JP2014232453A - Authentication device, authentication method, and authentication program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce the time spent at retry time of authentication using composite biological information.SOLUTION: An authentication system 1 checks a plurality of pieces of biological information acquired from a plurality of portions of a user against preregistered biological information. If, as a result of the check, part of the plurality of pieces of biological information acquired from the user does not resemble the preregistered biological information, the authentication system 1 executes the following process. Specifically, the authentication system 1 extracts, from the plurality of pieces of biological information reacquired from the user, biological information acquired from the same portion as was the biological information which did not resemble the preregistered biological information. Then, the authentication system 1 rechecks the extracted biological information against the preregistered biological information, and executes authentication of the user on the basis of the result of the check and the result of the recheck.

Description

  The present invention relates to an authentication device, an authentication method, and an authentication program.

  2. Description of the Related Art Conventionally, a biometric authentication technique for authenticating a user using biometric information such as a user's fingerprint, vein, facial appearance, voice print, iris, signature, and the like is known. As an example of such a biometric authentication technique, a user authentication system that secures a high level of security by performing user authentication by combining a plurality of user biometric information is known.

  For example, the user authentication system stores in advance composite biometric information that combines fingerprint information indicating the shape of a fingerprint read from the user's index finger, middle finger, and ring finger and vein information indicating the shape of a vein read from the palm of the user. ing. Then, the user authentication system reads fingerprint information and vein information from the user to be authenticated, and whether or not the read fingerprint information and vein information match each fingerprint information and vein information included in the composite biometric information. Authenticate users according to

JP 2003-050783 A

“Independent evaluation of palm vein authentication and fingerprint authentication for multimodal biometric authentication”, Shigefumi Yamada, Toshio Endo, Takashi Niizaki, BioX2012-11, Biometrics Study Group Materials 59p-64p, “http: //www.ieice .org / ~ biox / 001-kenkyukai / pdf / BioX2012-11.pdf ” “Achieving a“ hand-held identity verification system ”: Fujitsu”, Internet, search on January 30, 2013, “http://jp.fujitsu.com/journal/strength/technologies/201111.html” “World's first! Developed authentication technology for 1 million people using palm veins and fingerprints: Fujitsu”, Internet, January 30, 2013 search, “http://pr.fujitsu.com/jp/news/ 2011/06 / 1.html? Nw = pr ”

  However, in the technology for authenticating a user using the above-described composite biometric information, when authentication fails, a plurality of pieces of biometric information is read again from the user, and the plurality of read biometric information and the pre-stored composite biometric information are stored. It is determined again whether or not. For this reason, the user authentication system has a problem that it takes time to perform authentication at the time of retry.

  In one embodiment, the time required for retrying authentication using composite biometric information is reduced.

  In one aspect, an authentication device that authenticates a user. In addition, the authentication device collates a plurality of pieces of biometric information acquired from a plurality of parts of the user with biometric information registered in advance. In addition, as a result of the collation, the authentication device executes the following process when a part of the plurality of pieces of biometric information acquired from the user is not similar to biometric information registered in advance. That is, the authentication device extracts biometric information acquired from the same part as biometric information that is not similar to biometric information registered in advance from a plurality of biometric information acquired again from the user. Then, the authentication device re-collates the extracted biometric information with biometric information registered in advance, and performs user authentication based on the results of collation and re-collation.

  In one aspect, the time required for retrying authentication using composite biometric information can be shortened.

FIG. 1 is a diagram illustrating an authentication system according to the first embodiment. FIG. 2 is a diagram illustrating a functional configuration of the authentication system according to the first embodiment. FIG. 3 is a diagram illustrating an example of a biosensor. FIG. 4A is a diagram illustrating an example of a histogram of pixel values. FIG. 4B is a diagram illustrating an example of high-quality fingerprint data. FIG. 4C is a diagram illustrating an example of a good fingerprint image histogram. FIG. 4D is a diagram illustrating an example of low-quality fingerprint data. FIG. 4E is a diagram illustrating an example of a histogram of a fingerprint image with low contrast. FIG. 4F is a diagram illustrating an example of processing for determining a finger state. FIG. 5 is a schematic diagram illustrating an example of collation performed by the authentication system according to the first embodiment. FIG. 6 is a schematic diagram illustrating an example of re-collation performed by the authentication system according to the first embodiment. FIG. 7 is a diagram illustrating an example of matching of collation scores executed by the authentication system according to the first embodiment. FIG. 8 is a flowchart illustrating the flow of processing executed by the authentication system according to the first embodiment. FIG. 9 is a diagram illustrating the functional configuration of the authentication system according to the second embodiment. FIG. 10 is a flowchart illustrating the flow of processing executed by the authentication system according to the second embodiment. FIG. 11 is a diagram illustrating the functional configuration of the authentication system according to the third embodiment. FIG. 12 is a diagram illustrating an example of position information. FIG. 13 is a diagram illustrating an example of direction information. FIG. 14 is a flowchart illustrating the flow of processing executed by the authentication system according to the third embodiment. FIG. 15 is a diagram for explaining a variation of the authentication system. FIG. 16 is a diagram illustrating an example of a computer that executes an authentication program.

  Hereinafter, an authentication apparatus, an authentication method, and an authentication program according to the present application will be described with reference to the accompanying drawings. The following examples do not limit the disclosed technology. Each embodiment can be appropriately combined within a range in which processing contents are not contradictory.

  In the following first embodiment, an authentication system that performs 1: N authentication for performing authentication by comparing biometric information acquired from a user with biometric information registered in advance without using a user identifier will be described. . FIG. 1 is a diagram illustrating an authentication system according to the first embodiment. As shown in FIG. 1, the authentication system 1 includes a biosensor 2, a client 3, a network 4, a cache server 5, an authentication server 6, an authentication server 7, and a DB (DataBase) server 8.

  In the example illustrated in FIG. 1, the description is omitted, but the authentication system 1 has another authentication server that performs the same function as the authentication server 6. Further, in the following description, the authentication server 7 is assumed to exhibit the same function as the authentication server 6, and the description thereof is omitted.

  For example, the biosensor 2 is a reading device that acquires biometric information of a user who is an authentication target. Specifically, the biological sensor 2 reads biological information of each part from a plurality of parts of the user. For example, the biometric sensor 2 acquires image data including fingerprint portions of the user's index finger, middle finger, and ring finger, and image data of a vein shape of the palm. Then, the biometric sensor 2 outputs the acquired image data to the client 3.

  The client 3 extracts a plurality of pieces of biological information from the image read by the biological sensor 2, and transmits the extracted biological information to the cache server 5 via the network 4. For example, the client 3 extracts the fingerprint image data of the index finger, the middle finger, and the ring finger from the image data including the fingerprint portions of the index finger, the middle finger, and the ring finger. And the client 3 produces | generates the biometric information of a fingerprint from each extracted fingerprint image data.

  In addition, the client 3 extracts a vein shape pattern from palm vein shape image data, and generates biometric information indicating the extracted shape pattern. Then, the client 3 transmits the composite biometric information including the plurality of generated biometric information to the cache server 5.

  When the client 3 receives a notification that the user has been authenticated from the cache server 5, the client 3 notifies the user that the user has been authenticated. On the other hand, when the client 3 receives a notification that the user authentication has failed from the cache server 5, the client 3 reacquires the complex biometric information from the user and outputs the reacquired complex biometric information to the cache server 5. . That is, the authentication system 1 executes an authentication retry.

  When receiving the composite biometric information from the client 3, the cache server 5 caches the received composite biometric information and transmits the received composite biometric information to the authentication server 6. Note that the cache server 5 may transmit the composite biometric information to another authentication server such as the authentication server 7 when the processing load on the authentication server 6 is large and authentication cannot be performed quickly.

  When the cache server 5 receives the verification result of the composite biometric information from the authentication server 6, the cache server 5 transmits the authentication result to the client 3 based on the received verification result. For example, the cache server 5 receives from the authentication server 6 the degree of similarity of each piece of biometric information included in the composite biometric information with each piece of biometric information included in the composite biometric information registered in the DB server 8. When all the received similarities are larger than a predetermined threshold, the cache server 6 notifies the client 3 that the user has been authenticated. On the other hand, if any of the similarities is smaller than a predetermined threshold, the cache server 6 notifies the client 3 that the user authentication has failed.

