JP2014241058A - Biometric authentication device, biometric authentication method, and room entry/exit management system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To change a control content in accordance with an input order of biometric information by using an input of only the biometric information.SOLUTION: A biometric authentication device 10 according to the present invention is installed near a door 51, and comprises: a biometric input part 111 that receives an input of biometric information on a user, and acquires biometric data; and an authentication process part 112 that executes an authentication process, and when the acquired biometric data is already registered (when authentication is succeeded), generates door control information for controlling the door 51. An order of the biometric information to be input to the biometric input part 111 is an order of a start finger, an operation decision-making finger, and an end finger. The start finger, which is a finger to be firstly input upon authentication, is preliminarily determined for each user. The operation decision-making finger, which is a finger to be input for determining a control content of the door 51, has an input order of the finger preliminarily determined for each user. The end finger, which is a finger to be lastly input, is the same finger as the start finger.

Description

  The present invention relates to a technique for changing control contents according to the input order of biological information.

  In recent years, in an entrance / exit management system, an authentication device installed near a door is required to have a function capable of selecting a control content for the door from a plurality. For example, the authentication device includes a plurality of buttons, and authenticates the operator after the buttons are pressed. Each button is assigned in advance with a continuous unlocking control indicating that the electric lock is always unlocked, a continuous locking control indicating that the electric lock is always locked, and the like when the operator is successfully authenticated. The control corresponding to the pressed button is executed. When increasing the type of control, it is necessary to change the number of buttons corresponding to the control content.

Also, in the field of authentication devices, biometric authentication technology that performs authentication using personal physical features (biometric information) such as fingerprints, finger veins, faces, irises, and voices has been developed.
Patent Document 1 discloses a technique for transmitting instruction information corresponding to the input order of biometric information by associating the input order of biometric information (fingerprint or voice) with the instruction information.

JP 2004-272892 A

However, in the technique described in Patent Document 1, after a user is identified by inputting a user identifier, authentication processing is executed using the identified user's biometric data. That is, before inputting biometric information, another input of a user identifier is required. Therefore, there is a problem that biometric authentication cannot be performed when the user forgets the user identifier. There is also a problem that it is necessary to provide not only a device that receives input of biometric information but also a device that receives input of a user identifier.
Therefore, an object of the present invention is to provide a technique for changing the control content according to the input order of the biological information using only the input of the biological information.

  In order to solve the above-mentioned problem, the biometric authentication device of the present invention acquires the biometric input unit that receives biometric information input and acquires biometric data and the first ID at the time of authentication for each user ID that identifies the user. Start biometric data indicating registered biometric data for collation with biometric data, operation determination order information that defines the correspondence between the input order of the acquired biometric data and the control contents, and a plurality of registered biometric data used for collation And the first biometric data acquired at the time of authentication and the starting biometric data are collated to narrow down the user ID related to the first acquired biometric data, and the authentication If each biometric data acquired after the second time is compared with the first acquired biometric data and it is determined that the result is not similar, the second and subsequent biometric data are acquired. The biometric data and the registered biometric data of the narrowed-down user ID are collated to specify the user ID of the biometric data acquired after the second and the input order of the acquired biometric data, and the control content And an authentication processing unit that determines that the input is completed when it is determined that the input is similar based on the collation result.

  ADVANTAGE OF THE INVENTION According to this invention, the technique which changes the control content according to the input order of biometric information using the input of only biometric information can be provided.

It is a figure which shows the structural example of the entrance / exit management system containing a biometrics authentication apparatus. It is a figure which shows an example of personal information. It is a figure which shows an example of biometric information. It is a figure which shows an example of input order information. It is a figure which shows an example of authentication condition information. It is a figure which shows an example of an authentication condition setting screen. It is a figure which shows the example of a flow of the registration process of biometric information. It is a figure which shows an example of the personal information and biometric information which were registered and updated, (a) represents the personal information after registration update, (b) represents the biometric information after registration update. It is a figure which shows an example of a starting finger selection screen. It is a figure which shows an example of an action determination finger | toe selection screen. It is a figure which shows the registration update example of input order information. It is a figure which shows the example of a flow of an authentication process.

  Here, a mode for carrying out the present invention (hereinafter referred to as “the present embodiment”) will be described in detail with reference to the drawings as appropriate.

(Entrance / exit management system)
First, a configuration example of an entrance / exit management system 500 including the biometric authentication device 10 will be described with reference to FIG.
The entrance / exit management system 500 includes one or more biometric authentication devices 10, one or more biometric information registration devices 20, and one or more door control devices 50. The network 30 communicates between the biometric authentication device 10 and the biometric information registration device 20, between the biometric information registration device 20 and one or more terminals 40, and between the biometric authentication device 10 and the door control device 50. Connected as possible. The door control device 50 is connected to one or more doors 51 so as to be communicable. Note that these connection forms may be either wired or wireless.

  The biometric authentication device 10 is installed near the door 51, receives biometric information of a user, acquires biometric data, executes an authentication process, and the acquired biometric data has been registered (when authentication is successful). Has a function of generating door control information for controlling the door 51. The biometric authentication device 10 has a function of transmitting the generated door control information to the door control device 50 that controls the unlocking or locking of the door 51. The detailed functions of the biometric authentication device 10 will be described later.

  In the present embodiment, the biometric data will be described in the case of finger vein data, but is not necessarily limited to finger vein data, and is data representing personal physical characteristics such as fingerprints, finger veins, faces, irises and voices. I just need it.

