JP2017004115A - Person certification system and person certification program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a person certification system and a person certification program capable of easily performing personal registration and preventing impersonation.SOLUTION: When an icon of registration start is touched (S2:YES), selection choices of personal information which a user wants to register are displayed on a screen (S3) on a user terminal. Then, when the selection choice is selected and an icon of designation completion is touched (S4:YES), a registration start request and information of the selection choice which is selected by the user are sent to a registration server (S5). When a registration start notification is received from the registration server (S6:YES), controls of a camera unit, a microphone unit, and a fingerprint sensor are started, by an instruction of the registration server (S7). The controls are performed by MDM control. Therefore, by MDM control of the registration server, a video from the camera unit, and voice from the microphone unit are sent from the user terminal to the registration server (S8).SELECTED DRAWING: Figure 6

Description

  The present invention relates to an identity verification system and an identity verification program via a network.

  When opening a bank account, issuing a personal identification IC card for purchasing cigarettes, becoming a member of a video rental video rental store, etc., it is necessary to prove the identity. In the past, in order to prove the identity, a public certificate with a face photo such as a driver's license or passport was required. Therefore, the person himself / herself had to go to the store etc. with a public certificate. In recent years, biometric authentication technology has also been used, and smartphones are also equipped with a fingerprint sensor, which is confirmed by fingerprint authentication.

  Therefore, to prove your identity, you need to bring a public certificate such as a driver's license or passport. In addition, when performing personal authentication by biometric authentication, it is necessary to register in advance for a specific recognition device.

   In Patent Document 1, face photo information and information for identifying the person are stored in an ID card, or the information is stored in a credit card, and the card is used for identification. A method of using is disclosed. A method of storing such information in a mobile phone and using it for identification is also conceivable.

  In any of the above methods, an ID card that holds a driver's license, passport, or facial photo information when a user who uses some system that needs to prove himself / herself proves himself / herself. Or a credit card or a mobile phone.

  Also, with fingerprint authentication on smartphones, there is a possibility that another person will register and impersonate the fingerprint. In order to solve these problems, Patent Document 2 discloses at least one server having personal information databases for personal authentication that are interconnected in a network, and at least one information registration for registering personal information in the personal information database. A terminal and at least one operator terminal that accesses the server for identity verification, and the operator terminal includes information included in face photo information and personal information defined based on a predetermined number of password inputs A personal identification system for acquiring the password step by step from the server is disclosed. In this identity verification system, the user goes to the personal information registration office where the information registration terminal is installed, along with his / her face photo information, name, age, along with a passport or a driver's license, a health insurance card, etc. Personal information such as birth date and address is presented to the administrator of the information registration terminal. The administrator of the information registration terminal inputs a desired number to the information registration terminal in response to a user request and generates a registration number.

JP-A-6-155971 JP 2008-123041 A

  However, even with the identity verification system described in Patent Document 2, at the time of registration, the person goes to a personal information registration office, along with a proof of identity such as a passport, driver's license, health insurance card, etc. In addition, it is necessary to present personal information such as birth date and address to the administrator of the information registration terminal, which is troublesome. In addition, the identity verification system described in Patent Document 2 has a problem that identity registration cannot be performed via a network.

  An object of the present invention is to provide a personal identification system and a personal identification program that can easily perform personal registration while preventing spoofing from a remote location via a network.

  The identity verification system according to the first aspect of the present invention includes at least one user terminal, at least one registration server, at least one operator terminal, and at least one database that are interconnected on a network. In the identity verification system, the user terminal includes a display screen, and option display control means for displaying on the display screen an option of a type of personal information that identifies a user of the user terminal registered in the registration server. An option transmission means for transmitting an option selected from the options displayed on the display screen to the registration server, a biometric information input means for inputting biometric information, and an instruction from the registration server. User terminal control means for controlling the camera and the biometric information input means, and the camera Image transmission means for transmitting an image taken by the user to the registration server or the operator terminal, and proof data transmission means for transmitting proof data for certifying the user to the registration server, the registration server comprising: Calling means for calling the operator terminal by connection from the user terminal, face photographing instruction transfer means for transferring a face photographing instruction from the operator terminal to the user terminal, and the camera from the operator terminal A certificate photographing instruction transfer means for transferring an instruction for photographing a public certificate to the user terminal, and a biometric information input for transferring a biometric information input instruction by the biometric information input means from the operator terminal to the user terminal. Instruction transfer means and a remote for operating the user terminal by remote control Operating means, personal information storage control means for storing the personal information input and transmitted at the operator terminal in the database, and proof data storage control means for storing the proof data transmitted from the user terminal in the database The operator terminal includes an approval notification transmitting means for transmitting a notification that the user terminal is approved to be connected to the registration server to the registration server, and transmits the face photographing instruction to the registration server. A face photographing instruction transmitting means, a certificate photographing instruction transmitting means for transmitting the public certificate photographing instruction to the registration server, the personal information input means, and the biometric information input instruction to the registration server. The biometric information input instruction transmission means to be transmitted to the user and the information necessary for registration of the user in the database are collected. And a completion notification transmitting means for transmitting a completion notification to notify the registration server.

  According to the first aspect, the registration server transfers to the user terminal an instruction for photographing a face by the camera, an instruction for photographing a public certificate by the camera, and an instruction for inputting biological information by the biological information input unit from the operator terminal. . In addition, the user terminal remotely controls the camera and the biometric information input means according to an instruction from the registration server, and the registration server stores the personal information and certification data input and transmitted from the operator terminal in a database. Therefore, the personal information of the person can be registered easily from a remote place via the network and preventing spoofing.

  In the first aspect, the system includes a certification server connected to the network, wherein the user terminal displays request information control means for displaying personal information requested by an application currently activated on the display screen, and the personal information is displayed on the display screen. An approval request means for requesting an approval instruction to approve passing to an application, an approval instruction input means for inputting the approval instruction, an approval determination means for determining whether or not the approval instruction has been input, and the approval determination means When it is determined that the approval instruction has been made, an access token generating unit that generates an access token, and an individual who acquires the personal information from the certification server using the access token generated by the access token generating unit Information acquisition means, and the biometric information input means as the approval instruction input means It may also be employed.

  If the user wishes to purchase goods or provide services, and the application running on the user terminal requests personal information to prove his / her identity, the biometric information input means of the user terminal is used. To approve the passing of personal information to the application. Also, an access token can be generated, and personal information can be acquired from the certification server and passed to the application using the access token. Therefore, it is not necessary to bring official documents or the like to prove the person, and impersonation of another person can be prevented.

  In the first aspect, the remote control means may be MDM control means for controlling the user terminal by mobile device management. In this case, the user terminal is remotely operated by the MDM control means of the registration server. Therefore, even a person unfamiliar with the operation of the user terminal can store personal information and certification data in the database by remote operation.

