulated data in step S81, the process directly proceeds to step S85. Moreover, also when the predetermined period has not passed in step S82, it transfers to step S85 directly. In either case, it is meaningless to perform the accumulated data collation process.

  In step S85, the data acquired this time is stored in the personal health database 15, and the process proceeds to step S86. In step S86, simple collation between the health collation data acquired this time and the collation data held in the holding unit 16 is performed, and the process proceeds to step S87. In step S87 and subsequent steps, it is checked whether or not higher level collation is possible according to the situation, and if possible, such collation is executed.

First, in step S87, it is checked whether or not the health management data acquired this time is an item derived from a sensing function unique to the business unlocking authentication sensor 21. If the answer is no, it means that the acquired data is an item that can be acquired in common by both the business unlocking authentication sensor 21 and the home unlocking authentication sensor 13. Therefore, in this case, the process proceeds to step S88, and it is checked whether there is data of the same item acquired within a predetermined time.
When there is the same piece of data acquired within a predetermined time, normally, a resident in the A room 2 first performs authentication with the business unlocking authentication sensor 21 at the entrance of the apartment, and then passes through the authentication. It is assumed that the authentication by the home unlocking authentication sensor 13 was performed after reaching the entrance door of the A room.

  If there is the same piece of data acquired within the predetermined time in step S88, the process proceeds to step S89 to check whether the data acquisition conditions are the same. If the conditions are the same, the process proceeds to step S90. In this case, if the data are greatly different, there is a high possibility that one of them is an error. Therefore, in step S90, a cross check is performed to determine whether the two data are approximate. As a result of the cross check, if both data are approximate and both are reliable, the process proceeds to step S91, where both are averaged, and the matching process is terminated.

On the other hand, if the result of the cross check in step S90 shows a large discrepancy, one of the sensors may be abnormal, so the process proceeds to step S92, and the unreliable data is obtained with reference to the past data. A warning is given by judging that the issued sensor is in an abnormal state. At the same time, in step S93, the data from the sensor is regarded as an error and discarded.
As described above, when the data acquisition conditions are the same in step S89, the same item is double-checked based on the data acquired by the business unlocking authentication sensor 21 and the data acquired by the home unlocking authentication sensor 13, and the data To increase the reliability.

On the other hand, if the data acquisition conditions are different in step S89, collation including the causal relationship of the change in the health care data depending on the data acquisition conditions becomes possible. As described above, the case where the data acquisition conditions are different means that the exercise load of the same person is different when the check by the commercial unlocking authentication sensor 21 is performed and when the check by the home unlocking authentication sensor 13 is performed. This is the case when is different. Furthermore, the weather conditions such as the temperature are different between when checking with the business unlocking authentication sensor 21 which is usually outdoors and when checking with the home unlocking authentication sensor 13 which is usually in the hall, This is also the case when this affects health care data.
If such a difference in data acquisition conditions is detected in step S89, the process proceeds to step S94. If the exercise load is different, data such as pulse rate, and if the weather conditions are different, the temperature, humidity, wind speed are different. Such data is added as a condition for obtaining health management data, and collation is performed including such a causal relationship.

In step S87, if the acquired health management data is an item derived from a sensing function unique to the business unlocking authentication sensor 21, the same item is detected by the home unlocking authentication sensor 13. Therefore, the collation process is immediately terminated only by the simple collation in step S86.
Even if there is no data of the same item acquired within a predetermined time in step S89, the subsequent processing is meaningless and the collation processing is immediately terminated.
In the above function, the authentication of only the business unlocking authentication sensor 21 or the authentication only of the home unlocking authentication sensor 13 is continued within a predetermined time due to some special circumstances. As a result, the answer to step S88 is YES. Even in this case, the process may proceed to step S89, but the effect is effective even in that case.

FIG. 9 is a basic flowchart showing functions of the control unit 53 in the management personal computer 19 of the apartment entrance lock control system 8. This basic flowchart is repeatedly executed as appropriate under the control of the OS of the A personal computer.
When the flow of FIG. 9 starts, it is checked in step S101 whether the sensor unit 51 of the business unlocking authentication sensor 21 has been changed. If there is a change, a process for installing new sensor unit driver software is performed in step S102. At this time, when the new sensor unit 51 is provided from the medical institution 9, the control unit 53 receives driver software from the large computer of the medical institution 9 through communication and performs automatic installation. When the installation process ends, the process proceeds to step S103. If there is no change in the sensor unit 51, the process proceeds directly to step S3.

  In step S103, it is checked whether the health verification software 24 of the medical institution 9 has been upgraded. When there is a version upgrade, new software related to the version upgrade is provided from the large computer 22 of the medical institution 9 in step S104, the health management data handling software in the management personal computer is automatically rewritten, and the process proceeds to step S105. If there is no version upgrade, the process proceeds directly to step S105.

Note that the notification of version upgrade of the health verification software 24 has a great business significance as a service on the medical institution 9 side. Therefore, the medical institution 9 can provide service information on the other medical institution 9 side using the process of step S103. For example, a reminder for the next reception date, information on periodic health check-ups, pollen information, etc. are transmitted in accordance with the needs of the contracted individual.
In step S104, even when information not directly related to the change of the health management data handling software is received, this is recorded, and preparation is made so that the service information is displayed when the television 17 is turned on next time.

  In step S105, it is checked whether or not the protection unit 52 of the business unlocking authentication sensor 21 is damaged due to deterioration, breakage, or mischief caused by exposure to the external environment. If it is determined that there is damage and the sensor unit 51 does not operate normally, a warning for prompting replacement of the protection unit is given in step S106, and the process proceeds to step S107. If the protection unit 52 is not damaged, the process proceeds directly to step S107.

In step S107, it is checked whether or not a new room has joined the apartment entrance lock control system 8 or whether a room that has already been subscribed has been withdrawn. If there is a join or withdrawal, a process to that effect is performed in step S108.
As a result, it is possible to unlock the apartment entrance for residents in newly joined rooms, and to always know whether or not authentication results have been received from all the rooms. When the joining or withdrawal process is completed, the process proceeds to step S109. When there is no room entry or withdrawal, the process directly proceeds to step S109.

  In step S109, the condominium entrance lock control system 8 checks whether new registration of authentication verification data has been requested. If new registration is requested, the process proceeds to step S110 to perform registration processing, and the process proceeds to step S111. When new registration is not requested, the process directly proceeds to step S111. Details of the registration process in step S110 will be described later.

  In step S111, a sensor check process is performed. This is the same as step S12 in FIG. 4, but in the case of the management personal computer 19, it is in charge of checking the business unlocking authentication sensor 21, performing the operation check in the initial state at the time of the change, and thereafter Check whether there is any failure or deterioration of the product. Details thereof will be described later.

  Next, the process proceeds to step S112, and the authentication trigger at the apartment entrance is set in a standby state. Specifically, when a person stands at the entrance of the apartment, the management personal computer 19 recognizes this and waits for the management personal computer 19 to start the authentication function.

FIG. 10 is a flowchart showing the function of the control unit 53 when the management personal computer 19 detects that a person has stood before the apartment entrance and an authentication trigger is activated.
When this trigger is applied, in step S115, it is first checked whether or not a predetermined time has passed since a person stood before the apartment entrance. If the predetermined time has not elapsed, the process proceeds to step S116 to check whether or not a finger has been inserted into the business unlocking authentication sensor 21. If there is no insertion of the finger, the process returns to step S115, and hereinafter, the insertion of the finger is waited until a predetermined time elapses.

  If there is a finger inserted in step S116 and the biometric information can be acquired, the process proceeds to step S117, and the acquired data is transmitted to all living rooms that have joined the condominium entrance lock control system. Next, in step S118, it is checked whether or not authentication data indicating that the transmitted acquired data matches the unlocking authentication verification data has been received. The authentication data is encrypted to prevent forgery and confusion with an error signal. This encryption code is changed each time according to the random number table, and is transmitted to each room when the acquired data is transmitted in step S117. In step S118, if authentication data is received from any room, the process proceeds to step S119.

In step S119, it is checked whether the reception in step S118 was within a predetermined very short time width determined in connection with the transmission in step S117. As will be described later, the signal received in step S118 is a very important signal that is directly connected to the entrance door lock unlocking instruction. Therefore, step S119 is added to prevent malfunction due to an error signal and to break the lock by transmitting a forged authentication data signal. Oppose. In particular, in order to counter the forgery of authentication data, the extremely short time width in step S119 is changed each time based on the random number table, and the time width is designated only for the personal computer in the room that received the data transmission in step S117. Since the personal computer in the room transmits the authentication data to the management personal computer 19 during the designated time width, the authentication data signal received outside this time width is determined to be a forgery signal or an error signal.
When it is confirmed in step S119 that the authentication data has been received within the specified extremely short time width, the process proceeds to step S120.

In step S120, it is checked whether a notification indicating that the health management data acquisition has failed has been received from any of the rooms. The case of failure is a case where it is determined in any one of the rooms that the transmitted acquired data is sufficient for unlocking verification but not sufficient for health management data.
If it is confirmed in step S120 that a notification indicating that health management data acquisition has failed is not received from any room, the process proceeds to step S121, and the entrance lock 20 is instructed to unlock. The entrance lock 20 performs unlocking according to the instruction.
In the transmission of the authentication data from the room to the management computer and the transmission of the health management data income failure in the above steps S118 and S120, the management computer 19 does not know from which room these transmissions were made. Consider protection.

  After the instruction to unlock the entrance lock 20, the process proceeds to step S122, and the biological information acquired in step S116 is deleted. This is to ensure the protection of privacy. Thereafter, the process proceeds to step S123, and it is checked again whether a predetermined time has elapsed since a person stood before the apartment entrance. If the predetermined time has elapsed, the unlocking process is terminated.

  On the other hand, if it is confirmed in step S120 that a notification indicating that the acquisition of health management data has failed has been received, a message indicating that the data acquisition has failed is displayed in step S124, and the reason is displayed in step S125. Then, step S121 is reached. As described above, even when the acquisition of the health management data fails, the instruction to unlock the entrance lock is the same in the apartment entrance unlocking control system 8.