  Also, the input order of the fingers to be authenticated by the biometric authentication device 10 is the order of the start finger (one), the action determination finger (one or more), and the end finger (the same finger as the start finger). The start finger is the first input finger at the time of authentication, and is determined in advance for each user. The action determination finger is a finger input for selecting and determining the control content of the door 51, and the input order of the finger is predetermined for each user. The door control information described above is generated so as to correspond to the input order of the fingers. The end finger is a finger input at the end of authentication, and is the same finger as the start finger.

  The biometric information registration device 20 has a function of receiving biometric data to be registered for user authentication, registering the biometric data, and transmitting the registered biometric data (registered biometric data) to the biometric authentication device 10. . The biometric information registration device 20 has a function of setting authentication conditions and transmitting the authentication conditions to the biometric authentication device 10. The biometric authentication device 10 performs an authentication process based on the registered biometric data received from the biometric information registration device 20 and the authentication conditions. The detailed functions of the biometric information registration device 20 will be described later.

The terminal 40 is, for example, a personal computer, and is used for registration and update of the input order information 223 stored in the biometric information registration device 20. The input order information 223 is information that associates the input order of the action determination finger and the control content of the door 51, and details thereof will be described later.
The door control device 50 has a function of controlling the locked state and the unlocked state of the door 51 based on the door control information received from the biometric authentication device 10. The door 51 includes an electric lock (not shown), and is locked or unlocked by the door control device 50.

(Biometric information registration device)
Next, details of a function example of the biometric information registration apparatus 20 will be described with reference to FIG. The biometric information registration apparatus 20 includes a processing unit 21, a storage unit 22, and a communication unit 23.
The communication unit 23 is a communication interface and has a function of transmitting and receiving information to and from the terminal 40 and the biometric authentication device 10.
The storage unit 22 is, for example, a storage device such as a memory or a hard disk, and stores personal information 221, biometric data information 222, input order information 223, and authentication condition information 224. The biometric data information 222, the input order information 223, and the authentication condition information 224 are copied to the biometric data information 121, the input order information 122, and the authentication condition information 123 of the biometric authentication device 10 via the communication unit 23, respectively. Details of each piece of information stored in the storage unit 22 will be described later.

  The processing unit 21 includes a CPU (Central Processing Unit) and a main memory (not shown). The application program stored in the storage unit 22 is expanded in the main memory, and the display unit 211, the biological input unit 212, and the registration processing unit Each function of 213 is embodied.

The display unit 211 has a function of outputting an input prompt message, processing information in the processing unit 21, and the like to a display device (not shown).
The biometric input unit 212 has a function of receiving biometric information from a user and acquiring biometric data. Here, “obtaining biometric data” means extracting data used for authentication processing from the input biometric information and converting the data into a predetermined format (that is, making it into a template).

  The registration processing unit 213 has a function of registering (storing) templated biometric data in the biometric data information 222 of the storage unit 22. The biometric data registered (stored) in the biometric data information 222 is referred to as “registered biometric data”.

(Biometric authentication device)
Next, a function example of the biometric authentication device 10 will be described with reference to FIG. The biometric authentication device 10 includes a processing unit 11, a storage unit 12, and a communication unit 13.

  The communication unit 13 is a communication interface and has a function of transmitting and receiving information to and from the biometric information registration device 20. The communication unit 13 has a function of transmitting door control information for controlling locking / unlocking of the door 51 to the door control device 50.

  The storage unit 12 is a memory or a hard disk, and stores biometric data information 121, input order information 122, and authentication condition information 123. The biometric data information 121, the input order information 122, and the authentication condition information 123 are copied from the biometric data information 222, the input order information 223, and the authentication condition information 224 of the biometric information registration apparatus 20 via the communication unit 13, respectively. Is.

  The processing unit 11 is constituted by a microcomputer, has a CPU and a main memory (not shown), expands an application program stored in the storage unit 12 into the main memory, and inputs a biometric input unit 111, an authentication processing unit 112, and a display unit Each function of 113 and the door control part 114 is embodied.

The biometric input unit 111 has a function of receiving biometric information from a user and acquiring biometric data.
The authentication processing unit 112 has a function of performing authentication processing on the biometric data acquired by the biometric input unit 111 while referring to the biometric data information 121, the input order information 122, and the authentication condition information 123.

The display unit 113 has a function of outputting an input prompt message, processing information in the processing unit 11, and the like to a display device (not shown). In addition, the display unit 113 includes, for example, an unillustrated red and green LED (Light Emitting Diode) and an alarm generation unit, and turns on one of the LEDs according to the authentication result, It has a function to generate an alarm from the generator.
When the authentication processing unit 112 determines that the authentication is successful, the door control unit 114 generates door control information for controlling the locked state and the unlocked state of the door 51, and applies the generated door control information to the corresponding door control information. It has the function to transmit to the door control apparatus 50 of the door 51 to perform.

  Next, details of the personal information 221, the biometric data information 222, the input order information 223, and the authentication condition information 224 stored in the storage unit 22 will be described. The biometric data information 121, the input order information 122, and the authentication condition information 123 stored in the storage unit 12 are copies of the biometric data information 222, the input order information 223, and the authentication condition information 224, respectively. Is omitted.

  The personal information 221 stores information related to an individual user input via an input device (not shown) (keyboard, mouse, etc.). Specifically, as shown in FIG. 2, the personal information 221 stores at least information associated with a user ID, a finger ID, a finger name, and a contact address.

