JP2020024603A - Authentication management device and authentication management system - Google Patents

Abstract

To provide an authentication management system capable of reducing an operating burden on a service providing side with a simple system configuration.SOLUTION: Issue of an authentication code is permitted on the basis of a fact that first biological information registered with a cipher key which is held separately by a user's mobile terminal and a system side during user registration can be decoded, and of biometric authentication using second biological information newly acquired during the issue of an authentication code. A cipher key for the second biological information is also held separately by the mobile terminal and the system side. During personal authentication, biometric authentication between the first biological information and the second biological information is executed on the basis of a set of decoding results of a series of the cipher keys for the user registration and the issue of the authentication code, whereby personal authentication is executed. In the personal authentication process using the authentication code, it is certified that the user is valid, as a result of registered biometric authentication based on the decoding results obtained using the series of separated cipher keys. Also from SIM information about the mobile terminal, it is certified that the user is a valid owner of the mobile terminal, as a result of verification based on a set of the decoding results.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a personal authentication technique using biometric information.

  Patent Literature 1 describes an authentication mechanism at the time of boarding using a face authentication technology. In Patent Literature 1, face image data of a person is registered in advance, and an authentication code such as a QR code (registered trademark) is issued based on the registered face image data. Then, at the time of boarding procedure, while the authentication code printed on the boarding pass is being read, an image is taken on the spot, and the captured personal image is collated with the facial feature information read from the authentication code to perform personal authentication.

  Further, in Patent Document 2, a two-dimensional code including personal authentication information (a password, a fingerprint, a face image, etc.), coupons, membership cards, and ticket service information is issued, and the shop uses the service to confirm the identity. Technology has been proposed.

Patent No. 4206903 JP 2006-048390 A

  In Patent Literature 1, it is necessary to take a picture at a boarding gate during a boarding procedure, and photographing equipment is required. The configuration and operation of the entire system become large-scale, and the cost increases. Further, since the act of photographing by the service providing side is essential, it is not undeniable to the user that the trouble of photographing every time the user is confirmed is not a little troublesome.

  In addition, since the facial feature information itself is included in the authentication code, the biometric information used for personal authentication is exposed in a form that can be read. Even if it is encrypted with encryption technology, if the facial feature information itself is included in the authentication code, the risk of information leakage due to decryption cannot be denied, and it can be read from the viewpoint of information security against daily remarkable technological advances. I would like to minimize the possibility of unauthorized use if decrypted.

  Then, it is possible to perform authentication without separating whether the user has a valid authentication code and whether the user is a valid owner of a mobile terminal such as a smartphone that acquires and displays the authentication code. is important.

  According to the present invention, a valid owner of a mobile terminal and a holder of a valid authentication code are integrally authenticated, and the configuration of the entire system and an operation burden on a service provider side using personal authentication. It is an object of the present invention to provide an authentication management system capable of reducing the number of users.

(1) An authentication management system according to the present invention includes: a first receiving unit that receives a user registration request including first biometric information of a user acquired by a mobile terminal possessed by the user and SIM information of the mobile terminal; A first cryptographic process for generating a first biometric encryption key for encrypting the first biometric information and generating a first biometric split key and a second biometric split key obtained by dividing the first biometric encryption key; And a second encryption process for generating a SIM encryption key for encrypting the SIM information and generating a first SIM split key and a second SIM split key obtained by dividing the SIM encryption key. A first encryption control unit, and registers the first biometric information encrypted with the first biometric encryption key and the first biometric split key as user basic information, and registers the second biometric split key and the second SIM. The mobile terminal User registration function comprising a first authentication management unit that transmits, to,
Issuing an authentication code from the mobile terminal, the second biometric information having the same biometric type as the first biometric information and the SIM information, the second biometric split key, and the second SIM split key acquired by the mobile terminal. A second receiving unit that receives the request; the second biometric split key received from the mobile terminal; and the first biometric split key stored in the user basic information. A first decryption process for generating a key and decrypting the encrypted first biometric information; a second SIM split key received from the mobile terminal; and a second decryption key stored in the user basic information. A first decryption control unit for performing a second decryption process for generating the SIM cryptographic key from the 1SIM split key and decrypting the encrypted SIM information; and a decrypted first biometric information. Receiving at the second receiving unit; A first biometric authentication control unit that performs a first biometric matching process that matches the second biometric information that has been obtained, and a SIM matching that matches the decrypted SIM information with the SIM information received by the second receiving unit A terminal authentication unit that performs processing, and a second biometric that encrypts the second biometric information received by the second receiving unit when both the first biometric matching process and the SIM matching process are OK. A second cryptographic control unit that generates a third biometric split key and a fourth biometric split key obtained by dividing the second biometric cryptographic key while generating the second biometric cryptographic key; Registering the encrypted second biometric information and the third biometric split key as authentication code issuance management information, the second biometric split key, the second SIM split key generated by the authentication code issuing unit, An authentication code including the fourth biometric split key; And a second authentication management unit that transmits the authentication code to the mobile terminal, and a predetermined reading device that reads the authentication code displayed on the mobile terminal. (2) a third receiving unit for receiving the biometric split key, the second SIM split key, and the fourth biometric split key; the second biometric split key of the authentication code; and the user basic information. A third decryption process for generating the first biometric encryption key from the first biometric split key and decrypting the encrypted first biometric information; and a fourth biometric splitting of the authentication code. Generating a second biometric encryption key from the key and the third biometric split key of the authentication code issuance management information, and performing a fourth decryption process for decrypting the encrypted second biometric information; (2) a decryption control unit, and the decrypted first raw Having, personal authentication function comprising a second biometric authentication controller to perform the second biometric matching process for matching with the second biometric information decoded and information.

(2) In the above (1), the mobile terminal can be configured to have a terminal use restriction function using predetermined identification information set by a user.

(3) In the above (1) or (2), the biometric information is a face image of a user, and the mobile terminal includes a camera that captures the face image and a user registration request and an authentication code issuance request. And a control unit that performs each process. At this time, the control unit of the mobile terminal, when performing each process of the user registration request and the authentication code issuance request, determines the presence or absence of an imaging operation to acquire the first biometric information and the second biometric information, When a photographing operation is performed, control can be performed such that the user registration request and the authentication code issuance request to the authentication management system are performed.

(4) In the above (1) to (3), when the collation result of the second biometric authentication processing by the second biometric authentication control unit is OK, the mobile terminal and the reading device issue approval information. It may further include a third authentication management unit for transmitting each of them. At this time, the reading device may be configured to read the approval information transmitted to the mobile terminal and collate the approval information with the approval information received from the authentication management system.

(5) In the above (1) to (4), a transfer control unit that performs transfer processing for transferring the authentication code issued to the first user to the second user can be provided. At this time, the first user and the second user have their own user basic information registered based on the user registration request, and have their own second biometric split key and second SIM split key. Is held in each mobile terminal.