If it is determined in step S115 that a predetermined time has passed without a finger being inserted after a person stands in front of the door, the process proceeds to step S126, and an entry rejection display is performed. Next, after displaying the reason for refusal that the finger is not inserted in step S127, the process proceeds to step S128.
In step S128, auxiliary authentication for inputting a personal identification number, inserting an IC card, or the like is enabled. At this time, the signal that can be distinguished from the case of reaching step S121 via step S120 or step S125 is the same as 57 in FIG. In particular, in the case of step S128, since it is a public place called a condominium entrance, higher security is required. Therefore, at the time of the auxiliary authentication in step S128, the personal ID of who requested this is acquired and recorded.
When the auxiliary authentication is not performed or when the auxiliary authentication is unsuccessful, the unlocking process is terminated through steps S122 and S123, and therefore the entrance lock 20 is not unlocked. In this case, since there is no acquisition of biometric information that should be erased from the beginning, the result is the same as nothing in step S122. However, for the circumstances described below, the process goes through step S122.

When biometric information is obtained via step S116, and authentication data is not received from any room in step S118, the process proceeds to step S126, and an entry rejection display is performed. Next, in step S127, a reason for entry rejection display is displayed.
If the authentication data is not received within the extremely short time width as instructed in step S119, the process similarly proceeds to step S126 to display entry rejection, and in step S127, the reason for entry rejection display is displayed.
Information regarding the reason for display may not be known only by the management personal computer 19, and at that time, it is obtained from the personal computer in each room in charge of the authentication function. However, the management personal computer 19 cannot detect the information from which room, and the privacy of each room is protected.
Thereafter, the process proceeds to step S128, in which auxiliary authentication for inputting a personal identification number, insertion of an IC card, etc. is enabled. When the auxiliary authentication is not performed or when the auxiliary authentication fails, the process proceeds to step S122, and the biometric information acquired in step S116 is deleted. In this way, even if the authentication is not successful, the acquired biometric information is erased, and privacy is fully protected.
Next, the process proceeds to step S123. If the predetermined time has not elapsed, the process returns to step S116 through step S115. If the finger is improperly inserted, the finger is inserted with reference to the reason display in step S127. It is possible to proceed from step S116 to step S117 by redoing.

  FIG. 11 is a basic flowchart showing the function of the control unit 26 in the large computer 22 of the medical institution 9. When the function starts, it is checked in step S131 whether there is a new registration of the business unlocking authentication sensor 21 or a deletion or update of the registered sensor. Updates include functional changes due to sensor upgrades. If any one of registration, deletion, and update is registered in the business unlocking authentication sensor 21, the process proceeds to step S132, the data or software of the large computer is changed, and the process proceeds to S133. Accordingly, it is possible to cope with a change in the business unlocking sensor covered by the medical institution 9. If there is no change in the commercial unlocking authentication sensor 21, the process directly proceeds to step S133.

In step S133 and step S136, it is checked whether there is any new registration of the home lock authentication sensor 13 or deletion or update of the already registered sensor. Updates include functional changes due to sensor upgrades. If there is any of registration, deletion, and update in the home authentication sensor 13, the process proceeds to step S134, the moving process is performed by the large computer, and the process proceeds to step S135.
Registration, deletion, and renewal of home unlocking authentication sensors may be done simply by upgrading the sensor version, but in many cases, moving in and out of the condominium due to moving of the family, data processing in the personal computer in the room Since it is necessary, the moving process involves several procedures. Details thereof will be described later. If there is no change in the household unlocking authentication sensor 13, the process directly proceeds to step S135.

In step S135, it is checked whether there is any deletion or renewal of a newly registered individual or a registered individual in the medical institution 9. If there is a change, the process proceeds to step S136, and registration, deletion, and update to that effect are performed on the large computer.
In addition, since new registration of individuals or deletion of registered individuals often occurs due to changes in medical institutions, in step S137, personal data is transferred to another medical institution to be changed.
In other words, when a new registration is made as a result of moving from another medical institution to the medical institution 9, the personal health verification data and health management data recorded in the large computer of the original medical institution are transferred to the medical institution that has moved in. 9 health check data registration unit 23 and general health database 27 respectively. On the other hand, when the patient is transferred to another medical institution, the personal health verification data and the health management data held in the health verification data registration unit 23 and the general health database 27 of the medical institution 9 are respectively transferred to the destination medical institution. And erased from the large computer 22 of the medical institution 9.
Note that if the procedures for registration, deletion, and renewal of health management do not extend to a plurality of medical institutions, such as the birth of a person, death, or change of surname due to marriage, the process of step S137 is omitted.
After the above processing, the process proceeds to step S138. If there is no personal registration, deletion, or update in step S135, the process directly proceeds to step S133.

  In step S138, it is checked whether there is registration, deletion, or update of the registered personal health check data. If there is a change in the health verification data, the process proceeds to step S139, the data in the health verification data registration unit 23 of the large computer 22 is changed, and the process proceeds to step S140. If there is no change in the health verification data, the process directly proceeds to step S140.

  In step S140, it is checked whether there is any registration, deletion, or update regarding the statistical processing data distribution request by the registered individual. If there is a change in the statistical processing request, the process proceeds to step S141, the desired data of the large computer 22 is changed, and the process proceeds to step S142. If there is no change in the statistical processing request, the process directly proceeds to step S142.

  In step S142, a standby process is performed to receive health sensor data or health verification result data sent from the contracted personal computer to the medical institution 9. In step S142, the process waits for transmission of various information such as health check data, diagnosis results, and statistical processing information to the contracted personal computer. This completes the basic flow.

FIG. 12 is a flowchart showing details of transmission processing in the control unit 26 of the large computer 22 of the medical institution 9. This transmission process is started by various triggers when the control unit 26 is in a standby state in step S143 of FIG.
When the transmission process is started, in step S151, it is checked whether or not a trigger has been applied by newly registering health verification data for an individual in the health verification data registration unit 23. If the answer is yes, the process proceeds to step S152, the health check data is transmitted to the personal computer used by the individual, and the process proceeds to step S153. For example, if the health check data is newly registered as a member of the family in room A 2, the health check data is transmitted to the A personal computer 5, and the A personal computer 5 sends the received health check data to the health check data holding unit. 16 is stored. If the trigger is not triggered by new registration of health verification data, the process directly proceeds to step S153.

  In step S153, based on the data held in the general health database 27, it is checked whether or not a trigger has been triggered by a new automatic diagnosis result issued by a health verification software for a certain individual. If the answer is yes, the process proceeds to step S154, the automatic diagnosis result is transmitted to the personal computer used by the individual, and the process proceeds to step S155. In addition, when the trigger is not applied because the automatic diagnosis result is output, the process directly proceeds to step S155.

  In step S155, based on the data held in the general health database 27, it is checked whether or not a trigger has been applied for a certain individual when the doctor 25 inputs a diagnosis result to the diagnosis input / output unit 28. If the answer is yes, the process proceeds to step S156, and the diagnosis result of the doctor is transmitted to the personal computer used by the individual.

Next, in step S157, it is checked whether or not there is a doctor's finding different from the automatic diagnosis result. If there is an unusual finding of the doctor, the process proceeds to step S158, and a warning to that effect is transmitted together with the personal computer to alert the doctor that the finding is different from the automatic diagnosis result. Physician's findings are given priority when findings are different.
Next, the process proceeds to step S159, and after starting processing for modifying the health verification software based on the reason that the findings are different, the process proceeds to step S160.

  If there is no diagnosis result of the doctor in step S155, the process directly proceeds to step S160. Also, if there is no doctor's finding different from the automatic diagnosis result in step S157, the process directly proceeds to step S160.

  In step S160, it is checked whether or not a trigger is applied due to the creation of statistical data to be distributed to an individual who has registered the desire for statistical processing. If the answer is yes, the process proceeds to step S161, where the statistical data and information on the position of the individual in the statistical data are transmitted to the personal computer used by the individual, and the transmission process is terminated. If a trigger is not applied due to the creation of statistical data, the transmission process is immediately terminated.

FIG. 13 is a flowchart showing details of the moving process in step S134 of FIG.
When the moving process starts, first, in step S171, it is checked whether it is a new registration of a home unlocking authentication sensor. If it is new registration, it will progress to step S172 and will register a new household unlocking authentication sensor in the large computer 22 of the medical institution 9. To do. As a result, the registered home unlocking sensor 13 is under the control of the large computer 22, and the health management data acquired by the home unlocking sensor 13 is processed by the large computer 22.

Next, the process proceeds to step S173, where it is checked whether or not the family registered in the room where the newly registered home unlocking authentication sensor is installed does not include individuals registered in the medical institution 9. If a registered individual is included, the process proceeds to step S174. In this case, for example, an individual who has already been registered in the medical institution 9 in another residence moved, moved into the A room 2 of the apartment 1 and registered the home unlocking authentication sensor 13 from the A personal computer 5. Corresponds to the case.
In such a case, there is a possibility that the individual's health verification data is already registered in the health verification data registration unit 23 of the large-sized computer 22, so the presence or absence is checked in step S174. If the health verification data is registered, the health verification data is transmitted to the A personal computer 5 in step S175, and the process proceeds to step S176. The A personal computer 5 stores the received health verification data in the health verification data holding unit 16. If there is no health verification data registered in step S174, the process directly proceeds to step S176.

  If it is an individual registered in the medical institution 9, there is a possibility that the individual's health management data may be held in the general health database 27 of the large computer 22, so this is checked in step S176. If registered, the personal health management data is transmitted to the A personal computer 5 in step S177, and the process proceeds to step S178. The A personal computer 5 stores the received personal health management data in the personal health database 15. Such past personal health management data is useful when the A personal computer 5 locally checks changes over time. If no personal health management data is held in step S176, the process directly proceeds to step S178.