  The user ID is information for identifying the user. The finger ID is information for identifying a finger to be registered. The finger name is information that represents the name of the finger. When “Left” is added to the beginning of a common finger name, the finger of the left hand is indicated, and when “Right” is indicated, the finger of the right hand is indicated. Represent. For example, “left middle finger” represents the middle finger of the left hand, and “right index finger” represents the index finger of the right hand. The contact information is information indicating the contact information of the user. In FIG. 2, it is described that five finger IDs can be registered for each user ID, but the number of registrations is not limited to five. Also, a null value is registered in the column where no finger name is registered, but in FIG. 2, “unregistered” is indicated as indicated by the finger ID “05” of the user ID “10003”.

  The biometric data information 222 stores the biometric data of the finger ID registered in the personal information 221 or the storage location of the biometric data. Specifically, as shown in FIG. 3, the biometric data information 222 stores at least information associated with a user ID, a finger ID, a data type, and a misauthentication list.

  The user ID is the same as the user ID of the personal information 221 shown in FIG. The finger ID is the same as the finger ID of the personal information 221 shown in FIG. The data type represents the biometric data or the storage location of the biometric data, and FIG. 2 shows that “finger vein data” is stored. Note that a null value is registered in the column where the data type is not registered, but in FIG. 3, “unregistered” is indicated as indicated by the finger ID “05” of the user ID “10003”.

  The misauthentication list is information indicating a user ID and a finger ID determined to be “similar” by the registration processing unit 213 when biometric data is registered (stored). “Similar” represents, for example, a case where the similarity is equal to or greater than a predetermined threshold. Specifically, in FIG. 3, the finger ID “04” of the user ID “10001” is determined to be similar to the finger ID “02” of the user ID “10003”, and “10003-02” is registered in that column. (Memorized). In addition, the finger ID “01” of the user ID “10002” is determined to be similar to the finger ID “03” of the user ID “10003”, and “10003-03” is registered (stored) in that column. Also, it is determined that the finger ID “02” of the user ID “10003” is similar to the finger ID “04” of the user ID “10001”, and “10001-04” is registered (stored) in that column. Also, it is determined that the finger ID “03” of the user ID “10003” is similar to the finger ID “01” of the finger ID “10002”, and “10002-01” is registered (stored) in that column.

  The input order information 223 stores an input order of fingers to be authenticated at the time of authentication and an action ID (information for identifying an action type indicating the control content of the door 51 after successful authentication). The input order information 223 is updated by the user via the terminal 40. Specifically, as shown in FIG. 4, the input order information 223 stores at least information associated with a user ID, a start finger, an action ID, and an action determination finger order list.

  The user ID is the same as the user ID of the personal information 221 shown in FIG. The start finger is the first input finger at the time of authentication and is determined by the user. The start finger is determined from the biometric data (registered biometric data) registered in the biometric data information 222 shown in FIG. However, when the minimum value of the number of motion determination fingers registered in the motion determination finger order list is one, the number of fingers of other same user IDs registered in the misauthentication list is 2 If there are more than one, it must be determined from among the finger IDs determined not to be similar to the fingers of other same user IDs. This is because biometric information is input in the order of the start finger (one) and the action determination finger (one), and therefore it is determined that both the start finger and the action determination finger are similar to the fingers of other same users. This is because it becomes impossible to determine the user ID. The action ID is identification information given to the action type (control content).

  The action determination finger order list indicates the input order of fingers input after the start finger (that is, input after the second at the time of authentication). This input order is determined by the user. For example, in the case of the operation ID “F1” of the user ID “10001”, the finger ID “02” is registered in the operation determination finger order list. This finger ID “02” is “left index finger” when referring to the finger name when the finger ID “02” is the user ID “10001” of the personal information 221 shown in FIG. In the case of the operation ID “F2” of the user ID “10001”, the finger ID “03, 05” is registered in the operation determination finger order list. As described above, when a plurality of “03, 05” are registered in the action determination finger order list, it is indicated that the finger IDs “03” and “05” need to be input in this order. By the way, the finger ID “03” is “left ring finger” when referring to the finger name at the finger ID “03” in the user ID “10001” of the personal information 221 shown in FIG. The finger ID “05” is a “right index finger” when the finger name at the time of the finger ID “05” by the user ID “10001” of the personal information 221 shown in FIG.

  Note that the action determination finger is selected from other than the start finger. Further, the minimum value of the number of finger IDs registered in the action determination finger order list is determined by the authentication condition information 224 shown in FIG.

Next, the authentication condition information 224 will be described with reference to FIG. The authentication condition information 224 is generated and updated by the system administrator of the entrance / exit management system 500.
As shown in FIG. 5, the authentication condition information 224 associates at least an operation ID, an operation type, an operation determination finger minimum input number, and an operation when re-determination is impossible.
The action ID is the same as the action ID of the input order information 223 shown in FIG. The action type represents control contents such as “temporary unlocking”, “continuous unlocking”, “continuous locking”, “warning setting”, “warning release”, and the like.

  The minimum number of movement determination fingers to be input is information for setting the minimum number of movement determination fingers to be input for each movement ID. For example, in FIG. 5, in the case of the motion ID “F1”, the minimum number of motion determination finger inputs is “1”. That is, in order to satisfy the authentication condition of the motion ID “F1”, the minimum number of motion decision finger inputs must be 1 or more. When the operation ID “F1” of the user ID “10001” is referred to in the input order information 223 illustrated in FIG. 4, the finger ID “02” is set, and in the case of the operation ID “F1” of the user ID “10002”, the finger ID “ "02, 03" is set, and it can be seen that both satisfy the authentication conditions.