  The authentication server 6 collates the composite biometric information acquired from the user with the composite biometric information registered in advance in the DB server 8. For example, the DB server 8 stores a user ID indicating a user in association with complex biometric information acquired from the user indicated by the user ID. Further, when the authentication server 6 receives the complex biometric information from the cache server 5, the biometric information included in the received complex biometric information and the biometric information included in the complex biometric information registered in the DB server 8 are similar. Each degree is calculated.

  For example, the authentication server 6 calculates the similarity between the feature point data of the index finger fingerprint included in the received composite biometric information and the feature point data of the index finger fingerprint included in the composite biometric information registered in the DB server 8. To do. In addition, the authentication server 6 also calculates similarities for the middle finger, ring finger, and vein biometric information. Then, the authentication server 6 transmits the similarity calculated for the biometric information of each part to the cache server 5.

  Here, in the conventional authentication system, when the user authentication fails, the plurality of pieces of biometric information acquired again from the user and the biometric information registered in advance are collated to authenticate the user. . However, for example, when 1: N authentication is performed, the conventional authentication system collates a plurality of pieces of biometric information acquired from a user with biometric information registered in advance, so that authentication at the time of retry is performed. It takes about the same time as the first authentication.

  In addition, in the conventional authentication system, when the quality of some of the biometric information obtained from the user does not satisfy a predetermined standard, other biometric information and preregistered biometric information are included. Despite being similar, it is determined that the user authentication has failed. Then, the conventional authentication system acquires a plurality of pieces of biological information from the user again, and collates the plurality of pieces of biological information acquired again with the biological information registered in advance in a brute force manner. For this reason, the conventional authentication system performs useless collation at the time of retry.

  Therefore, the authentication system 1 executes the following processing. For example, the authentication system 1 collates the biometric information acquired from the user with the biometric information registered in the DB server 8. And as a result of collation, authentication system 1 performs the following processes, when some biometric information acquired from a user is not similar with the biometric information registered into DB server 8.

  First, the authentication system 1 obtains biometric information acquired from the same part as the biometric information that was not similar to the biometric information registered in the DB server 8 at the previous collation from a plurality of pieces of biometric information acquired from the user again. Extract. And the authentication system 1 performs the difference collation which recollates with the biometric information registered into DB server 8 only about the extracted biometric information. Thereafter, the authentication system 1 authenticates the user based on the collation result and the recollation result.

  As described above, the authentication system 1 re-collates only the biometric information of the same part as the biometric information that was not similar to the biometric information registered at the previous collation among the plurality of biometric information acquired from the user during the retry. set to target. For this reason, since the authentication system 1 does not collate extra biometric information, the time required for the retry of authentication can be shortened. In the following description, the biometric information determined to be similar to the biometric information registered in the DB server 5 is described as biometric information that has been successfully authenticated, and is determined not to be similar to the biometric information registered in the DB server 5. The biometric information may be described as biometric information that has failed authentication.

  Next, the functional configuration of the authentication system 1 will be described with reference to FIG. FIG. 2 is a diagram illustrating a functional configuration of the authentication system according to the first embodiment. In the example illustrated in FIG. 2, the client 3 includes a biological information acquisition unit 10, an image processing unit 11, a biological part identification unit 12, a secondary information extraction unit 13, and a biological information generation unit 14. Further, the cache server 5 includes a cache management unit 20, a cache storage unit 21, an identical biometric information determination unit 22, a secondary information comparison unit 23, and a matching score management unit 24. In addition, the authentication server 6 includes a verification processing unit 30.

  First, a specific example of the biosensor 2 that reads biometric information will be described. The biometric sensor 2 acquires a fingerprint image of the user's index finger, middle finger, and ring finger, and an image indicating the shape of the palm vein. For example, FIG. 3 is a diagram illustrating an example of a biosensor. In the example illustrated in FIG. 3, the biometric sensor 2 includes a fingerprint sensor area 201, a palm vein sensor 202, a wrist fixing guide 203, and a finger fixing guide 204.

  The fingerprint sensor area 201 is a sensor that images the fingerprints of the user's index finger, middle finger, and ring finger. The palm vein sensor 202 is a sensor that captures the vein shape of the user. The wrist fixing guide 203 is a guide for fixing the wrist position of the user so that the biological information can be accurately read. The finger fixing guide 204 is a guide for fixing the position of each finger of the user.

  For example, when the user's hand is placed according to the wrist fixing guide 203 and the finger fixing guide 204, the biometric sensor 2 shown in FIG. 3 images the fingerprints of three fingers touching the fingerprint sensor area 201. One image data is generated. For example, the biometric sensor 2 generates image data obtained by capturing the fingerprints of the user's right index finger, middle finger, and ring finger. The biosensor 2 generates vein-shaped image data read by the palm vein sensor 202. Then, the biometric sensor 2 outputs the generated two image data to the client 3.

  The biometric sensor 2 can read biometric information regardless of the user's right hand or left hand. For this reason, when the biometric sensor 2 reads the biometric information, the authentication system 1 instructs the user of a hand to be read of the biometric information via the client 3, thereby unifying the part from which the biometric information is read. . For example, the authentication system 1 is “Please enter your right hand data. ”Or the like is displayed on a monitor (not shown) connected to the client 3 to unify the parts of the biometric information when performing authentication.

  Returning to FIG. 2, the biological information acquisition unit 10 controls a fingerprint sensor, a palm vein sensor, and the like included in the biological sensor 2 to acquire a user's fingerprint and palm vein image data. Then, the biometric information acquisition unit 10 outputs the acquired fingerprint image data and palm vein image data to the image processing unit 11.

  In addition, when the biometric information acquisition unit 10 receives notification from the authentication server 6 that the user authentication has failed, the biometric information acquisition unit 10 controls the biometric sensor 2 to reacquire the user's fingerprint and palm vein image data. .

  The image processing unit 11 performs image processing on each image data received from the biosensor 2. For example, when the image processing unit 11 receives image data from the biometric information acquisition unit 10, the image processing unit 11 removes noise from the image data. In addition, the image processing unit 11 performs bipolar processing and thinning processing on the image data to clarify the shapes of fingerprints and veins in the image. Then, the image processing unit 11 outputs each image data to the living body part identification unit 12.

  The biological part identification unit 12 identifies which part of the biological information in the image received from the image processing unit 11 is the biological information. For example, when receiving the fingerprint image data, the living body part identifying unit 12 identifies three regions including the fingerprint shape from the image data. In addition, the living body part identification unit 12 identifies which fingerprint each fingerprint is based on the positional relationship of the identified fingerprints.

  For example, when the image data includes the fingerprint of the index finger, middle finger, and ring finger of the right hand in the image data, the living body part identification unit 12 identifies three regions in which the fingerprint is imaged from the image data. Then, the living body part identification unit 12 determines that the region includes the fingerprints of the index finger, the middle finger, and the ring finger in order from the region located on the left side in the image data.

  Thereafter, the living body part identification unit 12 generates image data for each identified area, that is, image data in which the fingerprint of each finger is imaged, and the generated image data of each finger along with information indicating the part is added to the secondary information. The data is output to the extraction unit 13 and the biological information generation unit 14. The biological part identifying unit 12 also outputs palm vein image data to the biological information generating unit 14 together with information indicating that it is a palm vein.

  The subsidiary information extraction unit 13 extracts subsidiary information other than biological information used for authentication, such as the dry state of each part. Specifically, the secondary information extraction unit 13 generates a histogram of pixel values for the image data of each finger received from the living body part identification unit 12, and reads the dry state of each finger from the generated histogram. In detail, the secondary information extraction unit 13 uses the state of each finger according to the ratio of the dry region and the wet region in the image data of each finger as the secondary information to the biometric information generation unit 14. Output.

  Hereinafter, an example of processing in which the subsidiary information extraction unit 13 reads the dry state of the finger from the pixel value histogram will be described with reference to FIGS. First, a histogram of pixel values calculated by the subsidiary information extraction unit 13 will be described with reference to FIG. 4A. FIG. 4A is a diagram illustrating an example of a histogram of pixel values. In FIG. 4A, the horizontal axis represents the pixel value, and the vertical axis represents the number of pixels of each pixel value. Here, the pixel value is a numerical value indicating the color of each pixel. For example, when the image data is a gray scale of 256 gradations, the pixel value is a numerical value indicating a gray scale gradation.

