JP2017001615A - Authentication apparatus, authentication system, and authentication method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable the lending of authority while keeping security, in an authentication system used for authenticating a passenger of a vehicle using biological information.SOLUTION: An authentication apparatus incorporated in a vehicle includes: identification means for identifying a user by using biological information; storage means for storing authority information that is information correlating a user with authority given to the user; control means for starting an engine, or opening and closing a door, on the basis of the identified user and the authority information corresponding to the user; and authority-giving means for obtaining biological information corresponding to a second user that is a new user, with a first user identified, and generating authority information corresponding to the second user. Further, the authority provision means gives, to the second user, authority equivalent to or less than the authority that the first user is given.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a biometric authentication system in a vehicle.

  In recent years, techniques for performing authentication using biometric information have shown signs of widespread use. Also, in the field of automobiles where security is regarded as important, there is known a technique for determining whether door unlocking or vehicle engine starting can be performed using fingerprints, vein patterns, iris patterns, or the like.

  On the other hand, when biometric information is used as a key, there is a problem that it is difficult to temporarily lend the key. For example, if you want to temporarily lend a key, such as a hotel or maintenance shop staff or a passenger traveling together, you need to lend a physical key. However, if these methods are adopted, even if it is desired to use the vehicle temporarily, the vehicle can be used without limitation, which causes a security problem.

  As an invention for dealing with this problem, there is a biometric authentication system described in Patent Document 1. In addition to biometric authentication, the biometric authentication system is a system that can be unlocked by a physical key (bullet key), and has a feature that a range in which the bullet key is valid can be set. According to the invention described in Patent Document 1, the effectiveness of the bullet key can be stopped when a predetermined travel distance is reached or when a predetermined time has elapsed, and thus security risks can be reduced.

JP 2008-120284 A JP 2008-090421 A

  In an automobile employing a biometric authentication system, the engine cannot be started and the door cannot be unlocked unless there is a driver who has a legitimate authority. On the other hand, there may occur a scene where it is desired to temporarily lend a key to a passenger, such as when traveling in a car with a large number of people. However, in the technique described in Patent Document 1, since a dedicated bullet key is used, the key cannot be lent to many passengers at the same time. Further, in the system described in Patent Document 1, since there is only one type of authority, for example, a request such as “I do not allow passengers to start the engine but only to unlock the door” is satisfied. I can't.

  The present invention has been made in consideration of the above-described problems, and an object of the present invention is to enable authority lending while ensuring security in a system for authenticating a vehicle occupant using biometric information.

An authentication device according to the present invention is an authentication device mounted on a vehicle, which identifies a user using biometric information and enables access to the vehicle such as unlocking a door or starting an engine. It is.
Specifically, the identification means for identifying the user using biometric information, the storage means for storing the authority information, which is information relating the user and the authority granted to the user, and the identified Based on the user, the control means for starting the engine or unlocking the door based on the authority information corresponding to the user, and the living body corresponding to the second user who is the new user in a state where the first user is identified Authority granting means for acquiring information and generating authorization information corresponding to the second user, the authorization granting means possessed by the first user with respect to the second user It is characterized by granting the authority that is equal to or less than the authority that is present.

The biological information used by the identification means may be any information as long as it is information unique to the human body. For example, fingerprints, facial feature quantities, retina and iris feature quantities, vein patterns, voiceprints, and the like can be used.
The control means is means for unlocking the door and starting the engine based on the authority of the identified user. The authority that the user has may be divided into a plurality of types. For example, it may be divided into an authority that can only unlock the door and an authority that can start the engine in addition to unlocking the door. Further, the authority may be permanent or temporary. The access target may be other than a door or an engine. For example, whether or not to unlock a trunk room or a security box, wireless communication, or the like may be controlled.

The authority granting means is a means for registering a new user according to the authority of a user who has already been authenticated. The authority that can be granted when the authority grant means registers the user is equal to or less than that of the user under the current authentication. For example, a user who can only unlock the door cannot give the new user the authority to start the engine. Also, a user having temporary authority cannot give permanent authority to a new user.
According to such a configuration, in a system using biometric authentication, it is possible to allow other users to use the vehicle while maintaining security.