Also, setting the minimum number of movement determination finger inputs from “1” to “2” increases the number of options for the start finger, which can improve the convenience of the user, and the biometric authentication device 10. Security can be improved. The reason will be described below.
When the minimum number of movement determination finger inputs is “1” and when two or more finger IDs of other same user IDs are registered in the misauthentication list, it is determined that the finger is similar to other fingers of the same user ID The finger that has been placed must be excluded from the starting finger. In addition, when the minimum number of movement determination finger inputs is “2” and three or more finger IDs of other same user IDs are registered in the misauthentication list, similar to other fingers of the same user ID The determined finger must then be excluded from the starting finger. In general, the probability that a finger of another same user ID is registered in the misauthentication list decreases rapidly in the order of registration of one, two registrations, and three registrations. Tend to be. In other words, setting the minimum number of movement determination finger inputs from “1” to “2” increases the number of choices for the start finger and can improve the convenience for the user. Also, by setting the minimum number of movement determination finger inputs from “1” to “2”, the number of movement determination finger inputs at the time of authentication increases, so the security of the biometric authentication device 10 can be improved.

  Next, the “operation when the re-determination is impossible” of the authentication condition information 224 shown in FIG. 5 will be described. The re-determination in “operation when re-determination is impossible” means that after the user ID and the operation ID are specified by the authentication process, the authentication processing unit 112 determines whether or not the authentication process satisfies the authentication condition. It is to be. That is, the case where re-determination is impossible is a case where authentication conditions are not satisfied by re-determination. The operation when the redetermination is impossible is either “permitted” or “prohibited”. In the case of “permitted”, even when the determination is impossible, door control information for controlling the door 51 is generated and the door 51 is controlled as in the case of successful authentication. However, in the case of “prohibited”, the door control information is not generated and the door 51 is not controlled.

Here, the reason for executing this redetermination process will be described.
When the number of registered biometric data increases, it is determined that both the acquired biometric data and the registered biometric data are similar, and the number of fingers registered in the misauthentication list (see FIG. 3) increases. I will do it. In this case, as described above, the security of the biometric authentication device 10 can be improved by changing the authentication condition information 224 shown in FIG. That is, the reason for executing the re-determination process is that the minimum number of operation determination finger inputs in the authentication condition information 224 shown in FIG. 5 is appropriately changed as the number of biometric data registrants increases or decreases. This is in order to be able to cope.
Therefore, the authentication processing unit 112, as an authentication condition for re-determination, (1) that the misauthentication lists of both the input start finger and the action determination finger do not include other identical user IDs ( 2) It is determined whether or not the two conditions that the number of movement determination fingers input is equal to or greater than the minimum movement determination finger input number are satisfied.

  FIG. 6 shows an example of an input screen for setting conditions for the operation determination finger minimum input number of the authentication condition information 224 (see FIG. 5) and the operation when re-determination is impossible. As in the operation type column of the authentication condition information 224 shown in FIG. 5, “temporary unlocking”, “continuous unlocking”, “continuous locking”, “alert setting”, and “alarm release” are described in the operation column. . In the setting content column, “operation determination finger minimum input number” and “operation when re-determination is impossible” of the authentication condition information 224 shown in FIG. 5 are shown. In the condition column, a column for accepting numeric input for the “minimum number of inputs for action determination finger”, and a column for accepting an operation selection from the pull-down menu for “operation when redetermination is impossible” Is provided.

(Registration process flow)
Next, an example of a biometric information registration processing flow will be described with reference to FIG. 7 (see FIGS. 1 to 4 as appropriate). Further, in the description of the registration processing flow, a case where the finger ID “05” of the user ID “10003” is registered will be described as a specific example with reference to FIGS. 8A shows personal information 221a after registration update, and FIG. 8B shows biometric data information 222a after registration update. In FIGS. 8A and 8B, black and white gradation is added to the data column registered in the registration processing flow.

First, before the process of step S701, the processing unit 21 of the biometric information registration device 20 receives at least a user ID, a finger ID, a finger name, and a contact address as personal data from an input device (such as a mouse or a keyboard) (not shown). And the user ID and the contact information are stored (registered) in the personal information 211 (see FIG. 2) of the storage unit 22. The processing unit 21 temporarily stores the input “right ring finger” as a finger name.
In step S701, the biometric input unit 212 receives biometric information to be registered (finger) and acquires biometric data to be registered (finger vein data).

  In step S702, the registration processing unit 213 collates the acquired biometric data with the registered biometric data of the user ID to be registered. For example, in the biometric data information 222a shown in FIG. 8B, when biometric data of the finger ID “05” of the user ID “10003” is registered, the biometric data (finger vein data) and the user ID “10003” are registered. The registered biometric data (registered finger data) of the finger IDs “01” to “04” is collated.

In step S703, the registration processing unit 213 determines whether there is similar registered biometric data.
If it is determined that there is similar registered biometric data (Yes in step S703), the process proceeds to step S704. If it is determined that there is no similar registered biometric data (No in step S703), the process proceeds to step S704. The process proceeds to S705.

  In step S <b> 704, the registration processing unit 213 determines that registration has failed, and displays a message regarding registration failure on the display unit 211. And a process is complete | finished after execution of step S704.

  In step S <b> 705, the registration processing unit 213 registers “right ring finger” temporarily stored in the finger name of the personal information 221 and registers “(finger vein data)” in the data type of the biometric data information 222. As a result, in the personal information 221a of FIG. 8A, “right ring finger” is stored (registered) in the finger name column corresponding to the finger ID “05” of the user ID “10003”. Further, as shown in FIG. 8B, in the biometric data information 222a, “(finger vein data)” is stored in the data type column corresponding to the finger ID “05” of the user ID “10003” ( be registered.