  For example, when the secondary information extraction unit 13 creates a histogram of the image data of each received fingerprint, as shown in FIG. 4A, the secondary information extraction unit 13 obtains a histogram in which two peaks indicating fingerprint ridges and valleys appear. Can do. Specifically, the subsidiary information extraction unit 13 performs a valley (A) of a valley that becomes a dark portion in the image data, that is, a peak (A) of a valley in the image data, and a portion that becomes a fingerprint crest, that is, in the image data. A histogram is obtained in which a mountain (B) of a ridge portion that becomes a bright color appears.

  Next, with reference to FIGS. 4B and 4C, a histogram obtained by the secondary information extraction unit 13 when image data with good quality is read will be described. FIG. 4B is a diagram illustrating an example of high-quality fingerprint data. For example, when the user's fingerprint is read in an ideal environment, the secondary information extraction unit 13 acquires an image in which the ridge line and valley line of the fingerprint are clear as shown in FIG. 4B. For this reason, the secondary information extraction unit 13 obtains a histogram illustrated in FIG. 4C when an ideal fingerprint image as illustrated in FIG. 4B is acquired.

  FIG. 4C is a diagram illustrating an example of a good fingerprint image histogram. For example, when the secondary information extraction unit 13 acquires an ideal fingerprint image, the peak distance between the valley line and the ridge line is separated as shown in FIG. As shown in (D), a histogram with clear values for each peak can be obtained.

  Here, when the user's finger is in a dry state or in a wet state, the biosensor 2 cannot acquire a good fingerprint image. That is, when the user's finger is in a dry state or in a wet state, the secondary information extraction unit 13 obtains a histogram with low contrast.

  FIG. 4D is a diagram illustrating an example of low-quality fingerprint data. For example, when the user's finger is in a dry state, the subsidiary information extraction unit 13 has a low contrast difference and a clear ridge line because the brightness of the entire image is high as shown in FIG. Get an image that is not. Further, for example, when the user's finger is in a wet state, the subsidiary information extraction unit 13 has a low contrast difference because the brightness of the entire image is low as shown in FIG. 4D (F). Get an image with unclear lines. For this reason, when the contrast of the histogram is lower than the predetermined threshold, the subsidiary information extraction unit 13 determines that the user's finger is in a dry state or a wet state.

  Hereinafter, the process in which the subsidiary information extraction unit 13 determines the state of the user's finger will be described with reference to FIG. 4E. FIG. 4E is a diagram illustrating an example of a histogram of a fingerprint image with low contrast. For example, the subsidiary information extraction unit 13 extracts the peak value “p1” of the valley line and the peak value “p2” of the ridge line. Next, the subsidiary information extraction unit 13 calculates a difference “d1” between the value of the lowest pixel number and the number of pixels in the peak value “p1” in a range where the pixel value is smaller than the peak value “p1”.

  Further, the subsidiary information extraction unit 13 calculates a difference “d2” between the lowest pixel number value and the pixel value at the peak value “p2” in a range where the pixel value is larger than the peak value “p2”. When the absolute value of the value obtained by subtracting “d2” from “d1” is smaller than a predetermined threshold, the secondary information extraction unit 13 is a fingerprint image with low contrast, and the user's finger is in a dry state. Or it determines with it being a wet state.

  Further, when it is determined that the user's finger is in a dry state or a wet state, the secondary information extraction unit 13 determines whether the user's finger is in a dry state or a wet state from the histogram. For example, FIG. 4F is a diagram illustrating an example of processing for determining a finger state. As shown by the hatched lines in FIG. 4F, the secondary information extraction unit 13 indicates a ratio “r” indicating that the sum of the number of pixels in a range where the pixel value is smaller than the preset pixel value “S” is the total number of pixels in the histogram. Is calculated.

  Here, it is considered that when the user's finger is in a wet state, the fingerprint image becomes dark overall, and when the user's finger is in a dry state, the fingerprint image becomes bright overall. For this reason, the subsidiary information extraction unit 13 determines that the user's finger is in a wet state when the calculated value of “r” is greater than a preset threshold value “r1”. In addition, when the calculated “r” value is smaller than the preset threshold value “r2”, the subsidiary information extraction unit 13 determines that the user's finger is in a dry state.

  In addition, the secondary information extraction unit 13 can select arbitrary information other than the information to be collated with the biometric information registered in the DB server 8 such as the finger state of the fingerprint image, the width of the fingerprint ridgeline, the pattern of the fingerprint, and the type of finger. Information is extracted as side information. Then, the subsidiary information extraction unit 13 outputs the subsidiary information collected for each part of the user to the biological information generation unit 14.

  Returning to FIG. 2, the biometric information generation unit 14 generates data used at the time of collation from the fingerprint or vein image read by the biometric sensor 2. For example, when the biometric information generation unit 14 receives the image data of each finger, the biometric information generation unit 14 extracts feature points such as a center point, a branch point, an end point, and a delta from the ridgeline and valley line of the fingerprint imaged in the image data of each finger. Then, feature point information including the positional relationship of the extracted feature points is extracted as biological information. That is, the biometric information generation unit 14 extracts so-called minutiae matching data as biometric information. In addition, the biometric information generation unit 14 extracts pattern matching data indicating a vein shape pattern from the palm vein image data as biometric information.

  Then, the biological information generation unit 14 generates composite biological information in which the extracted biological information of each finger and palm vein and the secondary information of each finger received from the secondary information extraction unit 13 are combined. Thereafter, the biometric information generation unit 14 transmits the generated composite biometric information to the cache server 5. Note that the biometric information generation unit 14 generates a notification when the biometric information acquisition unit 10 receives a notification that the user authentication has failed and generates complex biometric information from the biometric information reacquired from the user. The complex biometric information is transmitted to the cache server 5 as the complex biometric information obtained again.

  Next, the functional configuration of the cache server 5 will be described. When the cache management unit 20 receives the complex biometric information from the client 3 via the network 4, it transmits the complex biometric information to the authentication server 6 via the network 4 and registers the complex biometric information in the cache storage unit 21. To do. The cache storage unit 21 is a storage device that temporarily holds the composite biometric information registered by the cache management unit 20, and is an example of a holding unit described in the claims.

  In addition, when the cache management unit 20 receives the complex biometric information reacquired by the client 3, the cache management unit 20 reads the complex biometric information registered in the cache storage unit 21 last time. Then, the cache management unit 20 outputs the read complex biometric information and the received complex biometric information to the same biometric information determination unit 22 and the secondary information comparison unit 23.

  In the following description, the complex biometric information read from the cache storage unit 21, that is, the complex biometric information acquired by the client 3 last time is described as the acquired complex biometric information. In the following description, the complex biometric information reacquired by the client 3 is described as the reacquired complex biometric information.

  The same biometric information determination unit 22 determines whether the acquired complex biometric information and the reacquired complex biometric information are complex biometric information of the same user. Specifically, the same biometric information determination unit 22 receives the acquired complex biometric information and the reacquired complex biometric information from the cache management unit 20. The same biometric information determination unit 22 receives a notification from the sub-information comparison unit 23 that indicates whether or not the sub-information of the acquired complex biometric information is similar to the sub-information of the re-acquired complex biometric information. To do.

  Then, the same biological information determination unit 22 receives from the subsidiary information comparison unit 23 a notification indicating that the acquired complex biological information subsidiary information is similar to the reacquired complex biological information subsidiary information. If so, the following processing is executed. That is, the same biometric information determination unit 22 determines whether the acquired complex biometric information and the reacquired complex biometric information are complex biometric information of the same user.

  And when the same biometric information determination part 22 determines that the acquired complex biometric information and the reacquired complex biometric information are the complex biometric information of the same user, the reacquired complex biometric information is obtained. And a difference collation execution instruction are output to the collation score management unit 24. On the other hand, when it is determined that the acquired complex biometric information and the reacquired complex biometric information are not the same user complex biometric information, the identical biometric information determination unit 22 reacquires the complex biometric information. And the normal collation execution instruction are output to the collation score management unit 24.