  In the first aspect, the user terminal includes key pair creation means for creating a key pair of a public key and a secret key, the proof data storage means stores the secret key, and the proof data transmission means The key may be transmitted to the registration server, and the storage control means of the registration server may store the public key transmitted from the user terminal in the database. In this case, leakage of personal information is prevented by using the public key and the private key.

  The proof data transmission means transmits the biometric information input from the biometric information input means to the registration server as the proof data, and the storage control means of the registration server is transmitted from the proof data transmission means. The biological information may be stored in the database. In this case, biometric information can be used as proof data. The biometric information input means may be a fingerprint sensor. In this case, a fingerprint sensor that is already mounted on a smartphone or personal computer can be used. The user terminal may include personal information input means for inputting personal information, and personal information transmission means for transmitting the personal information input by the personal information input means to the registration server. In this case, a part of the personal information can be input from the user terminal.

  An identity verification program according to a second aspect of the present invention includes at least one user terminal, at least one registration server, at least one certification server, and at least one operator terminal, which are interconnected on a network. A computer program executed by the CPU of the user terminal of the identity verification system comprising two databases, a request display control step for displaying personal information requested by an application currently activated on the display screen of the user terminal; An approval request step for requesting an approval instruction for approving the passing of the personal information to the application, an approval determination step for determining whether or not the approval instruction has been made, and an approval determination step for determining that the approval instruction has been made If An access token generating step for generating an access token; and a personal information acquiring step for acquiring the personal information from the certification server using the access token generated in the access token generating step. .

  In this case, if the user wants to purchase goods or provide services, and the application running on the user terminal requests personal information to prove his / her identity, Approve the passing of personal information to the application. Also, an access token can be generated, and personal information can be acquired from the certification server and passed to the application using the access token. Therefore, it is not necessary to bring official documents or the like to prove the person, and impersonation of another person can be prevented.

It is a figure which shows the structure of the personal identification system. 3 is a block diagram of a user terminal 3. FIG. 3 is a block diagram of a registration server 4. FIG. 3 is a block diagram of an operator terminal 6. FIG. 3 is an example of personal information data stored in a database 5. It is a flowchart of the registration process which CPU31 of the user terminal 3 performs. It is a flowchart of the registration process which CPU41 of the registration server 4 performs. It is a flowchart of the registration process which CPU61 of the operator terminal 6 performs. 5 is a flowchart of a tobacco purchase process executed by a CPU 31 of a user terminal 3. It is a flowchart of the process of the certification | authentication application which CPU31 of the user terminal 3 performs. It is a display example of the display screen of the display 36 of the user terminal 3. It is a flowchart of the tobacco sales process which CPU of a tobacco vending machine performs. 6 is a flowchart of an access token generation process executed by a CPU 31 of a user terminal 3. It is a flowchart of the proof process which CPU71 of the proof server 7 performs. It is a flowchart of the access token verification process which CPU71 of the certification | authentication server 7 performs. It is a flowchart of the video member registration process which CPU31 of the user terminal 3 performs. 10 is a flowchart of member registration processing executed by a CPU 81 of the video rental member registration server 8. It is a display example of the display screen of the display 36 of the user terminal 3. It is a flowchart of the video borrowing process which CPU31 of the user terminal 3 performs. It is a flowchart of the video rental process which CPU of the terminal of a video rental store performs. It is a display example of the display screen of the display 36 of the user terminal 3. It is a flowchart of the homebuilder registration process which CPU of a homebuilder terminal performs. It is a flowchart of the housebuilder registration process which CPU91 of the real estate dealer server 9 performs. It is a display example of the display screen of the display 36 of the user terminal 3. It is a flowchart which shows operation | movement of the person who wants to purchase real estate. It is a flowchart of the real estate transaction processing performed at a homebuilder terminal. It is a flowchart of the fair certificate preparation process performed with the terminal of an administrative scrivener. It is a flowchart of a fair document preparation process performed in the husband's terminal. It is a flowchart of the fair document preparation process performed with the server of a notary public office.

  An embodiment of the present invention will be described with reference to the drawings. Note that the numbers of servers and terminals exemplified in the following embodiments are merely examples, and the present invention is not limited to these numbers.

<Outline of identity verification system 1>
With reference to FIG. 1, the outline | summary of the identification system 1 is demonstrated. The identity verification system 1 of this embodiment includes at least one user terminal 3, at least one registration server 4, at least one operator terminal 6, and at least one database 5 that are interconnected to the Internet 2 that is an example of a network. , At least one certification server 7, at least one video rental member registration server 8, and at least one real estate dealer server 9. As an example of the user terminal 3, an inner camera and a smartphone with a fingerprint authentication function, a notebook computer with an inner camera and a fingerprint authentication function, a tablet with an inner camera and a fingerprint authentication function, and the like can be used. As the registration server 4, the video rental member registration server 8, and the real estate dealer server 9, known servers can be used. As the operator terminal 6, a known desktop computer, display, tablet terminal, or the like can be used.

  The identity verification system 1 uses mobile device management (hereinafter also referred to as “MDM control”), which is a remote operation technology of a smartphone that is an example of the user terminal 3, in response to an instruction from an operator who operates the operator terminal 6. The user's fingerprint is registered in the user terminal 3 while confirming the identity. When the user himself / herself is confirmed, the operator confirms the public certificate by photographing it with the camera of the user terminal 3 by MDM control.

  First, the structure of the user terminal 3 will be described with reference to FIG. The user terminal 3 is a known smartphone as an example, and includes a CPU 31, RAM 32, ROM 33, communication unit 34, nonvolatile memory 40, camera unit 35, display 36, touch panel 37, microphone unit 38, speaker unit 39, and fingerprint sensor. 30 etc. The CPU 31 controls the user terminal 3, and registers the flowchart shown in FIG. 6, which will be described later, the cigarette purchase process shown in the flowchart in FIG. 9, the access token generation process shown in the flowchart in FIG. 13, and the video in the flowchart shown in FIG. The member registration process, the video borrowing process of the flowchart shown in FIG. 19, and the like are executed. The RAM 32 temporarily stores various data. The ROM 33 stores a program executed by the CPU 31 and the like. The communication unit 34 is connected to 3G and 4G communication networks to perform voice communication and network communication. The nonvolatile memory 40 stores various data and programs.

  The camera unit 35 is provided on the display 36 side of the user terminal 3 and can capture the user's face as a still image or a moving image. The display 36 displays various characters, images, and the like under the control of the CPU 31. The touch panel 37 is provided so as to overlap the display 36 and outputs information on the touched position to the CPU 31. The microphone unit 38 converts sound into an electrical signal. The speaker unit 39 produces sound. The fingerprint sensor 30 reads the fingerprint, prints the fingerprint data, and outputs it to the CPU 31.