  In step S706, the registration processing unit 213 collates the registered biometric data with registered biometric data other than the registered user ID. For example, in the biometric data information 222a shown in FIG. 8B, when biometric data with the finger ID “05” of the user ID “10003” is registered, the biometric data and the finger IDs of the user IDs “10001” and “10002” are registered. Check all registered biometric data.

In step S707, the registration processing unit 213 determines whether there is similar registered biometric data.
If it is determined that there is similar registered biometric data (Yes in step S707), the process proceeds to step S708, and if it is determined that there is no similar registered biometric data (No in step S703), the process ends. To do.

  In step S708, the registration processing unit 213 registers a finger similar to the erroneous authentication list of the biometric data information 222 illustrated in FIG. For example, in the biometric data information 222a shown in FIG. 8B, when the biometric data of the finger ID “05” of the user ID “10003” is registered, it is determined to be similar to the finger ID “02” of the user ID “10001”. Thus, “10001-02” is registered in the erroneous authentication list field of the finger ID “05” of the user ID “10003”. In addition, “10003-05” is registered in the mis-authentication list field of the finger ID “02” of the user ID “10001”. Note that “10001-02” represents the finger ID “02” of the user ID “10001”, and “10003-05” represents the finger ID “05” of the user ID “10003”. It is a representation.

  Next, a case where the start finger and the action determination finger order list of the user ID “10003” are registered in the input order information 223 shown in FIG. 4 will be described with reference to FIGS. 8 (a) (b)).

  First, the registration process of the start finger of the user ID “10003” will be described. In the present invention, authentication is performed using only biometric information without using a user identifier as shown in the technique described in Patent Document 1. Therefore, in order to omit the input of the user identifier, it is necessary to collate with all the registered biometric data to identify the user. Therefore, if one piece of biometric data is determined as a starting finger for each user, the authentication process for specifying the user may be 1: N (N is the number of user IDs).

  FIG. 9 shows an example of the start finger selection screen for the user ID “10003”. In FIG. 9, the right middle finger “01”, the right index finger “03”, and the left index finger “04” are displayed as candidates for the start finger, and radio buttons (double circles) are displayed so that they can be selectively input. Further, referring to the authentication condition information 224 shown in FIG. 5, the minimum number of movement determination finger inputs is “1”. Therefore, the candidate for the starting finger is determined except for a user ID in which two or more fingers are stored in the misauthentication list. Specifically, referring to the erroneous authentication list of the biometric data information 222a shown in FIG. 8B, the finger IDs “02” and “05” of the user ID “10003” are similar to the finger of the user ID “10001”. To do. With respect to this similar finger, it can be seen from the personal information 221a that the finger name of the finger ID “02” is “left middle finger” and the finger name of the finger ID “05” is “right ring finger”. Therefore, the right middle finger “01”, the right index finger “03”, and the left index finger “04” are displayed as candidates for the start finger shown in FIG.

  In the start finger selection screen shown in FIG. 9, the radio button for the right index finger “03” is selected. As a result, “03” is stored (registered) in the start finger column of the user ID “10003” in the input order information 223a after the registration update shown in FIG.

  Next, a case where the action determination finger order list corresponding to the action ID “F1” of the user ID “10003” is registered in the input order information 223 illustrated in FIG. 4 will be described. FIG. 10 shows an example of the action determination finger selection screen. In FIG. 10, the right middle finger “01”, the left middle finger “02”, the left index finger “04”, and the right ring finger “05” are displayed as motion decision finger candidates, and radio buttons (double circles) are provided for selection input. ) Is displayed. The motion determination finger candidates are obtained by removing the right index finger “03” set as the start finger. Accordingly, the right middle finger “01”, the left middle finger “02”, the left index finger “04”, and the right ring finger “05” are displayed as candidates for the start finger shown in FIG.

  In the action determination finger selection screen shown in FIG. 10, the right middle finger “01” radio button is selected. Note that the minimum number of movement determination finger inputs for the movement ID “F1” is “1” with reference to the authentication condition information 224 shown in FIG. Therefore, “01” is stored (registered) in the column of the action determination finger order list of the user ID “10003” in the input order information 223a illustrated in FIG. When the minimum number of movement determination finger inputs is “2”, the radio button may be selected according to the input order of the movement determination fingers.

(Authentication process flow)
Next, an example of the flow of authentication processing will be described with reference to FIG. Here, it is assumed that the input is made in the order of the start finger, the motion determination finger (one), and the end finger.

First, the reason why the end finger is the same as the start finger will be described before the description of the processing flow.
As can be seen from the action determination finger order list of the input order information 223a in FIG. 11, the number of fingers input at the time of authentication differs for each action ID even for the same user ID. In addition, since the input order of the action determination finger may be the same until halfway, in order to determine the end of the input, it is confirmed that there is no finger input for a predetermined time, or the finger input is made when the end finger is input Either means of explicitly indicating the end of the is required. Therefore, in the present invention, the end finger is used.

  Further, since the end finger is determined to be the same finger as the start finger, the processing unit 11 temporarily stores the first-input biometric data of the finger at the time of authentication, and the second and subsequent biometric data stored temporarily. By comparing with the biometric data of the finger input to, it is found that the end finger is input if both are similar. This is effective when using a microcomputer with a slow processing speed in order to keep the cost of the biometric authentication device 10 low.