  If it is not a new registration of the home unlocking authentication sensor in step S171, the process directly proceeds to step S178. In step S173, if the newly registered family related to the home unlocking authentication sensor does not include an individual registered in the medical institution 9, the process directly proceeds to step S178.

  In step S178, it is checked whether or not the household unlocking authentication sensor 13 has been deleted. The need for erasure occurs, for example, when a family residing in the A room 2 moves. If the home unlocking authentication sensor 13 is to be deleted, the process proceeds to step S179, and the registration of the home unlocking authentication sensor 13 is deleted from the large computer 22 of the medical institution 9. The registered home unlocking authentication sensor 13 is not managed by the large computer 22.

  In step S180, an authentication verification data deletion signal is sent to the A personal computer 5. In response to this erasure signal, the A personal computer 5 erases the authentication verification data of all the family members who move from the authentication verification data holding unit 14. Originally, the unlocking authentication is not a section managed by the medical institution 9, but the unlocking authentication data is biometric data related to the privacy of the individual and is related to the same home unlocking authentication sensor 13, so when moving. The medical institution 9 also provides such a privacy protection service.

  Next, the process proceeds to step S181, where it is checked whether or not the health verification data of individuals in the family who are moving is registered in the health verification data registration unit 23 of the medical institution 9. If registered, the health check data is retained as it is in the medical institution period 9. In step S182, a health check data deletion signal is sent to the A personal computer 5, and the process proceeds to step S183. In response to this erasure signal, the A personal computer 5 erases the health collation data of all the family members who move from the health collation data holding unit 16. If there is no health verification data registered in step S181, the process directly proceeds to step S183.

  In step S183, it is checked whether the health management data of individuals in the family moving to the general health database 27 of the medical institution 9 is backed up. If there is a backup, the health management data is retained as it is on the medical institution period 9 side. In step S184, a health management data deletion signal is sent to the A personal computer 5, and the moving process is terminated. In response to this erasure signal, the A personal computer 5 erases the health management data of all the families who move from the personal health database 15. If there is no health management data backup in step S183, the moving process is immediately terminated.

  If it is determined in step S178 that the household unlocking authentication sensor 13 has not been deleted, the process proceeds to step S185. In this case, it means that the home unlocking sensor has not been newly registered or deleted, and the home unlocking sensor is not updated, so the updating process is performed in step S185 and the moving process is terminated. To do.

  In the above Example 1, the implementation in an apartment where a plurality of families are occupying has been described as an example. However, the implementation of the system as in the first embodiment is not limited to this, and is a multi-tenant building in which a plurality of companies are occupying a common entrance, or a business office in which a plurality of departments are occupying. However, it can also be implemented in a case having a common entrance.

FIG. 14 is a block diagram of a second embodiment of the biometric authentication and health management system of the present invention. Although the point regarding the entrance of a condominium where a plurality of families are occupying and the unlocking system of each room door is the same as in the first embodiment, the point using the mobile phone 101 is different from the first embodiment. Since the condominium entrance lock control system 8 and the medical institution 9 have many points in common with the first embodiment, the same blocks as those in FIG. 1 are denoted by the same reference numerals, and description thereof is omitted when unnecessary.
In the case of the second embodiment, the lock control system at the entrance door of each living room has the same configuration as the apartment entrance lock control system 8, and therefore the illustration and description in FIG. 14 are omitted.

The condominium entrance lock control system 8 has an A short-range wireless communication unit 102. As the A short-range wireless communication unit 102, for example, a communication system such as Bluetooth (trademark), wireless LAN, or wireless USB can be employed.
The management personal computer 19 of the second embodiment can communicate with the A personal computer 5 in the A room 2 of the apartment 1 as in the first embodiment. The distance wireless communication unit 102 can communicate with the mobile phone 101. Other configurations of the condominium entrance lock control system are the same as those in the first embodiment.

The medical institution 9 has a B near field communication unit 103 and a B telephone communication unit 104. The B short-range communication unit 103 is configured by a common communication system with the A short-range communication unit. The B phone communication unit is in accordance with the mobile phone communication system.
The large computer of the medical institution 9 of the second embodiment can communicate with the condominium entrance lock management system 8 and the A personal computer 5 in the A room 2 of the condominium 1 as in the first embodiment. In addition, the B short-range wireless communication unit 103 or the B telephone communication unit can communicate with the mobile phone 101. Other configurations of the medical institution 9 are the same as those in the first embodiment.

In the second embodiment, a person who wants to unlock the condominium entrance approaches the condominium entrance with the mobile phone 101. The authentication trigger of the management personal computer 19 can also be made when the human sensor 58 similar to the first embodiment detects the approach of a person. A trigger is also activated when the A short-range wireless communication unit 102 itself detects that it has entered, and the trigger is activated by the earlier detection.
When information is acquired by inserting a finger into the business unlocking authentication sensor 21, the management personal computer 19 transmits the information from the A short-range wireless communication unit 102 to the mobile phone 101. The mobile phone 101 is provided with a C short-range wireless communication unit 105 based on a common communication system with the A short-range wireless communication unit 102.

The C short-range wireless communication unit 105 that has received the information acquired by the A business unlock authentication sensor 21 from the short-range wireless communication unit 102 sends the information to the control unit 106. Information from the business unlocking authentication sensor 21 sent to the control unit 106 is collated with authentication collation data registered in the authentication collation data holding unit 107 in advance. If the result of the verification shows that the person is qualified to enter the apartment, the control unit 106 manages that fact from the C short-range wireless communication unit 105 via the A short-range wireless communication unit 102. Notify the personal computer 19.
In response to this notification, the management personal computer 19 sends an unlocking signal to the entrance lock 20. On the other hand, if it does not match the authentication verification data, the control unit 106 notifies the management personal computer 19 of a mismatch through the same route. In this case, the management personal computer 19 does not send an unlock signal to the entrance lock 20.

  As described above, also in the second embodiment, the management personal computer 19 itself of the condominium entrance lock control system 8 has no authentication verification data recording or verification function, and the verification result is simply notified from the mobile phone 101. Due to such considerations, authentication verification data for biometric authentication related to privacy, such as blood vessel patterns and fundus patterns, is kept in the mobile phone 101. Further, since the management personal computer 19 itself does not have a verification function and it is not known who the mobile phone the verification result is from, it is not known who the data acquired by the business unlocking sensor 21 belongs to. Similar to 1, privacy is protected.

The business unlocking authentication sensor 21 can acquire not only authentication information but also health management information as in the first embodiment. Therefore, health management by the commercial unlocking authentication sensor 21 is also possible.
That is, the information acquired by the business use unlocking authentication sensor 21 and sent from the short-range wireless communication unit 102 to the control unit 106 via the C short-range wireless communication unit 105 is information such as blood component information and blood vessel youth. Includes health care data. Therefore, the control unit 106 collates these health management data with the health collation data of the mobile phone owner himself / herself registered in the health collation data holding unit 108.
Similar to the first embodiment, the health management data holding unit 108 registers not only the value itself serving as a health index but also time-varying data for verification regarding the time-dependent change of the value. Therefore, the control unit 106 collates the current health management data sent from the business unlocking authentication sensor 21 with the health collation data, and changes with time of the health index based on the data accumulated in the personal health database 109. Is compared with the temporal change data for verification registered in the health verification data holding unit 108, and verification is performed from the viewpoint of the speed of change with time of the value serving as the health index. The result of collating the health index value and the result of collating the health index over time are displayed on the display unit 110 of the mobile phone. As for this display, for example, when the result of the collation indicates that an abnormality is detected, a warning sound is emitted so that the owner of the mobile phone 101 pays attention to the display unit 110.

  The mobile phone 101 further includes a user authentication sensor 111 having a biometric authentication function similar to that of the user authentication sensor 18 of the first embodiment. Accordingly, biometric authentication data and health management data can be simultaneously acquired during user authentication using a mobile phone.

  The mobile phone 101 also has a health sensor 112 that can detect health information during a phone call, and the information obtained from the mobile phone 101 is similar to the information from the commercial unlocking authentication sensor 21 and the user authentication sensor 111. Used for health management. Examples of health sensors include a breath component sensor provided in the vicinity of a microphone and an ear thermometer provided in the vicinity of a speaker or an earphone. The health sensor 112 only needs to have a function dedicated to collecting health information, and biometric authentication information is not necessarily obtained.

The mobile phone 101 further receives information from a health sensor provided on a daily accessory such as a wristwatch, a belt, glasses, shoes, and the like by the C short-range wireless communication unit 105, and the information obtained from these is also healthy. Similar to information from the sensor 112, etc., it is used for health management.
Also, not only items that are always in the vicinity of the mobile phone, but by receiving information from a health sensor provided in a massage machine, for example, by the C short-range wireless communication unit 105, as well as information from the health sensor 112 etc. Can be used for health management.

  The C short-range wireless communication unit 105 in the mobile phone 101 in FIG. 14 receives information from health sensors additionally provided for items originally provided for other uses as described above, and stores them in the personal health database 109. In addition to the case of recording, for example, blood pressure data obtained by a dedicated sphygmomanometer installed in a waiting room of the medical institution 9 is received from the B short-range wireless communication unit 103 provided in the sphygmomanometer, and the person's health database 109 can also be recorded.

In addition, information obtained through the C short-range wireless communication unit 105 and information obtained from the user authentication sensor 111 and the health sensor 112 may be displayed on the display unit 110 after collating with the health collation data. It can also be used without verification. For example, it is possible to simply accumulate in the personal health database 109 and display the accumulated temporal change information as a graph on the display unit 110 as it is. Furthermore, the obtained information can be displayed on the display unit 110 as it is in real time.
Such accumulated time-varying information can be displayed as a graph as it is by the display on the television 17 in the first embodiment of FIG. It is also possible to display the obtained information as it is on the television 17 in real time.