  On the other hand, the same biometric information determination unit 22 receives a notification from the subinformation comparison unit 23 indicating that the sub information of the acquired complex biometric information is not similar to the sub information of the reacquired complex biometric information. If so, the following processing is executed. That is, the same biometric information determination unit 22 determines that the sub information of the acquired complex biometric information and the sub information of the reacquired complex biometric information are not the same complex biometric information of the user. Then, the same biometric information determination unit 22 outputs the re-acquired composite biometric information to the collation score management unit 24 and instructs to perform normal collation. The same biological information determination unit 22 is an example of a determination unit described in the claims.

  Hereinafter, as an example of processing executed by the same biological information determination unit 22, the subsidiary information of the complex biological information acquired from the subsidiary information comparison unit 23 is similar to the subsidiary information of the complex biological information reacquired. An example of a process that is executed again after receiving the notification indicating the effect will be described. For example, the same biometric information determination unit 22 compares the feature point information of the fingerprint of the index finger included in the acquired composite biometric information with the feature point information of the index finger of the index finger included in the reacquired composite biometric information, Calculate similarity. Similarly, the same biometric information determination unit 22 performs collation on the feature point information of the middle finger fingerprint, the feature point information of the ring finger fingerprint, and the vein pattern matching data, and calculates similarity.

  For example, when the calculated plurality of similarities includes a similarity with a value higher than a predetermined threshold, the same biometric information determination unit 22 reacquires the acquired complex biometric information. Are combined biometric information of the same user. That is, the same biometric information determination unit 22 reacquires the acquired complex biometric information when the biometric information reacquired includes biometric information similar to the biometric information included in the acquired complex biometric information. It is determined that the combined biometric information is the composite biometric information of the same user. And the same biometric information determination part 22 outputs the re-acquired composite biometric information to the collation score management part 24, and instruct | indicates execution of difference collation.

  On the other hand, if the calculated plurality of similarities do not include a degree of similarity higher than a predetermined threshold, the same biometric information determination unit 22 obtains the obtained complex biometric information and the reacquired complex biometric information, Are not complex biometric information of the same user. Then, the same biometric information determination unit 22 outputs the re-acquired composite biometric information to the collation score management unit 24 and instructs to perform normal collation.

  In addition, the same biometric information determination part 22 can employ | adopt arbitrary conditions as conditions which determine that the acquired complex biometric information and the reacquired complex biometric information are the complex biometric information of the same user. For example, when the sum of the calculated similarities is higher than a predetermined threshold, the same biometric information determination unit 22 uses the same biometric information of the same user for the acquired complex biometric information and the reacquired complex biometric information. It may be determined that Moreover, the same biometric information determination part 22 is re-acquired with the acquired composite biometric information, when a predetermined number of similarities are a value higher than a predetermined threshold among the calculated several similarities. It may be determined that the composite biological information is composite biological information of the same user.

  The subsidiary information comparison unit 23 compares the subsidiary information of each part included in the acquired complex biological information with the subsidiary information of each part included in the reacquired complex biological information. And the subsidiary information comparison part 23, when the subsidiary information of each part contained in the acquired complex biological information and the subsidiary information of each part contained in the complex biological information reacquired are similar, The following processing is executed. That is, the subsidiary information comparison unit 23 outputs a notification indicating that the subsidiary information of the acquired complex biological information and the subsidiary information of the complex biological information reacquired are similar to the identical biological information determination unit 22. .

  On the other hand, the subsidiary information comparison unit 23, when the subsidiary information of each part included in the acquired complex biological information and the subsidiary information of each part included in the reacquired complex biological information are not similar, The following processing is executed. That is, the subsidiary information comparison unit 23 outputs a notification indicating that the subsidiary information of the acquired complex biological information and the subsidiary information of the complex biological information reacquired are not similar to the identical biological information determination unit 22. .

  For example, the secondary information comparison unit 23 extracts the secondary information of the index finger included in the acquired complex biometric information and the secondary information of the index finger included in the reacquired complex biometric information, and extracts each sub-information extracted. The similarity of the next information is calculated. Similarly, the secondary information comparison unit 23 extracts the secondary information from the acquired complex biological information and the reacquired complex biological information for other parts, and calculates the similarity of the extracted subsidiary information. To do.

  Then, the secondary information comparison unit 23, based on each calculated similarity, the secondary information of each part included in the acquired complex biometric information and the sub information of each part included in the reacquired complex biometric information. It is determined whether the next information is similar. For example, when the total of the calculated similarities is higher than a predetermined threshold, the subsidiary information comparing unit 23 determines that the predetermined number of similarities out of the similarities is higher than the predetermined threshold. It is determined that the subsidiary information included in each composite biological information is similar.

  The collation score management unit 24 authenticates the user based on the collation result of the acquired complex biometric information and the collation result using the biometric information that failed in the previous authentication among the reacquired complex biometric information. I do. The collation score management unit 24 is an example of an extraction unit and an authentication unit described in the claims.

  For example, when new biometric information is read from the user, the biometric information of the same user is not stored in the cache storage unit 21. For this reason, when new biometric information is read from the user, the collation score management unit 24 receives a normal collation execution instruction from the same biometric information determination unit 22 together with the composite biometric information. In such a case, the verification score management unit 24 transmits the received complex biometric information to the authentication server 6 and requests verification.

  Moreover, the collation score management part 24 receives the collation result of each biometric information contained in composite biometric information. In detail, the collation score management part 24 receives the collation score which shows the similarity with the biometric information registered into DB server 8 for every biometric information contained in composite biometric information. And the collation score management part 24 notifies that the authentication was successful with respect to the client 3, for example, when all the received collation scores are more than a predetermined threshold value.

  On the other hand, the collation score management part 24 hold | maintains each received collation score, when either collation score is a value smaller than a predetermined threshold value. Then, the matching score management unit 24 notifies the client 3 that the authentication has failed. In such a case, the biometric information acquisition unit 10 of the client 3 acquires the biometric information of the user again. Then, the biometric information generation unit 14 of the client 3 transmits the re-acquired composite biometric information to the cache server 5. As a result, since the composite biometric information previously read from the same user is stored in the cache storage unit 21, the collation score management unit 24, the re-acquired composite biometric information, the execution instruction of the differential collation, Receive.

  In such a case, the verification score management unit 24 extracts biometric information acquired from the same part as the biometric information that has failed authentication at the previous verification from the biometric information included in the reacquired composite biometric information. Specifically, the collation score management unit 24 identifies which part of the biometric information has a collation score that is smaller than a predetermined threshold among the collation scores held. And the collation score management part 24 extracts the biometric information of the identified site | part from the biometric information contained in the complex bioinformation acquired again. Thereafter, the verification score management unit 24 transmits the extracted biometric information to the authentication server 6 and requests verification.

  As a result, the verification score management unit 24 receives the verification score of the extracted biometric information from the authentication server. And the collation score management part 24 determines whether all the received collation scores are more than a predetermined threshold value, and when all the received collation scores are more than a predetermined threshold value, it means that authentication was successful. Is sent to the client 3. On the other hand, when the received matching score includes a matching score smaller than a predetermined threshold, the matching score management unit 24 transmits to the client 3 that the authentication has failed.

  Hereinafter, an example of processing executed by the matching score management unit 24 will be described with reference to FIGS. FIG. 5 is a schematic diagram illustrating an example of collation performed by the authentication system according to the first embodiment. FIG. 6 is a schematic diagram illustrating an example of re-collation performed by the authentication system according to the first embodiment. FIG. 7 is a diagram for explaining an example of matching of matching scores executed by the authentication system according to the first embodiment.

  5 to 7, biometric information acquired from the same user's right index finger, middle finger, and ring finger, and the right index finger, middle finger, and ring finger of each User 0001 to 0003 registered in the DB server 8 are used. A collation score indicating the degree of similarity to information is described. In the following description, the matching score management unit 24 determines that the authentication is successful when the matching score of the biometric information of each fingerprint is a value of “60” or more.

  First, an example of the collation score received when the collation score management unit 24 requests collation of the acquired complex biometric information will be described with reference to FIG. For example, as shown in FIG. 5, the matching score management unit 24 receives the index finger “10”, the middle finger “0”, and the ring finger “1” as the matching scores with the biometric information of User0001. The matching score management unit 24 receives the index finger “60”, the middle finger “0”, and the ring finger “80” as the matching scores with the biometric information of User0002, and the index finger “60” as the matching scores with the biometric information of User0003. 2 ”, middle finger“ 0 ”, and ring finger“ 2 ”are received.