  That is, even if the processing speed of the microcomputer is slow, it does not take a long time to determine whether the first input finger at the time of authentication is the same as the second input finger or the like. . However, in order to specify the user ID of the first input finger at the time of authentication, it is necessary to collate with the biometric data of the start finger of all the user IDs. Cost. Therefore, even when the user ID of the starting finger has not yet been specified, the processing unit 11 collates the first stored biometric data with the second and subsequent input biometric data. If they are similar, it can be easily determined that the finger is an end finger. Thus, if the start finger and the end finger are made the same, there is an advantage that at least the input of the end finger can be recognized without taking a long time.

  In addition, when a collation result (authentication success or failure) is presented to the user for each input of a finger, a hint of authentication success for a malicious user attempt is given. Therefore, in the present invention, it is possible to receive a series of inputs in the order of the start finger, the motion determination finger, and the end finger, and display the authentication result after determining that the end finger has been input.

In step S1201, the biometric input unit 111 receives a first input at the time of authentication.
In step S1202, the biometric input unit 111 acquires biometric data (finger vein data).

In step S <b> 1203, the biometric input unit 111 transmits a completion notification indicating that the biometric data acquisition is completed to the display unit 113 when the biometric data acquisition is completed.
In step S1204, the display unit 113 receives a completion notification and displays a reception completion. And the display part 113 generate | occur | produces the warning (for example, beep) of a 1st pattern from a warning generation part with the display of reception completion. Further, the display unit 113 may display a message that prompts input of the next finger.

In step S <b> 1205, the biometric input unit 111 transmits an authentication request including the biometric data to the authentication processing unit 112 when the acquisition of the biometric data is completed.
In step S1206, the authentication processing unit 112 receives an authentication request, extracts biometric data from the authentication request, temporarily stores the extracted biometric data, and starts a start finger specifying process. Specifically, the authentication processing unit 112 obtains the first biometric data acquired at the time of authentication and the biometric data (starting biometric data) of the start fingers of all user IDs shown in the input order information 223a of FIG. The process for collating and narrowing down the user ID is started. The start finger identification process requires a long time because there are a large number of collations.

Next, in step S <b> 1211, the biological input unit 111 receives an input of the next finger (motion determination first finger). Here, the next finger is the second finger acquired at the time of authentication. At this time, in the authentication processing unit 112, if the specifying process of the start finger is not completed, the specifying process is temporarily interrupted, and the processes from steps S1211 to S1216 are prioritized.
In step S1212, the biometric input unit 111 acquires biometric data (finger vein data).

In step S <b> 1213, when the biometric data acquisition is completed, the biometric input unit 111 transmits a completion notification indicating that the biometric data acquisition is completed to the display unit 113.
In step S1214, the display unit 113 receives the completion notification and displays the reception completion. And the display part 113 generate | occur | produces the warning (for example, beep) of a 1st pattern from a warning generation part with the display of reception completion.

In step S <b> 1215, the biometric input unit 111 transmits an authentication request including biometric data to the authentication processing unit 112 when the biometric data acquisition is completed.
In step S1216, the authentication processing unit 112 receives the authentication request, extracts biometric data from the authentication request, and extracts the biometric data temporarily stored in step S1206 (that is, the first acquisition). Matched biometric data). Here, the reason why the authentication processing unit 112 collates with the first acquired biometric data is to determine whether or not the end finger has been input because the number of input motion determination fingers differs depending on the operation ID. . Then, if the authentication processing unit 112 determines that the result is not similar (not the end finger) from the collation result, the authentication processing unit 112 determines that the input is an operation determination first finger, temporarily stores the second acquired biometric data, and interrupts it. The starting finger identification process that was being performed is resumed. Further, the display unit 113 may display a message that prompts input of the next finger.

Next, in step S1221, the biometric input unit 111 receives an input of the next finger (end finger). Here, the next finger is the third finger acquired at the time of authentication. At this time, in the authentication processing unit 112, if the start finger specifying process is not completed, the specifying process is temporarily interrupted, and the processes in steps S1221 to S1227 are prioritized.
In step S1222, the biometric input unit 111 acquires biometric data (finger vein data).

In step S1223, the biometric input unit 111 transmits a completion notification indicating that the biometric data acquisition is completed to the display unit 113 when the biometric data acquisition is completed.
In step S1224, the display unit 113 receives the completion notification and displays the reception completion. And the display part 113 generate | occur | produces the warning (for example, beep) of a 1st pattern from a warning generation part with the display of reception completion.

In step S <b> 1225, the biometric input unit 111 transmits an authentication request including the biometric data to the authentication processing unit 112 when the biometric data acquisition is completed.
In step S1226, the authentication processing unit 112 receives the authentication request, extracts biometric data from the authentication request, and extracts the biometric data temporarily stored in step S1206 (that is, first acquired). Matched biometric data). Here, the reason why the authentication processing unit 112 collates with the first acquired biometric data is to determine whether or not the end finger has been input because the number of input motion determination fingers differs depending on the operation ID. .

  In step S <b> 1227, when the authentication processing unit 112 determines that they are similar (is an end finger) from the collation result, the authentication processing unit 112 transmits an end notification indicating that the input of the end finger has been confirmed to the biometric input unit 111. When receiving the end notification, the biometric input unit 111 causes the display unit 113 to display “authenticating” or the like, and does not accept a finger input until a predetermined time or the process of step S1234 ends. To. If the authentication processing unit 112 determines that the end finger is similar (end finger), the authentication processing unit 112 temporarily stores the input of the end finger, and resumes the interrupted start finger specifying process. Then, when the start finger specifying process is completed, user IDs related to the first acquired biometric data are narrowed down.