Naturally, the mobile phone 101 has a phone function unit 113 and a C phone communication unit 114 that are inherent to the mobile phone. Since these are the same as in the prior art, description thereof will be omitted.
Although the order of the description is reversed, the C phone communication unit 114 conforms to a mobile phone communication system common to the C phone communication unit of the medical institution 9. Accordingly, information can be exchanged between the mobile phone 101 and the medical institution 9 even in a remote place via the Internet through a mobile phone line. For example, the contents of the personal health database 109 can be transmitted in real time and backed up by the medical institution 9, and distribution of health check data, health management data, diagnosis results, and the like can be received from the medical institution 9. As described above, the mobile phone 101 has substantially the same function as the A personal computer of the first embodiment, and can further protect the privacy of individual units.

  As described above, information exchange between the mobile phone 101 and the medical institution 9 is performed between the B phone communication unit 104 and the C phone communication unit 114 in a remote place as described above, and for the purpose of registering health check data. When the user actually visits the medical institution 9, it can be performed between the B short-range wireless communication unit 103 and the C short-range wireless communication unit 105 at the communication spot of the medical institution 9.

The operation flow of the control unit 106 in the mobile phone 101 of FIG. 14 is almost the same as that of FIG. However, instead of the television warning preparation in step S69 of FIG. 7, preparation for warning is performed on the display unit 110 of the mobile phone 101. As a result, when the display unit 110 is subsequently turned on, a “health abnormality” warning is automatically issued.
Further, the operation flow of the control unit of the management personal computer 19 in the apartment entrance lock control system 8 in FIG. 14 is almost the same as that in FIG. However, data transmission to the C short-range wireless communication unit 105 of the mobile phone 101 is performed instead of acquisition data transmission to all living rooms in step S117 of FIG.

The implementation of the system using the mobile phone 101 as shown in FIG. 14 is not only an unlocking system at a condominium or company entrance, but also a biometric authentication system for personal authentication in access to money and information such as identity verification of deposit withdrawal in a bank. It can also be implemented in institutions that have introduced
For example, in the case of implementation in a bank, “condominium entrance lock control system 8” in FIG. The “deposit account identification sensor” may be replaced with “entrance lock 20” in FIG. 14 as “deposit withdrawal input permission section”.
In FIG. 14 in which the above-described replacement is performed, when the person holding the mobile phone 101 approaches the “automatic teller machine” 8, communication between the A short-range wireless communication unit 102 and the C short-range wireless communication unit starts. When a finger is inserted into the “deposit account identification sensor” 21, the information is sent to the mobile phone 101 and is compared with the verification data of the authentication verification data holding unit 107 by the control unit 106. Is sent to the management personal computer 19, and the deposit withdrawal amount input and the deposit withdrawal execution input to the "deposit withdrawal input permission section" 20 can be performed. As described above, since the holding and matching of the matching data in the biometric authentication are not performed on the bank side, privacy is protected.
The information sent from the “deposit account identification sensor” 21 to the mobile phone 101 also includes health management data, so it can be displayed and stored on the mobile phone side, Can be compared. Such convenience for the user can be regarded as a service on the bank side.

Next, details of the unlocking verification verification data registration process will be described.
First, the case of Example 1 will be described. FIG. 15 is a flowchart showing details of the unlocking authentication collation data registration process in step S11 of FIG. When the flow starts, it is checked in step S191 whether there is a request for newly registering verification data for unlocking the front door 10 in the A room 2. If there is a request, the process proceeds to step S192.
Check whether the condominium input verification data has already been registered in the authentication verification data holding unit.
If not registered, the process proceeds to step S193 to wait for reception of a sensor output from the home unlocking authentication sensor 13. This output is performed by inserting an individual finger that has been identified for verification data creation into the household unlocking authentication sensor 13. If the sensor output is received, the process proceeds to step S194, and collation data based on the sensor output is provisionally registered.

  On the other hand, if the condominium input collation data has already been registered in the authentication collation data holding unit in step S192, there is a possibility that the condominium input collation data can be commonly used as the entrance door collation data. Copy the verification data and temporarily register it as front door verification data.

Next, proceeding to step S195, a finger is inserted again into the home unlocking authentication sensor 13, and it is confirmed whether or not the collation to the same is normally performed. If such normal operation can be confirmed in step S195, the process proceeds to step S196, and the temporarily registered verification data is fully registered in the authentication verification data holding unit 14. On the other hand, if the normal operation cannot be confirmed, the process returns to step S193, the finger is inserted again, the sensor output from the household unlocking authentication sensor 13 is received again, and the verification data is temporarily registered again. The same applies when the registered apartment input verification data is copied and temporarily registered as entrance door verification data.
If the normal operation can be confirmed in step S195 and the main registration of the entrance door verification data is completed in step S196, the process proceeds to step S197. In step S191, if new registration of entrance door verification data is not requested, the process directly proceeds to step S197.

In step S197, it is checked whether or not the management personal computer 19 requests new registration of authentication verification data for unlocking the entrance of the apartment. If there is a request, the process proceeds to step S198, where the apartment entrance lock control system 8 inserts a finger into the business unlocking authentication sensor 21 to create authentication verification data, and data based on the obtained sensor output is transmitted from the management personal computer 19. Wait for it. The data from the management personal computer 19 has already been confirmed for normal operation in the condominium entrance lock control system 8. When data from the management personal computer 19 is received, the process proceeds to step S199, where data from the management personal computer 19 is temporarily registered.
Next, in step S200, a signal for deleting the authentication verification data on the management personal computer 19 side is transmitted. In step S201, it is checked whether or not a confirmation signal from which authentication verification data has been deleted is sent from the management personal computer 19. If it is confirmed in step S201 that the authentication collation data has been deleted on the management personal computer 19 side, the process proceeds to step S202, where the authentication collation data temporarily registered in step S199 is fully registered in the authentication collation data holding unit 14 and unlocking authentication is performed. The verification data registration process is terminated. On the other hand, if the verification data deletion on the management personal computer 19 side cannot be confirmed in step S201, the process returns to step S199 and starts again from the transmission of the deletion signal to the management personal computer 19.

As described above, the registration of the authentication verification data received from the management personal computer 19 in the authentication verification data holding unit 14 and the deletion of the used authentication verification data in the management personal computer 19 are a set. Consideration is given so that the authentication verification data acquired on the condominium entrance lock control system side will not remain and be used for privacy infringement. In other words, this means that the authentication verification data acquired on the apartment entrance lock control system side will not be erased unless the authentication verification data received from the management personal computer 19 is securely registered in the authentication verification data holding unit 14. To do.
In step S197, if the management personal computer does not request new registration of verification data for unlocking the apartment entrance, the unlocking verification verification data registration process is immediately terminated.

  In the flow of FIG. 15, first, it is asked whether or not it is new registration of the entrance door verification data, and then it is asked whether or not it is new registration of the apartment entrance verification data, but this order may be reversed. That is, the flow from step S197 to step S202 may be performed before step S191.

The flow of the control unit 12 when registering the authentication verification data for the user authentication sensor 18 in FIG. 1 is the same as steps S191 to S196 in FIG. However, “entrance door” is read as “user authentication” in step S191, and “home unlocking authentication sensor” is read as “user authentication sensor” in step S193.
Further, the operation flow of the control unit 106 when registering authentication verification data in the authentication verification data holding unit 107 of the mobile phone 101 in the second embodiment of FIG. 14 is the same as the flow of FIG. The same.

FIG. 16 is a flowchart showing details of the unlocking authentication verification data registration process in step S110 of FIG. When the flow starts, reception of sensor output from the business unlocking authentication sensor 21 is awaited in step S211. This output is performed by inserting an individual finger, who has been identified for collation data creation, into the business unlocking authentication sensor 21.
If the sensor output is received, the process proceeds to step S212, and collation data based on the sensor output is held in the management personal computer.
In step S213, a finger is inserted again into the business unlocking authentication sensor 21, and it is confirmed whether or not the collation to the same is normally performed. If such a normal operation can be confirmed in step S213, the process proceeds to step S214, and the collation data held in step S212 is transmitted to the A personal computer 5. On the other hand, if the normal operation cannot be confirmed, the process returns to step S211 to insert the finger again, receive the sensor output from the business unlocking authentication sensor 21 again, and hold the collation data again.

When the verification data is transmitted in step S214, the process proceeds to step S215, and it is checked whether a signal to delete the verification data on the management personal computer side is received from the A personal computer 5. The reception of this signal also has the meaning of confirming that the A personal computer has correctly received the verification data.
When the erase signal is received in step S215, the process proceeds to step S216, in which the verification data held in the management personal computer 19 is erased, and in step S217, an erase confirmation signal is transmitted to the A personal computer 5, and the authentication verification data registration process is completed. . On the other hand, if the erasure signal cannot be received in step S215, the process returns to step S214 and starts again from the verification data transmission to the A personal computer 5.

As described above, when registering verification data in the condominium entrance lock control system, it is left to the A room 2 to retain the final authentication verification data in order to protect personal privacy. However, the registration act is managed, and it is prevented that the security of the apartment entrance lock is compromised due to individual registration.
In addition, when registering the authentication verification data for unlocking management of the front door, the authentication verification data acquired by the home unlocking authentication sensor 13 does not go out of the A room 2, so the registration process Is simple.

  The operation flow of the management personal computer 19 when registering authentication verification data in the authentication verification data holding unit 107 of the mobile phone 101 in the second embodiment of FIG. 14 is the same as that of FIG. However, “A personal computer 5” in the above description is read as “mobile phone 101”.

As described above, in FIGS. 15 and 16, the registration of the authentication verification data for the condominium entrance lock control system 8 is performed by the data acquired by the business unlocking authentication sensor 21. However, when the unlocking authentication sensor 21 for business use is the same as the unlocking authentication sensor 13 for home use or the user authentication sensor 111, it is acquired by the unlocking authentication sensor 13 for home use or the user authentication sensor 111. You may comprise so that the authentication collation data for the condominium entrance lock control system 8 may be registered based on data.
However, in this case, in order to prevent forgery, an encryption key is exchanged with the apartment entrance lock control system 8 so that registration is possible only under strict management of the management personal computer 19 in the apartment entrance lock control system 8.