  The authority includes a first authority capable of unlocking the door and starting the engine, and a second authority capable of unlocking only the door, and the authority providing means includes the first authority. When the user has the first authority, the first authority or the second authority is granted to the second user, and the first user has the second authority. The second authority may be given to the second user.

  In this way, a user who has the authority to unlock the door and start the engine (first authority) is the same as the first authority for the new user, or the authority that can only unlock the door (second authority). May be granted. That is, the second authority is an authority positioned lower than the first authority.

  In addition, when the first user has the first authority, the authority granting unit has a third authority in which an expiration date is added to the first authority to the second user, or A fourth authority in which an expiration date is added to the second authority may be given.

  Thus, security can be improved by adding an expiration date to the authority to be granted. The expiration date may be specified by relative time or absolute time when granting authority. The expiration date does not necessarily have to be expressed in time. For example, it may be a time limit set based on the travel distance of the vehicle.

  In addition, the identification unit identifies a user based on an image captured by a camera installed outside the vehicle, and the control unit performs vehicle door detection based on the identification result performed by the identification unit. It is good also as determining whether unlocking is carried out.

  Thus, when determining whether or not the door can be unlocked, it is preferable to acquire the user's biological information using a camera that captures the outside of the vehicle. When a camera is used, authentication can be performed based on a face, an iris pattern, a retina pattern, or the like.

  In addition, the identification unit identifies a user based on an image captured by a camera facing the driver's seat of the vehicle, and the control unit permits the engine to start based on the identification result performed by the identification unit. It may be characterized by determining whether or not to do.

  On the other hand, when determining whether or not the engine can be started, it is preferable to obtain the user's biological information using a camera that can capture an image of the user sitting in the driver's seat. Further, a camera that images the outside of the vehicle and a camera that images the driver's seat may be used in combination.

  Further, the authority granting unit calculates a feature amount corresponding to the user based on an image obtained by capturing at least a part of the face of the user who is in the vehicle, and a biometric corresponding to the second user. It is good also as information.

  For example, the feature amount of the entire face, the feature amount of the iris, the feature amount of the retina, and the like may be calculated from an image obtained by imaging the user. Note that the biological information is not necessarily a feature amount. For example, the image data itself may be used.

  Further, the control means includes a first mode in which engine start or door unlocking is permitted based on the identification result performed by the identification means, and the engine start or the engine regardless of the identification result performed by the identification means. It may be possible to switch between the second mode for permitting the unlocking of the door.

  For example, there may be a request to move a vehicle regardless of the presence of user registration, such as during a disaster. In order to cope with this, it may be possible to switch to a mode in which engine start or door unlocking is permitted regardless of the authority.

  The control means may add a predetermined restriction to the use of the vehicle when the engine is started in the second mode. The predetermined limit may be an engine output limit or a maximum speed limit.

  If the vehicle can be used without limitation regardless of the authority, the vehicle may be illegally used. Therefore, when the engine is started in the second mode, a certain restriction may be imposed on the use of the vehicle. For example, the maximum speed, engine output, cruising range and cruising time may be limited so that only limited use is possible. According to such a configuration, it is possible to cope with an emergency while ensuring security.

The authentication system according to the present invention may include the authentication device and a portable terminal that acquires biometric information corresponding to the second user and transmits the biometric information to the authentication device.
The biometric information of the new user is acquired by the portable terminal and transmitted to the authentication device, so that the user can be registered even when the new user is away from the vehicle.

  In addition, this invention can be specified as an authentication apparatus containing at least one part of the said means. Moreover, it can also specify as an authentication method which the said authentication apparatus performs. The above processes and means can be freely combined and implemented as long as no technical contradiction occurs.

  ADVANTAGE OF THE INVENTION According to this invention, in the system which authenticates the passenger | crew of a vehicle using biometric information, authority can be lent while ensuring security.