  As a result, as shown in FIG. 5G, the matching score management unit 24 determines that the biometric information of the right index finger fingerprint and the biometric information of the right ring finger fingerprint have been successfully authenticated, and the right index finger The matching score and the matching score of the right-handed ring finger are held as a temporary matching score. Further, the matching score management unit 24 determines that the biometric information authentication of the fingerprint of the middle finger of the right hand has failed, and notifies the client 3 that the user authentication has failed.

  Moreover, the collation score management part 24 will receive the biometric information acquired again and the instruction | indication of execution of difference collation, and among the biometric information contained in the compound biometric information acquired again, the biometrics which failed authentication last time. The biological information of the same part as the information, that is, the biological information of the middle finger of the right hand is extracted. Then, the matching score management unit 24 outputs the extracted biometric information of the middle finger of the right hand to the authentication server 6. As a result, the collation score management unit 24, as shown in FIG. 6H, the similarity between the biometric information re-acquired from the user's right hand middle finger and the biometric information of the right hand middle finger registered in the DB server 8 A matching score indicating is received.

  Then, the verification score management unit 24 authenticates the user using the received verification score and the stored verification score. That is, the matching score management unit 24 authenticates the user based on the result of the first matching and the result of the second matching. For example, as shown in FIG. 7, the matching score management unit 24 uses the matching score received in the first matching for the right index finger and the ring finger and the matching score received in the second matching for the right middle finger. Authenticate As a result, as shown in FIG. 7, the matching score management unit 24 succeeds in authenticating the user because the matching scores with the biometric information of User0002 are the index finger “60”, the middle finger “90”, and the ring finger “80”. The client 3 is notified that the user has been successfully authenticated.

  Returning to FIG. 2, the functional configuration of the authentication server 6 will be described. The verification processing unit 30 executes user authentication using the complex biometric information acquired by the client 3. Specifically, when receiving the composite biometric information from the cache server 5, the verification processing unit 30 displays the biometric information included in the composite biometric information and the biometric information registered in the DB server 8 for each part. Collation is performed, and a collation point indicating the similarity of biometric information is calculated. Then, the verification processing unit 30 transmits a verification point for each part to the cache server 5.

  On the other hand, when a part of biometric information is received from the cache server 5, the verification processing unit 30 identifies which part of the biometric information is the biometric information, and among the biometric information registered in the DB server 8. The biometric information of the identified part is collated. Then, the matching processing unit 30 calculates a matching point and outputs the calculated matching point to the matching score management unit 24. In addition, the collation process part 30 is an example of the 1st collation part as described in a claim, and a 2nd collation part.

  For example, the biological information acquisition unit 10, the image processing unit 11, the biological part identification unit 12, the secondary information extraction unit 13, and the biological information generation unit 14 are electronic circuits. In addition, the cache management unit 20, the same biometric information determination unit 22, the secondary information comparison unit 23, the matching score management unit 24, and the matching processing unit 30 are electronic circuits. Here, as an example of the electronic circuit, an integrated circuit such as an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA), or a central processing unit (CPU) or a micro processing unit (MPU) is applied.

  The cache storage unit 21 is a semiconductor memory device such as a random access memory (RAM) or a flash memory, or a storage device such as a hard disk or an optical disk.

  Next, the flow of processing executed by the authentication system 1 will be described with reference to FIG. FIG. 8 is a flowchart illustrating the flow of processing executed by the authentication system according to the first embodiment. For example, the client 3 acquires the fingerprint of the user to be authenticated and the finger vein image (step S101). Then, the client 3 corrects each image (step S102), and identifies a plurality of biological parts from each corrected image (step S103). Further, the client 3 creates composite biometric information including the biometric information of each identified biometric part (Step S104), and sends the composite biometric information to the cache server 5 (Step S105). Then, the cache server 5 holds the composite biometric information (Step S106).

  Further, the authentication server 6 executes 1: N verification using the composite biometric information received from the cache server 5 (step S107). Then, the cache server 5 determines whether authentication has failed (step S108). Here, if the authentication fails (Yes in step S108), the client 3 reacquires biometric information (step S109). Then, the cache server 5 collates the acquired complex biometric information with the reacquired complex biometric information (step S110), and performs a process of determining whether the data is the same user (step S111).

  That is, the cache server 5 determines whether the acquired complex biometric information and the reacquired complex biometric information are data of the same user (step S112). (Yes at step S112), the following processing is executed. That is, the cache server 5 causes the authentication server 6 to perform 1: N verification of the biometric information of the part that failed to be authenticated last time among the re-acquired composite biometric information (step S113). Then, the cache server 5 integrates the matching scores, authenticates the user (step S114), and ends the process.

  On the other hand, when the cache server 5 determines that the acquired complex biometric information and the reacquired complex biometric information are not the same data (No in step S112), the complex biometric information reacquired by the authentication server 6 Of 1: N matching is executed. And the cache server 5 performs authentication according to the result of collation (step S115), and ends the process. On the other hand, when the cache server 5 determines that the authentication has failed (No at Step S108), the cache server 5 ends the process.

[Effect of authentication system 1]
As described above, the authentication system 1 collates a plurality of pieces of biometric information acquired from a plurality of parts of the user and biometric information registered in advance in the DB server 8. Moreover, the authentication system 1 acquires composite biometric information again from a user, when a part of the composite biometric information acquired from the user is not similar to biometric information registered beforehand as a result of collation.

  And the authentication system 1 extracts the biometric information acquired from the same site | part as the biometric information which was not similar to the biometric information previously registered at the time of the last collation from the composite biometric information acquired again. Thereafter, the authentication system 1 re-collates the extracted biometric information with biometric information registered in advance. Then, the authentication system 1 authenticates the user based on the collation result and the recollation result. For this reason, the authentication system 1 can shorten the time required for verification at the time of retry.

  The authentication system 1 holds the composite biometric information acquired from the user, and determines whether the composite biometric information acquired again and the stored composite biometric information are composite biometric information of the same user. When the authentication system 1 determines that the composite biometric information acquired again and the stored composite biometric information are composite biometric information of the same user, the authentication system 1 executes the following processing.

  That is, the authentication system 1 extracts the biometric information acquired from the same part as the biometric information that was not similar to the biometric information registered in advance at the time of the previous collation from the composite biometric information acquired again. Re-verify. For this reason, the authentication system 1 can shorten the time required for verification at the time of retry without deteriorating the authentication strength.

  Further, when the authentication system 1 determines that the re-acquired complex biometric information and the retained complex biometric information are not the complex biometric information of the same user, all the biometric information included in the complex biometric information acquired again. Check for. For this reason, the authentication system 1 can perform authentication again when the complex biometric information of different users is acquired.

  Further, the authentication system 1 acquires and holds subsidiary information indicating the state of each part of the user. Then, when the secondary information included in the re-acquired complex biometric information and the retained sub-information are not similar, the authentication system 1 uses the re-acquired complex biometric information and the retained complex biometric information in the same way. It is determined that it is not the complex biological information of the person.

  Here, the secondary information indicating the state of the part is simpler information than the biological information indicating the characteristic amount of the part. For this reason, the authentication system 1 compares the stored sub information with the re-acquired sub information, and whether or not the complex biometric information of different users has been acquired without comparing the biometric information. Can be determined. As a result, the authentication system 1 can easily determine whether or not the re-acquired complex biometric information and the retained complex biometric information are complex biometric information of the same user.

  Although the embodiments of the present invention have been described so far, the embodiments may be implemented in various different forms other than the embodiments described above. Therefore, in the following, as an embodiment 2, an authentication system 1a that stores only biometric information that has been successfully authenticated in the cache storage unit 21 will be described.

  FIG. 9 is a diagram illustrating the functional configuration of the authentication system according to the second embodiment. 9 that perform the same functions as the functional configuration of the authentication system 1 according to the first embodiment illustrated in FIG. 2 among the functional configurations illustrated in FIG. The description of is omitted.

  As shown in FIG. 9, the authentication system 1a has a cache server 5a. Moreover, the cache server 5a has the same biometric information determination part 22a and the collation score management part 24a.