  FIG. 17 is a flowchart regarding the third embodiment of the biometric authentication and health management system of the present invention. Since the block diagram of the third embodiment is the same as that of FIG. 1, this will be used for the description. However, the functions of the A personal computer 5 and the management personal computer 19 are different. Specifically, in the first embodiment, the unlocking authentication is collated on the A personal computer 5 side, and the door lock unlocking signal is transmitted to the management personal computer 19 based on the collation result. On the other hand, in the third embodiment, the unlocking authentication is verified by the management personal computer 19 that has received the authentication verification data from the A personal computer 5 side. Details of the function will be described below with reference to FIGS. 17 and 18.

The control unit 12 in the A personal computer 5 of the third embodiment functions according to the flowchart of FIG. 17 instead of FIG. 7 in controlling the apartment entrance lock control system 8.
When the management personal computer 19 detects that a person has stood in front of the entrance of the apartment and an authentication trigger is applied to the A personal computer 5 that has received this notification, the flow in FIG. 17 starts. Check whether a predetermined time has passed since a person stood up. If the predetermined time has not elapsed, the process proceeds to step S222, and it is checked whether or not a finger has been inserted into the business unlocking authentication sensor 21. If there is no insertion of the finger, the process returns to step S221, and thereafter, the insertion of the finger is waited until a predetermined time elapses.

If a finger is inserted in step S222, the process proceeds to step S223, and it is checked whether it matches any of the unlocking authentication collation data held in the authentication collation data holding unit. This coincidence confirmation is for confirming whether or not the received finger data belongs to the resident of the A room 2, not for unlocking the apartment entrance. If there is a match with the authentication verification data in step S223, the process proceeds to step S224, and the authentication verification data is transmitted to the management personal computer 19. In the following, the lock control at the entrance of the apartment is left to the management personal computer 19.
As described above, the finger data reception check in step S222 is performed by detecting a request to transmit the unlocking authentication collation data held in the authentication collation data holding unit 14 to the management personal computer 19 at the time of biometric authentication. Have meaning.
It should be noted that in the transmission of the unlocking authentication verification data in step S224, a measure is taken to obscure that this is sent from the A personal computer, and the management personal computer 19 side does not know where the unlocking authentication verification data has been sent.

Next, the process proceeds to step S225, and it is checked whether or not the professional unlocking authentication sensor 19 has succeeded in obtaining the health management data, in other words, whether the finger data received from the management personal computer is sufficient as the health management data. The case where it is not successful is a case where the finger data received from the management personal computer 19 is sufficient for the unlocking verification but not enough for the health management data.
If it is confirmed in step S225 that the health management data has been successfully acquired, the process proceeds to step S226, and the acquired data is stored in the personal health database 15. The data stored in the personal health database 15 is transmitted to the large computer 22 in real time at the stage of step S226 by the contract with the medical institution 9, and is also stored in the general health database 27. As a result, the contents of the personal health database are backed up, and it is possible to cope with moving and the like.

  Such a contract for transmitting the data of the personal health database 15 to the medical institution 9 in real time also functions as a care system for the elderly living alone, for example. Since the acquisition of health management data is automatically performed in conjunction with the entrance and exit of the door, the fact that nothing in the health database 15 is sent to the medical institution 9 continues means that the door did not enter or exit during that period. Means. Therefore, in such a case, since it is considered that there was some accident in the elderly living alone, the medical institution 9 takes immediate action.

  Next, in step S227, it is checked whether or not there is collation data in the health collation data holding unit 16. If there is data, the process proceeds to step S228, and collation processing with the acquired data is performed. In step S229, it is checked whether there is an abnormality in the health management data as a result of the collation. If there is an abnormality, the process proceeds to step S230. When the television 17 is turned on, it is prepared to automatically issue a “health abnormality” warning, and the process proceeds to step S231. If there is no abnormality in step S229, the process proceeds directly to step S231.

In step S231, the collation result in step S228 is stored in the personal health database. The collation result data stored in the personal health database 15 is also transmitted to the large computer 22 in real time at the stage of step S231 by the contract with the medical institution 9, and is also stored in the general health database 27. Information indicating that an abnormality has been detected in step S229 is also transmitted to the large computer 22 and stored in the general health database 27.
Through the above processing, the process reaches step S232, where it is checked again whether a predetermined time has elapsed since a person stood in front of the entrance door. If the predetermined time has elapsed, the process proceeds to step S233. The meaning of step S232 is the same as step S72 of FIG.
If there is no collation data in the health collation data holding unit 16 in step S227, collation-related processing is unnecessary, and the process directly proceeds to step S232.
In step S233, the management PC 19 waits for a report from the management PC 19 that the unlocking authentication collation data transmitted to the management PC 19 in step S224 has been deleted. If there is a report, the apartment entrance unlocking process is terminated. The meaning of step S233 is to prevent the unlocking verification collation data from remaining in the management personal computer 19 and infringing on privacy.

On the other hand, if the acquisition of health management data fails in step S225, the data acquisition failure is displayed in step S234 and the reason is displayed in step S235, and the process proceeds to step S232.
In step S221, when a predetermined time has passed without a finger inserted after a person stands in front of the door, the apartment entrance unlocking process is immediately terminated.

  Furthermore, if the unlocking authentication verification data does not match any of the unlocking authentication verification data held in the authentication verification data holding unit 14 in step S223, the received finger data is not that of the resident of the A room 2. Immediately terminate the apartment entrance unlocking process. In other words, since the finger data belongs to another person in red, it is naturally not handled as health management data after step S225. In addition, since the apartment entrance unlocking itself is left to the management personal computer 19, the management personal computer 19 is not notified that the unlocking verification verification data does not match.

The control unit 53 (see FIG. 3) in the management personal computer 19 according to the third embodiment functions according to the flowchart of FIG. 18 instead of FIG. 10 when controlling the apartment entrance lock control system 8.
In FIG. 18, the management personal computer 19 detects that a person has stood before the apartment entrance, and when an authentication trigger is applied, the flow starts. In step S241, first, a person has stood before the apartment entrance for a predetermined time. Check if it has passed. If the predetermined time has not elapsed, the process proceeds to step S242 to check whether or not a finger has been inserted into the business unlocking authentication sensor 21. If there is no insertion of the finger, the process returns to step S241, and then the insertion of the finger is waited until a predetermined time elapses.

  In step S242, if the finger is inserted and the biometric information can be acquired, the process proceeds to step S243, and the acquired data is transmitted to all living rooms that have joined the apartment entrance lock control system. Next, in step S244, it is checked whether unlocking verification collation data has been received from any room. If unlocking verification collation data is received from any of the rooms, the process proceeds to step S245.

  In the third embodiment, the unlocking authentication verification is performed on the management personal computer 19 side. Therefore, in step S245, the unlocking authentication verification data received in step S244 is compared with the finger data acquired by the commercial unlocking authentication sensor 21. Check if they match. And if both correspond, it will progress to step S246.

In step S246, it is checked whether or not a notification indicating that the health management data acquisition has failed has been received from any of the rooms.
If it is confirmed in step S246 that a notification indicating that health management data acquisition has failed is not received from any room, the process proceeds to step S247, and the entrance lock 20 is instructed to unlock. The entrance lock 20 performs unlocking according to the instruction.
In the transmission of the unlocking authentication verification data and the health management data income failure from the room to the management personal computer in the above steps S244 and S246, the management personal computer 19 side does not seem to know from which room these transmissions were made. And consider privacy protection.

  After the instruction to unlock the entrance lock 20, the process proceeds to step S248, and the biological information acquired in step S242 is deleted. This is to ensure the protection of privacy. Thereafter, the process proceeds to step S249, and it is checked again whether a predetermined time has elapsed since a person stood before the apartment entrance. If the predetermined time has elapsed, the process proceeds to step S250, and the unlocking authentication verification data received from any of the rooms in step S244 is erased, and that is reported to all the rooms and the apartment entrance unlocking process is terminated. .

  On the other hand, if it is confirmed in step S246 that a notification indicating that the acquisition of health management data has failed is received, a message indicating that the data acquisition has failed is displayed in step S251, and the reason is displayed in step S252. Then, step S247 is reached. As described above, even when the acquisition of the health management data fails, if the unlocking impression collation results match in step S245, the entrance lock unlocking instruction is given.

If it is determined in step S241 that a predetermined time has passed without a finger inserted after a person stands in front of the door, the process proceeds to step S253, and an entry rejection display is performed. Next, after displaying the reason for refusal that the finger is not inserted in step S254, the process proceeds to step S255.
In step S255, auxiliary authentication for inputting a personal identification number, inserting an IC card, and the like is enabled. When the auxiliary authentication is not performed or when the auxiliary authentication fails, the unlocking process is terminated through steps S248 to S250, and therefore the entrance lock 20 is not unlocked. In this case, since there is no acquisition of biometric information to be originally deleted, the processing is substantially the same as that in step S248, but it is surely deleted in response to the following circumstances and unexpected accidents. And step S248 is placed in this position to protect privacy.

Even when the biometric information is obtained and no unlocking verification collation data is received from any room in step S244, the process proceeds to step S253, the entry rejection display is performed, and the entry rejection display is displayed in step S254. The reason is displayed.
Similarly, if the verification result of the unlocking verification verification data does not match in step S245, the process proceeds to step S253, and the entry rejection display is displayed together with the entry rejection display in step S254.
Also in these cases, after that, the process proceeds to step S255, where auxiliary authentication for inputting a personal identification number, insertion of an IC card, etc. is enabled. When the auxiliary authentication is not performed or when the auxiliary authentication fails, the process proceeds to step S248, and the biometric information acquired in step S242 is deleted. In this way, even if the authentication is not successful, the acquired biometric information is erased, and privacy is fully protected.
In this case, the process proceeds to the next step S249, and if the predetermined time has not elapsed, the process returns to step S242 through step S241. Therefore, if the finger is improperly inserted, the finger insertion is performed with reference to the reason display in step S254. It is possible to proceed from step S243 to step S243 by redoing.