1 is a system configuration diagram of an authentication device according to a first embodiment. It is a figure explaining the position of the camera which images a user outside a vehicle. It is a figure explaining the position of the camera which images the user in a vehicle. It is an example of the table memorize | stored in a memory | storage part in 1st embodiment. It is a flowchart figure of the process which performs user authentication. It is a flowchart figure of the process which performs user registration. It is an example of a new user registration screen. It is a flowchart figure of the user registration process in 2nd embodiment. It is a system block diagram of the authentication apparatus which concerns on 3rd embodiment. It is an example of the table memorize | stored in a memory | storage part in 4th embodiment.

(First embodiment)
<System configuration>
Hereinafter, preferred embodiments of the present invention will be described with reference to the drawings.
The authentication device according to the first embodiment is a device mounted on an automobile, and is a device that determines whether door unlocking or engine starting is possible based on user's biological information.

FIG. 1 is a system configuration diagram of an authentication apparatus 100 according to the present embodiment.
The authentication device 100 includes a biometric information acquisition unit 101, a storage unit 102, a control unit 103, a CAN communication unit 104, and an input / output unit 105.

  The biometric information acquisition unit 101 is means for acquiring biometric information used for authentication. In the present embodiment, the biometric information acquisition unit 101 has two types of cameras, a first camera and a second camera, which captures human eyes using the camera and is included in the obtained image. The iris pattern to be converted into a feature value.

FIG. 2 is a diagram showing the installation position of the first camera used by the biometric information acquisition unit 101. In this example, a camera 201 is installed on the side window of the vehicle so as to face the outside of the vehicle, and images the eyes of a person who is about to get on. The camera may be installed for each door, or may be installed only for one of the doors. Moreover, you may install toward the vehicle front. For example, the camera used by the drive recorder may be shared.
FIG. 3 is a diagram showing the installation position of the second camera. In this example, a camera 301 is installed on the dashboard of the vehicle and images the eyes of a person seated in the driver's seat. For example, the camera 301 may be shared with a camera for detecting a line of sight.
The first camera is used for authentication of a user who tries to get on the vehicle, and the second camera is used for authentication of a user who tries to start the engine.

The storage unit 102 is a means for storing information related to a user to be authenticated that has been registered in advance. Specifically, as the biological information corresponding to the user, the feature amount of the iris and the authority given to the user are stored in association with each other.
Here, the authority will be described. The authentication apparatus according to the present embodiment associates the following three types of authority with the user to be authenticated.
(1) Authority to unlock the door (2) Authority to start the engine (3) Authority to register a new user (ie, grant authority) Each authority can be associated with a validity period .

FIG. 4 shows information stored in the storage unit 102 in a table format. In the present embodiment, a table (user table) for specifying a user and a table (user authority table) for specifying user authority are used.
The user table is a table that stores user biometric information. In the user table, in addition to the biometric information of the user, a user type associated with the user is defined. The user type represents the type of authority given to the user. In the present embodiment, the following five types are defined.

(1) Administrator A vehicle administrator who can perform door unlocking, engine starting, and new user registration. (2) General 1
A user who uses a vehicle on a daily basis, for example, a family of a vehicle owner. The door can be unlocked and the engine can be started, but it differs from the administrator in that there are restrictions on the users that can be registered (only guest users can be registered).
(3) General 2
This is a type in which the authority to start the engine is deleted from the user type “general 1”. For example, it is given to a user who is a vehicle owner's family and does not have a license.
(4) Guest 1
A user who uses a vehicle temporarily, for example, a user who travels together during a trip. “Guest 1” can perform door unlocking and engine start in the same manner as “General 1”, but an expiration date is set for the authority. The expiration date is set when user registration is performed, and the authority expires after this period. Also, new user registration cannot be performed.
(5) Guest 2
This is a type in which the authority to start the engine is deleted from the user type “Guest 1”. For example, it is given to a user who travels together while traveling and does not have a license.