  The same biological information determination unit 22a exhibits the same function as the same biological information determination unit 22 shown in FIG. For example, the same biometric information determination unit 22a receives the composite biometric information read from the cache storage unit 21 by the cache management unit 20 and the re-acquired composite biometric information.

  Here, the composite biometric information read from the cache storage unit 21 by the cache management unit 20 includes only biometric information that has been successfully authenticated at the time of the previous authentication. That is, the composite biometric information read by the cache management unit 20 from the cache storage unit 21 does not include biometric information that has failed authentication at the previous authentication.

  For this reason, the same biometric information determination unit 22a identifies the biometric information of the same part as the biometric information that has been successfully authenticated from the re-acquired composite biometric information. Then, the same biometric information determination unit 22a compares the biometric information included in the composite biometric information read from the cache storage unit 21 by the cache management unit 20 with the biometric information identified from the reacquired composite biometric information, It is determined whether the biometric information is for the same user.

  Specifically, the same biometric information determination unit 22a determines whether or not the biometric information that has been successfully authenticated last time is included in the re-acquired composite biometric information. For example, if the biometric information of the right index finger and the biometric information of the right hand middle finger are successfully authenticated during the previous authentication, the same biometric information determination unit 22a determines the biometric information of the right hand index finger and the right hand from the re-acquired composite biometric information. Identify biometric information of the middle finger.

  Then, the same biometric information determination unit 22a compares the biometric information of the right index finger and biometric information of the right hand middle finger acquired previously with the biometric information of the right hand index finger and the biometric information of the right hand middle finger identified from the reacquired composite biometric information. To do. Thereafter, if the same biological information determination unit 22a determines that the biological information of each part is similar, the re-acquired composite biological information is determined to be the same user's biological information as the previously acquired composite biological information. To do. When the re-acquired complex biometric information is determined to be the same user's biometric information as the previously obtained complex biometric information, the same biometric information determination unit 22a identifies the re-acquired complex biometric information from the reacquired complex biometric information. The biometric information is output to the matching score management unit 24a.

  On the other hand, when it is determined that the re-acquired complex biometric information is not the same user's biometric information as the previously acquired complex biometric information, the same biometric information determination unit 22a collates the reacquired complex biometric information. The process is terminated without outputting to the score management unit 24a.

  The matching score management unit 24a exhibits the same function as the composite score management unit 24 shown in FIG. Furthermore, the collation score management part 24a will identify the site | part from which the value of the received collation score becomes more than a predetermined threshold, if the collation score of each site | part is received from the authentication server 6. FIG. And the collation score management part 24a deletes biometric information other than the identified site | part among the biometric information contained in the composite biometric information stored in the cache memory | storage part 21. FIG. That is, the collation score management unit 24a deletes biometric information other than biometric information that has been successfully authenticated from the composite biometric information stored in the cache storage unit.

  As described above, when the biometric information that has been successfully authenticated last time is included in the re-acquired complex biometric information, the authentication system 1a and the re-acquired complex biometric information It is determined that the information is composite biometric information of the same user. Therefore, the authentication system 1a can more accurately determine whether the re-acquired complex biometric information is the complex biometric information of the same user as the previously acquired complex biometric information.

  If the authentication system 1a determines that the previously acquired complex biometric information and the reacquired complex biometric information are not the complex biometric information of the same user, the authentication system 1a authenticates the reacquired complex biometric information. The process is terminated without performing the process. For this reason, the authentication system 1a can prevent the state where the authentication about the biometric information of a specific finger repeats success and failure, for example.

  Next, the flow of processing executed by the authentication system 1a will be described with reference to FIG. FIG. 10 is a flowchart illustrating the flow of processing executed by the authentication system according to the second embodiment. Note that the authentication system 1a performs the same processing as steps S101 to S107 shown in FIG. 8 before the processing shown in FIG.

  For example, the authentication system 1a determines whether or not the authentication using the complex biometric information has failed (step S201). If it is determined that the authentication has failed (step S201 affirmative), the following processing is executed. That is, the authentication system 1a deletes the biometric information that has failed in the biometric information included in the composite biometric information stored in the cache storage unit 21 (step S202).

  Next, the authentication system 1a reacquires the complex biometric information (step S203), and collates the stored complex biometric information with the reacquired complex biometric information (step S204). Then, the authentication system 1a determines whether or not the biometric information included in the held composite biometric information, that is, the biometric information that has been successfully authenticated is included in the reacquired biometric information (step S205).

  If the authentication system 1a determines that the biometric information that has been successfully authenticated is included in the reacquired biometric information (Yes in step S205), the authentication system 1a performs 1: N verification using the biometric information that failed last authentication. (Step S206). Thereafter, the authentication system 1a performs authentication by integrating the matching scores (step S207), and ends the process.

  On the other hand, if the authentication system 1a succeeds in the authentication using the composite biometric information (No in step S201), or determines that the biometric information that has been successfully authenticated is not included in the reacquired biometric information (step S205). (No), the process is terminated as it is.

  As described above, the authentication system 1a holds only the biometric information that has been successfully authenticated, among the biometric information included in the composite biometric information acquired from the user. Further, the authentication system 1a determines whether the re-acquired composite biometric information includes the held biometric information. When the authentication system 1a determines that the re-acquired complex biometric information includes the retained biometric information, the authentication system 1a differs from the retained biometric information from the biometric information included in the reacquired complex biometric information. The biological information acquired from the part is extracted. Therefore, the authentication system 1a can more accurately determine whether or not the previously acquired complex biometric information and the reacquired complex biometric information are complex biometric information of the same user.

  The authentication systems 1 and 1a described above collate the biometric information acquired from the user with each biometric information registered in the DB server 8. However, the embodiment is not limited to this. For example, the biometric information to be collated may be narrowed down from the biometric information registered in the DB server 8.

  Therefore, in the third embodiment, an authentication system that learns the trap when the user inputs biometric information and narrows down the biometric information to be authenticated according to the trap when the user inputs the biometric information. 1b will be described. FIG. 11 is a diagram illustrating the functional configuration of the authentication system according to the third embodiment. Among the functional configurations described in FIG. 11, those that exhibit the same functions as the functional configuration of the authentication system 1 according to the first embodiment illustrated in FIG. 2 are denoted by the same reference numerals as those in FIG. The description of is omitted.

  As shown in FIG. 11, the authentication system 1b includes a client 3a, a cache server 5b, an authentication server 6a, and a DB server 8a. The client 3a includes a biological information generation unit 14a and a heel information extraction unit 15. In addition, the cache server 5 b includes a narrowed data storage unit 25 and a bag information comparison unit 26. In addition, the authentication server 6 a includes a bag information management unit 31. In the following description, the functional configuration will be described in the order of the client 3a, the authentication server 6a, and the cache server 5b.

  First, the functional configuration of the client 3a will be described. When the heel information extraction unit 15 receives the fingerprint image of the user from the biological part identification unit 12, the heel information extraction unit 15 extracts the heel when the user inputs the biological information from the received fingerprint image. For example, the eyelid information extraction unit 15 extracts position information indicating the position of the finger when the user inputs a fingerprint and direction information indicating the direction of the finger as the eyelid information. Then, the eyelid information extraction unit 15 outputs the extracted eyelid information to the biological information generation unit 14a.

  Here, FIG. 12 is a diagram illustrating an example of position information. For example, the eyelid information extraction unit 15 takes the lower left of the fingerprint sensor area 201 as the origin, and defines the x axis in the horizontal direction and the y axis in the vertical direction. Then, as shown in FIG. 12, the eyelid information extraction unit 15 generates position information including the center coordinates of the position where the index finger, middle finger, and ring finger of the right hand are acquired.

  FIG. 13 is a diagram illustrating an example of direction information. For example, as shown by a circle in FIG. 13, the eyelid information extraction unit 15 extracts a point where the locality of the ridge is maximized from the fingerprint image, and identifies a straight line passing through the identified point. Then, the eyelid information extraction unit 15 measures the angle θ between the identified straight line and the x-axis direction as shown in (I) of FIG. 13, and uses the measured angle θ as direction information. Thereafter, the eyelid information extraction unit 15 outputs the eyelid information including the generated position information and direction information to the biological information generation unit 14a.