  As described above, in any case, the process reaches step S250 via step S249. However, if the process reaches step S253 via step S241 or step S244, there is no received unlocking verification collation data. In S250, the result is substantially equivalent to nothing being performed. However, since privacy protection is an important issue, in order to be prepared for unexpected accidents, in any case, before the condominium entrance unlocking process is completed, a step of deleting the unlocking verification verification data is always performed.

  The fourth embodiment is configured so that the unlocking authentication is verified on the management personal computer 19 side as in the third embodiment in the embodiment using the mobile phone 101 of FIG. Since the block diagram of the fourth embodiment is the same as that of FIG. 14, this is used. Further, the function of the control unit 106 in the mobile phone 101 and the function of the control unit 53 in the management personal computer 19 are almost the same as those in FIGS. 17 and 18, respectively. To comment.

In the fourth embodiment, step S223 in FIG. 17 can be omitted. That is, in Example 3, there is a possibility that the finger data transmitted is from an irrelevant person living in another room, and in that case, it is not necessary to transmit the unlocking verification collation data, so in step S223 That was confirmed. On the other hand, in the case of the fourth embodiment, the finger data transmitted from the management personal computer 19 to the mobile phone 101 is actually the person who stands at the entrance of the apartment and puts the finger into the business unlocking authentication sensor. This is because the unlocking person verification data may be transmitted.
In the fourth embodiment, as in the second embodiment, a warning is prepared on the display unit 110 of the mobile phone 101 instead of the television warning preparation in step S230 of FIG. As a result, when the display unit 110 is subsequently turned on, a “health abnormality” warning is automatically issued.

Also in the flow of the management personal computer in FIG. 18, in the fourth embodiment, as in the second embodiment, data transmission to the C short-range wireless communication unit 105 of the mobile phone 101 is performed instead of the acquisition data transmission to all living rooms in step S243. I do.
Further, a step of asking “health management data supply contract user?” Is inserted between step S242 and step S243, and when the user is a contract user, the process proceeds to step S243. Then, the process proceeds to step S244. As described above, in the case of the fourth embodiment, the management personal computer 19 determines whether or not to transmit finger data according to the contract with the other party's mobile phone.
In addition, since the process in the mobile phone which is not a user of the health care data supply contract is very simple, only differences are commented using FIG. First, step S222 is read as “unlocking authentication verification data transmission request?”. Then, step S223, step S225 to step S231, step S234, and step S235 are omitted. That is, in a mobile phone that is not a contract user, only the unlocking authentication verification data is transmitted and the erasure report is confirmed.

Next, details of the sensor check process will be described. Since this is common to the first to fourth embodiments, the first embodiment will be described as an example.
FIG. 19 shows details of the sensor check process in step S12 of FIG. 4. When the flow starts, in step S261, it is checked whether or not the home unlocking authentication sensor 13 has been changed. When there is a change, the process proceeds to step S262, and first, an output signal in a state where no finger is inserted into the home unlocking authentication sensor 13 is acquired. Next, in step S263, the test waits for a finger to be inserted as a test, and when a finger is inserted and a signal in that state is acquired, the process proceeds to step S264.
In step S264, it is checked whether there is any abnormality in the basic signal, and specifically, whether a predetermined output can be obtained with the finger inserted when the output without the finger is used as a base. Check. If there is an abnormality, basic adjustment processing is performed in step S265, and the process proceeds to step S266. If there is no abnormality, the process proceeds directly to step S266.

  In step S266, a cross check signal is transmitted. Specifically, for a common biometric information acquisition item, a check signal is sent to the home unlocking authentication sensor 13 and the business unlocking authentication sensor 21 in a state where no finger is put in, and the response signal of the business unlocking authentication sensor 21 is sent. It is checked whether or not a predetermined output can be obtained from the home unlocking sensor 13 on the basis of. If there is an abnormality in the result of the cross check, a cross adjustment process is performed in step S268 so that the output of the home unlocking sensor 13 falls within a predetermined range with reference to the business unlocking authentication sensor 21, and the process proceeds to step S269. Transition. If there is no abnormality, the process proceeds directly to step S269. If there is no change in the home unlocking authentication sensor in step S261, the process directly proceeds to step S269.

  In step S269, it is confirmed whether or not a predetermined time has passed since the last periodic check and the time for the periodic check has come. This regular check may be frequently performed at short intervals. If it is determined in step S269 that the regular check time has come, a predetermined regular check is performed in step S270. Specifically, as in step S266, a check signal is sent to the home unlocking authentication sensor 13 and the business unlocking authentication sensor 21 in a state where no finger is put, and the result is viewed. If the result of the periodic check is abnormal, the process proceeds to step S271 to perform regular adjustment processing, and the process proceeds to step S272. If there is no abnormality, the process proceeds directly to step S272. Note that if it is determined in step S269 that the periodical check time is not yet reached, the process directly proceeds to step S272.

  In step S272, it is confirmed whether or not the automatic adjustment processing performed as necessary in steps S265, S268, and S271 has succeeded. If the automatic adjustment processing cannot be performed, the process proceeds to step S273 to that effect. Prepare for TV warnings. Since the television warning method in step S273 is the same as that in step S70 of FIG. 7, the description made earlier regarding this is also applied to step S273 and will not be repeated here.

The details of the sensor check process by the management personal computer 19 in step S111 in FIG. 9 are basically the same as those in FIG. However, the cross check from step S266 to step S268 is omitted. Incidentally, the periodic check from step S270 to step S271 is performed only with the business unlocking authentication sensor 21 as a control. Further, instead of the television warning in step S273, when automatic adjustment processing cannot be performed, a warning to that effect is given on the monitor of the management personal computer 19.
As described above, the check and adjustment of the commercial unlocking authentication sensor 21 are performed by the management personal computer 19 and the cross check from step S266 to step S268 of FIG. The household unlocking authentication sensor 13 is checked and adjusted based on the business unlocking authentication sensor 21.

Next, details of the accumulated data collating process will be described. Since this is common to the first to fourth embodiments, the first embodiment will be described as an example.
FIG. 20 shows details of the accumulated data matching process in step S84 in FIG. 8. When the flow starts, in step S281, it is checked whether or not a plurality of different types of biometric sensor information that can be combined are accumulated. If it has been accumulated, in step S282, these are combined and collated, and the process proceeds to step S283. If information that can be combined is not accumulated, the process directly proceeds to step S283.
The biometric sensor information that can be combined includes, for example, blood vessel sensor information, fundus sensor information, voiceprint sensor information, and the like, and sensor information that can also acquire health management information. The combination of a plurality of pieces of biometric sensor information has a significance of reducing biometric authentication errors and realizing higher-level health management.

  In step S283, although it does not have information for biometric authentication itself, it is checked whether or not information related to the conditions of the biometric itself for obtaining biometric authentication data is accumulated, and if it is accumulated, these are combined in step S284. To prepare for collation, the process proceeds to step S285. If the biological condition information is not accumulated, the process directly proceeds to step S285. Examples of the biological condition information at the time of obtaining the biometric authentication data include information such as body temperature, blood pressure, and pulse rate.

In addition to the above-mentioned information, the following information is useful as information regarding the conditions of the living body itself for acquiring biometric authentication data.
First, when the personal health database 109 is always carried around as in the mobile phone 101 of the second embodiment, if the mobile phone 101 is provided with a step number system, not only the conditions of the living body itself at the time of obtaining biometric authentication data are obtained. The history of the amount of exercise up to the time when biometric authentication data is acquired can also be stored in the personal health database 109. In this case, for example, even if the pulse rate at the time of obtaining biometric data is the same, it may be a result of continuing walking for the past month or a result of not trying to exercise. Collation with the collation data and health judgment are different. As described above, information such as the history of exercise load of the living body is also useful for the condition of the living body itself for acquiring the biometric authentication data.
In addition, as a condition of the living body itself for acquiring biometric authentication data, information on the medical history of the family as well as the person is also useful. For example, even if the person's blood pressure at the time of obtaining biometric data is the same, the risk factors differ between people with a history of hypertension, such as parents and grandparents, and those who have no history of hypertension. Because they come differently.
When registering the health verification data in the medical institution 9, the above-described various factors are taken into account by the judgment of the health verification software 24 or the doctor 25, and depending on what the health verification data registered in this way is, The required verification method is also different.

In step S285, it is checked whether or not information related to external conditions for acquiring biometric authentication data and the conditions of the biometric unit itself is accumulated. The process proceeds to step S287. If the external condition information is not accumulated, the process directly proceeds to step S287.
The external condition information is information acquired by the external condition sensor 57 in FIG. 3 and is, for example, weather conditions such as temperature, humidity, and wind speed.

In step S287, it is checked whether or not biometric data, biometric conditions, and information on the time when the external condition is acquired are accumulated. If accumulated, in step S288, biometric authentication data at the same time on different dates, conditions of the biometrics themselves, and external conditions are extracted, and preparations for collating information at the same time are made. In particular, when health management data is acquired by an unlocking sensor, regular data is accumulated day by day according to the time of work, etc., so that the efficiency of data collection is high.
Further, in step S289, based on the time information on the same day, it is verified how the biometric authentication data, the biometric condition, and the external condition change according to the daily change from morning to noon and night.
When the processes of step S288 and step S289 are completed, the process proceeds to step S290. If the time information is not accumulated, the process proceeds directly to step S290.

  In step S290, it is checked whether or not biometric data, biometric conditions, and date information on which external conditions have been acquired have been accumulated for a predetermined period. If accumulated, preparation is made in step S291 to check how the biometric authentication data, the conditions of the biological body itself, and the external conditions change according to a large seasonal change, and the process proceeds to step S292. Since the biological information may also be affected and changed in the course of the season of spring, summer, autumn and winter, the causal relationship can be grasped in step S291. If the date information has not been accumulated for a period sufficient for meaningful collation, the process proceeds directly to step S292.