The control unit 103 is a unit that controls the authentication apparatus according to the present embodiment. Specifically, based on the biometric information acquired by the biometric information acquisition unit, it has a function of authenticating a user and transmitting an authentication result to an ECU (Engine Control Unit) that controls the engine and the door lock. . It also has a function of registering a new user. Detailed processing will be described later.

  The CAN communication unit 104 is means for communicating with a plurality of ECUs provided in the vehicle. Specifically, the CAN communication unit 104 is connected to an in-vehicle network (CAN bus), and communicates with a plurality of ECUs using a predetermined protocol. In the present embodiment, communication is performed with an ECU that controls the engine and the door lock, but communication with other ECUs may be performed as long as it relates to vehicle security.

  The input / output unit 105 is a unit that receives an input operation performed by the user and presents information to the user. Specifically, it comprises a touch panel and its control means, a liquid crystal display and its control means. In the present embodiment, the touch panel and the liquid crystal display are composed of one touch panel display.

Each means described above may be realized by hardware designed exclusively, or may be realized by a software module. Further, it may be realized by a field programmable gate array (FPGA), an application specific integrated circuit (ASIC), or the like, or may be realized by a combination thereof.
When the above-described means is configured as software, each means functions when a program stored in the auxiliary storage device is loaded into the main storage device and executed by the CPU. (The CPU, auxiliary storage device, and main storage device are not shown)

<Process flowchart>
Next, a flowchart of authentication processing executed by the authentication apparatus according to the present embodiment will be described with reference to FIG.
The process illustrated in FIG. 5 is executed by the control unit 103 when a vehicle occupant is detected. For example, when the camera 201 detects a person facing the door of the vehicle, a process for unlocking the door is started, and when the camera 301 detects a person sitting in the driver's seat, A process for starting the engine is started. In addition, although two types are illustrated in this example, the passenger | crew in another different position may be detected and a corresponding process may be started. For example, when a person facing the rear hatch or trunk of the vehicle is detected, a process for unlocking the hatch or trunk may be started.

  First, in step S <b> 11, the biometric information acquisition unit 101 acquires an image including the user's face (hereinafter, “face image”), and cuts out a region corresponding to the eye from the obtained image. The region corresponding to the eyes can be extracted by detecting feature points corresponding to the corners of the eyes, the eyes, the centers of the eyes, and the like by a known method. Note that when the feature point detection fails, a region corresponding to the eye may be detected by matching processing. Further, resolution conversion may be performed using an arbitrary interpolation method. Further, when the face included in the image is not horizontal, a process of rotating the image may be performed by affine transformation or the like. Whether or not the face is horizontal can be determined by the inclination of a straight line connecting the center points of the left and right eyes.

Next, in step S12, the feature amount of the iris is calculated from the clipped image by a known method.
Next, in step S13, the user table stored in the storage unit 102 is referred to, and the user ID and the user type are specified based on the acquired feature amount. For example, in the example of FIG. 4, when the feature amount of the iris matches “USER001”, the user type “manager” is specified. Then, it is determined whether or not the specified user has the target authority. For example, when the process of FIG. 5 is a door unlocking process, the user authority table is referred to and it is confirmed whether or not the identified user has the authority of “door unlocking”. Further, when the process of FIG. 5 is a process of starting the engine, it is confirmed whether or not the specified user has the authority of “engine start”.

  If it is determined in step S13 that the user has the appropriate authority, the process proceeds to step S14, and the authentication result is transmitted to a corresponding ECU (for example, an engine ECU or an ECU that manages a door lock). As a result, the door is unlocked or the engine is started according to the authentication result.

  In addition, when performing door unlocking, when it is judged that the passenger | crew who authenticated by step S13 has not boarded, you may return to an unauthenticated state. For example, after unlocking the doors, if all the doors are closed and the interior of the vehicle becomes unmanned, the doors may be returned to the unauthenticated state and all the doors may be locked. Whether the interior of the vehicle is unmanned may be determined based on the result of sensing the interior of the vehicle, or may be determined using other means. Further, after the doors are unlocked, if the doors are not opened for a certain time, the doors may be returned to the unauthenticated state and all the doors may be locked.