The transfer control unit generates a transfer certificate based on the transfer application information transmitted from the mobile terminal of the first user, and generates a transfer encryption key for encrypting the transfer certificate. A first transfer division key and a second transfer division key, which are obtained by dividing the transfer encryption key, are generated, and the transfer certificate and the first transfer division key are registered as transfer management information, and the second transfer is performed. Transmitting the divided key and the encrypted transfer certificate to the mobile terminal of the first user,
The second biometric information of the same biometric type as the first biometric information, the SIM information, the second biometric split key, and the second SIM split from the mobile terminal of the second user that has received the transfer certificate from the first user Receiving an authentication code receiving application including the key, the second transfer division key, and the encrypted transfer certificate;
The transfer encryption key is generated from the second transfer division key received from the mobile terminal of the second user and the first transfer division key stored in the transfer management information, and received from the mobile terminal. Decrypts the encrypted transfer certificate,
Generating the first biometric encryption key from the second biometric split key received from the second user's mobile terminal and the first biometric split key stored in the user basic information; Decrypts the obtained first biometric information, and obtains the SIM encryption key from the second SIM split key received from the mobile terminal and the first SIM split key stored in the user basic information. And decrypts the encrypted SIM information,
The first biometric matching process for matching the decrypted first biometric information with the second biometric information received by the second receiving unit, the decoded SIM information, and the second biometric information received by the second receiving unit. Performing a SIM collation process for collating with the SIM information, and when the collation results of both the first biometric collation process and the SIM collation process are OK, receiving the authentication code reception application from the second user. Generating a second biometric encryption key for encrypting the second biometric information, and generating a third biometric split key and a fourth biometric split key obtained by dividing the second biometric encryption key;
Registering the second biometric information encrypted with the second biometric encryption key and the third biometric split key in the second user authentication code issuance management information in association with the transfer management information, An authentication code including the second biometric split key, the second SIM split key, and the fourth biometric split key generated by the code issuing unit is transmitted to the mobile terminal of the second user. it can.

(6) In the above (1) to (5), business information including a read permission approval number including the terminal identification information of the reading device is stored, and the authentication code issuance management information includes the read permission approval number. Can be configured. At this time, when the reading device reads the authentication code displayed on the mobile terminal and transmits the authentication code to the third receiving unit, the reading device also transmits its own terminal identification information. Then, the terminal identification information received from the reading device is compared with the business operator information to extract a read permission approval number to be linked, and the extracted read permission approval number and authentication code issue management information of the read authentication code are read. And a business management unit that performs authentication processing of the reading device.

(7) The program of the present invention is executed by a computer that performs authentication management of a user who has a mobile terminal, and causes the computer to realize the following functions.

Generating a first biometric encryption key for encrypting the first biometric information based on the first biometric information of the user acquired by the mobile terminal possessed by the user and a user registration request including the SIM information of the mobile terminal And a first encryption process for generating a first biometric split key and a second biometric split key obtained by dividing the first biometric encryption key, and generating a SIM encryption key for encrypting the SIM information. A first function of performing a second encryption process for generating a first SIM split key and a second SIM split key obtained by splitting the SIM encryption key, and a second function of performing encryption using the first biometric encryption key. A second function of registering first biometric information and the first biometric split key as user basic information, and transmitting the second biometric split key and the second SIM split key to the mobile terminal. User registration function,
Based on an authentication code issuance request including the second biometric information of the same biometric type as the first biometric information acquired by the mobile terminal, the SIM information, the second biometric split key, and the second SIM split key. Generating the first biometric encryption key from the second biometric split key received from the mobile terminal and the first biometric split key stored in the user basic information, and encrypting the first biometric encryption key. A first decryption process for decoding the first biometric information, the second SIM split key received from the mobile terminal, and the first SIM split key stored in the user basic information are used for the SIM. A third function of generating an encryption key and performing a second decryption process for decrypting the encrypted SIM information, and comparing the decrypted first biometric information with the received second biometric information Perform first biometric matching process A fourth function, a fifth function of performing a SIM collation process for collating the decrypted SIM information with the received SIM information, and a collation result of both the first biometric collation process and the SIM collation process is OK. In some cases, a second biometric encryption key for encrypting the received second biometric information is generated, and a third biometric split key and a fourth biometric split key obtained by dividing the second biometric encryption key are generated. And the second biometric information encrypted with the second biometric encryption key and the third biometric split key are registered as authentication code issuance management information, and the second biometric split An authentication code issuing function including: a seventh function of generating an authentication code including a key, a second SIM split key, and the fourth biometric split key and transmitting the authentication code to the mobile terminal;
Based on the second biometric split key, the second SIM split key, and the fourth biometric split key included in the authentication code, received from a predetermined reading device that reads the authentication code displayed on the mobile terminal. Generating the first biometric encryption key from the second biometric split key of the authentication code and the first biometric split key stored in the user basic information; A third decryption process for decoding one biometric information, the fourth biometric split key of the authentication code, and the third biometric split key of the authentication code issuance management information, An eighth function of performing a fourth decryption process to generate and decrypt the encrypted second biometric information, and a second function of collating the decrypted first biometric information with the decrypted second biometric information A ninth function of performing a biometric matching process; Function.

(1) An authentication management system of the present invention is an authentication management system that performs personal authentication management of a user who has a mobile terminal. The system generates a first encryption key, encrypts the first biometric information acquired by the mobile terminal using the first encryption key, and divides the first encryption key into a first divided key. A first encryption control unit for generating a key and a second divided key; registering the first biometric information encrypted with the first encryption key and the first divided key as user basic information; A first authentication management unit that transmits a split key to the mobile terminal; and a second biometric information having the same biometric type as the first biometric information acquired by the mobile terminal when issuing an authentication code, and the second split key. Upon receiving an authentication code issuance request, generating the first encryption key from the second divided key and the first divided key extracted from the user basic information, and encrypting the first biometric key. A first decryption control unit for decrypting information; A first biometric authentication unit for collating the obtained first biometric information with the second biometric information received in the authentication code issuance request, and generating a second encryption key when the collation result is OK, A second encryption control unit that encrypts the second biometric information using a second encryption key, and divides the second encryption key to generate a third split key and a fourth split key; Registering the second biometric information and the third divided key encrypted as described above as authentication code issuance management information, and generating an authentication code including the second divided key and the fourth divided key, An authentication code management unit to be transmitted to the terminal, the fourth divided key included in the authentication code in response to an authentication request from a predetermined reader that has read the authentication code displayed on the mobile terminal, and the authentication code Before being extracted from issue management information The second encryption key is generated from the third divided key, the encrypted second biometric information is decrypted, and the second encrypted key is extracted from the second divided key included in the authentication code and the user basic information. A second decryption control unit that generates the first encryption key from the first divided key to be decrypted and decrypts the encrypted first biometric information; and a second decryption control unit that decrypts the encrypted first biometric information. (1) a second biometric authentication unit that collates the biometric information with the second biometric information; and a second authentication management unit that outputs a verification result of the second biometric authentication unit as a personal authentication result.

  According to the present invention, it is possible to decrypt the registered first biometric information using an encryption key that is separately held between the user's mobile terminal and the system at the time of user registration, and to obtain the first biometric information newly acquired at the time of issuing the authentication code. (2) In both the biometric authentication with the biometric information, the issuance of the authentication code is permitted, and the encryption key for the second biometric information is separately held between the mobile terminal and the system. Then, at the time of personal authentication, a series of decryption results of each encryption key of user registration and authentication code issuance are set, and biometric authentication between biometric information is performed, and personal authentication is performed.

  Then, in the personal authentication process using the authentication code, it is possible to prove that the user is a valid user by the registered biometric authentication based on the result of decryption with the series of separated encryption keys. That is, for authentication from a terminal other than the user or from a different terminal, a pair of divided keys that are separately held is different, and registered biometric information that is the basis of biometric authentication is always different from the user.

  In addition, similar to the biometric information, the SIM information of the mobile terminal is compared with the SIM information in which the decryption result is set, so that the mobile terminal is proved to be a valid owner.

  It is authenticated that they are both the right owner of the mobile terminal and the holder of the right authentication code, so that the whole system configuration and operation can be realized compactly and the authentication code of the service provider etc. The business operator who wants to use the personal identification can easily perform the personal identification by reading the authentication code presented by the user on the mobile terminal without photographing or the like.

FIG. 1 is a network configuration diagram of an authentication management system according to a first embodiment. FIG. 2 is a functional block diagram of the authentication management device and the user terminal according to the first embodiment. FIG. 3 is an explanatory diagram of a user registration function according to the first embodiment. It is a figure showing the processing flow of the user registration processing concerning a 1st embodiment. FIG. 4 is an explanatory diagram of an authentication code issuing function according to the first embodiment. FIG. 6 is a diagram illustrating a processing flow of an authentication code issuance processing according to the first embodiment. FIG. 3 is an explanatory diagram of an authentication function using an authentication code according to the first embodiment. FIG. 4 is an explanatory diagram of a business registration function according to the first embodiment. FIG. 4 is a diagram illustrating a relationship between authentication code issuance management information and read permission management information on the business side according to the first embodiment. FIG. 3 is a diagram illustrating a processing flow of an authentication process using an authentication code according to the first embodiment. FIG. 11 is a diagram illustrating a processing flow of an authentication process following FIG. 10. It is a figure showing the processing flow of authentication code transfer processing concerning a 1st embodiment. FIG. 13 is a view illustrating a processing flow of an authentication code transfer processing following FIG. 12. FIG. 6 is a diagram illustrating an example of transfer management information according to the first embodiment.

  Hereinafter, embodiments will be described with reference to the drawings.

(1st Embodiment)
1 to 14 are diagrams showing a first embodiment. FIG. 1 is a network configuration diagram of the personal authentication management system of the present embodiment. The user terminal 300 can be connected to the authentication management device 100 by wireless communication via an IP (Internet protocol) network or a mobile communication network.

  The schematic configuration of the personal authentication management system will be described with reference to FIG. As shown in FIG. 1, the authentication management device 100 roughly provides two functions: a registration / issuing function and an authentication function. The user is a person who enjoys various services through personal authentication, and has a one-to-one relationship with the user terminal 300. That is, the user terminal 300 associated with one user is one smartphone or the like specified by the SIM information.

  The user registers his / her biometric information in the authentication management device 100 through the user terminal 300 (user registration), and again uses the biometric information corresponding to the registered biometric information as information for issuing an authentication code. Send to device 100. The authentication management device 100 issues an authentication code based on the result of matching the registered biometric information with the biometric information acquired at the time of the authentication code issuance request (authentication code issuing function). The issued authentication code is stored in the user terminal 300, and the service provider uses identity verification (identification) using an authentication code presented by the user via the user terminal 300 in cooperation with the present system. (Authentication function).

  The authentication code issued by the authentication management device 100 is provided to the user terminal 300 in the form of an authentication code such as a two-dimensional barcode such as a QR code (registered trademark) or a one-dimensional code. In the present embodiment, a two-dimensional barcode will be described as an example.

  When the user enjoys the service, the user presents the issued authentication code to the service provider. The service provider reads the authentication code displayed on the user terminal 300 with the authentication code reader 400. The authentication code reader 400 is an optical code reading device or a reading device that reads a code from a captured image, and has a communication function of transmitting the read authentication code to the authentication management device 100. The authentication management device 100 specifies the various information of the target user using the received authentication code and performs the personal authentication process. The authentication result is sent to, for example, the authentication code reader 400, and the service provider provides a service to the user authenticated based on the received authentication result. Note that the authentication code reader 400 may include a display device or may be connected to an individual display device. Further, a control device and a storage device (not shown) can be provided, and information processing and various controls similar to those of the user terminal 300 and other computer devices can be performed.

  In the present embodiment, a user's face (face image) will be described as an example of biometric information. In addition to the face, physical characteristics based on body shapes such as fingerprints, hand veins, and irises, and behavioral characteristics based on behavior characteristics such as voiceprints and handwriting (signatures) are applied as user-specific biometric information. can do.

  FIG. 2 is a functional block diagram of the authentication management device 100 and the user terminal 300. First, the user terminal 300 is a portable mobile terminal (mobile terminal) such as a multifunctional mobile phone such as a smartphone, a PDA (Personal Digital Assistant), and a tablet terminal. The user terminal 300 is an information processing apparatus having a communication function and an arithmetic function, and always includes contract line identification information (for example, a SIM card (Subscriber Identity Module Card)). The user terminal 300 has a communication function of mobile data communication based on a SIM card in a mobile communication network or wireless LAN communication such as Wi-Fi (registered trademark) in an IP network.

  The user terminal 300 according to the present embodiment stores contract line identification information concluded with a predetermined communication carrier based on a SIM card. It is used as information for specifying Note that the SIM card includes identification information such as a telephone number used on the contract line, but the user terminal 300 may or may not have a call function. In other words, a line contract may be made with a communication carrier in a system in which mobile data communication is possible but communication (excluding voice communication based on Voice over Internet Protocol) in a mobile communication network is not possible.

  The user terminal 300 includes a communication control unit 310 and a call control unit 320, and performs communication control and call control via the above-described IP network or mobile communication network. Further, the user terminal 300 includes a main body authentication unit 330 and an authentication control unit 340. The main body authentication unit 330 provides an authentication function for locking / unlocking the user terminal 300 provided in the user terminal 300 in advance. For example, there are a lock function using a password input and a lock function using the above-described biometric information (such as fingerprint authentication and face authentication).

  The main body authentication unit 330 provides a mechanism for restricting only a specific user to use the user terminal 300. A specific user who can be used by the management of the main body authentication unit 330 is transmitted through the authentication control unit 340. The user authentication function of the present system can be used. That is, a user who carries the user terminal 300, which is a portable mobile terminal, and whose use is permitted on the spot by the main body authentication unit 330 is a target user who uses the personal authentication function of the present system.

  The authentication control unit 340 is a client application of the present system, and manages and controls exchanges with the authentication management device 100 and functions and information used in the present system. The storage unit 350 stores various information used in the present system. The SIM information is stored in the SIM information storage unit 351. As described above, the SIM information is stored in the SIM card (IC card). By inserting the SIM card into the user terminal 300, the user terminal 300 and the SIM information are uniquely linked. Note that the storage location of the SIM information may be the storage unit 350, and the SIM information may be read from the inserted SIM card as appropriate and stored in the storage unit 350.

  The display unit 360 and the operation input unit 370 constitute one touch panel type display / operation input unit. The display unit 360 and the operation input unit 370 may have different device configurations.

  The camera 380 is a photographing device including an image sensor such as a CCD or CMOS and a lens, and outputs data photographed by the camera 380 as image data. The microphone is a sound collection device, and converts into a digital signal such as a user's voice (Voice) and outputs voice data. The camera 380 and the microphone 390 can also operate under the control of the authentication control unit 340 that is a client application.

  The authentication management device 100 includes a communication device 110, a control device 120, and a storage device 130. The communication device 110 controls communication with one or a plurality of user terminals 300 and controls communication with the authentication code reader 400 and the service providing related server 500 on the business side.

  The control device 120 includes an authentication management unit 121, a biometric authentication control unit 122, an encryption control unit 123, an authentication code issuing unit 124, and a business management unit 125.