  In step S292, when biometric authentication data, biometric conditions, and external conditions change over time, it is checked whether or not a predetermined accumulation period has been accumulated since the previous time change comparison. If it has been accumulated, in step S293, preparations are made to collate biometric data and changes over time in the conditions of the living body itself, and the process proceeds to step S294. Checking changes over time is particularly meaningful in terms of the speed of change, and also has the significance of finding sudden changes in medical conditions. If there is no accumulation of data for a period meaningful to see the change over time, the process directly proceeds to step S294.

  In step S295, based on the preparation in step S282, step S284, step S286, step S288, step S289, step S291, and step S293, collation of the obtained biometric information, collation with the corresponding health collation data, and those Execute as a combination of

FIG. 21 is a detailed schematic diagram of an entrance door that can be implemented in common in the first to fourth embodiments. In FIG. 21, the entrance door 10 is shown in cross section, with the left side of the entrance door 10 being the outside of the A room and the right side being the side of the A room. In addition, other configurations related to the entrance door substantially correspond to the door lock 11, the home unlocking authentication sensor 13, and the notification unit such as entry refusal and health data acquisition failure in FIG. 1.
Each configuration will be specifically described. First, an electronic nameplate 201 made of electronic paper or the like is disposed outside the entrance door 10. The electronic nameplate 201 normally displays a nameplate, but is controlled by the A personal computer 5 through the circuit unit 202 arranged inside the entrance door 10, and displays entry refusal indication and health data acquisition as necessary. It also serves as a notification unit that displays failure.
The circuit unit 202 constitutes the household unlocking authentication sensor 13 together with the common light source unit 203 and the common light receiving unit 204, and is controlled by the A personal computer 5. The knob / lock mechanism 205 constitutes the door lock 11 together with the circuit unit 202 and is controlled by the A personal computer 5.
In addition, although each control line which has come out from the circuit unit 202 is schematically illustrated as being exposed inside the entrance door in FIG. 21, it is actually wired inside the entrance door 10.

The knob / lock mechanism 205 includes a door knob and a lock mechanism that are operated when the entrance door 10 is opened and closed, and can be operated from either the outside or the inside of the entrance door 10. The knob / lock mechanism 205 cannot open the entrance door 10 even if the door knob is operated from the outside unless the lock is unlocked, but can open the entrance door 10 if the door knob is operated from the inside. It is configured as follows.
The common light source unit 203 and the common light receiving unit 204 are configured so as to be able to acquire biological information on the outside and inside of the front door 10 and are arranged with the knob / lock mechanism 205 interposed therebetween. As a result, regardless of whether the knob / lock mechanism 205 is operated from the outside or the inside of the front door 10, the finger naturally enters between the common light source unit 203 and the common light receiving unit 204, and biometric information is acquired. It can be done.

When the knob / lock mechanism 205 is operated from the outside of the entrance door 10, the biological information is acquired along with the operation, and when this is authenticated and it is confirmed that the person is a valid resident, the door lock is automatically unlocked. The door can be opened as it is. Since this series of processing is performed at high speed, a legitimate resident can enter the A-room 2 with the feeling that the front door 10 opens without any resistance by operating the knob / lock mechanism 205.
When the knob / lock mechanism 205 is operated from the inside of the front door 10, the lock is unlocked without biometric authentication, so there is no need for biometric authentication, but health data is also obtained when exiting the front door 10. For this purpose, the living body information can be acquired even inside the entrance door 10. This is in order to regularly obtain health management data especially at the time of morning work.

Next, details of the configuration of the common light source unit 203 and the common light receiving unit 204 will be described. The light source 206 of the common light source unit 203 is disposed inside the entrance door 10 and irradiates light for obtaining biological information toward the inner door knob. On the other hand, the light from the light source 206 is also emitted toward the outside of the front door 10, which is bent downward by the light guide unit 207 and emitted toward the outer door knob. With the above configuration, it is possible to irradiate light for obtaining biological information toward the outer doorknob without disposing the light source 206 outside the entrance door 10.
The sensor 208 of the common light source unit 204 is disposed inside the front door 10 and can receive light emitted from the light source 206 and transmitted through a finger that operates an inner door knob. On the other hand, the light irradiated from the light guide unit 207 and transmitted through the finger operating the outer door knob enters the light guide unit 209 and is bent toward the inside of the front door 10, and is received by the sensor 208. With the above configuration, it is possible to receive light for acquiring biological information acquired outside the entrance door 10 without disposing the sensor 208 outside the entrance door 10.

The configuration of the above common light source unit 203 and common light receiving unit 204 has an advantage that biometric information can be acquired both inside and outside the front door 10 by the common light source 206 and sensor 208 as described above. There are other benefits as well.
That is, the configuration in which the light source 206 and the sensor 208 are provided inside the entrance door 10 together with the circuit unit 202 has an advantage that these relatively expensive parts can be prevented from being damaged from the outside due to climate change or mischief. is there. Thus, the light guide 207 and the light guide 209 also have a meaning as the protection unit 52 in FIG. Similar to the protection unit 52 of FIG. 3, the light guide unit 207 and the light guide unit 209 are also configured to be exchangeable and adjustable independently of the light source 206 and the sensor 208.
In the biometric authentication sensor, the above-described advantage of providing the main part of the configuration inside the door is reduced when the function of performing biometric authentication inside the door is omitted in FIG. But you can enjoy it as well.

Since the biometric sensor is exposed to the external environment, it becomes impossible to detect or the detection performance deteriorates due to dirt and dust adhering to the light irradiation port of the light source unit, the light receiving port of the sensor, or foreign matter that interferes with the detection optical path. There is a problem to do. It is necessary to cope with this by maintenance such as cleaning of the light irradiation port, the light receiving port, and the detection light path.
In FIG. 21, since the knob / lock mechanism 205 is mechanically operated when biometric authentication is requested, a mechanical wiper is provided at the light emitting port and the light receiving port, and in conjunction with the operation of the knob / lock mechanism 205. Activate these wipers. Further, regarding the removal of the obstructing foreign substance in the detection optical path, since the finger operating the door knob is inserted across the optical path, it is removed by the finger itself.
It should be noted that the wiper can be periodically operated electrically instead of the above-described cleaning by human power.

  FIG. 22 is a data structure diagram of personal authentication data and health management data according to the fifth embodiment. In the first to fourth embodiments, the personal authentication data and the health management data are separately shown in the health verification data holding unit, the individual or personal health database, the authentication verification data holding unit, etc. In Example 5, these data are held according to a unified data format. FIG. 22 shows a data structure diagram of the data format, and the first to fourth embodiments can be implemented in such a manner of data retention according to the fifth embodiment.

  In the unified data format of the fifth embodiment, basically, each data is managed as one integrated data file. As shown in FIG. 22, the unified data file is divided into personal authentication data 301, health management data 302, reference condition data 303, and medical institution management data 304, but the whole is based on common association codes 305, 306, 307, and 308. Are related like a single file.

In the unified data format of the fifth embodiment, basically, each data is managed by being collected into one integrated data file. As shown in FIG. 22, the unified data file is divided into a personal authentication data file 301, a health management data file 302, a reference condition data file 303, and a medical institution management data file 304, and are handled as independent files as necessary. It is also possible to use the common association codes 305, 306, 307, and 308 so that they can be handled as one file as a whole.
The access right to each data in the file differs depending on the purpose, which will be described in detail below.

The personal authentication data file 301 includes basic data 309 for identifying an individual such as name, address, and telephone number, personal attribute data 310 including other personal attributes such as gender and date of birth, and entrance door verification data for each room. Local biometric verification data 311 such as, and shared biometric verification data 312 such as apartment entrance verification data.
Other than the shared biometric verification data 312 can be registered by the user himself, but the shared biometric verification data 312 can be registered only under the management of a shared system such as the management personal computer 19 of the apartment entrance lock control system 8. The local biometric verification data 311 and the shared biometric verification data 312 cannot be accessed from the medical institution 9.
When the shared biometric verification data 312 is transmitted to the apartment entrance lock control system 8 or the like at the time of authentication verification, basic data 309 for identifying an individual such as name, address, and telephone number, gender, date of birth, etc. The personal attribute data 310 including other personal attributes and the local biometric verification data 311 such as the entrance door verification data of each room are hidden, and the shared biometric verification data 312 is not known to whom. The

The health management data file 302 includes a date and time personal health database 313 for storing health management data acquired with a date and time, a data acquisition biological condition database 314, a data acquisition external condition database 315, and a matching result database 316. Included.
Such health management data cannot be accessed by a system for biometric authentication such as the condominium entrance lock control system 8. When the person uses these data, access is possible only when the collation result with the local biometric authentication collation data 311 matches, so that others cannot see it.

The reference condition data file 303 includes health maintenance activity history data 317 such as walking status by the step count system, family medical history data 318, and the like.
Since these data are also for personal health management, a system for biometric authentication such as the condominium entrance lock control system 8 cannot be accessed. In order to protect privacy, these reference condition data can be accessed only when the collation result matches the local biometric collation data 311 when used by the person himself / herself.

In the medical institution management data file 304, data to be handled under the management of the medical institution 9 is collected. The medical institution 9 is not involved in the local biometric verification data 311 related to the biometric authentication and the shared biometric verification data 312 and is not the person himself. Therefore, the health management data cannot be accessed by these data. Therefore, the personal identification number 319 for health management is determined with the consent of the person, and this is stored in the medical institution management data file 304. Accordingly, when a doctor or the like accesses the health management data, the health management password is input.
The medical institution management data file 304 further includes a medical institution ID code 320, health check data 321 and doctor diagnosis data. These data are managed by the medical institution 9, and even the person himself cannot be rewritten without permission.
The health verification data 321 is provided to the A personal computer or mobile phone after registration, but the doctor diagnosis data 322 basically has a problem of notification, and therefore cannot be accessed by the person without a predetermined procedure.

  The present invention can be applied to a personal authentication / health management system.