  Next, the registration server 4 will be described with reference to FIG. The registration server 4 is a well-known server, and includes a CPU 41, a RAM 42, a ROM 43, a hard disk device (hereinafter referred to as “HDD”) 44, and a network communication unit 45. The CPU 41 controls the registration server 4 and executes a registration process of a flowchart shown in FIG. The RAM 42 temporarily stores various data. The ROM 43 stores a program executed by the CPU 41 and the like. The network communication unit 45 is, for example, an Ethernet (registered trademark) network interface adapter, and connects the registration server 4 to the Internet 2. The certification server 7, the video rental member registration server 8, and the real estate dealer server 9 are also well-known servers and have the same configuration as the registration server 4. The CPU 71 controls the certification server 7, the CPU 81 controls the video rental member registration server 8, and the CPU 91 controls the real estate dealer server 9. Moreover, the operator terminal 6 is comprised from a known desktop computer as an example, and is provided with CPU61, RAM62, ROM63, HDD64, USB terminal 65, graphic board 66, and network communication unit 67. A keyboard 68 and a mouse 69 are connected to the USB terminal 65, and a display 70 is connected to the graphic board 66.

  Next, the database 5 will be described. The database 5 is a database composed of a storage medium such as an HDD, and stores personal information 50 for each user as shown in FIG. As the personal information 50, for example, a public certificate image 51, basic information 52 such as name, address, date of birth, etc., a public key 56, etc. are stored. Also, contact information such as e-mail address and mobile phone number, work name, work address, job title, e-mail address, work number information such as phone number and fax number, credit company and credit card number, etc. Additional information such as credit card information may be stored.

<First embodiment, registration process>
Registration of the personal information of the user who uses the user terminal 3 in the database 5 will be described with reference to the block diagrams of FIGS. 2 to 5 and FIGS. The user activates the user terminal 3 by pressing a power switch of the user terminal 3 (not shown). Since the user terminal 3 is a smartphone, the CPU 31 displays an icon of an application that can be activated on the display 36. When the user touches an icon indicating a registration application that performs registration processing of the user's personal information in the database 5 from the icons displayed on the display 36 (S1: YES), a signal is input from the touch panel 37 to the CPU 31. . CPU31 reads the registration application shown in FIG. 6 from the non-volatile memory 40, and starts it. On the display 36, an icon for starting registration is displayed. If the icon indicating the registered application is not touched (S1: NO), the CPU 31 returns the process to S1.

  When the CPU 31 determines that the registration start icon has been touched (S2: YES), the CPU 31 displays a screen indicating what type of personal information is desired to be registered on the display 36. Specifically, the personal information to be registered is composed of characters indicating a public certificate such as a driver's license, passport, and residential building trader's certificate on the display 36, and a check box displayed adjacent to each character. Options are displayed (S3). The CPU 31 waits until the check box is checked and the designation completion icon displayed on the display 36 is touched (S4). When the designation completion icon is touched (S4: YES), a signal is input from the touch panel 37 to the CPU 31. Next, the CPU 31 controls the communication unit 34 to connect to the Internet 2 via the 3G or 4G communication line or Wi-Fi line, and connect to the registration server 4 (S5). Next, the CPU 31 transmits a registration start request and information on options selected by the user to the registration server 4 (S5).

  In the registration server 4 shown in FIG. 3, the CPU 41 determines whether or not there is a connection request from the user terminal 3 (S21 in FIG. 7). When there is no connection request from the user terminal 3 (S21: NO), the CPU 41 returns the process to S21. When the CPU 41 determines that there is a connection request from the user terminal 3 (S21: YES), the network communication unit 45 is controlled to call the operator terminal 6 and the personal information option received from the user terminal 3 is selected. Information is notified (S22).

  In the operator terminal 6 shown in FIG. 4, the CPU 61 controls the network communication unit 67 and is connected to the registration server 4 by the operation of the operator (FIG. 8, S31), and the CPU 61 receives connection information from the registration server 4. Thus, it is determined whether or not the user terminal 3 is connected to the registration server 4 (S32). When the CPU 61 determines that the user terminal 3 is connected to the registration server 4 (S32: YES), the CPU 61 receives from the registration server 4 a notification that the user has started registration of personal information and personal information options. (S33). Next, the CPU 61 determines whether or not the operator operates the keyboard 68 or the mouse 69 to input approval for registration of the personal information in the database 5 (S34). If the CPU 61 determines that there is no input for approval (S34: NO), it returns the process to S34. If the CPU 61 determines that there is an approval input (S34: YES), it notifies the registration server 4 that it has approved the start of registration of the user's personal information (S35). Next, the CPU 41 of the registration server 4 transmits a registration start notification informing the user terminal 3 of the start of registration (S23).

  The CPU 31 of the user terminal 3 waits until a registration start notification is received from the registration server 4 (S6: NO). When the registration start notification is received from the registration server 4 (S6: YES), the CPU 41 of the registration server 4 In response to this instruction, control of the camera unit 35, microphone unit 38, and fingerprint sensor 30 is started (S7). This control is performed by MDM control controlled by well-known mobile device management, which is an example of remote control executed by the CPU 41 of the registration server 4 (S7). Therefore, the video from the camera unit 35 and the sound from the microphone unit 38 are transmitted from the user terminal 3 to the registration server 4 by the MDM control of the CPU 41 of the registration server 4 (S8). In the registration server 4, the CPU 41 stores the video, audio, etc. from the user terminal 3 in the HDD 44 and transfers it to the operator terminal 6 (S24 in FIG. 7). Thereafter, video, audio, etc. from the user terminal 3 are maintained in the transfer state to the operator terminal 6.

  In the operator terminal 6, when the operator operates the keyboard 68 or the mouse 69 to input a face shooting instruction, the CPU 61 transmits a user's face shooting instruction command to the registration server 4 (FIG. 8, S36). The CPU 41 of the registration server 4 relays (transfers) the instruction for photographing the face from the operator terminal 6 to the user terminal 3 (S25 in FIG. 7). The CPU 31 of the user terminal 3 displays on the display 36 a display requesting the user to shoot a face in response to an instruction from the registration server 4 (FIG. 6, S9). For example, “Please photograph the face” is displayed on the display 36. Further, “Please take a picture of your face” may be pronounced from the speaker unit 39 by voice. The user takes a picture of his / her face with the inner camera unit 35. The CPU 31 transmits the captured face image to the registration server 4 (FIG. 6, S9). The registration server 4 stores the received face image in the HDD 44 and transfers it to the operator terminal 6. In the operator terminal 6, the received face image is displayed on the display 70. The operator views the image and inputs OK or NG by operating the keyboard 68 or the mouse 69. The CPU 61 of the operator terminal 6 determines that the image has not been correctly shot when NG is input from the operator (FIG. 8, S37: NO), and determines that the image has been correctly shot when OK is input from the operator. (S37: YES).