  Similarly, when it is determined that the engine is to be started, if it is determined that an authenticated occupant is not in the vehicle, the engine may be returned to an unauthenticated state. For example, when the seat on which the occupant is seated becomes unattended, the engine may be stopped and returned to the unauthenticated state, or may be returned to the unauthenticated state every time the engine is stopped. .

<User registration process>
Next, a process for newly registering a user will be described.
There are three types of users who can perform user registration: “manager”, “general 1”, and “general 2”. That is, user registration processing is possible when a user of any user type is on board. However, once the door is unlocked, it is free to get on and off. Therefore, it is not possible to confirm whether the user is still on the board only by the determination result when the door is unlocked. Therefore, in the present embodiment, authentication is performed again using the camera 301 provided in the driver's seat, and the user registration process is performed only when an authorized user can be identified.

This process will be described with reference to FIG. The process of FIG. 6 is started when a user who performs user registration (hereinafter, a registration execution user) performs an operation for requesting user registration via the input / output unit 105.
The processes in steps S21 to S23 are performed in that the biometric information acquisition unit 101 acquires an image using the camera 301 installed in the vehicle, and the control unit 103 determines that the identified user has the authority of “user registration”. Since it is the same as the process of step S11-S13 except for checking whether it has or not, description is abbreviate | omitted.
In step S <b> 24, information about a user to be registered (hereinafter, registered user) is acquired via the input / output unit 105. Specifically, input of information related to the authority to be granted is received from the registration execution user. In step S24, the face image of the registered user is captured, the iris feature amount is acquired, and then stored in the user table held by the storage unit 102.

The authority that can be granted depends on the authority of the user identified in step S23. For example, when the registered execution user is “administrator”, as shown in FIG.
When the registration execution user is “General 1”, “Administrator”, “General 1”, and “General 2” cannot be selected. When the registration execution user is “General 2”, in addition to this, “Guest 1” Cannot be selected.
Further, when the checked user type is a guest, it is necessary to input an expiration date.

In step S25, the user table is updated based on the input information, and user registration is executed. At this time, if the registered user is a guest, a value representing the date and time is inserted into the “expiration date” field of the user table.
If there is a value in the field, a check is performed when performing the authentication process (step S13 in FIG. 5), and if the date has passed, it is treated as an unauthorized user.

  As described above, in the first embodiment, door unlocking and engine starting are performed by performing authentication based on biometric information. Also, a new user can be registered based on the authority of the authenticated user. As a result, authority can be lent even in a system using biometric information. In addition, in the registration of a new user, it is not possible to give an authority higher than the assigned authority to another person, so that security can be ensured.

(Second embodiment)
In the first embodiment, when a user performs an explicit operation, a new user registration process is executed. On the other hand, 2nd embodiment is embodiment which detects the new user who boarded the vehicle and performs execution of user registration actively.

The system configuration of the authentication device according to the second embodiment is the same as that of the first embodiment, but the control unit 103 detects a passenger and determines whether or not to perform user registration (FIG. 8). ) Is different from the first embodiment in that it is automatically executed. Further, the biometric information acquisition unit 101 is different from the first embodiment in that it includes a camera that captures the face of the passenger. The camera that captures the passenger's face may be installed in front of each seat (near the headrest of the front row seats or near the dashboard), or in a position where you can see the interior of the car, such as near the room mirror. Good.

The processing shown in FIG. 8 is executed at a timing at which it can be determined that the passenger has boarded. For example, it may be executed at the timing when the vehicle starts running after the door of the vehicle is closed, or may be executed periodically.
The process of steps S31 to S32 is the same as the process of steps S11 to S12 except that the process is performed for each of a plurality of passengers. When there are a plurality of cameras, each of them may acquire a face image, or a single camera may acquire a plurality of face images.

  In step S33, the plurality of acquired feature quantities are compared with the feature quantities recorded in the user table, and it is determined whether or not an unregistered user is included in the passengers. As a result, if an unregistered user is included, the process transitions to step S21 and starts the registration process. For example, it confirms whether or not registration is possible for an authenticated user seated in the driver's seat, and performs user registration based on the response. The authority to be given to the registered user may be set in advance (for example, a guest user who permits only door unlocking) or may be designated by the registration executing user each time. The same applies to the expiration date when registering a guest user.

As described above, in the second embodiment, since the biological information of the passenger is automatically collected, the burden on user registration can be reduced.
In the second embodiment, whether or not registration is possible is confirmed for an authenticated user. However, confirmation may be omitted and registration may be performed automatically. By doing in this way, if it is a user who got on the vehicle once, it will become possible to get on and off freely only for the set period.

(Third embodiment)
In the first and second embodiments, user registration cannot be performed unless the vehicle is actually boarded. In contrast, the third embodiment is an embodiment in which user registration is performed via a network using a face image acquired in advance.

  FIG. 9 is a system configuration diagram of the authentication apparatus according to the third embodiment. The authentication apparatus 100 according to the third embodiment is different from the first embodiment in that the authentication apparatus 100 further includes a wireless communication unit 106 that is a means for performing wireless communication with a computer 200 that is a portable terminal possessed by an administrator. To do. In addition, the authentication device 100 according to the third embodiment has a function of acquiring information about the user from the computer 200 via the wireless communication unit 106 and performing user registration.

In the third embodiment, when the authentication apparatus 100 receives a user registration request from the computer 200, the process illustrated in FIG.
The processes performed in steps S21 to S23 are the same as those in the first embodiment except that a face image is acquired from the computer 200 via a network, and thus description thereof is omitted. The face image of the registered execution user can be acquired via a camera built in the computer 200, for example.
If the user authenticated in step S23 has the authority to perform user registration, the face image of the user performing registration is acquired in step S24. Note that the image acquired in step S24 may be an image taken using a camera built in the computer 200, or may be other (for example, an image transmitted from another computer, etc.). .

In this embodiment, the computer 200 is assumed to be a portable terminal possessed by the administrator. However, the computer 200 includes a portable terminal possessed by the administrator and a portable terminal possessed by a new user who performs registration. It may be composed of a pair. For example, first, authentication is performed by communicating with the first portable terminal possessed by the administrator, and based on the authentication result, a notification is transmitted to the second portable terminal possessed by the new user. You may make it acquire a face image from. In this way, privacy can be considered.

  The computer 200 is not necessarily a portable terminal as long as it has a function of capturing an image and a function of communicating with a network. For example, it may be a stationary computer, a smart phone, a notebook computer, a tablet terminal, or the like.

(Fourth embodiment)
The fourth embodiment is an embodiment that allows an unregistered user to unlock a door and start an engine based on a user instruction in an emergency such as a disaster.
In the fourth embodiment, a user having the authority to start the engine can set the “emergency mode” for the control unit 103.

FIG. 10 is an example of a user table and a user authority table used in the fourth embodiment. In the present embodiment, a user type “emergency driving” is added. The user type is a user type that is used only when the state of the apparatus is in the emergency mode, and is a special type that does not perform biometric authentication.
Further, when the state of the apparatus is in the emergency mode, the control unit 103 determines that the acquired biological information does not match any biological information recorded in the table in the process (step S13) illustrated in FIG. A user whose user type is “emergency driving” (hereinafter referred to as an emergency driving user) is treated as being authenticated.

  In addition, since an emergency driving user is a user type for moving a vehicle urgently at the time of a disaster, it is preferable to restrict use of the vehicle. For example, the drivable time may be set to a very short time (for example, 1 minute), and the allowable maximum speed may be limited (for example, 10 km / hour). In addition, in order to prevent unauthorized use of the vehicle, the acquired biometric information is temporarily stored, and when the same user continuously authenticates, the use is refused or the control is gradually increased. Also good.