  In step S <b> 1228, the authentication processing unit 112 performs the operation determination first finger specifying process using the registered biometric data of the narrowed user ID. Specifically, the authentication processing unit 112 collates the second acquired biometric data with the registered biometric data of the narrowed-down user ID, and determines the operation determination first finger and its user ID. In addition, since the user ID is narrowed down, the operation determination first finger specifying process can be completed in a short time.

In step S1231, when the action determination first finger is specified and the end finger is input, the authentication processing unit 112 sends an authentication result notification indicating the authentication result including the action ID corresponding to the action determination first finger. It transmits to the display unit 113.
In step S1232, the display unit 113 receives the authentication result notification. When the authentication result is successful, the display unit 113 turns on the green LED and generates a first pattern alarm (for example, a beep) from the alarm generation unit. To do. Further, the display unit 113 receives the authentication result notification, and when the authentication result is an authentication failure, the display unit 113 turns on the red LED and generates a second pattern alarm (for example, beep) from the alarm generation unit.

In step S1233, the authentication processing unit 112 transmits a control request indicating the identified operation ID to the door control unit 114.
In step S1234, the door control unit 114 receives the control request, extracts the operation ID, and generates door control information for controlling the door based on the extracted operation ID.

  Next, as a specific example of the authentication processing flow, the user ID “10003” inputs the finger ID “03” as the start finger, the finger ID “01” as the operation determination first finger, and the finger ID “03” as the end finger The case will be described below with reference to the processing flow shown in FIG.

  In step S1202, the biometric input unit 111 acquires biometric data (starting biometric data) of the start finger that is input first at the time of authentication. In step S1206, the authentication processing unit 112 receives the biometric data of the start finger, and collates with all the biometric data already registered in the start finger registered in the input order information 223a shown in FIG. Specifically, the authentication processing unit 112 collates with the finger ID “01” of the user ID “10001”, the finger ID [01] of the user ID “10002”, and the finger ID “03” of the user ID “10003”. .

  When the start finger specifying process is completed, as shown in the erroneous authentication list of the biometric data information 222a in FIG. 8B, the authentication processing unit 112 receives the biometric data of the received start finger as the user ID “10002”. ”Or a user ID“ 10003 ”. That is, the authentication processing unit 112 can narrow down the user ID.

  Next, in step S <b> 1228, the authentication processing unit 112 determines the start finger of the user ID “10002” registered in the action determination first finger biometric data and the action determination finger order list of the input order information 223 a illustrated in FIG. 11. Collation is made with four other than the ID “01” and one with the finger ID “01” of the user ID “10003”. Then, the authentication processing unit 112 specifies the finger ID “01” of the user ID “10003” as the operation determination first finger. The reason is that there is no biometric data similar to the finger ID “01” of the user ID “10003”, as is apparent from the erroneous authentication list of the biometric information 222a shown in FIG. Further, in step S1226, since the authentication processing unit 112 has already acquired the end finger, the user's series of operations is the operation ID “F1 (temporary unlocking)” performed by the user ID “10003”. Can be determined.

  If the number of action determination fingers is N (N ≧ 2), the processes in steps S1211 to S1216 are repeated N times. In step S1228, a process of specifying the motion determination second finger to the Nth finger is executed.

  As described above, the biometric authentication device 10 of the present invention is the same as the predetermined action determination finger and start finger in the order of input of the finger corresponding to the predetermined start finger and action ID. Biometric data is received by receiving input of biometric information in the order of the end finger indicating the end of input. Then, as shown in FIG. 12, the biometric authentication device 10 executes an authentication process to determine an operation ID corresponding to the input user ID and the input order of the operation determination finger.

  Specifically, the biometric authentication device 10 includes a user ID, start finger biometric data (the first biometric data acquired at the time of authentication), an operation ID, and an action determination finger that defines a finger input order corresponding to the action ID. It includes a storage unit 12, a biometric input unit 111, and an authentication processing unit 112 that store the biometric data registered for a plurality of fingers in association with each other in the order list. The biometric input unit 111 receives biometric information and acquires biometric data. Also, the authentication processing unit 112 collates the first biometric data acquired at the time of authentication with the start biometric data, and narrows down the user ID related to the first biometric data acquired. Each acquired biometric data is collated with the first acquired biometric data. And when it determines with both not being similar from the collation result from the collation result, the authentication process part 112 collates each biometric data acquired after 2nd and the registered biometric data of the narrowed-down user ID, and 2nd or later. The control content is determined by specifying the user ID of the acquired biometric data and the input order of the biometric data. If the authentication processing unit 112 determines that both are similar from the comparison result, the authentication processing unit 112 determines that the input has been completed.

  By providing such a configuration, the biometric authentication device 10 can change the control content according to the input order of the biometric information by using the input of only the biometric information. In addition, the determination of the start finger in advance means that the amount of calculation for narrowing down the user ID of the first biometric data acquired at the time of authentication from the biometric input unit 111 is smaller than when the start finger is not determined in advance. It has the effect of greatly reducing.

  In the present embodiment, each of the biometric data information 121, the input order information 122, and the authentication condition information 123 stored in the storage unit 12 of the biometric authentication device 10 is stored in the storage unit 22 of the biometric information registration device. The biometric data information 222, the input order information 223, and the authentication condition information 224 have been described as being the same. However, when the passage authority is set for each user, the biometric authentication apparatus 10 may acquire only the information related to the user for which the passage authority is set and store the information in the storage unit 12.