  The biological information generation unit 14a exhibits the same function as the biological information generation unit 14 illustrated in FIG. Further, when registering the composite biometric information in the DB server 8a, the biometric information generation unit 14a generates the composite biometric information including the sputum information received from the sputum information extraction unit 15, and uses the generated composite biometric information as the authentication server 6a. Send to. Moreover, the biometric information production | generation part 14a transmits the composite biometric information containing the cocoon information received from the cocoon information extraction part 15 to the cache server 5b, when authenticating a user.

  Next, the functional configuration of the authentication server 6a will be described. The heel information management unit 31 uses the heel information acquired by the client 3a at the time of user authentication to narrow down complex biometric information to be searched. Specifically, when the heel information management unit 31 receives the composite biometric information of the user to be registered from the client 3a, the heel information management unit 31 registers the received composite biometric information in the DB server 8a. The following processing is executed at a predetermined time interval or when new complex biological information is registered in the DB server 8a.

  First, the eyelid information management unit 31 extracts the eyelid information from each complex biological information registered in the DB server 8a. Then, the eyelid information management unit 31 calculates the average and standard deviation of the position information and the direction information included in the extracted eyelid information as statistical data. Thereafter, the heel information management unit 31 selects a predetermined number of complex biological information from the complex biological information registered in the DB server 8a based on the statistical data. For example, the heel information management unit 31 selects a predetermined number of complex biological information in the order in which the content of the heel information is close to the calculated statistical data.

  Then, the bag information management unit 31 transmits the selected plurality of composite biometric information as the narrowed data to the cache server 5b and stores it in the narrowed data storage unit 25. Note that the bag information management unit 31 receives bag information from the cache server 5b that has received the composite statistical information. In such a case, the heel information management unit 31 calculates new statistical data using the newly acquired heel information and the heel information of the complex biological information registered in the DB server 8a, and obtains new statistical data. To create new refined data. Then, the bag information management unit 31 updates the narrowed data stored in the narrowed data storage unit 25 to new narrowed data. Note that the bag information management unit 31 is an example of a narrowing-down unit described in the claims.

  Next, the functional configuration of the cache server 5b will be described. The narrowed data storage unit 25 stores narrowed data created by the authentication server 6a.

  The bag information comparing unit 26 determines whether or not to perform authentication using the narrowed data, using the bag information acquired by the client 3a at the time of user authentication. For example, when the biometric information acquired by the client 3a at the time of user authentication is received, the sputum information comparison unit 26 extracts the sputum information from the received composite biometric information. Then, the eyelid information comparison unit 26 searches the narrowed data storage unit 25 for complex biological information including the eyelid information similar to the extracted eyelid information. Specifically, the eyelid information comparison unit 26 calculates the similarity between the extracted eyelid information and the eyelid information of the complex biological information stored in the narrowed data storage unit 25, and the calculated similarity is predetermined. The complex biometric information higher than the threshold value is searched.

  In addition, when the combined biometric information including the wrinkle information similar to the extracted wrinkle information is stored in the narrowed data storage unit 25, the wrinkle information comparison unit 26 extracts the combined biometric information acquired by the client 3a. Collation with the narrowed-down data stored in the data storage unit 25 is performed. The bag information comparing unit 26 notifies the client 3a that the authentication has been successful when the combined biometric information whose collation score is equal to or greater than a predetermined threshold is included in the narrowed data.

  In addition, the heel information comparison unit 26 outputs the received composite biometric information to the cache management unit 20 when the composite biometric information including the same heel information as the extracted heel information is not stored in the narrowed data storage unit 25. . In addition, the heel information comparison unit 26 outputs the received complex biometric information to the cache management unit 20 when the complex biometric information whose collation score is equal to or greater than a predetermined threshold is not included in the narrowed-down data. As a result, when the collation using the narrowed-down data fails, the cache server 5b executes the same processing as the cache server 5 shown in FIG. 2 and performs the collation using the data stored in the DB server 8a. To do.

  Note that when the biometric information acquired by the client 3a is received, the sputum information comparison unit 26 acquires the sputum information from the received composite biometric information and transmits the acquired sputum information to the authentication server 6a. As a result, the authentication server 6a updates the statistical data and creates new narrowed data, and stores the newly created narrowed data in the narrowed data storage unit 25.

  Next, the flow of processing executed by the authentication system 1b will be described with reference to FIG. FIG. 14 is a flowchart illustrating the flow of processing executed by the authentication system according to the third embodiment. For example, when the authentication system 1b acquires the composite biometric information from the user, the cache server 5b compares the acquired biometric information of the composite biometric information with the sputum information in the narrowed data stored in the cache server 5b ( Step S301). Then, the authentication system 1b determines whether there is wrinkle information similar to the wrinkle information of the acquired complex biometric information in the wrinkle information in the narrowed-down data stored in the cache server 5b (step S302).

  Further, when there is heel information similar to the heel information of the acquired complex biological information in the heel information in the narrowed-down data stored in the cache server 5b (Yes at Step S302), the authentication system 1b performs the following processing. Run. That is, the authentication system 1b collates the composite biometric information of the narrowed-down data with the acquired composite biometric information (step S303). Then, the authentication system 1b determines whether or not the collation score is equal to or greater than a predetermined threshold (step S304), and when it is determined that the collation score is equal to or greater than the predetermined threshold (Yes in step S304), the authentication is successful. It is determined that it has been done (step S305).

  On the other hand, when the authentication system 1b determines that the verification score is equal to or less than the predetermined threshold (No at Step S304), the authentication system 1b compares the complex biometric information stored in the authentication server 8a with the acquired complex biometric information (Step S304). S306). That is, the authentication system 1b performs the same process as the authentication system 1. And the authentication system 1b outputs an authentication result after execution of step S305 or step S306 (step S307). In addition, the authentication system 1b calculates new statistical data using the heel information included in the acquired complex biological information (step S308), and uses the new statistical data to narrow down the cache server 5b. Data is updated (step S309), and the process ends.

[Effect of authentication system 1b]
As described above, the authentication system 1b is a narrowed-down data obtained by narrowing down the complex biometric information to be verified from the complex biometric information registered in the DB server 8a based on the trap when the user inputs the biometric information. Create Then, the authentication system 1b collates the composite biometric information acquired when authenticating the user with the narrowed-down data. Each registered complex biometric information is compared with the acquired complex biometric information.

  For this reason, since the authentication system 1b reduces the number of complex biometric information collated at the time of authentication, the authentication time can be further reduced.

  Although the embodiments of the present invention have been described so far, the embodiments may be implemented in various different forms other than the embodiments described above. Accordingly, another embodiment included in the present invention will be described below as a fourth embodiment.

(1) Functional configuration of authentication system 1 In the authentication system 1 described above, the cache server 5 receives the complex biometric information read by the client 3 for load distribution, and then the cache server 5 transmits it to the authentication server 6. It was. However, the embodiment is not limited to this. For example, the authentication system 1 may have an authentication server 6 including the function of the cache server 5. In addition, since the authentication system 1 performs the 1: N authentication of the user and registers the complex biometric information of the user registered in advance in the DB server 8, the embodiment is not limited to this. . For example, the authentication system 1 may register the composite biometric information in a so-called cloud.

  FIG. 15 is a diagram for explaining a variation of the authentication system. In the example illustrated in FIG. 15, the authentication system 1c according to the fourth embodiment includes a biosensor 2, a client 3, a network 4, an authentication server 6c, and a cloud 8b. Note that the biosensor 2, the client 3, and the network 4 perform the same functions as the biosensor 2, the client 3, and the network 4 shown in FIG.

  The authentication server 6c exhibits the same functions as the cache server 5 and the authentication server 6 according to the first embodiment. The cloud 8b is a so-called cloud system, in which the complex biometric information of the user to be authenticated is registered in advance.

  As described above, the authentication system 1 can divide and integrate the functions of the cache server 5 and the authentication server 6 at an arbitrary granularity. Further, for example, the authentication system 1 may realize the processing executed by the cache server 5 and the authentication server 6 on the cloud 8b. Further, the authentication system 1 may realize processing by connecting the biosensor 2 and the DB server 8 to an authentication device including the functions of the client 3, the cache server 5, and the authentication server 6.

(2) Secondary information In the authentication system 1 described above, the dry state of each finger is read as secondary information read from each part of the user. However, the embodiment is not limited to this. For example, the authentication system 1 may read the width of a ridge in the fingerprint of each finger of the user, a pattern extracted from the fingerprint, and the like as secondary information. That is, the authentication system 1 can employ arbitrary information as subsidiary information as long as it is information other than the characteristics of each part of the user used for the authentication process.

(3) Fingerprint Quality In the authentication system 1 described above, complex biometric information is acquired from each part of the user, and the acquired complex biometric information is compared with the complex biometric information registered in the DB server 8. However, the embodiment is not limited to this.

  For example, when the authentication system 1 acquires biometric information and subsidiary information from image data, the authentication system 1 determines the quality of the acquired biometric information and subsidiary information based on the gamma value and the like of the image data. For example, if the gamma value of the image data does not fall within a predetermined range, the authentication system 1 determines that the quality of the biometric information and the subsidiary information is poor. If the authentication system 1 determines that the quality of the biometric information or the secondary information is poor, the authentication system 1 may reacquire the composite biometric information from the user.

  In addition, for example, when the quality of some of the biometric information is poor, the authentication system 1 collates only the biometric information with good quality. And the authentication system 1 may perform re-collation only about the biometric information of the site | part in which quality was bad last time, and the biometric information of the site | part which failed last authentication among the composite biometric information reacquired from the user. . By executing such processing, the authentication system 1 can shorten the time required for user authentication.

(4) Program By the way, the authentication system 1 which concerns on Example 1 demonstrated the case where various processes were implement | achieved using hardware. However, the embodiment is not limited to this, and may be realized by executing a program prepared in advance by a computer. In the following, an example of a computer that executes a program having the same function as that of the authentication system 1 described in the first embodiment will be described with reference to FIG. FIG. 16 is a diagram illustrating an example of a computer that executes an authentication program.

  In the computer 100 illustrated in FIG. 16, a ROM (Read Only Memory) 110, a HDD (Hard Disk Drive) 120, a RAM (Random Access Memory) 130, and a CPU (Central Processing Unit) 140 are connected by a bus 160. In addition, the computer 100 illustrated in FIG. 16 includes an I / O (Input Output) 150 for transmitting and receiving a packet in which the complex biological information is stored in the payload.

  The HDD 120 holds an authentication program 121 in advance. When the CPU 140 reads the authentication program 121 from the HDD 120 and executes it, the authentication program 121 functions as the authentication process 141 in the example shown in FIG. The authentication process 141 has the same functions as the cache management unit 20, the cache storage unit 21, the same biometric information determination unit 22, the secondary information comparison unit 23, the verification score management unit 24, and the verification processing unit 30 illustrated in FIG. Demonstrate. The authentication process 141 also exhibits the same functions as those of the biological information acquisition unit 10, the image processing unit 11, the biological part identification unit 12, the secondary information extraction unit 13, and the biological information generation unit 14 illustrated in FIG. Also good.

  The authentication program 121 described in the present embodiment can be realized by executing a program prepared in advance on a computer such as a personal computer or a workstation. This program can be distributed via a network such as the Internet. The program is recorded on a computer-readable recording medium such as a hard disk, a flexible disk (FD), a CD-ROM (Compact Disc Read Only Memory), an MO (Magneto Optical Disc), a DVD (Digital Versatile Disc). The The program can also be executed by being read from a recording medium by a computer.

DESCRIPTION OF SYMBOLS 1, 1a, 1b, 1c Authentication system 2 Biometric sensor 3, 3a Client 4 Network 5, 5a, 5b Cache server 6, 6a Authentication server 8, 8a DB server 8b Cloud 10 Biometric information acquisition part 11 Image processing part 12 Biological part identification Unit 13 Secondary Information Extraction Unit 14 Biometric Information Generation Unit 15 Trap Information Extraction Unit 20 Cache Management Unit 21 Cache Storage Unit 22 Same Biometric Information Determination Unit 23 Secondary Information Comparison Unit 24, 24a Collation Score Management Unit 25 Narrowed Data Storage Unit 26 癖 Information Comparison Unit 30 Collation Processing Unit 31 癖 Information Management Unit

Claims (9)

A first collation unit that collates a plurality of pieces of biometric information acquired from a plurality of parts of a user and biometric information registered in advance;
As a result of collation by the first collation unit, when a part of the plurality of pieces of biometric information acquired from the user and the pre-registered biometric information are not similar, a plurality of pieces of bioinformation acquired again from the user An extraction unit that extracts biological information acquired from the same part as the biological information that was not similar to the previously registered biological information, from biological information;
A second collation unit that collates the biometric information extracted by the extraction unit with the pre-registered biometric information;
An authentication apparatus, comprising: an authentication unit that authenticates the user based on a result of collation by the first collation unit and a result of collation by the second collation unit. A holding unit for holding a plurality of biological information acquired from a plurality of parts of the user;
A determination unit that determines whether a plurality of pieces of biological information acquired again from the user and a plurality of pieces of biological information held by the holding unit are biological information of the same user;
When the determination unit determines that the plurality of pieces of biological information acquired again from the user and the plurality of pieces of biological information held by the holding unit are biological information of the same user, The biometric information acquired from the same site | part as the biometric information which was not similar to the said biometric information registered previously from the some biometric information acquired again from a user is characterized by the above-mentioned. Authentication device.   When the determination unit determines that the plurality of pieces of biological information acquired again from the user and the plurality of pieces of biological information held by the holding unit are not the biological information of the same user, The authentication apparatus according to claim 2, wherein all biometric information acquired again from the user is extracted biometric information. The holding unit holds only biometric information similar to the pre-registered biometric information among a plurality of pieces of biometric information acquired from the plurality of parts of the user as a result of collation by the first collating unit,
The determination unit determines whether biological information similar to the biological information held by the holding unit is included in the plurality of biological information acquired again from the user,
When the determination unit determines that biometric information similar to the biometric information held by the holding unit is included in the plurality of pieces of biometric information acquired again from the user, the extraction unit receives the information from the user. 4. The authentication apparatus according to claim 2, wherein biometric information acquired from a part different from the stored biometric information is extracted from a plurality of biometric information acquired again. The holding unit holds a plurality of biological information acquired from a plurality of parts of the user and subsidiary information indicating a state of each part of the user,
When the subsidiary information acquired again from each part of the user is not similar to the subsidiary information held by the holding unit, the determination unit includes a plurality of pieces of biological information acquired again from the user, The authentication apparatus according to claim 2, wherein the plurality of pieces of biometric information held by the holding unit is determined not to be biometric information of the same user.   The authentication apparatus according to claim 5, wherein the holding unit holds at least one of a dry state, a ridge width, and a pattern at each part of the user as the subsidiary information. Based on the trap when the user inputs biometric information, the biometric information to be collated is narrowed down from the pre-registered biometric information, a narrowing unit,
The first collating unit collates a plurality of pieces of biological information acquired from a plurality of parts of the user with a piece of biological information narrowed down by the narrowing unit, and a plurality of pieces of living body obtained from the user When the information is not similar to the biological information narrowed down by the narrowing-down unit, a plurality of pieces of biological information acquired from a plurality of parts of the user are compared with the biological information registered in advance. The authentication device according to any one of claims 1 to 6. An authentication device that authenticates users
Collating a plurality of biological information acquired from a plurality of parts of the user with biological information registered in advance,
If a part of the plurality of pieces of biometric information acquired from the user is not similar to the preregistered biometric information as a result of the collation, the pre-registration is performed from the plurality of pieces of biometric information acquired again from the user. Biometric information acquired from the same part as the biometric information that was not similar to the biometric information that was made,
Re-collating the extracted biometric information with the pre-registered biometric information,
An authentication method, comprising: performing a process of authenticating the user based on the result of the collation and the result of the re-collation. On the computer,
A plurality of pieces of biological information acquired from a plurality of parts of the user are collated with biological information registered in advance,
If a part of the plurality of pieces of biometric information acquired from the user is not similar to the preregistered biometric information as a result of the collation, the pre-registration is performed from the plurality of pieces of biometric information acquired again from the user. Biometric information acquired from the same part as the biometric information that was not similar to the biometric information that was made,
Re-collating the extracted biometric information with the pre-registered biometric information,
An authentication program for executing a process of authenticating the user based on the result of the collation and the result of the re-collation.

Images