  Next, in the operator terminal 6, when the operator operates the keyboard 68 or the mouse 69 and inputs an instruction to shoot a public certificate that proves that the user is the person, the CPU 61 A command for shooting is sent to the registration server 4 (FIG. 8, S38). An example of a public certificate is a driver's license, a passport, or the like. The CPU 41 of the registration server 4 relays (transfers) the instruction for photographing the public certificate from the operator terminal 6 to the user terminal 3 (FIG. 7, S26). In response to an instruction from the registration server 4, the CPU 31 of the user terminal 3 displays a display requesting the user to take a public certificate on the display 36 (S10 in FIG. 6). For example, “Please take a public certificate” is displayed on the display 36. Alternatively, the speaker unit 39 may pronounce “Please shoot a public certificate” by voice. The user shoots a public certificate that certifies himself / herself with the outer camera unit 35. The CPU 31 transmits the captured image of the public certificate to the registration server 4 (FIG. 6, S10), and the registration server 4 uses the received public certificate image as the public certificate 50 in the personal information 50 of the database 5. The image is stored as a document image 51 and transferred to the operator terminal 6. In the operator terminal 6, the received public certificate image is displayed on the display 70. The operator views the image and inputs OK or NG by operating the keyboard 68 or the mouse 69. The CPU 61 of the operator terminal 6 determines that the image has not been correctly captured when NG is input from the operator (FIG. 8, S39: NO), and determines that the image has been correctly captured when OK is input from the operator. (S39: YES).

  In the operator terminal 6, when the operator operates the keyboard 68 or the mouse 69 to input a fingerprint registration instruction, the CPU 61 transmits a user fingerprint registration instruction command to the registration server 4 (see FIG. 8, S40). The CPU 41 of the registration server 4 relays (transfers) a fingerprint registration instruction command from the operator terminal 6 to the user terminal 3 (FIG. 7, S27). In response to an instruction from the registration server 4, the CPU 31 of the user terminal 3 displays a display requesting the user to register a fingerprint on the display 36 (S11 in FIG. 6). For example, “Please input fingerprint” is displayed on the display 36. Further, “Please input fingerprint” may be pronounced from the speaker unit 39 by voice. The user inputs his / her fingerprint through the fingerprint sensor 30. The CPU 31 checks the state of the input fingerprint data, such as the image quality, and if it is determined that it is a registerable level, the CPU 31 stores it in its own nonvolatile memory 40. The CPU 31 notifies the registration server 4 of the registration status. The registration server 4 transfers the situation to the operator terminal 6. In the operator terminal 6, the received fingerprint data is displayed on the display 70. The operator views the state of the image and inputs OK or NG by operating the keyboard 68 or the mouse 69. The CPU 61 of the operator terminal 6 determines that the fingerprint is not correctly input when NG is input from the operator (FIG. 8, S41: NO). If the operator inputs OK, the fingerprint is correctly input. It is determined that it has been input (S41: YES). Next, the operator views the image of the public certificate and inputs personal information to be registered by operating the keyboard 68. The CPU 61 notifies the registration server 4 that the personal information necessary for registration and transfer of the input personal information to the registration server 4 has been collected (S42). Depending on the type of public certificate, personal information that can be entered by the operator varies. In the case of a driver's license, in addition to the face photo, the name, date of birth, address, type of car that can be driven, etc. are displayed and can be entered by the operator. In the case of a residential land and building trader ID, the name, address, registration number, registration date, expiry date, etc. are displayed in addition to the face photo, which can be entered by the operator.

  The CPU 41 of the registration server 4 transmits an instruction to create a key pair composed of a public key and a private key (secret key) to the user terminal 3 (S28 in FIG. 7). The CPU 31 of the user terminal 3 creates a key pair composed of a public key and a private key (secret key) (FIG. 6, S12). The CPU 31 stores the private key data (secret key) in the nonvolatile memory 40 (S13) and transmits the public key data to the registration server 4 (S14).

  The CPU 41 of the registration server 4 stores the personal information (name, address, date of birth) received from the operator terminal 6 in the basic information 52 of the personal information 50 of the database 5, and the image of the public certificate is stored in the database 5. The public certificate image 51 of the information 50 is stored, and the public key information is stored in the public key 56 of the personal information 50 in the database 5 (S29 in FIG. 7).

<Tobacco purchase processing>
Hereinafter, with reference to FIGS. 9 to 15, a cigarette purchase process as an example of use of the personal identification system of the present invention will be described. The user terminal 3 waits until the user touches the icon of the cigarette purchase application displayed on the display (FIG. 9, S51: NO), and when the user touches the icon of the cigarette purchase application, the CPU 31 of the user terminal 3 Determines to activate the cigarette purchase application (FIG. 9, S51: YES). Next, the CPU 31 activates the tobacco purchase application stored in the nonvolatile memory 40. When the cigarette purchase application is activated, a certification application described later is activated (S52).

  The operation of the certification application will be described with reference to FIG. The CPU 31 of the user terminal 3 displays on the display 36 which application is requesting what kind of personal information, and presents it to the user (FIG. 10, S71). As an example, as shown in FIG. 11, the display 36 displays “Tobacco purchase application requests the following authority.-Reference date of birth-Expiration date: 10 minutes after approval by user” (S71). Next, the CPU 31 displays an approval (fingerprint authentication) or rejection option on the display 36 (S72). As an example, as shown in FIG. 11, the display 36 displays characters “Please input your fingerprint for approval” and a rejection icon (S71). Next, the CPU 31 waits until the user enters and inputs a fingerprint by the fingerprint sensor 30 (S73: NO). When the user inputs a fingerprint using the fingerprint sensor 30, the CPU 31 performs fingerprint authentication as to whether or not the input fingerprint matches the fingerprint stored in the nonvolatile memory 40. If the input fingerprint matches the fingerprint stored in the non-volatile memory 40 and it can be confirmed that it is the user, the CPU 31 determines that the user has approved (S73: YES). Next, the CPU 31 executes an access token generation process shown in FIG. 13 (S74). A program for access token generation processing is stored in the nonvolatile memory 40. When the rejection icon is touched (S73: NO), no access token is generated.

  Next, the access token generation process will be described with reference to FIG. First, the CPU 31 generates a message that is text information on the current time, expiration date, and what kind of access is permitted for which information (S81). This time, because it is a cigarette purchase, access (reference) to the date of birth information is required. Next, the message is digitally signed with the private key stored in the nonvolatile memory 40 (S82). The digital signature is also text information. Next, the CPU 31 generates, as an access token, a collection of information created in the process of S81 and a digital signature (S83). Specifically, the text information created in the process of S81 and the text information of the digital signature are connected.

  Next, the CPU 31 returns the processing to the flowchart shown in FIG. 10, and determines whether or not to display the generated access token with a QR code (registered trademark) that is a two-dimensional barcode (FIG. 10, S75). Specifically, when the caller application has designated that the caller application display the access token with a QR code (registered trademark) (S75: YES), the CPU 31 displays the access token on the display 36 with the QR code. (Registered trademark) is displayed (S76). When the calling application has not specified that the access token is displayed with the QR code (registered trademark) (S75: NO), the CPU 31 displays the access token with the QR code (registered trademark) on the display 36. Do not show. Next, the CPU 31 passes the access token to the tobacco purchase application (S77).

  The CPU 31 returns the processing to the flowchart shown in FIG. 9, and determines whether or not an access token has been obtained (S53). When the access token is generated in the access token generation process (S74) of the certification application and the access token is passed from the certification application, the CPU 31 determines that the access token has been obtained (S53: YES). Next, the CPU 31 transmits the access token to the certification server 7 via the Internet 2 (S54). If the access token cannot be obtained (S53: NO), the CPU 31 ends the process.

  Next, processing executed by the CPU 71 of the certification server 7 will be described with reference to FIGS. 14 and 15. The CPU 71 of the certification server 7 that has received the access token from the user terminal 3 first performs access token verification (S211 in FIG. 14). The CPU 71 separates the message (current time, expiration date, access permission type) and digital signature from the received access token (FIG. 15, S221). Next, the CPU 71 generates a digest using a hash function from the message (S222). Next, the CPU 71 decrypts the digital signature using the signature creator's public key (S223). Next, the CPU 71 determines whether or not the generated digest matches the decryption of the digital signature (S224). If the CPU 71 determines that they match (S224: YES), the CPU 71 determines whether or not the actual current date and time is within the range of the current time and the expiration date included in the message (S225). If the CPU 71 determines that the request is within the valid period (S225: YES), the CPU 71 determines whether the request can be executed according to the type of access permission (S226). If the CPU 71 determines that the request is executable according to the type of access permission (S226: YES), the CPU 71 accepts the request. If it is determined NO in S224, S225, S226, the access token is discarded.

  The CPU 71 returns to the process shown in FIG. 14, and if the request is accepted as a result of the verification of the access token (S212: YES), the CPU 71 executes the request (S213). As an example, the date of birth is read from the personal information 50 stored in the database 5 (S213), and the result is returned to the caller (S214). If the request is not accepted (S212: NO), an error is returned to the caller (S215). Next, the process proceeds to S54 of the flowchart shown in FIG.

  When the request is accepted as a result of the verification of the access token (S212: YES), the CPU 71 reads the date of birth of the request from the personal information 50 of the database 5 (S213), and the date of birth is obtained. It transmits to the user terminal 3 (S214). On the user terminal 3 side, the CPU 31 receives the date of birth data from the certification server 7 (FIG. 9, S55). Next, the CPU 31 determines whether it is over 20 years old today based on the received date of birth data (S56). If the CPU 31 determines that it is 20 years of age or older (S56: YES), it creates a QR code (registered trademark) that is a two-dimensional barcode for purchasing tobacco (S57). Next, a QR code (registered trademark) for purchasing tobacco is displayed on the display 36 (S58). If it is not determined in the determination process of S56 that the person is over 20 years old, the CPU 31 ends the process.

  Next, the operation of the cigarette vending machine will be described with reference to the flowchart purchase in FIG. In a cigarette vending machine, when money is inserted (S61: YES) and the selection button of the cigarette is pressed (S62), if the inserted money is the amount necessary for the purchase of the selected cigarette (S63: YES), the CPU of the vending machine presents taspo (registered trademark), which is an IC card for an adult identification cigarette vending machine, or a QR code (two-dimensional bar code indicating an adult) ( A display requesting presentation of registered trademark or pronunciation of sound is performed. For example, the user holds the QR code (registered trademark) displayed on the display 36 of the user terminal 3 over the camera of the vending machine. When the CPU of the vending machine can read the QR code (registered trademark) (S65: YES) and determines that the QR code (registered trademark) is the correct QR code for purchasing cigarettes (S66: YES), it selects The cigarettes sold are sold (S67). If it cannot be determined that the QR is correct (S66: NO), a refund is made (S68).

<Second Embodiment, Video Member Registration>
Next, rental video member registration will be described with reference to FIGS. In the user terminal 3, when the user touches the browser icon displayed on the display, the browser is activated. In this state, the CPU 31 of the user terminal 3 stands by until the video member registration site provided by the video rental member registration server 8 is accessed (FIG. 16, S91: NO). When the browser accesses the video member registration site (S91: YES), the user terminal 13 transmits information necessary for member registration to the video member registration site by an input using the touch panel 37 of the user (S92).

  When there is an access from the user terminal 3 (FIG. 17, S101: YES), the CPU 81 of the video rental member registration server 8 determines whether or not information for member registration has been received from the user terminal 3 (S102). ). When information for member registration is received from the user terminal 3 (S102: YES). The user's certification request is transmitted to the user terminal 3 (S103).

  In the user terminal 3, when the CPU 31 determines that a certification request has been received from the video rental member registration server 8 of the video member registration site (S94: YES), the certification application (S95) of the flowchart shown in FIG. 10 is executed. . Since the process of the certification application is the same as the certification application described in the cigarette purchase process, the details are omitted. In the certification application, as shown in FIG. 18, “The video member registration site is requesting the following authority on the display 36 of the user terminal 3:-name reference,-address reference,-date of birth ,-Phone number reference,-Expiration date: Within 10 minutes after approval by the user, if you approve, please enter your fingerprint. "And a" reject "icon are displayed. When the user puts a finger on the fingerprint sensor 30 and inputs the fingerprint, the fingerprint is authenticated and the above-described access token is generated. The CPU 31 transmits the access token generated by the certification application to the video rental member registration server 8 of the video member registration site (S96). When receiving the access token from the user terminal 3 (S106: YES), the CPU 81 of the video rental member registration server 8 transfers the access token to the certification server 7 (S105). The CPU 71 of the certification server 7 executes the processing of the flowcharts shown in FIGS. Since this process is the same as the process described in the cigarette purchase process, the description is omitted.

  If the access token is verified and the identity is proved, the CPU 81 of the video rental member registration server 8 acquires the personal information of the user from the certification server 7 (S105). If the user's personal information can be acquired (S106: YES), the user's information is stored in the HDD (not shown) of the video rental member registration server 8 together with the member number (S107). Next, the CPU 81 transmits a user information registration completion notification to the user terminal 3 (S108). If the CPU 81 determines NO in the determination processes of S104 and S106, the CPU 81 cancels the member registration (S109). When the CPU 31 of the user terminal 3 receives the registration completion notification of the user information from the video rental member registration server 8, the process is terminated. With the above processing, the video member registration of the user possessing the user terminal 3 is completed.

<Video rental process>
Next, with reference to FIGS. 18 to 21, a video rental process at a video rental store will be described. First, the processing in the user terminal 3 will be described with reference to FIGS. In the user terminal 3, when the user touches the video member application icon displayed on the display 36, the CPU 31 reads and activates the video member application from the nonvolatile memory 40 (S111). Next, the CPU 31 reads and activates the certification application in the flowchart shown in FIG. 10 from the nonvolatile memory 40 (S112). At this time, the CPU 31 specifies that the access token is displayed as a QR code (registered trademark), and starts the certification application. The processing of the certification application in the flowchart shown in FIG. 10 is the same as the certification application described in the cigarette purchase processing, and thus detailed description thereof is omitted. In the certification application, as shown in FIG. 21, “The video member application is requesting the following authority on the display 36 of the user terminal 3:-name reference,-address reference,-date of birth Reference, -Reference of phone number, -Expiration date: Within 10 minutes after approval by the user, if you approve, please enter your fingerprint. "And a" reject "icon are displayed. When the user places a finger on the fingerprint sensor 30 and inputs the fingerprint, the fingerprint is authenticated, and the above-described access token is displayed on the display 36 of the user terminal 3 with a QR code (registered trademark).

  Next, with reference to the flowchart of FIG. 20, a video rental process at a video rental shop terminal will be described. The CPU (not shown) of the terminal of the video rental store reads the barcode of the rented video with a barcode reader (not shown) by the operation of the store clerk (S121). Next, the CPU (not shown) of the terminal of the video rental store displays “Please present your membership card or QR code (registered trademark)” on the display, and the membership card or QR code ( Request for presentation of registered trademark (S122). Next, the CPU (not shown) of the terminal of the video rental store reads the membership number of the membership card or the QR code (registered trademark) displayed on the display 36 of the user terminal 3 (S123). If it can be read (S124: YES), the user information is acquired from the certification server 7 (S125). If the user information can be obtained from the certification server 7 (S126: YES), the CPU (not shown) of the video rental shop terminal has registered with the video rental registration server via the Internet 2. It is determined whether or not it matches the member information (S127). If the CPU (not shown) of the video rental shop terminal determines that they match (S127: YES), the lending process is performed (S128). If the user information cannot be obtained (S126: NO) or does not match the registered member information (S127: NO), the CPU (not shown) of the terminal of the video rental store is The lending process is canceled (S129). This completes the video lending process.

<Third embodiment, homebuilder registration process>
In a real estate agency that conducts real estate transactions, it is necessary to explain important matters by a residential land and building trader (hereinafter referred to as a “homebuilder”) when conducting land and building transactions. However, since it is not possible for all real estate dealers to wait for a homebuilder, the use of the present invention enables remote registration of a homebuilder terminal and explanation of important matters without having the real estate dealer wait for a homebuilder. I do.

  First, the registration of a homebuilder will be described with reference to the flowchart shown in FIG. The homebuilder's terminal (hereinafter referred to as “homebuilder terminal”) has the same structure as the user terminal 3. In the homebuilder terminal, when the user touches the browser icon displayed on the display, the browser is activated. In this state, the CPU (not shown) of the homebuilder terminal accesses the real estate dealer site provided by the real estate dealer server 9 by the operation of the homebuilder (FIG. 22, S131). Next, the CPU (not shown) of the homebuilder terminal selects the homebuilder registration from the items displayed on the display (S132).

  When there is an access from the homebuilder terminal (FIG. 23, S141: YES), the CPU 91 of the real estate dealer server 9 determines whether additional information for member registration has been received from the homebuilder terminal. (S142). When additional information for member registration is received from the homebuilder terminal (S142: YES). A certification request for certifying that the person is a homebuilder is transmitted to the homebuilder terminal (S143).

  In the homebuilder terminal, when the CPU determines that a certification request has been received from the real estate dealer server 9 of the real estate dealer site (FIG. 22, S133: YES), the certification application of the flowchart shown in FIG. 10 (S134) Execute. Since the process of the certification application is the same as the certification application described in the cigarette purchase process, the details are omitted. In the certification application, as shown in FIG. 24, the real estate dealer site requests the following authority on the display 36 of the homebuilder terminal:-reference of the date of birth,-reference of the telephone number, -Refer to the residential building and building trader's certificate,-Expiration date: Within 10 minutes after approval by the user, if you approve, please enter the fingerprint "and" Reject "icon display (not shown) To display. When the user places a finger on a fingerprint sensor (not shown) and inputs a fingerprint, the fingerprint is authenticated and the above-described access token is generated.

  When the access token generated by the certification application is obtained (S135: YES), the CPU of the homebuilder terminal transmits the access token to the real estate dealer server 9 of the real estate dealer site (S136). Next, it waits for the real estate dealer server 9 of the real estate dealer site to confirm the proof content (S137: NO), and when the confirmation confirmation of the proof content is received from the real estate dealer server 9 of the real estate dealer site ( S137: YES), the process is terminated. When the CPU 91 of the real estate dealer server 9 receives the access token from the homebuilder terminal (S144: YES), the CPU 91 transmits the access token to the certification server 7 (S145). The CPU 71 of the certification server 7 executes the processing of the flowcharts shown in FIGS. Since this process is the same as the process described in the cigarette purchase process, the description is omitted.

  When the access token is verified and the identity is proved, the CPU 91 of the real estate dealer server 9 obtains the information of the housekeeper from the certification server 7 (S146). If the information on the housebuilder can be acquired from the certification server 7 (S147: YES), the information on the housebuilder is displayed on the display (not shown), and the staff of the real estate dealer confirms it. If there is no problem input from the staff (S148: YES), a confirmation notice is transmitted to the homebuilder's terminal, and the homebuilder's information is stored in the HDD (not shown) of the real estate dealer server 9 ( S149). If the CPU 91 determines NO in the determination processes of S144, S147, and S148, it cancels the registration of the homebuilder (S150). With the above processing, the registration process for the homebuilder is completed.

<Real estate sales processing>
Next, real estate sales processing will be described with reference to FIGS. 25 and 26. A person who wants to purchase real estate visits the real estate dealer (FIG. 25, S161). Next, the real estate sales staff is informed of the desire to purchase the real estate (S162). When the staff of the real estate dealer selects a suitable homebuilder from among the homebuilders registered in the real estate dealer server 9 using the terminal of the real estate dealer (not shown), the terminal of the real estate dealer (not shown) The homebuilder's terminal is called through the Internet 2 (S163).

  The homebuilder's terminal is called from a real estate dealer's terminal (not shown) and receives a request for explanation of important matters from the real estate dealer (FIG. 26, S151). Next, using the camera and microphone of his / her terminal, the home builder explains important matters to the real estate purchase applicant (S152). In a real estate dealer, a video of a remote homebuilder is displayed on the display connected to the terminal (not shown) of the real estate dealer, and is heard from a speaker connected to the terminal (not shown) of the real estate dealer. Explanation of important matters is received (S164). Next, a contract is made under the supervision of a remote homebuilder in a state where video and audio are transmitted to the homebuilder terminal with a camera and a microphone connected to a real estate dealer terminal (not shown) (S165). ). The remote homebuilder also monitors the contract with his terminal (S153). This completes the real estate purchase process.