  In FIG. 12, in the authentication processing unit 112, if the start finger specifying process is not completed, the specifying process is temporarily interrupted, and the processes from step S1211 to S1216 and the processes from step S1221 to 1227 are prioritized. Explained. However, when there is a margin in the processing load of the processing unit 11, processing may be performed in parallel without interrupting the start finger identification processing.

  In the present embodiment, the display unit 113 includes, for example, two LEDs (Light Emitting Diodes) of red and green (not shown), and turns on one of the LEDs according to the authentication result. Although described, the display may be performed on a display device (not shown) instead of the LED.

In addition, this invention is not limited to above-described embodiment, Various modifications are included. For example, the above-described embodiment has been described in detail for easy understanding of the present invention, and is not necessarily limited to one having all the configurations described. In addition, a part of the configuration of a certain embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of a certain embodiment. In addition, it is possible to add, delete, and replace other configurations for a part of the configuration of each embodiment.
Each function or the like of the biometric authentication device 10 may be realized by hardware by designing a part or all of the functions, for example, with an integrated circuit. Each function of the processing unit 11 may be realized by software by interpreting and executing a program that realizes each function by the processor. Information such as programs, tables, and files for realizing each function is stored in a memory, a recording device such as a hard disk or SSD (Solid State Drive), or a recording medium such as an IC card, SD card, or DVD (Digital Versatile Disc). be able to.
In addition, the control lines and information lines are those that are considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. In practice, it may be considered that almost all configurations are connected to each other.

DESCRIPTION OF SYMBOLS 10 Biometric authentication apparatus 11 Processing part 12 Storage part 13 Communication part 20 Biometric information registration apparatus 21 Processing part 22 Storage part 23 Communication part 30 Network 50 Door control apparatus 51 Door 111 Biometric input part 112 Authentication processing part 113 Display part 114 Door control part DESCRIPTION OF SYMBOLS 211 Display part 212 Biometric input part 213 Registration process part 121,222,222a Biometric information 122,223,223a Input order information 123,224 Authentication condition information 221,221a Personal information 500 Entrance / exit management system

Claims (5)

A biometric input unit that receives biometric information and acquires biometric data;
For each user ID for identifying a user, the correspondence between the start biometric data indicating registered biometric data to be compared with the first biometric data acquired at the time of authentication, and the input order of the acquired biometric data and the control content A storage unit that stores a plurality of registered biometric data used for collation and the determined action determination order information;
The first biometric data acquired at the time of authentication and the start biometric data are collated to narrow down the user ID related to the first acquired biometric data, and the second and subsequent biometric data acquired at the time of authentication Are compared with the first acquired biometric data, and the biometric data acquired after the second and the registered biometric data of the narrowed-down user ID are If the user ID of the biometric data acquired after the verification and the input order of the acquired biometric data are specified and the control content is determined, and it is determined that the comparison results are similar, the input is completed. An authentication processing unit for determining;
A biometric authentication device comprising: The starting biometric data of the user ID is
The number determined that the registered biometric data of the user ID is similar to the registered biometric data of the same user ID is the minimum number of the biometric data set in the input order of the action determination order information When there are more than the total number calculated by adding 1 to the value,
The biometric authentication device according to claim 1, wherein the biometric authentication device is determined from registered biometric data of the user ID determined not to be similar to the registered biometric data of the other same user ID.   The biometric authentication device according to claim 1, further comprising a door control unit that generates door control information indicating information for controlling the door based on the control content. A biometric authentication method for a biometric authentication device that accepts input of biometric information and executes authentication processing on the biometric information,
The biometric authentication device is:
For each user ID for identifying a user, the correspondence between the start biometric data indicating registered biometric data to be compared with the first biometric data acquired at the time of authentication, and the input order of the acquired biometric data and the control content A storage unit that stores a plurality of registered biometric data used for collation and predetermined action determination order information and collation,
A biometric input step for receiving biometric information and acquiring biometric data;
Collating the first biometric data acquired at the time of authentication with the start biometric data, and narrowing down the user ID related to the first biometric data,
A collation step of collating each biometric data acquired after the second authentication and the first biometric data acquired at the time of authentication;
If it is determined that the results are not similar, the second and subsequent biometric data users obtained by collating each biometric data acquired after the second and the registered biometric data of the narrowed-down user ID Determining the control content by specifying the input order of the ID and the acquired biometric data;
A biometric authentication method characterized by executing a step of determining that the input has been completed when it is determined that the comparison results are similar. A biometric input unit that receives biometric information and obtains biometric data;
For each user ID for identifying a user, the correspondence between the start biometric data indicating registered biometric data to be compared with the first biometric data acquired at the time of authentication, and the input order of the acquired biometric data and the control content A storage unit for storing a plurality of registered biometric data used for collation and the determined action determination order information;
The first biometric data acquired at the time of authentication and the start biometric data are collated to narrow down the user ID related to the first acquired biometric data, and the second and subsequent biometric data acquired at the time of authentication Are compared with the first acquired biometric data, and the biometric data acquired after the second and the registered biometric data of the narrowed-down user ID are If the user ID of the biometric data acquired after the verification and the input order of the acquired biometric data are specified and the control content is determined, and it is determined that the comparison results are similar, the input is completed. An authentication processing unit for determining,
A door control unit that generates door control information indicating information for controlling the door based on the control content;
A communication unit for transmitting the door control information to the door control device;
A biometric authentication device,
The door control device for receiving the door control information and controlling the door; and
An entrance / exit management system comprising: