JP2014160439A - Biometric authentication method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To solve the problem that while cached biometric authentication used to be performed for a limited device with a compound machine, it is impossible to cope with various situations in a conventional technology.SOLUTION: The template information of a plurality of persons to be authenticated is preliminarily stored in a storage device, and when the person to be authenticated enters an office or the like, the input of biological information is received from the person to be authenticated, and the biological information is collated with the template information to execute authentication processing, and when positive determination is made as the result of authentication processing, the template information used for the determination is stored in a cache database. As for following authentication, the biological information is received by an input different from that in authentication when the person to be authenticated enters, and the biological information is collated with the template information stored in the cache database. Furthermore, when the person to be authenticated performs a predetermined operation such as the log-off of predetermined equipment (it is determined that the person to be authenticated leaves the office), the corresponding template information is deleted from the cache database.

Description

  The present invention relates to an authentication technique using biometric information. In particular, the present invention relates to a technique for registering and using biometric information as a reference for authentication in a cache.

  Currently, biometric authentication technology using biometric information has been proposed to ensure security. In this method, authentication is performed by comparing biometric information recorded in advance with biometric information input at the time of authentication. Here, in current companies and offices, devices and opportunities for performing authentication are increasing. For example, when entering a predetermined floor, when using a PC (login), when printing with another device (multifunction device), there is an increasing need for biometric authentication each time. However, if authentication is performed in this way, there is a problem that it takes time to read out biometric information (hereinafter referred to as template information) as a reference each time, and authentication takes time.

  Patent Document 1 has been proposed as a conventional technique for solving this problem. In Patent Document 1, the authentication process when using a multifunction peripheral is accelerated by providing a cache of authentication information to the multifunction peripheral that the user may use according to the user's entry. More specifically, the MFP receives first identification information (including biometric information) of a user permitted to enter the room, transmits an authentication request including the received first identification information to the authentication server, and receives an authentication request. , When the first identification information is authenticated, the authenticated first identification information is stored as authentication information in the multifunction device, and the user uses the multifunction device. When the second identification information for identifying the user is received and it is determined that the authentication information including the first identification information that matches the received second identification information is stored, the use of the MFP Is allowed.

JP 2010-277557 A

  In Japanese Patent Laid-Open No. 2004-260260, the target is limited devices and opportunities (situations) with the multifunction peripheral. However, as described above, biometric authentication is currently performed using various devices and opportunities (situations). In patent document 1, the subject that it cannot respond to such various apparatuses etc. arises.

  Regarding the authentication in the above various cases (plural situations), the initial authentication is performed at the time of entering an office or the like. In the present invention, this initial authentication is used for authentication in various devices and opportunities (each of a plurality of situations). That is, template information of a plurality of authentication subjects is stored in a storage device in advance, and when entering an office or the like, biometric information is input from the authentication subject and the biometric information is compared with the template information. When the authentication process is executed and a positive determination is made as a result of the authentication process, the template information used for this determination is stored in the cache database. For subsequent authentication, biometric information is received with an input different from the authentication at the time of admission, and this is compared with template information stored in the cache database. Further, when a predetermined operation such as logoff of a predetermined device is performed (for example, assuming that the user leaves the office), the corresponding template information is deleted from the cache database.

  The following aspects are also included in the present invention. At the time of admission, a person to be authenticated (or identification information thereof) is specified using a storage medium such as an IC card, and template information stored in a storage device in association with the specified information is specified. Authentication is performed by collating the input biometric information. In this case, “input different from authentication at the time of admission” inputs biometric information without using a storage medium.

  It is also an aspect of the present invention to delete template information from the cache database after a predetermined period of time has elapsed from a predetermined operation such as logoff or a deletion instruction accompanying this operation. This makes it possible to perform authentication using the cache database when reconsidering the business. In this case, it is more preferable to cancel the deletion of the cache.

  In addition, regarding deletion of template information from the cache database, when a predetermined time such as a working time or a deletion request (operation such as logoff) is a predetermined number or more, a plurality of deletions may be executed in a batch.

  Further, when template information is stored in the cache database, it is also an aspect of the present invention to store a flag indicating whether or not the next authentication has been performed in association with each other. This makes it possible to collate preferentially from those in which the next authentication has not been performed. In this case, as the next authentication, it is preferable to specify a device related to the authentication in advance and record whether the device has been authenticated. Note that authentication other than the next authentication may be preferentially collated from the next authentication performed by the flag.

  As described above, according to the present invention, when authentication is performed in various situations in an office or the like, the authentication can be realized at higher speed (a cache can be used).

1 is a block diagram showing an entire system in an embodiment of the present invention. It is the figure which showed the flow at the time of the user in one Example of this invention going to office. It is the figure which showed the flow at the time of the user in one Example of this invention using an entrance / exit system. It is the figure which showed the flow at the time of the user in one Example of this invention using another system (other than an entrance / exit system). It is the figure which showed the flow at the time of the user leaving the office in one Example of this invention. It is an example of the apparatus table used in one Example of this invention. It is an example of the user table used in one Example of this invention.

  An embodiment of the present invention will be described below. In the present embodiment, a system for entering and leaving an office is taken as an example. FIG. 1 shows the overall system of this embodiment. The user enters the office through the door on which the electronic lock 100 is installed, and an information processing apparatus such as a printer (multifunction machine) 108 and a notebook PC 109 connected to the network is installed in the office. The user can use these.

  Further, the above-described network reads and authenticates the authentication server 103 which is each device for authenticating the user, the authentication controller 102 for controlling the unlocking / locking of the electronic lock 100, and the information for user authentication. A reader 101 that transmits the information to the controller 102 is also directly or indirectly connected.

  Hereinafter, the processing contents of this system will be described with reference to FIGS. First, using FIG. 2, the operation when the user leaves the office will be described.

  First, in step 201, the reader 101 reads the employee ID and biometric information (A) from the held IC card, and in step 202 reads the biometric information (B) from the held finger. In this embodiment, the biometric information (A) is stored in the IC card, but the biometric information (B) of each user may be stored in the authentication server 103.

  Thereafter, in step 203, the employee ID, the biometric information (A) in the IC card, and the biometric information (B) of the held finger are transmitted to the authentication server 103. In step 204, the authentication server 103 compares and collates the biometric information transmitted from the reader 101. If the collation result is non-matching (NG), in step 205, the NG result is transmitted to the reader 101. In step 206, the reader 101 displays the result of NG and prompts the user to authenticate again. If the collation result is coincidence (OK), the authentication server 103 transmits the user ID 701 in the user table 105 and the biometric information (B) to the cache database 104 in step 207.

Thereafter, in step 208, the cache database 104 stores the biometric information (B), updates the company entry flag 703 in the row that matches the user ID 701 in the user table 105 from 0 to 1, and sets the updated time to the company entry time 704. Register with. Thereafter, in step 209, the cache database transmits an OK result to the authentication server 103, and the authentication server 103 transmits a door unlocking permission signal to the authentication controller 102. In step 211, the received authentication controller 102 unlocks the door. In step 210, the authentication server 103 transmits an OK result to the reader 101 and displays the OK result. The biometric information stored in the cache database 104 may be biometric information (A).
Next, the operation when the user uses the entry / exit system after leaving the office will be described with reference to FIG.
First, in step 301, the reader 101 reads the biometric information (C) from the held finger, and in step 302 transmits the biometric information (C) to the authentication server 103. Thereafter, in step 303, a signal for transmitting each stored biometric information (D) is transmitted to the cache database 104. In step 304, the cache database 104 receives a signal for transmitting each stored biometric information (D). In step 305, the cache database 104 transmits each stored biometric information (D) to the authentication server 103.

  After that, the authentication server 103 compares the biometric information (C) of the held finger with each stored biometric information (D), and if the result of collation does not match (NG), in step 307, the reader 101 Send NG result to. In step 306, the reader 101 displays the result of NG and prompts the user to authenticate again. If the collation result is coincidence (OK), the authentication server 103 transmits the OK result to the authentication server 103 in step 307, and the authentication server 103 sends a signal for permitting unlocking of the door to the authentication controller 102. Send. In step 310, the received authentication controller 102 unlocks the door. In step 309, the authentication server 103 transmits an OK result to the reader 101 and displays the OK result.

Moreover, the operation | movement at the time of using another system (PC login) after a user leaves the office is demonstrated using FIG.
In step 401, the reader 101 reads biometric information (E) from the held finger, and transmits biometric information (E) to the authentication server 103 in step 402. In step 403, a signal for transmitting each stored biometric information (F) is transmitted to the cache database 104. In step 404, the cache database 104 receives a signal for transmitting each stored biometric information (F), and in step 405 transmits the stored biometric information (F) to the authentication server 103. In step 406, the authentication server 103 compares and collates the biometric information (E) of the held finger with each stored biometric information (F). If the collation result is non-coincidence (NG), in step 407, the NG result is transmitted to the notebook PC 109 in accordance with the device ID 601 of the device table 107. In step 408, the notebook PC 109 displays the NG result on the screen and prompts the user to authenticate again. If the collation result is coincidence (OK), the authentication server 103 transmits the OK result to the notebook PC 109 in step 406 according to the device ID 601 of the device table 107. In step 409, the notebook PC 109 displays the result of OK on the screen, and in step 410, permits log-on.

Finally, using FIG. The operation when the user leaves the office will be described.
In step 501, the notebook PC 109 turns off the PC. Thereafter, in step 502, the cache database 104 that has detected the OFF signal updates the leaving flag 705 of the user table 105 from 0 to 1, and registers the updated time in the leaving time 706. Thereafter, in step 503, if the leaving flag 705 of each user who has started work is 1, each of the biometric information in the cache database 104 is deleted. As a result, in the process of the next sunrise company (FIG. 2), the process can be executed with the cache cleared.

100 Electronic lock 101 Reader 102 Authentication controller 103 Authentication server 104 Cache database 105 User table 106 Device database 107 Device table 108 Printer 109 Notebook PC

Claims (6)

In a biometric authentication method for performing biometric authentication in each of a plurality of situations,
The template information of a plurality of authentication subjects is stored in advance in a storage device,
As the first authentication that is the initial authentication in the plurality of situations, the input of biometric information is received from the person to be authenticated, and the authentication process is executed by comparing the biometric information with the template information.
If a positive determination is made as a result of the authentication process, the template information used for the determination is stored in a cache database,
As the second authentication in the plurality of situations, an input different from that of the first authentication is made, and biometric information is received from the person to be authenticated, and the received biometric information and the cache database are stored. Execute the authentication process against the template information
A biometric authentication method, wherein when the authentication subject performs an operation related to a predetermined situation of the plurality of situations, the template information of the authentication subject is deleted from the cache database. The biometric authentication method according to claim 1,
The storage device stores the template information in association with the identification information of the corresponding person to be authenticated,
As the input for the first authentication, reading identification information for identifying the person to be authenticated stored in a storage medium,
The first authentication is performed by collating the biometric information stored in association with the read identification information with the biometric information input,
Accepting input of biometric information from the person to be authenticated as an input for the second authentication;
The biometric authentication method, wherein the second authentication is executed by collating the received biometric information with one or more template information stored in a cache database. The biometric authentication method according to claim 1 or 2,
The biometric authentication method, wherein the template information is deleted after a certain period from an operation related to a predetermined situation among the plurality of situations or after a certain period from a deletion request made in association with the operation. The biometric authentication method according to any one of claims 1 to 3,
The biometric authentication method according to claim 1, wherein the template information is deleted when a predetermined condition is satisfied, and a plurality of template information are collectively deleted. The biometric authentication method according to any one of claims 1 to 4,
The cache database stores a flag indicating whether the next authentication of the first authentication has been performed in association with the template information,
A biometric authentication method characterized in that, when performing the next authentication, collation is preferentially performed from template information that is not subjected to the next authentication by the flag. The biometric authentication method according to any one of claims 1 to 5,
The cache database records the template information sorted in the storage order,
In the next authentication, the template information is collated with the input biometric information in the sorted order.

Images