<Fourth embodiment, certificate creation process>
Next, explanation will be given for a case where a child notary arrangement for a child between divorced couples is prepared as a notarized document by a notary public at a remote location at the administrative scrivener's office. In the present embodiment, identity verification is performed by photographing a QR code (registered trademark), which is a two-dimensional bar code that proves the husband and wife, who are parties, with the camera of the administrative scrivener's terminal.

  Hereinafter, the certificate creation process will be described with reference to FIGS. An example of an administrative scrivener terminal is a well-known personal computer. As shown in FIG. 27, the CPU (not shown) of the administrative scrivener terminal accesses the notary office site by the administrative scrivener operation (FIG. 27, S171). Next, on the notary office site, the creation of a divorce benefit contract fair certificate is selected from the displayed items by operating the administrative document (S172: YES). Next, the husband and wife, who are parties, discuss and upload a contract prepared in advance by an administrative scrivener to the server of the notary office site (S173).

  Next, the operation of the husband's terminal will be described with reference to FIG. An example of the husband's terminal is the user terminal 3 illustrated in FIG. 2, which is a known smartphone as an example. By the husband's operation, the CPU 31 of the user terminal 3 accesses the notary office site (FIG. 28, S180). On the notary office site, identification is selected from the displayed items by the husband's operation (S181). Next, the CPU 31 of the user terminal 3 then reads and activates the certification application of the flowchart shown in FIG. 10 from its own nonvolatile memory (not shown) (FIG. 28, S182). The processing of the certification application in the flowchart shown in FIG. 10 is the same as the certification application described in the cigarette purchase processing, and thus detailed description thereof is omitted. In the certification application, when the husband puts his finger on the fingerprint sensor 30 and inputs the fingerprint, the fingerprint is authenticated, and the above-described access token is displayed on the display 36 of the user terminal 3 with the QR code (registered trademark). An example of the wife's terminal is also the user terminal 3 shown in FIG. 2, which is a known smartphone as an example. The wife's terminal performs the same operation as the husband's terminal. In the certification application, when the wife puts his finger on the fingerprint sensor 30 and inputs the fingerprint, the fingerprint is authenticated, and the above-described access token is displayed on the display 36 of the user terminal 3 with the QR code (registered trademark).

  At the administrative scrivener's terminal, the CPU (not shown) controls the camera (not shown) by the administrative scrivener's operation, and the QR code (registration) displayed on the display 36 of the husband's user terminal 3 to prove the husband. (Trademark) is photographed (FIG. 27, S174). Next, the CPU of the administrative scrivener terminal uploads the photographed husband's QR code (registered trademark) as an access token to the notary office site (S175). Next, the CPU (not shown) controls the camera (not shown) by the operation of the administrative scrivener to photograph the QR code (registered trademark) displayed on the display 36 of the wife's user terminal 3 in order to prove the wife. (S176). Next, the CPU of the administrative scrivener terminal uploads the photographed wife's QR code (registered trademark) to the notary office site as an access token (S177). Next, the CPU of the administrative scrivener terminal waits for the issuance of a fair certificate from the notary office site (S178). When it becomes possible to download the fair certificate at the notary office site, the CPU of the administrative scrivener terminal downloads the fair certificate (S179).

  As shown in FIG. 29, the CPU (not shown) of the server of the notary office site receives a contract from the administrative scrivener terminal when there is a request from the administrative scrivener terminal (S191: YES). (S192). Next, an access token for accessing the husband's information is received from the terminal of the administrative scrivener (S193). Next, the received access token is transmitted to the certification server 7 shown in FIG. 1, and the husband's information is acquired from the certification server 7 (S194). Similarly, an access token for accessing the wife's information is received from the terminal of the administrative scrivener (S195). Next, the received access token is transmitted to the certification server 7 shown in FIG. 1, and wife information is acquired from the certification server 7 (S196). If the husband's information can be acquired (S197: YES) and the wife's information can be acquired (S198: YES), the contract and husband / wife information are stored in the HDD (not shown) of the server of the notary office. Save it so that it can be confirmed by a notary (S199). After the notary confirms the contents and signs it, the certified contract can be downloaded by the administrative scrivener terminal (S199). As a result, husbands and wives can make arrangements for child support expenses between husband and wife at a public scrivener's office as a notary certificate at a remote notary office without having to go to a notary office. become.

  In the above embodiment, the display 36 is an example of the “display screen” of the present invention. The CPU 31 that executes the process of S3 is an example of the “option display control means” in the present invention. The camera unit 35 is an example of the “camera” of the present invention. The CPU 31 that executes the process of S5 is an example of the “option transmission unit” in the present invention. The fingerprint sensor 30 is an example of the “biological information input unit” in the present invention. The CPU 31 that executes the process of S7 is an example of the “user terminal control means” in the present invention. The CPU 31 that executes the process of S8 is an example of the “image transmission means” in the present invention. The CPU 31 that executes the S14 process is an example of the “certification data transmission unit” of the present invention. The CPU 41 that executes the process of S22 is an example of the “calling unit” in the present invention. The CPU 41 that executes the process of S25 is an example of the “face photographing instruction transfer unit” in the present invention. The CPU 41 that executes the process of S26 is an example of the “certificate photographing instruction transfer unit” of the present invention. The CPU 41 that executes the process of S27 is an example of the “biological information input instruction transfer means” in the present invention. The CPU 41 that executes the MDM control in the processes of S25, S26, and S27 is an example of the “remote operation means” in the present invention. The CPU 41 is an example of the “personal information storage control unit” in the present invention. The CPU 41 that executes the process of S29 is an example of the “certification data storage control unit” of the present invention. The CPU 61 that executes the process of S35 is an example of the “approval notification transmission unit” of the present invention. The CPU 61 that executes the process of S36 is an example of the “face photographing instruction transmitting unit” in the present invention. The CPU 61 that executes the process of S38 is an example of the “certificate photographing instruction transmitting unit” in the present invention. The keyboard 68 is an example of the “personal information input means” in the present invention. The CPU 61 that executes the process of S40 is an example of the “biological information input instruction transmitting unit” in the present invention. The CPU 61 that executes the process of S42 is an example of the “completion notification transmission unit” in the present invention.

