JP2013190934A - Counter authentication system, counter authentication server, program and counter authentication method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable counter authentication that is capable of reducing a risk of losing an important document and detecting spoofing.SOLUTION: The system comprises: certificate information storage means for storing information on a certificate for identifying an individual person that includes feature information on a face of the individual person; registration means for previously registering the certificate information in the certificate information storage means; display means for reading and displaying the certificate information from the certificate information storage means; input acceptance means for accepting an input of a collation result using the information on the certificate included in the certificate information; and result storage means for storing the collation result accepted by the input acceptance means.

Description

  The present invention relates to a technique for identity authentication at a window.

  In Patent Document 1, personal information held by an organization is centrally accumulated, an ID card common to the organizations is issued, and information, a password, and the like for identifying an individual are transmitted using the ID card at the time of use. Technology for performing authentication and presenting a personal information service to an authenticated individual is disclosed.

Japanese Patent Laid-Open No. 11-120184

  However, in the above technology, identity authentication is performed by presenting an ID card and entering a password, etc., but the password is information that is relatively easy to steal, and if it is not long enough, it is easily analyzed, so it is impersonated. There are risks such as. On the other hand, when authenticating visitors to the counter, visitors may submit important documents such as driver's licenses and Basic Resident Register, but according to the authentication method that always carries these important documents and presents them each time. For visitors, there is a risk of loss of important documents.

  For example, the window authentication system according to the present invention includes a certificate information storage unit that stores information of a certificate that identifies a person including feature information of a person's face, and the certificate information is stored in the certificate information storage unit. Registration means for pre-registering, display means for reading out and displaying the certificate information from the certificate information storage means, and input receiving means for accepting input of a collation result using certificate information included in the certificate information And a result storing means for storing the collation result received by the input receiving means.

  In addition, for example, a window authentication server, a certificate information storage unit that stores information of a certificate that identifies the individual including the facial feature information of the individual, and the certificate information is stored in the certificate information storage unit in advance. A registration means for registering, and a read response means for reading and transmitting the certificate information from the certificate information storage means in response to a request for reading the certificate information.

  Further, for example, a program for causing a computer to perform authentication at a window, which causes the computer to function as a control unit and a storage unit, and the storage unit includes the personal face characteristic information. A registration procedure for registering the certificate information in advance in the storage means, and a display procedure for reading out and displaying the certificate information from the storage means. An input acceptance procedure for accepting input of a collation result using certificate information included in the certificate information, and a result storage procedure for storing the collation result accepted by the input acceptance procedure, Do

  Further, for example, there is a window authentication method using a window authentication system, the window authentication system comprising certificate information storage means for storing information of a certificate that identifies the individual, including personal face feature information. A registration step for pre-registering the certificate information in the storage unit; a display step for reading out and displaying the certificate information from the storage unit; and a verification result using the certificate information included in the certificate information An input receiving step for receiving the input and a result storing step for storing the collation result received in the input receiving step are performed.

  By applying the present invention, it is possible to perform window authentication that can detect impersonation while reducing the risk of loss of important documents.

It is a figure which shows the outline | summary of the window authentication of this embodiment. It is a figure which shows the outline | summary of the window authentication system of this embodiment. It is a functional block diagram which shows the outline | summary of the general window terminal in this embodiment. It is a functional block diagram which shows the outline | summary of the illumination information server in this embodiment. It is a functional block diagram which shows the outline | summary of the separate window terminal in this embodiment. It is a functional block diagram which shows the outline | summary of the mobile terminal in this embodiment. It is a figure which shows the data structure of the progress information storage part in this embodiment. It is a figure which shows the data structure of the certification | authentication information storage part in this embodiment. It is a figure which shows the hardware constitutions of the general window terminal in this embodiment. It is a figure which shows the hardware constitutions of the certification | authentication information server in this embodiment. It is a figure which shows the hardware constitutions of the separate window terminal in this embodiment. It is a figure which shows the hardware constitutions of the mobile terminal in this embodiment. It is a figure which shows the processing flow of the comprehensive reception process in this embodiment. It is a figure which shows the processing flow of the separate window collation process in this embodiment. It is a figure which shows the example of the collation screen of the separate window collation process in this embodiment. It is a figure which shows the processing flow of the mobile collation process in this embodiment. It is a figure which shows the example of the collation screen of the mobile collation process in this embodiment. It is a functional block diagram which shows the outline | summary of the separate window terminal in another embodiment. It is a figure which shows the example of the collation screen of the separate window collation process in another embodiment.

  Embodiments of the present invention will be described below with reference to FIGS.

  FIG. 1 is a diagram showing an outline of window authentication using a window authentication system as an example of an embodiment of the present invention. In window authentication, visitors come to the general window with a driver's license with a card number, address, name, etc., and identity verification certificate such as Basic Resident Register. The person in charge of the general counter reads the information described in the identity verification certificate and, if an image that can identify the person's face is posted on the identity verification certificate, the image using a scanner. If the image that can identify the person's face is not posted on the identity verification certificate, the person in charge of the general window takes the face image of the visitor with a camera or the like and acquires the image. Then, a visitor is registered and accepted based on the information described in the identity verification certificate and the acquired face image. When the reception is completed, a ticket is issued by a ticketing machine. The receipt slip is printed in association with the reference number and the barcode information including the card number of the identity verification certificate for each individual window visited by the visitors.

  Visitors receive the receipt slip issued at the general counter and visit the individual counter. At the individual window, the person in charge of the individual window reads the barcode information on the receipt slip using a barcode scanner. Based on the card number included in the barcode information, the face image of the visitor registered at the general window and the information described in the identity verification certificate are acquired and displayed on the individual window terminal. The person in charge of the individual window verifies the match with the face of the visiting visitor using the face image of the visitor displayed on the window terminal and the information described in the identity verification certificate. Determine whether or not to perform admission processing.

  In addition, in individual window terminals, telephones with images (videophones that make video and voice calls almost simultaneously) transmitted from mobile devices (phones, PCs, mobile phones, etc.) equipped with cameras via the Internet, etc. It is also possible to acquire a face image and authenticate it by matching with the face image registered together with the identity verification certificate displayed on the individual window terminal. According to this, it is possible to increase the security level of processing such as credit card payment in the case of business transactions over the Internet, for example.

  FIG. 2 is a diagram showing an outline of the configuration of the window authentication system 1 that enables such window authentication. The window authentication system 1 includes a general window terminal 100 that is communicably connected to each other via a network 10, a reception slip printing machine 200 as a ticket issuing machine that prints a reception slip 300, and a certification information server that holds certificate information. 400, an individual window terminal 500 as a terminal arranged at the individual window, and a mobile terminal 600 to which a visitor or the like connects as necessary. The network 10 is a network such as a so-called LAN (Local Area Network). However, the present invention is not limited thereto, and the network 10 may be a communication network partially using a general public line such as the Internet, WAN (Wide Area Network), or VPN (Virtual Private Network).

  In addition, a scanner 190 that reads an identification certificate 50 such as a driver's license or a basic resident register held by a visitor and a camera 180 that photographs the visitor in color or monochrome are connected to the general window terminal 100 so that they can communicate with each other. Is done. The general window terminal 100 receives the information of the identity verification certificate 50 read by the scanner 190 from the scanner 190. Further, the general window terminal 100 receives an image including the face portion of the visitor photographed by the camera 180 from the camera 180.

  A bar code scanner 580 for reading the bar code on the receipt slip 300 is communicably connected to the individual window terminal 500. The individual window terminal 500 receives the barcode information read by the barcode scanner 580.

  Here, in the present embodiment, the identity verification certificate 50 is a document in which a card number, an address, a name, a face image, and the like are described as information that is optically visible from the outside. However, the present invention is not limited to this, and the identity verification certificate 50 may be an RFID (Radio Frequency IDentification) antenna, a storage element, an IC card including a communication module, or the like. For example, it may be a document that electromagnetically holds information such as a card number, an address, a name, and a face image. Further, it may be a mobile phone terminal, a PDA (Personal Digital Assistant), a smartphone, or other device having an RFID function. In this regard, the scanner 190 connected to the general window terminal 100 reads reflected light or transmitted light with a photosensitive element such as a CCD (Charge Coupled Device) image sensor or a CMOS image sensor (Complementary Metal Oxide Semiconductor Sensor). It is assumed that it also has a function of a so-called scanner for obtaining images or a card reader for reading information electromagnetically.

  The receipt slip 300 is printed by the receipt slip printer 200 and printed in association with the reference number and the barcode information including the card number of the identity verification certificate for each individual window visited by the visitors. . In the present embodiment, the barcode information included in the receipt slip 300 is obtained by encoding the card number of the identity verification certificate 50 by a predetermined algorithm. For example, the barcode information may represent binary information and its digit by a bar of two colors (for example, white and black), or binary information that looks like a spot pattern of two colors (for example, white and black). And so-called two-dimensional bar code information representing information by its relative two-dimensional position.

  The barcode scanner 580 reads the barcode and specifies binary information corresponding to the digit. The barcode scanner 580 optically obtains an image by reading reflected light or transmitted light such as infrared light or visible light with a photosensitive element such as a CCD image sensor or a CMOS image sensor. Then, binary information is discriminated according to the optical image obtained by the photosensitive element, and the digit is specified according to the read position.

  The mobile terminal 600 is assumed to be a mobile phone terminal having a video phone function for transmitting and receiving moving images taken by a call and a camera via the Internet or a mobile phone carrier network, and a payment function such as electronic money. I can't. For example, a PDA, a smartphone, or other device may be used.

  As shown in FIG. 3, the general counter terminal 100 includes a control unit 110, a storage unit 120, an output display unit 130, an input reception unit 140, and a communication processing unit 150. The control unit 110 includes an input processing unit 111, an output processing unit 112, a reception processing unit 113, a certification information management unit 114, an image acquisition unit 115, and a progress status management unit 116. The storage unit 120 includes a progress information storage unit 121.

  The input processing unit 111 receives input of predetermined information input from the input receiving unit 140. The output processing unit 112 delivers information to be output to the output display unit 130. The information to be output is, for example, display of the contents of the identity verification certificate of the visitor who has received the reception, display screen information indicating information on the detected error, and the like.

  The reception processing unit 113 instructs the image acquisition unit 115 to acquire a face image of the visitor. In addition, the image acquisition unit 115 is instructed to acquire the contents described in the identification certificate 50 of the visitor. The reception processing unit 113 associates the information described in the identity verification certificate read by the image acquisition unit 115 with the individual window that the visitor is scheduled to visit. In addition, the reception processing unit 113 passes the information described in the identity verification certificate 50 read by the image acquisition unit 115 and the face image to the certification information management unit 114 and instructs the certification information server 400 to register. . In addition, the reception processing unit 113 delivers the information described in the identity verification certificate and the individual window that the visitor is scheduled to visit to the progress status management unit 116 and instructs registration in the progress information storage unit 121.

  The certification information management unit 114 registers the information described in the identity verification certificate 50 and the face image read by the image acquisition unit 115 in the certification information server 400. More specifically, a registration request is transmitted together with both pieces of information to the certification information server 400 via the network 10.

  The image acquisition unit 115 instructs the scanner 190 to acquire an optical image of the personal identification certificate 50 and acquires image data. The image acquisition unit 115 performs character recognition processing on the information of the character description portion including the card number, address, and name from the image data of the identity verification certificate 50, and acquires character information including the card number, address, and name. In addition, the image acquisition unit 115 acquires image information about information of an image description part including a face image from the image data of the identity verification certificate 50.

  In addition, when the image acquisition unit 115 is instructed to acquire a face image, the image acquisition unit 115 instructs the camera 180 to start shooting, and if the shooting condition or the like is specified to the camera 180, specifies the shooting parameter. Pass as. For example, the image acquisition unit 115 instructs the camera 180 to pan, tilt angle, view angle, flash blink, or specify the focus position. Then, the image acquisition unit 115 acquires image data transmitted from the camera 180.

  The progress management unit 116 manages the visit schedule and actual visits of individual windows visited by visitors as progress information. For example, the progress management unit 116 receives the information described in the identity verification certificate, the individual window that the visitor is scheduled to visit, and the order thereof, and assigns a reference number. The reference number is a serial number that is unique in each individual window. Further, the progress status management unit 116 stores information including the assigned serial number in the progress information storage unit 121. In addition, when the progress status management unit 116 receives information specifying the window reception date and time and whether or not to synthesize from the individual window terminal 500 via the network 10, the progress status management unit 116 writes the information in the corresponding area of the progress information storage unit 121.

  The storage unit 120 stores electronic information such as the progress information storage unit 121. Here, the data structure of the progress information storage unit 121 will be described with reference to FIG.

  The progress information storage unit 121 includes a progress order 121A for managing the order of visit schedules, a serial number 121B that is a number that does not overlap in a predetermined period (for example, within business days) for each individual window, and the person presented by the prospective visitor Certificate number 121C that identifies the confirmation certificate 50, window reception date and time 121D that identifies the date and time when the visitor visited each individual window, and the visitor visited the individual window and performed identity authentication And synthesizer rejection 121E for specifying whether or not the result has been verified.

  The output display unit 130 outputs various types of information such as a GUI (Graphical User Interface) or a CUI (Character-based Unter Interface) of the general window terminal 100. The input receiving unit 140 receives input of GUI or CUI operation information. For example, the input receiving unit 140 receives information about various operations in guidance or the like for inserting the identity verification certificate 50.

  The communication processing unit 150 is connected to another device via the network 10 or the like, receives information transmitted from the other connected device, and transmits information to the other connected device.

  The receipt slip printer 200 is, for example, a laser printer device, and prints the reference number and the barcode information in association with the order of visits to the individual window on the sheet of the receipt slip 300 of a predetermined size. Note that the receipt slip printer 200 is not limited to a laser printer, and may be various printer devices such as an ink jet printer, an impact printer, and a thermal transfer printer.

  The certification information server 400 registers identity verification certificates. In addition, the certification information server 400 presents registered identity verification certificates. As illustrated in FIG. 4, the certification information server 400 includes a control unit 410, a storage unit 420, an output display unit 430, an input reception unit 440, and a communication processing unit 450. The control unit 410 includes an input processing unit 411, an output processing unit 412, a certification information registration unit 413, and a certification information presentation unit 414. Note that the certification information server 400 can be connected to the Internet or the like by an external organization such as an information processing service organization operated in common among organizations such as an administrative organization, a private certification body, or an individual window using the window authentication system 1. Management and operation.

  The input processing unit 411 receives input information transmitted from the general window terminal 100, the individual window terminal 500, and the like via the communication processing unit 450. The input processing unit 411 receives information input via the input receiving unit 440.

  The output processing unit 412 transmits output information to a terminal or the like that has made a predetermined request via the communication processing unit 450. The output information is, for example, information on a registered identity verification certificate.

  The proof information registration unit 413 uses the input information received by the input processing unit 411 to store in the proof information storage unit 421 stored in the storage unit 420 the description information and face image information of the identity verification certificate 50 of the person to be registered. Is stored.

  The certification information presentation unit 414 reads out the description information and face image information of the identity verification certificate 50 of the registration target person from the certification information storage unit 421 stored in the storage unit 420, and reads them out via the communication processing unit 450. Providing proof information by sending information.

  The storage unit 420 stores a certification information storage unit 421. Note that the storage unit 420 may be a storage device or the like fixedly installed in the certification information server 400, or may be an independent storage device or the like.

  As shown in FIG. 8, the certification information storage unit 421 includes a certificate number 421A for identifying the identity verification certificate, photo information 421B that is face image data associated with the identity verification certificate, and the identity verification certificate. Address 421C which is the address information described in the above, name 421D which is the name information described in the identity verification certificate, telephone number 421E which is the phone number information described in the identity verification certificate, and the identity verification certificate The gender 421F, which is information for identifying the gender described in, the date of birth 421G, which is the information for identifying the date of birth described in the identity verification certificate, and the end of the valid period of the identity verification certificate The expiration date 421H, which is information to be specified, is stored in association with each other.

  The output display unit 430 outputs various information such as GUI or CUI of the certification information server 400. The input receiving unit 440 receives input of GUI or CUI operation information.

  The communication processing unit 450 connects to another device via the network 10 or the like, receives information transmitted from the other connected device, and transmits information to the other connected device.

  As shown in FIG. 5, the individual window terminal 500 includes a control unit 510, an output display unit 530, an input reception unit 540, and a communication processing unit 550. Control unit 510 includes an input processing unit 511, an output processing unit 512, a reception unit 513, a remote reception unit 514, and a collation unit 515. The individual window terminal 500 is an information processing terminal such as a personal computer, but is not limited thereto. For example, it may be a mobile phone terminal, a PDA, a smartphone or other portable information processing terminal, or a dedicated information processing terminal.

The input processing unit 511 receives information input via the input receiving unit 540. Also,
The output processing unit 512 outputs output information via the output display unit 530. The output information is, for example, screen information indicating the content of the visitor identification certificate output by the reception unit 513.

  The reception unit 513 instructs the barcode scanner 580 to acquire the reference number and barcode information of the reception slip 300, and acquires the reference number and barcode information. When the receiving unit 513 recognizes the acquired reference number as a character and acquires the number, the receiving unit 513 reads out the corresponding information stored in the progress information storage unit 121 of the general counter terminal 100. Then, the information matching the certificate number obtained by analyzing the barcode information is read out, the information on the window reception date / time 121D is in the order of progress, and the acquired reference number is not received and is the window in the next order of progress. Whether or not a visit is possible is determined based on whether or not there is. If the visit is not possible, a warning that the visit schedule is different is output.

  If the visit is possible, the reception unit 513 instructs the communication processing unit 550 to transmit the certificate number to the certification information server 400, and the certification information (certificate number, photo information, address, name, telephone number, gender). , Including date of birth and expiration date).

  Then, the reception unit 513 instructs the output processing unit 512 to display the acquired certificate information in order to show it to the operator of the terminal.

  When the remote reception unit 514 receives the input of the reference number and the certificate number from the mobile terminal 600 or the like, the remote reception unit 514 transmits the acquired reference number to the general window terminal 100 and the corresponding information stored in the progress information storage unit 121. Is read. The information corresponding to the certificate number is read out, and the information on the reception date / time 121D is in the order of progress, and whether the visit is possible or not depends on whether the acquired reference number is not received and is the next order of contact. Determine. If the visit is not possible, a warning that the visit schedule is different is output.

  If the visit is possible, the remote reception unit 514 instructs the communication processing unit 550 to transmit the certificate number to the certification information server 400, and the certification information (certificate number, photo information, address, name, phone number, Including gender, date of birth, and expiration date).

  Then, the remote reception unit 514 instructs the output processing unit 512 to display the acquired certificate information. At that time, when receiving an image acquired by the camera attached to the mobile terminal 600 from the mobile terminal 600, the remote reception unit 514 instructs the output processing unit 512 to display the image.

  Further, upon receiving the video (video acquired by the attached camera and video of certificates) received from the mobile terminal 600, the remote reception unit 514 instructs the verification unit 515 to perform verification, and the authenticity rate according to a predetermined standard Is obtained and displayed on the output processing unit 512.

  The collating unit 515 collates the video transmitted from the mobile terminal 600 (the video acquired by the attached camera and the video of the certificates) with the photo information included in the certification information, and matches the feature points and the like. The mutual authentication rate is calculated from the degree. For example, the matching unit 515 acquires the relative position and size of the facial part, the shape of the eyes, nose, cheekbones, and jaws as features, searches for images with matching features, and sets the ratio of matching features, etc. The authenticity rate is calculated accordingly. In addition, the matching unit 515 may calculate the authentication rate by making the authentication rate constant by using a main face recognition algorithm. For example, elastic bunch graph matching, hidden Markov model, dynamic link matching, 3D face recognition, etc. are used.

  The output display unit 530 outputs various information such as the GUI or CUI of the individual window terminal 500. The input receiving unit 540 receives input of GUI or CUI operation information.

  The communication processing unit 550 connects to another device via the network 10 or the like, receives information transmitted from the other connected device, and transmits information to the other connected device.

  As illustrated in FIG. 6, the mobile terminal 600 includes a control unit 610, an output display unit 630, an input reception unit 640, and a communication processing unit 650. The control unit 610 includes an input processing unit 611, an output processing unit 612, and a remote collation control unit 613. The mobile terminal 600 is an information processing terminal such as a mobile phone, but is not limited thereto. For example, it may be a personal computer, a mobile phone terminal, a PDA, a smart phone or other portable information processing terminal, or a dedicated information processing terminal.

  The input processing unit 611 receives information input via the input receiving unit 640.

  The output processing unit 612 outputs output information via the output display unit 630. The output information is, for example, screen information indicating the video of the person in charge at the destination that is output by the remote verification control unit 613.

  The remote collation control unit 613 transmits an image showing a user's face acquired by an attached camera or the like (not shown) to the individual window terminal 500 or the like via the communication processing unit 650.

  The output display unit 630 outputs various information such as a GUI or CUI of the mobile terminal 600. The input receiving unit 640 receives input of GUI or CUI operation information.

  The communication processing unit 650 is connected to another device via the network 10 or the like, receives information transmitted from the other connected device, and transmits information to the other connected device.

  FIG. 9 is a diagram illustrating a hardware configuration of the general window terminal 100 according to the present embodiment.

  In the present embodiment, the general window terminal 100 is a computer such as a PC (personal computer), a workstation, a server device, various mobile phone terminals, and a PDA (Personal Digital Assistant).

  The general window terminal 100 includes an input device 101, an external storage device 102, an arithmetic device 103, a main storage device 104, a communication device 105, an external device connection I / F 106, and a bus 107 that connects the respective devices to each other. And a scanner 190 and a camera 180 connected via the external device connection I / F 106.

  The input device 101 is a device that receives input from, for example, a keyboard, a mouse, a touch pen, a pressure-sensitive touch sensor, an electrostatic induction touch sensor, and other pointing devices.

  The external storage device 102 is a non-volatile storage device such as a hard disk device, a flash memory, or an SSD (Solid State Disk).

  The arithmetic device 103 is an arithmetic device such as a CPU (Central Processing Unit).

  The main storage device 104 is a memory device such as a RAM (Random Access Memory).

  The communication device 105 is a wireless communication device that performs wireless communication via an antenna, or a wired communication device that performs wired communication via a network cable.

  The external device connection I / F 106 is a communication interface compatible with, for example, a USB (Universal Serial Bus) standard that performs control by connecting to various devices.

  The scanner 190 and the camera 180 are connected to the general window terminal 100 via the external device connection I / F 106 and controlled in operation. The camera 180 acquires not only a still image but also a moving image.

  The input processing unit 111, the output processing unit 112, the reception processing unit 113, the certification information management unit 114, the image acquisition unit 115, and the progress status management unit 116 of the general counter terminal 100 are calculated by the general counter terminal 100. This is implemented by a program that causes the apparatus 103 to perform processing.

  This program is stored in the main storage device 104 or the external storage device 102, loaded onto the main storage device 104 for execution, and executed by the arithmetic device 103.

  Further, the storage unit 120 of the general window terminal 100 is realized by the external storage device 102 and the main storage device 104 of the total window terminal 100.

  The output display unit 130 of the general window terminal 100 is realized by a display device or the like attached to the total window terminal 100.

  The input reception unit 140 of the general window terminal 100 is realized by an input device 101 such as a keyboard and a mouse attached to the total window terminal 100.

  In addition, the communication processing unit 150 of the general window terminal 100 is realized by the communication device 105 of the total window terminal 100. The hardware configuration of the general window terminal 100 has been described above.

  FIG. 10 is a diagram showing a hardware configuration of the certification information server 400 in the present embodiment.

  In the present embodiment, the certification information server 400 is a computer such as a PC, a workstation, a server device, various mobile phone terminals, or a PDA.

  The certification information server 400 includes an input device 401, an external storage device 402, an arithmetic device 403, a main storage device 404, a communication device 405, and a bus 406 that connects the devices to each other.

  The input device 401 is a device that receives input from, for example, a keyboard, a mouse, a touch pen, a pressure-sensitive touch sensor, an electrostatic induction touch sensor, and other pointing devices.

  The external storage device 402 is a nonvolatile storage device such as a hard disk device, a flash memory, or an SSD.

  The arithmetic device 403 is an arithmetic device such as a CPU. The main storage device 404 is a memory device such as a RAM. The communication device 405 is a wireless communication device that performs wireless communication via an antenna, or a wired communication device that performs wired communication via a network cable.

  The input processing unit 411, the output processing unit 412, the certification information registration unit 413, and the certification information presentation unit 414 of the certification information server 400 are realized by a program that causes the arithmetic unit 403 of the certification information server 400 to perform processing. .

  This program is stored in the main storage device 404 or the external storage device 402, loaded onto the main storage device 404 for execution, and executed by the arithmetic device 403.

  The storage unit 420 of the certification information server 400 is realized by the external storage device 402 and the main storage device 404 of the certification information server 400.

  The output display unit 430 of the certification information server 400 is realized by a display device or the like attached to the certification information server 400.

  The input receiving unit 440 of the certification information server 400 is realized by an input device 401 such as a keyboard and a mouse attached to the certification information server 400.

  The communication processing unit 450 of the certification information server 400 is realized by the communication device 405 of the certification information server 400. The hardware configuration of the certification information server 400 has been described above.

  FIG. 11 is a diagram illustrating a hardware configuration of the individual window terminal 500 in the present embodiment.

  In the present embodiment, the individual window terminal 500 is a computer such as a PC, a workstation, a server device, various mobile phone terminals, and a PDA.

  The individual window terminal 500 includes an input device 501, an external storage device 502, a computing device 503, a main storage device 504, a communication device 505, an external device connection I / F 506, and a bus 507 that connects the respective devices to each other. And a barcode scanner 580 connected via an external device connection I / F 506.

  The input device 501 is a device that receives input from, for example, a keyboard, a mouse, a touch pen, a pressure-sensitive touch sensor, an electrostatic induction touch sensor, and other pointing devices.

  The external storage device 502 is a nonvolatile storage device such as a hard disk device, a flash memory, or an SSD.

  The arithmetic device 503 is an arithmetic device such as a CPU. The main storage device 504 is a memory device such as a RAM, for example. The communication device 505 is a wireless communication device that performs wireless communication via an antenna, or a wired communication device that performs wired communication via a network cable.

  The external device connection I / F 506 is a communication interface compatible with, for example, the USB standard that performs control by connecting to various devices.

  The barcode scanner 580 is connected to the individual window terminal 500 via the external device connection I / F 506, and the operation is controlled.

  The input processing unit 511, the output processing unit 512, the reception unit 513, the remote reception unit 514, and the verification unit 515 of the individual window terminal 500 are realized by a program that causes the arithmetic unit 503 of the individual window terminal 500 to perform processing. Is done.

  This program is stored in the main storage device 504 or the external storage device 502, loaded onto the main storage device 504 for execution, and executed by the arithmetic device 503.

  The output display unit 530 of the individual window terminal 500 is realized by a display device or the like attached to the individual window terminal 500.

  The input reception unit 540 of the individual window terminal 500 is realized by an input device 501 such as a keyboard and a mouse attached to the individual window terminal 500.

  The communication processing unit 550 of the individual window terminal 500 is realized by the communication device 505 of the individual window terminal 500. The hardware configuration of the individual window terminal 500 has been described above.

  FIG. 12 is a diagram illustrating a hardware configuration of the mobile terminal 600 in the present embodiment.

  In the present embodiment, the mobile terminal 600 is, for example, a computer such as a PC, a workstation, a server device, various mobile phone terminals, and a PDA.

  The mobile terminal 600 includes an input device 601, an external storage device 602, an arithmetic device 603, a main storage device 604, a communication device 605, a camera 606, and a bus 607 that connects these devices to each other.

  The input device 601 is a device that receives input from, for example, a keyboard, a mouse, a touch pen, a pressure-sensitive touch sensor, an electrostatic induction touch sensor, and other pointing devices.

  The external storage device 602 is a nonvolatile storage device such as a hard disk device, a flash memory, or an SSD.

  The arithmetic device 603 is an arithmetic device such as a CPU. The main storage device 604 is a memory device such as a RAM. The communication device 605 is a wireless communication device that performs wireless communication via an antenna, or a wired communication device that performs wired communication via a network cable.

  The camera 606 is an optical photographing device that acquires video data and moving image data of a user or the like.

  The input processing unit 611, the output processing unit 612, and the remote collation control unit 613 of the mobile terminal 600 are realized by a program that causes the arithmetic device 603 of the mobile terminal 600 to perform processing.

  This program is stored in the main storage device 604 or the external storage device 602, loaded onto the main storage device 604 for execution, and executed by the arithmetic device 603.

  The output display unit 630 of the mobile terminal 600 is realized by a display device or the like attached to the mobile terminal 600.

  The input receiving unit 640 of the mobile terminal 600 is realized by an input device 601 such as a keyboard and a mouse attached to the mobile terminal 600.

  Further, the communication processing unit 650 of the mobile terminal 600 is realized by the communication device 605 of the mobile terminal 600. The above is the hardware configuration of the mobile terminal 600.

  It should be noted that the hardware configuration and the configuration of the processing unit and the like for the general window terminal 100, the certification information server 400, the individual window terminal 500, and the mobile terminal 600 are not limited to the above example, and can be replaced, for example. It may be provided with different configurations by different parts.

  For example, the input processing unit 111, the output processing unit 112, the reception processing unit 113, the certification information management unit 114, the image acquisition unit 115, and the progress status management unit 116 of the general window terminal 100 are included in the total window terminal 100. In order to facilitate the understanding of the configuration, these are classified according to the main processing contents. Therefore, the present invention is not limited by the way of classifying the components and their names. The configuration of the general window terminal 100 can be classified into more components depending on the processing content. Moreover, it can also classify | categorize so that one component may perform more processes.

  In addition, each functional unit of the general window terminal 100 may be constructed by hardware (ASIC, GPU, etc.). Further, the processing of each functional unit may be executed by one hardware or may be executed by a plurality of hardware.

  Similarly, for the certification information server 400, the individual window terminal 500, and the mobile terminal 600, the invention of the present application is not limited by the way of classifying the components or their names. The configurations of the certification information server 400, the individual window terminal 500, and the mobile terminal 600 can be classified into more components depending on the processing content. Moreover, it can also classify | categorize so that one component may perform more processes.

  In addition, each functional unit for the certification information server 400, the individual window terminal 500, and the mobile terminal 600 may be constructed by hardware (ASIC, GPU, etc.). Further, the processing of each functional unit may be executed by one hardware or may be executed by a plurality of hardware.

  [Description of Operation] Next, the flow of the comprehensive reception process in this embodiment will be described with reference to FIG. FIG. 13 is a flowchart showing a comprehensive reception process performed for each visitor when the visitor visits the general window. The general reception process is started when the reception processing unit 113 receives a reception start instruction from the general window person who is the user of the direct terminal at the general window terminal 100 via the input processing unit 111.

  First, the reception processing unit 113 reads an address, name, telephone number, date of birth, sex, photograph, and the like from the identity verification certificate 50 (step S001). Specifically, the reception processing unit 113 instructs the image acquisition unit 115 to read the image information including the contents of the identity verification certificate 50 and the face portion presented by the visitor with the scanner 190.

  If the image processing information including the face portion is not read in step S001, such as when there is no publication in the identity verification certificate 50, the reception processing unit 113 uses the camera 180 to include an image including the face of the visitor. Is captured (step S002). Specifically, the reception processing unit 113 determines that the information of the identity verification certificate 50 read in step S001 does not include image information including the face part of the visitor, the image acquisition unit 115 And instruct to capture the image including the face part. The image acquisition unit 115 detects the face portion of the visitor and converts an optical image obtained by focusing on the face portion into digital image information.

  Then, the certification information management unit 114 transmits image information including the address, name, telephone number, date of birth, sex, and face part to the certification information server 400 and requests registration (step S003). Specifically, the proof information management unit 114 displays the information on the identity verification certificate acquired in step S001 and the information on the video information of the visitor himself acquired in step S002, in the proof information server. 400, and further transmits a certification information registration request. Note that the certification information registration unit 413 of the certification information server 400 stores the received identification information and the information on the video information of the principal in the certification information storage unit 421.

  And the reception process part 113 registers the visit schedule of the separate window which a visitor is going to visit (step S004). Specifically, the reception processing unit 113 receives the received information to the progress management unit 116 when receiving the input from the general window about the individual window of the visited place and the order thereof, which is orally transmitted from the visitor. hand over. The progress status management unit 116 assigns a unique reference number to each combination of the information for identifying the received individual window and the certificate number of the identity verification certificate 50 and stores it in the progress information storage unit 121.

  And the reception process part 113 outputs the receipt slip 300 for every visited individual window (step S005). Specifically, the reception processing unit 113 sets the reference number assigned by the progress management unit 116 and the certificate number of the certificate presented by the visitor for each individual window scheduled to be visited by the visitor. The reception form printing machine 200 is instructed to print the barcode information converted using the algorithm, and output the information.

  The above is the process flow of the comprehensive reception process. According to the comprehensive reception process, the certification information can be stored in the certification information server 400 and the progress information can be registered in the general window terminal 100. In addition, the reception form 300 can be issued from the ticket issuing machine and handed to the visitors. According to this, for example, it can be said that preparations for ensuring security can be made while smoothly performing authentication processing at an individual window where a visitor subsequently visits.

  Next, the flow of the individual window matching process in the present embodiment will be described with reference to FIG. FIG. 14 is a flowchart showing the individual window verification process. In the individual window verification process, when the visitor visits the individual window, the reception section 513 receives an instruction to start reception from the individual window staff who is a direct user of the individual window terminal 500 via the input processing section 511. And started.

  First, the reception unit 513 reads the reference number and certificate number from the reception form 300 (step S101). Specifically, the reception unit 513 reads the reference number, which is the content of the reception slip 300, and the information of the barcoded certificate number by the barcode scanner 580.

  Then, the reception unit 513 transmits the read reference number to the general window terminal 100 to acquire progress information, and gives a warning when the order is out of the progress order (step S102). Specifically, the reception unit 513 transmits the read reference number to the general window terminal 100. Then, the progress status management unit 116 of the general window terminal 100 searches the progress information storage unit 121 and extracts a record corresponding to the reference number and a record scheduled to be visited by the same certificate. The progress status management unit 116 confirms that the order is normal when the window reception date / time 121D of the window scheduled to visit before the record corresponding to the reference number is filled and collation success / failure 121E is successful. Is added to the individual window terminal 500. In addition, when there is no visit plan before the record corresponding to the reference number, the progress status management unit 116 adds information indicating that the order is normal and transmits the record to the individual window terminal 500. The reception unit 513 of the individual window terminal 500 does not warn if information indicating that the order is normal is added to the returned record of the visit schedule, and warns otherwise.

  Then, when the reception unit 513 transmits the certificate number to the certification information server 400 and receives the certification information, the reception unit 513 displays the certification number (step S103). Specifically, the reception unit 513 transmits the certificate number read in step S101 to the certification information server 400, and the certification information presentation unit 414 of the certification information server 400 stores the record corresponding to the certificate number in the certification information storage. The certification information read out and transmitted from the unit 421 is received and displayed on the display screen 700. Note that if the received certification information has expired, that is, if the current date and time at the time of processing has passed the expiration date 421H, the reception unit 513 outputs a warning indicating that it has expired.

  FIG. 15 is a diagram illustrating an example of the display screen 700 in the individual window terminal 500. On the display screen 700, a certificate number 701, an address 702, a name 703, a telephone number 704, a gender 705, and a date of birth 706 included in the certification information transmitted from the certification information server 400 are displayed. Displayed in the display area to the left of the center. Also, the photo information included in the certification information is displayed as certificate image information 707 in the display area on the right side from the center of the screen. In addition, when an input is accepted, a notification button 708 for starting a process of making an emergency call (e.g., e-mail, etc.) with a predetermined content for notifying the occurrence of an abnormality to a predetermined destination such as a security service is displayed at the upper right corner when viewed from the center of the screen. Is done. In addition, when an input is received at the lower right corner when viewed from the center of the screen, the individual window manager notifies the general window terminal 100 of the successful verification when the visitor confirms that the visitor is authentic by visual inspection and a predetermined oral question. A verification OK button 709 and a verification NG button 710 for reporting a verification failure to the general window terminal 100 when it is confirmed that the visitor is not authentic are displayed.

  Receiving unit 513, when receiving an input to any one of collation OK button 709 or collation NG button 710, informs general counter terminal 100 of the reference number and the success or failure of collation according to the accepted button (step S104). ).

  Although not shown in the drawing, the progress status management unit 116 of the general window terminal 100 receives the time of reception for the record that matches the reference number 121B of the progress information storage unit 121 when the success or failure of the collation in step S104 and the reference number are received. The received date / time 121D is stored, and the received value corresponding to the photosynthesis rejection is stored in the photosynthesis rejection 121E.

  The above is the process flow of the individual window verification process. According to the individual window verification process, it is possible to present information that determines whether a visitor's visit is on schedule or whether the visitor is due to impersonation, and the results are managed centrally. it can. In the individual window, it is possible to accurately check the visitors by visual inspection or the like by the person in charge of the individual window using registered photos.

  In general, for accurate verification, biometric authentication using, for example, an iris pattern or a vein pattern is considered to be highly accurate, simple, and highly effective in security. On the other hand, there are also the advantages of authentication (direct measures against forgery of iris information etc., oversight of suspicious operations, etc.) by directly meeting with the person being verified at the window. Therefore, if these are combined and approved, it can be said that a more secure window operation can be performed while avoiding the troublesomeness and the like of a visitor presenting identification verification documents for each window.

  Next, the flow of mobile collation processing in the present embodiment will be described based on FIG. FIG. 16 is a flowchart showing mobile collation processing. The mobile verification process is started when a person to be verified using the mobile terminal 600 sends a verification request to the individual window terminal 500.

  First, the remote verification control unit 613 of the mobile terminal 600 receives input of a predetermined reference number and a certificate number of a certificate used for verification by the verified person via the input processing unit 611 (step S201). .

  Then, the remote verification control unit 613 transmits the reference number and the certificate number to the individual window terminal 500 (Step S202).

  Then, the remote verification control unit 613 captures the certificate and the operator using the camera 606 function, and transmits the captured data to the individual window terminal 500 (step S203).

  The remote reception unit 514 of the individual window terminal 500 receives the input of the reference number and the certificate number (step S204).

  Then, the remote reception unit 514 acquires the progress information by transmitting the received reference number to the general window terminal 100, and gives a warning when the order is out of the progress order (step S205). Specifically, the remote reception unit 514 transmits the received reference number to the general window terminal 100. Then, the progress status management unit 116 of the general window terminal 100 searches the progress information storage unit 121 and extracts a record corresponding to the reference number and a record scheduled to be visited by the same certificate. The progress status management unit 116 confirms that the order is normal when the window reception date / time 121D of the window scheduled to visit before the record corresponding to the reference number is filled and collation success / failure 121E is successful. Is added to the individual window terminal 500. The remote reception unit 514 of the individual window terminal 500 does not warn if information indicating that the order is normal is added to the returned record, and warns otherwise. In addition, when there is no visit plan before the record corresponding to the reference number, the progress status management unit 116 adds information indicating that the order is normal and transmits the record to the individual window terminal 500.

  Then, when the remote reception unit 514 transmits the certificate number to the certification information server 400 and receives the certification information, it is displayed (step S206). Specifically, the remote reception unit 514 transmits the certificate number received in step S204 to the certification information server 400, and the certification information presentation unit 414 of the certification information server 400 displays the record corresponding to the certificate number as certification information. The certification information read out and transmitted from the storage unit 421 is received and displayed on the display screen 700 ′. Note that if the received certification information has expired, that is, if the current date and time at the time of processing has passed the expiration date 421H, the remote reception unit 514 outputs a warning that it has expired.

  FIG. 17 is a diagram showing an example of a display screen 700 ′ in the case of remote verification at the individual window terminal 500. On the display screen 700 ′, the certificate number 701, the address 702, the name 703, the telephone number 704, the gender 705, and the date of birth 706 included in the certification information are displayed on the left side of the screen. Further, the photo information included in the certification information is displayed as certificate image information 707 on the lower left side when viewed from the center of the screen. The display screen 700 ′ further includes a verification applicant-presented certificate image display area 721 for displaying the photographed data of the certificate transmitted in step S 203 from the mobile terminal 600 used by the person to be verified. An ID photo enlargement display unit 722 that enlarges and displays a photo publishing area including a face portion in the photographed data of the certificate, and a received capture image display unit that is data obtained by imaging the operator transmitted from the mobile terminal 600 723.

  The display screen 700 ′ includes an image including the face portion displayed in the certificate image information 707, an image including the face portion displayed in the ID photo enlargement display unit 722, and an operation transmitted from the mobile terminal 600. Authentication rates 724, 725, and 726 corresponding to the degree of coincidence obtained by comparing the images including the face portion displayed on the received capture image display unit 723, which is image data obtained by photographing the person, are displayed. .

  In addition, when an input is received at the upper right corner when viewed from the center of the display screen 700 ′, a process for making an emergency call (for example, sending an e-mail or the like) having a predetermined content informing a predetermined destination such as a security service of the occurrence of an abnormality A notification button 708 for starting the message is displayed. In addition, when an input is received at the lower right corner when viewed from the center of the screen, the individual window manager notifies the general window terminal 100 of the successful verification when the visitor confirms that the visitor is authentic by visual inspection and a predetermined oral question. A verification OK button 709 and a verification NG button 710 for reporting a verification failure to the general window terminal 100 when it is confirmed that the visitor is not authentic are displayed.

  Then, the remote reception unit 514 displays the image data obtained by photographing the certificate transmitted from the mobile terminal 600 and the image data obtained by photographing the operator, and a verification applicant-presented certificate image display area 721 on the display screen 700 ′; The output processing unit 512 is instructed to display the received captured image display unit 723 (step S207). In addition, the remote reception unit 514 instructs the output processing unit 512 to enlarge the area including the face photo in the imaged data of the certificate and display it on the ID photo enlargement display unit 722.

  Then, the remote reception unit 514 requests the collation unit 515 to calculate the authentication rate for each of the image data including the face portion and instruct the output processing unit 512 to display it on the display screen 700 ′. (Step S208). Specifically, the collation unit 515 transmits the image including the face portion displayed in the certificate image information 707, the image including the face portion displayed in the ID photo enlargement display unit 722, and the mobile terminal 600. The image including the face portion displayed on the received capture image display unit 723, which is data obtained by imaging the operator, is compared with each other to obtain the degree of coincidence, and the authentication rate corresponding to the degree of coincidence is specified to display the display screen 700 ′. Instruct the output processing unit 512 to display

  When receiving an input to either the verification OK button 709 or the verification NG button 710, the remote reception unit 514 notifies the general counter terminal 100 of the reference number and verification success or failure (step S209).

  Although not shown in the figure, the progress status management unit 116 of the general window terminal 100 accepts the success or failure of the collation in step S209 and the reference number, and for the record that matches the reference number 121B of the progress information storage unit 121, the progress time management unit 116 displays the time at the time of reception. The received date / time 121D is stored, and the received value corresponding to the photosynthesis rejection is stored in the photosynthesis rejection 121E.

  The above is the process flow of the mobile verification process. According to the mobile verification process, it is possible to present information for determining whether or not the verification candidate is due to impersonation without going to an individual window, and the results can be managed centrally. In the individual window, it is possible to accurately collate the desired person by visual inspection or the like by the person in charge of the individual window using registered photos.

  In general, in remote authentication via a network, for example, user authentication using a user ID and password is often adopted as a security system including operational ease, and other authentication methods are very convenient. It is said that there are only a limited number of scenes that can be adopted due to the lack of such facilities and the need for dedicated equipment, which tends to be expensive. On the other hand, there are also advantages of authentication by visually approving the person to be collated (measures against counterfeiting of iris information etc., oversight of suspicious operations, etc.). Therefore, more secure operation is possible by performing remote verification based on the authenticity of the certificate information registered in advance as described above, the person who wishes to verify, and the face photo described in the certificates. It can be said.

  As mentioned above, although embodiment of this invention was described concretely based on embodiment, it is not limited to this, A various change is possible in the range which does not deviate from the summary.

  For example, in the above embodiment, in the individual window terminal 500, in the individual window verification process of the visitor, the individual window staff compares the registered image data with the appearance of the visitor and makes an approval decision. However, the present invention is not limited to this, and approval determination and trail management may be performed. For example, as shown in FIG. 18, an image acquisition unit 516 is provided in the control unit 510 of the individual window terminal 500, and a visitor is captured by a connected camera (not shown), and a display screen 800 as shown in FIG. Alternatively, the captured image data may be displayed as the captured image 811. By doing so, the difference between the visual observation of the person to be verified as a three-dimensional object and the photograph data of the certificate as the plane data can be filled in, making it easier to compare and reducing erroneous verification.

  Further, as shown in FIG. 19, when information on a visit schedule of a visitor is received, this may be displayed in a reception schedule display field 812. According to this, it can be said that more detailed schedules of visitors can be known, and a more flexible window correspondence is possible.

  Further, the certification information server 400 in the above embodiment and the modification may be provided by an institution that issues certificates, and in that case, the general window terminal 100 and the individual window terminal 500 are used for verification. The certification information server 400 may be specified and accessed in accordance with the type of the identity verification certificate 50 used. For example, it may be provided by a passport issuer, provided by a Basic Resident Register issuer, provided by a driver's license issuer, or health insurance. It may be provided by the certificate issuer.

  In addition, the window authentication system 1 in the said embodiment and modification is not only made into a transaction object as a system, but can also be made into a transaction object per program part unit which implement | achieves operation | movement of each apparatus unit or apparatus.

DESCRIPTION OF SYMBOLS 1 ... Window authentication system, 10 ... Network, 50 ... Identity verification certificate, 100 ... General window terminal, 180 ... Camera, 190 ... Scanner, 200 ... Print receipt Machine 300 ... acceptance slip, 400 ... certification information server, 500 ... individual window terminal, 580 ... bar code scanner, 600 ... mobile terminal

Claims (10)

A certificate information storage means for storing information of a certificate for identifying the individual including the feature information of the individual face;
Registration means for previously registering the certificate information in the certificate information storage means;
Display means for reading and displaying the certificate information from the certificate information storage means;
Input accepting means for accepting an input of a verification result using the certificate information included in the certificate information;
Result storage means for storing the collation result received by the input reception means;
A window authentication system comprising: The window authentication system according to claim 1,
The certificate information storage means is acquired from the certificate via an optical image and stored as information on the certificate.
A window authentication system characterized by that. The window authentication system according to claim 1 or 2,
When the certificate information storage means cannot acquire the personal face feature information from the optical image of the certificate, the image taken by the camera is used as the personal face feature information.
A window authentication system characterized by that. The window authentication system according to any one of claims 1 to 3,
The registration means, when registering the certificate information, prints out information specifying the registered information,
The display means includes
Identifying certificate information to be read and displayed from the printed information;
A window authentication system characterized by that. The window authentication system according to any one of claims 1 to 4,
The display means is provided at each of one or more windows,
Order registration means for registering information for specifying the order of collation at the one or more counters;
The input receiving means displays a warning when the order of matching registered in the order registration means does not match;
A window authentication system characterized by that. The window authentication system according to any one of claims 1 to 5,
When the display unit receives an image of the operator photographed by the camera, the display unit displays the image together with personal facial feature information included in the certificate information.
A window authentication system characterized by that. The window authentication system according to any one of claims 1 to 6,
The display means, when receiving an image obtained by photographing the certificate by a camera, displays the personal face feature information included in the certificate information.
A window authentication system characterized by that. A certificate information storage means for storing information of a certificate for identifying the individual including the feature information of the individual face;
Registration means for previously registering the certificate information in the certificate information storage means;
A read response means for reading and transmitting the certificate information from the certificate information storage means in response to a read request for the certificate information;
A window authentication server characterized by comprising: A program that allows a computer to perform authentication at the counter,
Causing the computer to function as control means and storage means;
In the storage means, information of a certificate specifying the individual including personal face feature information is stored,
For the control means,
A registration procedure for previously registering the certificate information in the storage means;
A display procedure for reading and displaying the certificate information from the storage means;
An input acceptance procedure for accepting an input of a verification result using certificate information included in the certificate information;
A result storing procedure for storing the collation result received by the input receiving procedure;
A program characterized by having an implementation. A window authentication method using a window authentication system,
The window authentication system is:
Comprising certificate information storage means for storing information of a certificate for identifying the individual, including personal face feature information,
A registration step of previously registering the certificate information in the storage means;
A display step of reading and displaying the certificate information from the storage means;
An input accepting step for accepting an input of a verification result using certificate information included in the certificate information;
A result storing step for storing the collation result received in the input receiving step;
The window authentication method characterized by implementing.

Images