8 First part 5, 101 Second part 21 Biometric information acquisition unit 20 Utilization unit 19 Transmission unit 12, 106 Health management information processing unit 5,101 Receiving unit 19 Determination unit 8 Common entrance 10 Individual entrance 21 First biometric information Acquisition unit 13 Second biological information acquisition unit 16, 109 Storage unit 14, 108 Health verification information holding unit

Claims (50)

  The first part has a first part and a second part, and the first part uses a biometric information acquisition unit that acquires biometric information of a human body and a biometric authentication result based on the biometric information acquired by the biometric information acquisition unit And a transmission unit that transmits the biological information acquired by the biological information acquisition unit to the second part, and the second part receives the biological information transmitted from the first part in the health of the human body. A personal authentication and health management system comprising a health management information processing unit for processing as management information.   The first portion is a lock control system for a common entrance through which a plurality of persons enter and exit, and the utilization unit unlocks the common entrance according to a biometric authentication result. Personal authentication and health management system.   3. The personal authentication and health management system according to claim 2, wherein the second part is managed by a specific person entering and exiting the common entrance.   4. The personal authentication and health management system according to claim 3, wherein the second part is managed by a resident in a separate entrance that can be reached through the common entrance.   4. The personal authentication and health management system according to claim 3, wherein the second part is a mobile phone carried by an individual person passing through the common entrance.   2. The personal authentication / health management system according to claim 1, wherein the first part is a personal authentication system of a bank, and the utilization unit performs personal authentication of a bank operator according to a biometric authentication result.   6. The personal authentication and health management system according to claim 5, wherein the second part is a mobile phone carried by a bank operator.   The personal authentication and health management system according to any one of claims 1 to 7, wherein the second part includes a display unit that displays health management information from the health management information processing unit.   9. The personal authentication / health management system according to claim 1, wherein the second part includes a storage unit that stores health management information from the health management information processing unit.   The personal authentication and health according to any one of claims 1 to 9, wherein the second part includes a determination unit that determines a health state of a human body based on health management information from the health management information processing unit. Management system.   11. The biometric information from the biometric information acquisition unit is different in level whether biometric authentication is sufficient and whether it is sufficient as health management information. Personal authentication and health management system described.   Health management of a biometric information acquisition unit that acquires biometric information of a human body, a utilization unit that uses a biometric authentication result based on the biometric information acquired by the biometric information acquisition unit, and the biometric information acquired by the biometric information acquisition unit A personal authentication / health management system, comprising: a transmission unit that transmits information to the outside.   The utilization unit unlocks a common entrance according to a biometric authentication result, and the transmission unit transmits the biometric information as health management information under the management of a specific person passing through the common entrance. 13. The personal authentication and health management system according to claim 12,   14. The personal authentication / health management system according to claim 13, wherein the transmission unit transmits the biometric information as health management information into individual entrances that can be reached through the common entrance.   14. The personal authentication / health management system according to claim 13, wherein the transmission unit transmits the biological information as health management information to a mobile phone carried by an individual person passing through the common entrance.   13. The personal authentication according to claim 12, wherein the utilization unit performs personal authentication of a banker according to a biometric authentication result, and the transmission unit transmits the biometric information to the banker as health management information. Cum health management system.   The personal authentication and health management system according to claim 16, wherein the transmission unit transmits the biometric information as health management information to a mobile phone carried by a banker.   The said utilization part utilizes this, when a biometrics authentication result is obtained irrespective of whether biometric information is enough as health management information. Personal authentication and health management system.   19. The personal authentication / health management system according to claim 18, further comprising a notifying unit for notifying when the biometric information is insufficient as health management information. A receiving unit that receives biometric information from a biometric information acquisition unit that acquires biometric information for biometric authentication, and a health management information processing unit that processes the biometric information received by the receiving unit as health management information of the human body Personal authentication and health management system.   21. The personal authentication and health management system according to claim 20, wherein the system is configured as a mobile phone.   The personal authentication / health management system according to claim 20 or 21, further comprising a display unit for displaying health management information from the health management information processing unit.   The personal authentication and health management system according to any one of claims 20 to 22, further comprising a storage unit that stores health management information from the health management information processing unit.   24. The personal authentication / health management system according to claim 23, wherein a change with time of the health management information is displayed based on the health management information stored in the storage unit.   25. The personal authentication / health management system according to claim 20, further comprising a determination unit that determines a health state of a human body based on health management information from the health management information processing unit.   The said determination part has a health collation information holding part holding the health collation information for collating with the health management information from the said health management information processing part, and determining a health state, The determination part of Claim 25 characterized by the above-mentioned. Personal authentication and health management system.   27. A personal authentication / cumulative function according to claim 20, further comprising a transmission unit for transmitting to the biometric information acquisition unit when the biometric information received by the receiving unit is insufficient as health management information. Health management system.   21. The health management information processing unit includes a receiving unit that receives processing information for processing biometric information as human body health management information, and a holding unit that holds the received processing information. 28. The personal authentication and health management system according to any one of 1 to 27.   Health management of a biometric information acquisition unit that acquires biometric information of a human body, a utilization unit that uses a biometric authentication result based on the biometric information acquired by the biometric information acquisition unit, and the biometric information acquired by the biometric information acquisition unit A personal authentication / health management system comprising: a determination unit that determines whether to use the information as well.   The determination unit uses biometric information as biometric authentication and health management information for individuals who satisfy a predetermined condition, and uses biometric information for biometric authentication for individuals who do not satisfy the predetermined condition. 30. The personal authentication and health management system according to claim 29, wherein the decision is made not to use the management information.   A biometric information acquisition unit that acquires biometric information of a human body, a utilization unit that uses a biometric authentication result based on the biometric information acquired by the biometric information acquisition unit, and a condition information acquisition unit that acquires condition information for acquiring biometric information A personal authentication / health management system characterized by having biometric information and condition information as health management information.   32. The personal authentication and health management system according to claim 31, wherein the condition information acquisition unit includes an external condition acquisition unit that acquires an external condition around the living body.   The personal authentication and health management system according to claim 32, wherein the external condition acquisition unit acquires weather conditions.   32. The personal authentication and health management system according to claim 31, wherein the condition information acquisition unit includes a biological condition acquisition unit that acquires conditions of the living body itself.   35. The personal authentication and health management system according to claim 34, wherein the biological condition acquisition unit is a pulse rate of a living body.   A first biological information acquisition unit that has a common entrance through which a plurality of persons enter and exit and individual entrances that can reach through the common entrance, and that acquires biological information of a human body at the common entrance And a lock that is unlocked in accordance with a biometric authentication result based on the biometric information acquired by the first biometric information acquisition unit, and the individual entrance is configured to acquire biometric information of a human body. And a lock that is unlocked in accordance with a biometric authentication result based on the biometric information acquired by the second biometric information acquisition unit, the first biometric information acquisition unit and the second biometric information acquisition unit A personal authentication and health management system characterized in that the biometric information acquired by each biometric information acquisition unit is used as health management information.   A mobile phone comprising: a receiving unit that receives biometric information as health management information from a biometric information acquiring unit that acquires biometric information; and a storage unit that stores the health management information received by the receiving unit.   38. The mobile phone according to claim 37, further comprising a display unit for displaying health management information received by the receiving unit.   39. The mobile phone according to claim 37 or 38, wherein a change with time of the health management information is displayed based on the health management information stored in the storage unit.   40. The mobile phone according to claim 37, further comprising a determination unit that determines a health state of the human body based on the received health management information.   41. The mobile phone according to claim 40, wherein the determination unit includes a health verification information holding unit that stores health verification information for determining health status by comparing with the received health management information.   The mobile phone according to any one of claims 37 to 410, wherein the receiving unit is a short-range wireless communication unit.   43. The mobile phone according to claim 42, wherein the biometric information stored in the storage unit is transmitted to a backup institution by a wireless communication means different from that of the receiving unit.   44. The mobile phone according to claim 37, wherein the biological information is blood pressure.   A biometric information acquisition unit that acquires biometric information of a human body, a biometric authentication unit that performs biometric authentication based on the biometric information acquired by the biometric information acquisition unit, and an individual that has been authenticated by the biometric authentication unit A personal authentication and health management system comprising: a health management information processing unit that performs health management information processing based on biological information acquired by the information acquisition unit.   A biometric information acquisition unit that acquires biometric information of a human body, a biometric authentication unit that performs biometric authentication based on the biometric information acquired by the biometric information acquisition unit, and a biometric information acquired by the biometric information acquisition unit A health management information processing unit that performs health management information processing; and a recognition unit that recognizes the health management information processed by the health management information processing unit as personal information authenticated by the biometric authentication unit. Personal authentication and health management system.   A biometric information acquisition unit that acquires biometric information of a human body, a biometric authentication unit that performs biometric authentication based on the biometric information acquired by the biometric information acquisition unit, and a biometric information acquired by the biometric information acquisition unit A personal authentication / health management system, comprising: a health management information processing unit that performs health management information processing, and invalidating the health management information processing unit when biometric authentication by the biometric authentication unit is not possible.   A personal authentication unit that performs personal authentication, an information acquisition unit that acquires health management information at the time of personal authentication by the personal authentication unit, and an individual who has authenticated the health management information acquired by the information acquisition unit by the personal authentication unit A personal authentication and health management system characterized by having a recognition unit that recognizes as a thing.   A personal authentication unit that performs personal authentication, an information acquisition unit that acquires health management information during personal authentication by the personal authentication unit, verification information necessary for the personal authentication unit, and health management information acquired by the information acquisition unit A personal authentication / health management system, comprising:   A biometric information acquisition unit that acquires biometric information of a human body, a biometric authentication unit that performs biometric authentication based on the biometric information acquired by the biometric information acquisition unit, and a biometric information acquired by the biometric information acquisition unit A health management information processing unit that performs health management information processing; and a recording unit that records biometric information for verification necessary for the biometric authentication unit and health management information processed by the health management information processing unit in association with each other. Personal authentication and health management system.

Images