  The CPU 31 that executes the process of S71 is an example of the “request display control means” in the present invention. The CPU 31 that executes the process of S72 is an example of the “approval request unit” in the present invention. The fingerprint sensor 30 and the touch panel 37 are examples of the “approval instruction input unit” of the present invention. The CPU 31 that executes the process of S73 is an example of the “approval determination unit” of the present invention. The CPU 31 that executes the process of S74 is an example of the “access token generating means” in the present invention. The CPU 31 that executes the processes of S54 and S55 is an example of the “personal information acquisition unit” in the present invention. The CPU 31 that executes the process of S12 is an example of the “key pair creation unit” in the present invention. The nonvolatile memory 40 is an example of the “certificate data storage means for storing the secret key” of the present invention. The process of S13 is an example of the “process for storing the secret key in the proof data storage unit” of the present invention. The process of S14 is an example of the “process for transmitting the public key to the registration server by the certification data transmitting unit” of the present invention. The process of S29 is an example of the “process for storing the public key transmitted from the user terminal in the database” of the present invention. The process of S71 is an example of the “request display control step” in the present invention. The process of S72 is an example of the “approval request step” in the present invention. The process of S73 is an example of the “approval determination step” of the present invention. The process of S74 is an example of the “access token generation step” in the present invention. The processing of S54 and S55 is an example of the “personal information acquisition step” in the present invention.

<Others>
The present invention is not limited to the above embodiment, and can be applied to various types. For example, in a pharmacy, a pharmacist at a remote location registers with a pharmacy site server using the present invention. Next, it is also possible to sell the first-class medicine by explaining the medicine through the network to those who wish to purchase the first-class medicine visiting a store where there is no pharmacist. Further, the present invention is not limited to the above embodiment, and various modifications can be made. For example, the administrative scrivener terminal may be a smartphone or the like. Also, instead of using a key pair of a public key and a private key, biometric information such as fingerprints and irises is transmitted as proof data from the user terminal 3 to the registration server 4, and the CPU 41 of the registration server 4 sends the received biometric information to the database 5. You may make it memorize. In this case, biometric information can be used as proof data. Specifically, the user's fingerprint data input by the fingerprint sensor 30 is transmitted from the user terminal 3 to the registration server 4, and the registration server 4 stores the fingerprint data in the database 5 instead of the public key. The user terminal 3 does not store the private key (secret key) and sends the fingerprint data input from the fingerprint sensor 30 to the certification server 7 instead of the access token. The certification server 7 determines whether the fingerprint data stored in the database 5 matches the fingerprint data received from the user terminal 3 instead of the access token verification (S211).

  In the above embodiment, the personal information is input by the operator operating the operator terminal 6 looking at the image of the public certificate, but the user of the user terminal 3 operates the touch panel 37, Additional personal information such as an e-mail address and a telephone number may be additionally input. In this case, the input personal information is transmitted from the user terminal 3 to the registration server 4 by the CPU 31 and stored in the personal information 50 stored in the database 5.

1 Personal Identification System 2 Internet 3 User Terminal 4 Registration Server 5 Database 6 Operator Terminal 7 Certification Server 8 Video Rental Member Registration Server 9 Real Estate Dealer Server 13 User Terminal 30 Fingerprint Sensor 31 CPU
32 RAM
33 ROM
34 Communication unit 35 Camera unit 36 Display 37 Touch panel 38 Microphone unit 39 Speaker unit 41 CPU
50 Personal information 61 CPU
71 CPU
81 CPU
91 CPU

Claims (8)

An identity verification system comprising at least one user terminal, at least one registration server, at least one operator terminal, and at least one database interconnected on a network,
The user terminal is
A display screen;
Option display control means for displaying on the display screen options for the type of personal information that identifies the user of the user terminal registered in the registration server;
A camera,
An option transmission means for transmitting an option selected from the options displayed on the display screen to the registration server;
Biometric information input means for inputting biometric information;
User terminal control means for controlling the camera and the biometric information input means according to an instruction from the registration server;
Image transmitting means for transmitting an image captured by the camera to the registration server or the operator terminal;
Proof data transmitting means for transmitting proof data for certifying the user to the registration server,
The registration server
Calling means for calling the operator terminal by connection from the user terminal;
A face photographing instruction transfer means for transferring a photographing instruction of the face by the camera from the operator terminal to the user terminal;
Certificate photographing instruction transfer means for transferring a photographing instruction of a public certificate by the camera from the operator terminal to the user terminal;
Biometric information input instruction transfer means for transferring a biometric information input instruction by the biometric information input means from the operator terminal to the user terminal;
Remote operation means for operating the user terminal by remote operation;
Personal information storage control means for storing the personal information input and transmitted at the operator terminal in the database;
Proof data storage control means for storing the proof data transmitted from the user terminal in the database;
The operator terminal is
An approval notification transmitting means for transmitting a notification that the user terminal is approved to be connected to the registration server to the registration server;
Face photographing instruction transmitting means for transmitting the face photographing instruction to the registration server;
Certificate photographing instruction transmission means for transmitting the public certificate photographing instruction to the registration server;
Means for inputting the personal information;
Biometric information input instruction transmitting means for transmitting the biometric information input instruction to the registration server;
A personal identification system comprising: a completion notification transmitting means for transmitting a completion notification for notifying a user that information necessary for registration in the database has been collected to the registration server. A certification server connected to the network;
The user terminal is
Request display control means for displaying personal information required by the currently running application on the display screen;
Approval request means for requesting an approval instruction to approve passing of the personal information to the application;
An approval instruction input means for inputting the approval instruction;
Approval determination means for determining whether or not the approval instruction is input;
When it is determined that the approval instruction is made by the approval determination means,
An access token generating means for generating an access token;
Using the access token generated by the access token generating means, the personal information acquisition means for acquiring the personal information from the certification server,
2. The identity verification system according to claim 1, wherein the biometric information input means is used as the approval instruction input means.   3. The personal identification system according to claim 1, wherein the remote operation means is MDM control means for controlling the user terminal by mobile device management. The user terminal is
A key pair creating means for creating a key pair of a public key and a private key;
The proof data storage means stores the secret key,
The certification data transmission means transmits the public key to the registration server,
The personal identification system according to claim 1, wherein the storage control unit of the registration server stores the public key transmitted from the user terminal in the database. The proof data transmitting means transmits the biometric information input from the biometric information input means to the registration server as the proof data,
4. The personal identification system according to claim 1, wherein the storage control unit of the registration server stores the biometric information transmitted from the certification data transmission unit in the database.   6. The identity verification system according to claim 1, wherein the biometric information input means is a fingerprint sensor. The user terminal is
Personal information input means for inputting personal information;
The personal identification system according to claim 1, further comprising personal information transmitting means for transmitting the personal information input by the personal information input means to the registration server. The user terminal of the identity verification system comprising at least one user terminal, at least one registration server, at least one certification server, at least one operator terminal, and at least one database interconnected on a network A computer program executed by a CPU,
A request display control step for displaying personal information requested by an application currently running on the display screen of the user terminal;
An approval request step for requesting an approval instruction to approve passing of the personal information to the application;
An approval determination step for determining whether or not the approval instruction has been made; and
An access token generating step for generating an access token when it is determined in the approval determining step that the approval instruction has been made; and
A personal identification program comprising: a personal information acquisition step of acquiring the personal information from the certification server using the access token generated in the access token generation step.

Images