(Modification)
The above embodiment is merely an example, and the present invention can be implemented with appropriate modifications within a range not departing from the gist thereof.
For example, in the description of the embodiment, the feature amount corresponding to the iris is obtained from the face image and authentication is performed. However, the authentication may be performed using the feature amount corresponding to the entire face. Further, a sensor other than the camera may be provided to perform authentication using other biological information such as a fingerprint or a voiceprint.
Moreover, you may handle other than a feature-value as biometric information. For example, raw data acquired by a sensor or an image acquired by a camera may be handled as biological information.

  In the description of the embodiment, three authorities of “unlocking the door”, “starting the engine”, and “user registration” are illustrated, but the authority may be other than this. Similarly, in the description of the embodiment, five types of users are exemplified, but other types of users may be used. In any case, it is only necessary that a lower authority than the authority of the registered execution user can be given to the registered user.

In the description of the embodiment, the guest user is assumed to be a user having an authority with an expiration date. However, the authority of the guest user may be limited by other than the expiration date. For example, the restriction may be performed based on the travel distance or the number of times of authentication (the number of times the door can be opened and closed, the number of times the engine can be started, etc.) In this case, the remaining distance and the number of times may be stored in the expiration date field of the user table and updated as needed.

DESCRIPTION OF SYMBOLS 100 ... Authentication apparatus 101 ... Biometric information acquisition part 102 ... Memory | storage part 103 ... Control part 104 ... CAN communication part 105 ... Input / output part

Claims (11)

An authentication device mounted on a vehicle,
An identification means for identifying a user using biometric information;
Storage means for storing authority information which is information in which a user and authority granted to the user are associated with each other;
Control means for starting the engine or unlocking the door based on the identified user and the authority information corresponding to the user;
In a state where the first user is identified, authority granting means for acquiring biometric information corresponding to the second user who is a new user and generating authority information corresponding to the second user;
Have
The authority granting unit gives the second user an authority equivalent to or less than the authority of the first user.
Authentication device. The authority includes a first authority that can unlock the door and start the engine, and a second authority that can only unlock the door,
The authorization means grants the first authority or the second authority to the second user when the first user has the first authority, and the first user Granting the second authority to the second user when having the second authority;
The authentication device according to claim 1. When the first user has the first authority, the authority granting unit has a third authority in which an expiration date is added to the first authority to the second user, or Grant a fourth authority with an expiration date added to the second authority,
The authentication device according to claim 2. The identification means identifies a user based on an image captured by a camera installed toward the outside of the vehicle,
The control means determines whether or not to unlock the vehicle door based on the identification result performed by the identification means.
The authentication device according to any one of claims 1 to 3. The identification means identifies a user based on an image captured by a camera facing the driver's seat of the vehicle,
The control means determines whether or not to allow engine start based on the identification result performed by the identification means.
The authentication device according to any one of claims 1 to 4. The authority granting unit calculates a feature amount corresponding to the user based on an image obtained by capturing at least a part of the face of the user riding in the vehicle, and biometric information corresponding to the second user; To
The authentication device according to claim 1. The control means includes a first mode in which engine start or door unlocking is permitted based on an identification result performed by the identification means, and an engine start or door door regardless of the identification result performed by the identification means. It is possible to switch between the second mode that permits unlocking,
The authentication device according to any one of claims 1 to 6. The control means applies a predetermined limit to the use of the vehicle when the engine is started in the second mode;
The authentication device according to claim 7. The predetermined limit is an engine output limit or a maximum speed limit;
The authentication device according to claim 8. An authentication device according to any one of claims 1 to 9,
A mobile terminal that acquires biometric information corresponding to the second user and transmits the biometric information to the authentication device;
An authentication system consisting of An authentication method performed by an authentication device mounted on a vehicle,
An identification step of identifying a user using biometric information;
An acquisition step of acquiring authority information, which is information in which a user and authority granted to the user are associated;
A control step of starting the engine or unlocking the door based on the identified user and the authority information corresponding to the user;
In a state where the first user is identified, an authority granting step of acquiring biometric information corresponding to the second user who is a new user and generating authority information corresponding to the second user;
Including
In the authority granting step, an authority equivalent to or less than the authority of the first user is given to the second user,
Authentication method.

Images