  The authentication management unit 121 controls all functions of the authentication management device 100. The biometric authentication control unit 122 manages the user's own biometric information transmitted from the user terminal 300, and compares the first biometric information registered by the user with the second biometric information submitted by the user at the time of issuing the authentication code. Perform biometric matching processing. As will be described later, the matching process using the biometric information includes a first biometric matching process and a second biometric matching process. The first biometric matching process is performed based on the second biometric information submitted by the user at the time of the authentication code issuance request. This is a biometric matching process with the first biometric information registered as a user. The second biometric matching process performs a biometric matching process between the first biometric information registered as a user and the second biometric information at the time of the authentication code issuance request based on the authentication code when performing the personal authentication process. is there.

  The encryption control unit 123 performs a process of generating an encryption key based on biometric information and a process of dividing and combining an encryption key. The encryption key can be generated, for example, based on an encryption standard such as AES (Advanced Encryption Standard) of a common key encryption method. The encryption key is divided, for example, into a plurality of 128-bit encryption keys in units of fixed length or variable length, and arbitrarily divides the plurality of divided block groups into two groups. The authentication code issuing unit 124 generates an authentication code in a two-dimensional barcode format using the generated encryption key. The company management unit 125 performs registration and use management of a company using the present system.

<User registration>
FIG. 3 is an explanatory diagram of the user registration function of the present embodiment, and FIG. 4 is a diagram illustrating a processing flow of a user registration process. First, at the time of user registration, the user downloads a client application including the authentication control unit 340 from the authentication management device 100 or a predetermined website and installs the client application on the user terminal 300.

  The user starts the installed client application, selects “user registration” as an initial setting, and starts a user registration process (S301). When “user registration” is selected, the authentication control unit 340 performs a process of acquiring information necessary for authentication used in the present system. Note that the authentication control unit 340 can also register user information such as a user's name, age, address, and contact information (e-mail address and telephone number) through a predetermined screen.

  First, the authentication control unit 340 controls the camera 380 to be activated and to acquire a face photograph of the user himself (S302). The user captures his or her face (or his / her upper body) with the camera 380 and generates face image data. At this time, the generated face image data can include creation date and time information. For this reason, when there is a time lag equal to or more than a predetermined threshold between the current time and the creation date and time of the face image data, the authentication control unit 340 performs a check process at the time of user registration with face image data that is not suitable for user registration. It can be determined that there is, and control can be performed to request re-taking. In addition, the user's face in the face image data may be recognized using a predetermined face template, and if the image data does not include a face, control may be similarly performed to request a retake.

  Subsequently, the authentication control unit 340 acquires SIM information (S303) and acquires terminal-specific information (S304). The terminal unique information is device unique information of the user terminal 300, and is a manufacturing serial number or a MAC address. The authentication control unit 340 generates registration request information including face image data, SIM information, and terminal unique information, and transmits the registration request information to the authentication management device 100 (S305).

  Upon receiving the registration request information, the authentication management unit 121 of the authentication management device 100 starts the user registration process. First, the authentication management unit 121 starts the duplication check process with reference to the user basic information stored in the storage device 130 and using the terminal-specific information included in the registration request information as a key (S101). The authentication management unit 121 determines whether or not the same terminal unique information has already been registered (S102), and if it has been registered (YES in S102), performs the re-registration process. The re-registration processing will be described later.

  If the same terminal unique information has not been registered (NO in S102), the authentication management unit 121 performs a process of registering the user basic information. As shown in FIG. 3, the face image data is stored as biometric information (X), and the biometric authentication control unit 122 generates (extracts) face feature data from the face image data. The face feature data includes eye coordinates, binocular coordinates, face center coordinates, face size, face image quality score, nose coordinates, mouth coordinates, face feature amounts, and the like. Existing technology can be applied to the method of generating face feature data.

  As the user basic information, face image data, SIM information and face feature data are registered for each member number. At this time, the face image data and the SIM information are encrypted and registered using a predetermined encryption key. Then, the encryption key used for encryption is also held as user basic information.

  The encryption control unit 123 generates an encryption key A based on face feature data that is biometric information, and encrypts biometric information (X) using the generated encryption key A (S103). For example, of the face feature data, an encryption key is generated using coordinate information including eye coordinates, both eyes coordinates, and center coordinates of the face, or an encryption key A is generated using arbitrary or all face feature data. Or you can. Note that an existing technology can be applied to an algorithm for generating an encryption key used by the encryption control unit 123.

  Here, the encryption control unit 123 performs a key division process of dividing the encryption key A into the encryption key A1 and the encryption key A2 (S104). The encryption key A can be generated by reversibly combining the divided encryption keys A1 and A2. The authentication management unit 121 registers the face image data encrypted with the encryption key A and the divided encryption key A1 in the user basic information (S105).

  In the present embodiment, the encryption key A itself is not stored in the authentication management device 100, and the divided encryption key A1 is registered in the user basic information, and one encryption key A2 is stored on the user terminal 300 side. It is configured as follows.

  Next, the encryption control unit 123 generates an encryption key B based on the biometric information, and encrypts the SIM information using the generated encryption key B (S106). The encryption key B can generate the encryption key B using face image data other than the face feature data used for the encryption key A, for example, a face size.

  The encryption control unit 123 performs a key division process of dividing the encryption key B into the encryption key B1 and the encryption key B2 (S107). The encryption key B can be generated by reversibly combining the divided encryption keys B1 and B2. The authentication management unit 121 registers the SIM information encrypted with the encryption key B and the divided encryption key B1 in the user basic information (S108). Like the encryption key A, the encryption key B itself is not held by the authentication management device 100, and the divided encryption key B1 is registered in the user basic information, and one encryption key B2 is stored on the user terminal 300 side. It is configured to be.

  As shown in FIG. 3, the user basic information includes a member number, which is the identification ID of the user, face image data encrypted with the encryption key A, SIM information encrypted with the encryption key A1, encryption key B, An encryption key B1, a management number, face feature data, and terminal-specific information are registered. Then, the authentication management unit 121 transmits the member number (identification ID), the encryption key A2, and the encryption key B2 to the user terminal 300 as registration management information on the user terminal 300 side (S109), and ends the user registration process. I do. The authentication control unit 340 of the user terminal 300 stores the received registration management information in the storage unit 350 (S306).

  Here, the re-registration processing in the case where the same terminal unique information as the user terminal 300 to be user-registered has already been registered in step S102 will be described. The re-registration process is, for example, a process of newly updating (rewriting) the already registered biometric information and SIM information for the same user terminal 300 (terminal-specific information). That is, steps S103 to S109 in FIG. 4 are executed, but the authentication management unit 121 specifies the user basic information associated with the terminal-specific information from the storage device 130, and leaves the member information as it is in step S305. New encryption keys A and B are generated based on the transmitted biometric information. Then, the user basic information is updated using the biometric information and the SIM information encrypted using the encryption keys A and B and the divided encryption keys A1 and B1, and one of the encryption keys A2 and A1 is updated. B2 is transmitted to the user terminal 300 and reissued.

<Authentication code issuance>
FIG. 5 is an explanatory diagram of the authentication code issuing function, and FIG. 6 is a diagram illustrating a processing flow of the authentication code issuing process. After the user registration is completed, the user can receive an authentication code at an arbitrary timing. First, when "authentication code issuance" is selected from the activated client application, the authentication control unit 340 performs an authentication code issuance request process (S321).

  First, the authentication control unit 340 controls the camera 380 to be activated so that a user's own face photograph at the time of the authentication code issuance request is obtained again (S322). The user photographs his or her face (or upper body) with the camera 380 and generates face image data (biological information (X1)). At this time, a check process such as re-photographing can be performed in the same manner as at the time of user registration.

  Next, the authentication control unit 340 acquires SIM information again (S323), and extracts the encryption keys A2 and B2 acquired at the time of user registration from the storage unit 350 (S324). Then, the authentication control unit 340 generates an authentication code issuance request including the member number, the newly captured face image data (biological information (X1)), the SIM information, and the encryption keys A2 and B2, and transmits the request to the authentication management apparatus 100. (S325).

  Upon receiving the authentication code issuance request, the authentication management unit 121 of the authentication management device 100 starts the authentication code issuance processing. First, the encryption control unit 123 obtains the encryption key A1 with reference to the user basic information stored in the storage device 130, using the received member number as a key, and combines it with the received encryption key A2 to perform encryption. A key A is generated (S121). The encryption control unit 123 uses the generated encryption key A to decrypt the biometric information X that was encrypted with the encryption key A at the time of user registration (S122). Then, the biometric authentication control unit 122 performs a first biometric matching process of comparing the decrypted biometric information X with the biometric information X1 of the authentication code issuance request (S123).

  In the description of FIG. 5 and FIG. 6, unlike the case of user registration, an example in which terminal specific information is not acquired is given as an example, but the present invention is not limited to this. For example, the authentication control unit 340 can generate an authentication code issuance request including terminal-specific information and transmit the request to the authentication management device 100. The authentication management device 100 generates a key including a member number and terminal-specific information. Thus, the user basic information may be referred to. That is, the terminal-specific information can also be collected at the time of issuing the authentication code, and can be used as information for identifying a user whose user has been registered.

  In the first biometric matching process, for example, the face feature data generated in the biometric information X is matched with the biometric information X1, and a matching score for the matching is calculated. If the collation score is equal to or greater than a predetermined threshold, it is determined that they are the same person, and biometric authentication is output as the authentication result.

  Next, the encryption control unit 123 obtains the encryption key B1 with reference to the user basic information stored in the storage device 130, and combines it with the received encryption key B2 to generate the encryption key B (S124). ). Using the generated encryption key B, the encryption control unit 123 decrypts the SIM information at the time of user registration that has been encrypted with the encryption key B (S125). Then, the authentication management unit 121 performs a SIM collation process for collating the decrypted SIM information with the SIM information of the authentication code issuance request (S126). The SIM collation processing is for determining the coincidence between SIM information. When the SIM information matches, the authentication management unit 121 outputs SIM information authentication OK as an authentication result.

  Note that the respective processes related to the first biometric matching process and the SIM matching process can be performed in parallel, and the order of the processes does not matter.

  Next, the authentication management unit 121 determines whether an authentication code can be issued based on the authentication result of the biometric information and the authentication result of the SIM information (S127). When one of the biometric information and the SIM information is authentication NG (NO in S127), the authentication management unit 121 performs an authentication code issue error process. In the error processing, for example, an error message or the like including that the authentication code cannot be issued is transmitted to the user terminal 300.

  On the other hand, when both the biometric information and the SIM information are authentication OK, the authentication management unit 121 generates the authentication code issuance management information using the biometric information X1 received in the authentication code issuance request, and generates the authentication code. To the user terminal 300.

  First, the biometric authentication control unit 122 generates (extracts) face feature data from biometric information X1 that is face image data. The face feature data is the same as the process at the time of user registration described above. The encryption control unit 123 generates an encryption key D based on the biometric information X1, and encrypts the biometric information X1 using the generated encryption key D (S128). For example, the encryption key D can be generated using face image data other than the face feature data used for the encryption keys A and B, for example, eye coordinates, nose coordinates, and mouth coordinates.

  The encryption control unit 123 performs a key division process of dividing the encryption key D into the encryption key D1 and the encryption key D2 (S129). The encryption key D can be generated by reversibly combining the divided encryption keys D1 and D2. The authentication management unit 121 registers the biometric information X1 encrypted with the encryption key D and the divided encryption key D1 in the authentication code issuance management information (S130). Like the encryption keys A and B, the encryption key D itself is not held by the authentication management device 100, and only the divided encryption key D1 is registered in the authentication code issuance management information.

  As shown in FIG. 5, the authentication code issuance management information includes, for each member number, face image data (biological information (X1)) encrypted with an encryption key D, an encryption key D1, a company code, and biometric information (X1). The facial feature data and management number (issue ID) extracted from are registered. Then, the authentication code issuing unit 124 generates an authentication code including the member number, the encryption key A2 and the encryption key B2 received in the authentication code issuance request, and the generated encryption key D2 (S131). The authentication management unit 121 transmits the authentication code to the user terminal 300 (S132). The authentication control unit 340 of the user terminal 300 stores the received authentication code in the storage unit 350 (S326).

<Personal authentication using authentication code>
FIG. 7 is an explanatory diagram of a personal authentication function using an authentication code, and FIG. 8 is an explanatory diagram of a business registration function. FIG. 9 is a diagram showing a relationship between authentication code issuance management information and read permission management information on the business side. FIG. 10 is a view showing a processing flow of the personal authentication processing using the authentication code, and FIG. 11 is a view showing a processing flow following FIG.

  As shown in FIG. 7, a business providing a service or the like to a user reads an authentication code displayed on the user terminal 300 with an authentication code reader (business terminal) 400, and stores the read authentication code in the authentication management device 100. , It is possible to determine whether the user is a valid user who receives the service.

  The authentication code reader 400 only needs to include a communication unit that can read an authentication code in a two-dimensional barcode format and transmits the authentication code to the authentication management device 100. For example, a gate device such as an automatic ticket gate, a boarding gate, an entrance / exit gate at an event site, or a portable information terminal such as a smartphone, like the user terminal 300, may be used. Further, a stationary or handy type code scanner dedicated to reading an authentication code may be used. In this case, the code scanning device and the device that transmits the read authentication code and receives the authentication result may be configured separately, and the two may be connected to be configured as one authentication code reader 400. In the present embodiment, a mobile terminal having the same SIM information (contract line identification information for identifying a terminal) as the user terminal 300 will be described as an example of the authentication code reader 400.

  The company registers the company with the authentication management device 100 in advance. As shown in FIG. 8, the company is a company code, company registration information (company name, company location, representative, person in charge, etc.), store information by member store code, authentication code reader 400 Business information including terminal information in which SIM information for each terminal identification information is linked to a member store code. The terminal identification information (manufacturing serial number, MAC address, etc.) and the SIM information can be appropriately extracted from the authentication code reader 400. Therefore, the business operator registers the plurality of authentication code readers 400 linked to the business code. The authentication code reader 400 can be managed for each member store code, that is, for each store.

  In addition, although the aspect including the store information table including the member store code is described as an example, it is sufficient that the business operator can recognize the plurality of authentication code readers 400. In other words, from the viewpoint of security, for example, the headquarters allows member stores to use only at specific dates and times, and manages so that the use can be restricted by specifying the date and time for each member store or each terminal. be able to.

  The business operator can transmit the business information created by connecting to the authentication management apparatus 100 from the business management terminal, for example. At this time, the business information encrypted with the encryption key C prepared in advance on the business information side is transmitted to the authentication management device 100. This encryption key C is stored in each authentication code reader 400 in advance. Therefore, the authentication code reader 400 stores the terminal identification information, the SIM information, and the encryption key C, and is used at the time of the personal authentication request.

  Further, as shown in FIG. 9, the authentication code issuance management information may be configured to include a read permission approval number associated with the business information. The read permission approval number is managed on the authentication management device 100 side as a read permission management information table associated with a business code, a store code, and terminal identification information. For each issued authentication code, the read permission approval number and the authentication code reader 400 on the business side are associated with each other. Therefore, this authentication code reader 400 reads the authentication code and is not a permission such as OK. The authentication code reader 400 can give permission (restriction) such as reading OK. Using the read permission management information table, the read management of the authentication code reader 400 can be performed for each authentication code, and the management of the authentication code reader 400 at the actual operation site is collectively performed on the authentication management device 100 side. It can be easily and finely controlled. The read permission approval number can be recorded (registered) in the authentication code issuance management information at the time of issuing the authentication code or after issuing the authentication code.

  The authentication management device 100 receives the company information encrypted with the encryption key C and stores the information in the storage device 130. The company code may be assigned on the authentication management device 100 side.

  The personal authentication process will be described with reference to FIGS. First, at the user terminal 300, the user releases the use restriction lock of the user terminal 300 itself. That is, the user terminal 300 performs a terminal use authentication process (such as fingerprint authentication) by the main body authentication unit 330 (S341), and if the terminal use authentication is OK, releases the use restriction lock (YES in S342).

  The user starts the client application (authentication control unit 340) on the user terminal 300 and selects “display authentication code”. The authentication control unit 340 reads the issued authentication code from the storage unit 350 and displays it on the display unit 360 (S343).

  The authentication code reader 400 reads the authentication code displayed on the user terminal 300 (S401). For example, when the user holds the user terminal 300 over the authentication code reader 400 or the operator holds the authentication code reader 400 over the user terminal 300, the authentication code reader 400 can read the authentication code. it can.

  The authentication code reader 400 extracts an encryption key C, terminal identification information, and its own SIM information stored in advance in cooperation with the authentication code reading process (S402). The authentication code reader 400 transmits the extracted encryption key C, the operator identification information including the terminal identification information and the SIM information, and the read authentication code to the authentication management device 100 (S403).

  Upon receiving the business identification information and the authentication code from the authentication code reader 400, the authentication management device 100 performs personal authentication processing based on the authentication code and business authentication processing based on the business identification information. Each of these authentication processes may be performed in parallel, or may be performed in series in a predetermined order.

  First, the encryption control unit 123 obtains the encryption key A1 with reference to the user basic information using the member number included in the authentication code as a key, and combines it with the received encryption key A2 to generate the encryption key A. (S141). The encryption control unit 123 uses the generated encryption key A to decrypt the biometric information X that was encrypted with the encryption key A at the time of user registration (S142).

  Next, the encryption control unit 123 obtains the encryption key D1 with reference to the authentication code issuance management information using the member number included in the authentication code as a key, and combines the encryption key D1 with the received encryption key D2 to obtain the encryption key D. It is generated (S143). The encryption control unit 123 uses the generated encryption key D to decrypt the biometric information X1 encrypted with the encryption key D at the time of issuing the authentication code (S144).

  Note that, similarly to the authentication at the time of issuing the authentication code, the authentication management apparatus 100 may be configured to refer to each piece of information with the key in which the member number and the terminal unique information are set in steps S141 and S143. . In this case, the terminal unique information can be configured to be registered in the authentication code issuance management information, and the authentication code can be generated so that the terminal unique information is included in the authentication code. For example, in the example of FIG. 5, it is possible to configure so that “terminal-specific information” is included in the authentication code.

  Then, the biometric authentication control unit 122 collates the decrypted biometric information X with the biometric information X1 (second biometric matching process) (S145). If, for example, the collation score is equal to or greater than a predetermined threshold, the biometric authentication control unit 122 determines that the persons are the same person, and outputs biometric authentication OK as an authentication result.

  If the biometric authentication is OK, the encryption control unit 123 decrypts the encrypted company information using the encryption key C (S147). The authentication management unit 121 specifies the SIM information in the decrypted business information using the terminal identification information (S148). The authentication management unit 121 collates the specified SIM information with the SIM information received from the authentication code reader 400 (S149). When the SIM information matches as a result of the matching (YES in S150), the authentication management unit 121 outputs SIM information authentication OK as the authentication result.

  When the personal authentication using the authentication code and the business operator authentication processing using the SIM information of the authentication code reader 400 are passed, the authentication management device 100 notifies the user that the authentication result using the issued authentication code is OK. Is transmitted to the authentication code reader 400, and the authentication code reader 400 performs a process related to the authentication result OK (for example, displays an authentication OK message or the like), and ends the process (S409 in FIG. 11).

  On the other hand, as shown in FIG. 11, after the authentication result based on the issued authentication code is OK, the authentication management unit 121 can issue an approval number (S151). At this time, the approval number provided to the user terminal 300 is converted into a code format such as a two-dimensional barcode (S152) and transmitted to the user terminal 300 as an approval code (S153). The generation process of the approval code can be performed by the authentication code issuing unit 124. The authentication management unit 121 also transmits the issued approval number to the authentication code reader 400 on the business side (S154).

  Then, the authentication control unit 340 of the user terminal 300 controls the received approval code to be displayed on the display unit 360 (S345), and the authentication code reader 400 reads the approval code displayed on the display unit 360 (S345). S405). The approval number of the approval code read from the user terminal 300 is compared with the approval number received from the authentication management device 100 (S406). If the result of the verification of the approval number is that the verification is OK (NO in S407), the authentication code reader 400 determines that the authentication is final authentication OK, and performs a predetermined process of notifying the authentication OK using the authentication code (not successful). An action of displaying a message on the display unit or lighting a lamp or the like in blue is performed (S409).

  On the other hand, in the case of verification NG in step S407, the authentication code reader 400 transmits a verification error notification of the approval number to the authentication management device 100, and performs a predetermined processing (not shown) indicating that the authentication is NG using the authentication code. (S 408), a message is displayed on the display unit, or a lamp or the like is turned on in red.

  The approval number is a one-time password such as a one-time password. For example, in the authentication code reader 400, an approval number collating function is provided, and the received approval number and the approval number read from the user terminal 300 are used. Can be performed. In addition, a time limit may be provided, and if a predetermined time has elapsed after the reception in step S406, it may be possible to perform processing as an approval number collation error (YES in S407).

  Further, the collation result using the approval number may be transmitted to the authentication management device 100. At this time, the authentication management device 100 uses the SMS to notify the user terminal 300 that the authentication processing has been completed normally based on the notification received from the authentication code reader 400 having the read authority of the authorized business operator. You can be notified by message. If the authentication result using the approval number is an error (S408), the authentication management apparatus 100 sends a message to the user terminal 300 that the authentication processing was not performed normally by SMS. You may.

<Transfer of authentication code>
FIG. 12 is a diagram illustrating a processing flow of an authentication code transfer process, and FIG. 13 is a diagram illustrating a processing flow of an authentication code transfer process subsequent to FIG. FIG. 14 is a diagram illustrating an example of the transfer management information. The authentication code transfer process is a function of controlling an issued authentication code to be transferable to a third party. It should be noted that the number of times of transfer of the authentication code can be determined in advance, and control can be performed so as to prohibit more than a predetermined number of transfers.

  As shown in FIG. 12, "authentication code transfer" can be selected from the client application, and the user selects an issued authentication code to be transferred (S361). The authentication control unit 340 transmits the transfer application information including the issue ID (management number) of the selected authentication code to the authentication management device 100 (S362). The transfer application information includes the user's member number and the ID of the authentication code to be transferred.

  Upon receiving the transfer application information (YES in S171), the authentication management unit 121 of the authentication management device 100 first refers to the transfer management information associated with the authentication code issuance management information using the received issuance ID, and sets the transfer permission. It is determined whether or not the condition is satisfied (S171). The transfer permission condition includes whether the transfer has been completed, whether the number of transfers does not exceed the number of transfers, or whether the transfer is set to be transferable in the transfer permission setting, and the like. The transfer permission condition is determined with reference to the management information.

  FIG. 14 is an example of the transfer management information, and the transfer management information can be configured as a part of the authentication code issuance management information, for example. The transfer management information includes items such as a transfer certificate, a transfer certificate division key, an encrypted transfer certificate, transferability, transferability count, transfer count, transferor member number, transferee member number, and transfer flag. Can be included.

  If the transfer has never been made, the transfer certificate, transfer certificate division key, encrypted transfer certificate, transferor member number, transferee member number are blank, the transfer count is “0”, The transfer flag is set to “0 (unassigned)” by default, and whether or not transfer is possible and the number of times transfer is possible can be set for each authentication code (issue ID), and these are set in advance by the business operator And can be set by the assignor. The transfer permission / prohibition is flag information. For example, by setting the transfer permission / prohibition “0”, it is possible to perform management in which the transfer itself is prohibited from the beginning. Further, for example, when “0” is set to the number of times of transfer, the number of times of transfer can be set to be allowed without limitation.

  When the transfer code is transferred from the transferor to the transferee, the transferability information, the transferable number, and the transfer count of the transfer management information are transferred to the transferee's transfer management information, and are transferred in the transferee's transfer management information. A certificate, a transfer certificate division key, an encrypted transfer certificate, and a transferor membership number are registered. As the number of times of transfer, the number of times of transfer + 1 taken over from the transferor is registered. On the other hand, in the transfer management information of the transferor, the transferee member number is registered, and the transfer flag is updated from “0” to “1 (transferred)”.

  Since the transferor member number and the transferee member number are linked and the transferability, including the transfer count, and the transferable count are transferred to the transferee, the transfer history can be easily managed between the users who transfer in this way. Yes, and can be tracked.

  If the transfer permission condition is not satisfied as a result of the transfer permission condition determination processing in step S171, the authentication management unit 121 notifies the user terminal 300 of a message indicating that the authentication code cannot be transferred as transfer error processing, for example, It can be processed so as not to accept the transfer application.

  On the other hand, if it is determined in step S171 that the transfer permission condition is satisfied as a result of the transfer permission condition determination process, the process proceeds to step S172, and thereafter, a transfer certificate issuance process is performed. First, the encryption control unit 123 generates a transfer certificate based on the received transfer application information, generates an encryption key α, and encrypts the transfer certificate with the encryption key α (S172). The encryption key α is an arbitrary encryption key, and the above-described key generation processing can be performed using, for example, the member number of the user who has requested transfer and the ID of the authentication code to be transferred.

  Next, the encryption control unit 123 performs a key division process of dividing the encryption key α into the encryption key α1 and the encryption key α2 (S173). The encryption key α can be generated by reversibly combining the divided encryption keys α1 and α2. The authentication management unit 121 temporarily registers the transfer certificate (unencrypted) and the divided encryption key α1 for each transfer management ID (S174). Like the encryption keys A, B, and D, the encryption key α itself is not held by the authentication management device 100, and only the divided encryption key α1 is held. The authentication management unit 121 issues the transfer management ID, the encryption key α2, and the encrypted transfer certificate, and transmits them to the user terminal 300 (transferor) who has requested transfer (S175).

  The user who has made the transfer application transmits the received transfer management ID, the encryption key α2, and the encrypted transfer certificate to the transferee's user terminal 300 (S363). The transmission means includes e-mail and short message service (SMS). When using the transfer function provided by the present system, it is assumed that the transferee has installed the client application of the present system and registered the user shown in FIG. 4 (S3001).

  The transferee activates the client application on the user terminal 300, and when “transfer (present) reissue” is selected, the authentication control unit 340 performs a process similar to the authentication code issuance process illustrated in FIG. , Together with the transfer management ID, the encryption key α2, and the encrypted transfer certificate.

  As shown in FIG. 12, the authentication control unit 340 activates the camera 380, controls the camera 380 to newly acquire a face photograph of the transferee, and obtains captured face image data (biological information (X1)) and SIM information. Then, the encryption keys A2 and B2 are extracted from the storage unit 350 (S3002). In addition, the stored encryption key α2 for each transfer management ID and the encrypted transfer certificate are also extracted (S3003). The authentication control unit 340 applies for an authentication code reception application including a member number, face image data (biological information (X1)), SIM information, encryption keys A2 and B2, a transfer management ID, an encryption key α2, and an encrypted transfer certificate. Is generated and transmitted to the authentication management device 100 (S3004).

  Upon receiving the application for receiving the authentication code, the authentication management unit 121 of the authentication management device 100 starts the process of reissuing the authentication code by transfer. First, the encryption control unit 123 uses the received transfer management ID as a key to select the relevant encryption key α1 from the transfer management ID-specific encryption key α1 and transfer certificate temporarily registered in the predetermined storage area. The encryption key α is generated by combining the acquired encryption key α2. The encryption control unit 123 decrypts the received encrypted transfer certificate using the generated encryption key α (S176).

  The authentication management unit 121 collates the decrypted transfer certificate with the provisionally registered transfer certificate (stored transfer certificate) on the authentication management device 100 side (S177). If the decrypted transfer certificate does not match the stored transfer certificate, transfer error processing is performed as in step S171.

  On the other hand, if it is determined in step S177 that the decrypted transfer certificate matches the stored transfer certificate, the encryption control unit 123 sets the storage device 130 The encryption key A1 of the transferee is acquired by referring to the user basic information stored in the storage device, and is combined with the received encryption key A2 to generate the encryption key A. Using the generated encryption key A, the encryption control unit 123 decrypts the biometric information X encrypted with the encryption key A at the time of user registration. Then, the biometric authentication control unit 122 performs a first biometric matching process of comparing the decrypted biometric information X with the biometric information X1 of the application for receiving the authentication code (S178). If the matching score is equal to or greater than the predetermined threshold, the biometric authentication control unit 122 determines that the persons are the same person, and outputs biometric authentication OK as an authentication result.

  Further, the encryption control unit 123 obtains the encryption key B1 with reference to the user basic information stored in the storage device 130, and combines it with the received encryption key B2 to generate the encryption key B. Using the generated encryption key B, the encryption control unit 123 decrypts the SIM information at the time of user registration that has been encrypted with the encryption key B. Then, the authentication management unit 121 performs a SIM collation process of collating the decrypted SIM information with the SIM information of the authentication code reception application (S179). If they match, the authentication management unit 121 outputs SIM information authentication OK as the authentication result.

  The authentication management unit 121 determines whether or not the authentication code can be reissued due to the transfer based on the authentication result of the biometric information and the authentication result of the SIM information (S180). When one of the biometric information and the SIM information is authentication NG (NO in S180), the authentication management unit 121 performs an authentication code reissue error process by transfer, as in the example of FIG.

  On the other hand, when both the biometric information and the SIM information indicate that the authentication is OK, the authentication management unit 121 performs a transfer approval permission / inhibition confirmation process on the transferor. For example, the authentication management unit 121 transmits a transfer approval approval / disapproval confirmation message to the transferor's user terminal 300, and receives a notification of approval OK or approval NG from the user terminal 300 (S181, S364).

  The authentication management unit 121 determines whether or not the approval is permitted in the transfer approval / disapproval confirmation processing (S181). In the case of approval NG, error processing similar to NO in step S180 is performed. If the approval is OK, the process proceeds to step S183.

  In step S183, an authentication code issuance process by transfer is performed using the transferee's biometric information X1 and SIM information. This issuance process is the same as steps S128 to S131 in FIG. Then, in step S184, the authentication management unit 121 generates (updates) transfer management information. Specifically, as described in the example of FIG. 14, the authentication code issuance management information is newly generated for the transferee and the transfer management information is updated. That is, from the transfer management information of the relevant authentication code issuance management information of the transferor, the transfer permission / inhibition, the transferable number, and the transfer number are extracted and inserted into the transferee's transfer management information, and the transfer number is extracted. The value of the number of transfers +1 is inserted. Also, the transferor's member number is inserted in the item of the transferor's member number, and the transfer flag is set to “0 (unassigned)”.

  Further, the transfer management information is updated to the transferor. The transfer certificate, the encryption key α1, and the encrypted transfer certificate used for the transfer are registered as the transfer management information of the transferor, and the member number of the transferee is registered. Then, the transfer flag is updated to “1 (transferred)”.

  The authentication management unit 121 transmits the issued transfer authentication code to the transferee's user terminal 300 (S185). Thereafter, the transferee can receive the personal authentication shown in FIGS. 10 and 11 using the transfer authentication code.

<Use Case 1>
A local government service to which the above-described authentication management system of the present embodiment is applied will be described as an example. The user (user) installs a client application to use the present system, and proceeds with the premise that the user registration shown in FIG. 4 has been completed in advance.

  The user performs an operation of selecting a service at a predetermined local government service terminal. The local government service terminal displays a two-dimensional barcode (service identification information including a service identification number, a reception number, and a terminal identification number of the local government service terminal) corresponding to the selected service. The user completes the reception of the service by reading the two-dimensional barcode displayed on the local government service terminal with the user terminal 300.

  Next, the user operates the user terminal 300 to transmit the read service reception information, the encryption key A2, the encryption key B2, the SIM information, the member number, and the terminal unique information of the user terminal 300 to the authentication management device 100. The authentication management device 100 acquires the encryption key B1 of the corresponding user by referring to the user basic information based on the received member number, and generates the encryption key B using the encryption key B1 and the encryption key B2. , And decrypts the stored SIM information. Then, the decrypted SIM information is compared with the notified SIM information. Further, the authentication management device 100 collates the terminal unique information of the user basic information with the notified terminal unique information.

  As a result of the collation of the SIM information and the collation of the terminal-specific information, if both are OK, it is guaranteed that the user terminal 300 is a user terminal registered as a user. Then, the guaranteed user terminal 300 and the service reception information are linked.

  Next, in the above-mentioned guaranteed user terminal 300 (including a valid business operator), it is proved that the holder of the guaranteed user terminal 300 is a legitimate holder.

  First, the authentication management device 100 sends an SMS notification to the user terminal 300 using the decrypted SIM information. The SMS notification is a trigger for starting the client application. Upon receiving the SMS notification, the user terminal 300 (authentication control unit 340) activates the camera 380 to photograph the user's face image and performs login authentication as described above. If the login authentication is OK, the user terminal 300 transmits the encryption key A2, the encryption key B2, the SIM information, the face image data (biological information) photographed at the time of login, the member number, and the terminal unique information to the authentication management device 100. .

  The authentication management device 100 acquires the encryption key B1 of the corresponding user by referring to the user basic information based on the received member number, generates the encryption key B using the encryption key B1 and the encryption key B2, The SIM information that has been encrypted and stored is decrypted. Then, the decrypted SIM information is compared with the notified SIM information. Further, the authentication management device 100 collates the terminal unique information of the user basic information with the notified terminal unique information. Further, the encryption key A1 of the user is acquired from the basic user information, the encryption key A is generated using the encryption key A1 and the encryption key A2, and the encrypted and stored biometric information is decrypted. Then, the decrypted biometric information is compared with the notified biometric information. If all of the results of the SIM information collation, the terminal unique information collation, and the biometric information collation are OK, it is guaranteed as a valid holder of the guaranteed user terminal 300 (owner of the guaranteed user terminal 300). Is a legitimate holder).

  Another embodiment will be described. First, a user starts a client application on the user terminal 300 and displays an authentication code. At this time, the client application can perform login authentication using biometric information at the time of startup. For example, a face image of the user himself is captured and held in advance, and the camera 380 is activated and captured at startup login. Authentication processing can be performed on the user terminal 300 side by collating the face images. The following description will be made on the assumption that the authentication code of the two-dimensional barcode has been obtained in advance.

  After selecting a service at the local government service terminal, the user causes the local government service terminal to read the authentication code displayed on the user terminal 300. The local government service terminal reads the user's two-dimensional barcode (encryption key A2, encryption key B2, encryption key D2, SIM information, member number, terminal specific information) and information (encryption key) for identifying the local government service terminal. C, and transmits the SIM information of the local government service terminal and the service reception number (including a service identification number, a reception number, and an identification number of the local government service terminal) to the authentication management device 100.

  The authentication management device 100 decrypts the company information (company code, store code, SIM information of the local government service terminal, terminal identification number of the local government service terminal) encrypted using the encryption key C, and decrypts the decrypted business information. The local government (business code) is specified based on the terminal identification number of the local government service terminal from the business information. Then, the authentication management device 100 collates the SIM code of the local government service terminal with the notified SIM information of the local government service terminal and the SIM information of the decrypted local government service terminal. By collating the SIM information of the local government service terminal, it is determined that the local government (business) uses the system properly.

  Subsequently, it is verified that the member information is a registered member. The user obtains the encryption key B1 of the corresponding user by referring to the user basic information based on the received membership number, generates the encryption key B using the encryption key B1 and the encryption key B2, and stores the encrypted key B. Decrypts the existing SIM information. Then, the decrypted SIM information is compared with the notified SIM information. Further, the authentication management device 100 collates the terminal unique information of the user basic information with the notified terminal unique information. As a result of the collation of the SIM information and the collation of the terminal-specific information, if both are OK, it is guaranteed that the user terminal 300 is a user terminal registered as a user. Then, the guaranteed user terminal 300 and the service reception information are linked.

  Then, it is proved that the holder of the guaranteed user terminal 300 is a legitimate holder in the other aspect.

  The encryption key A1 of the user is acquired from the basic user information, the encryption key A is generated using the encryption key A1 and the encryption key A2, and the stored biometric information X is decrypted. Further, the encryption key D1 of the user is obtained from the authentication code management information, the encryption key D is generated using the encryption key D1 and the encryption key D2, the decrypted biometric information X1 is decrypted, and the biometric information X and the It is compared with the information X1. If the comparison result between the biometric information X and the biometric information X1 is OK, the user is guaranteed as a valid holder of the guaranteed user terminal 300 (the holder of the guaranteed user terminal 300 is a valid holder).

  After such a guaranteed user terminal 300 and a legitimate holder of the terminal are guaranteed by the present system, a member of the present system notifies the local government that it has applied for the local government service. That is, the authentication management apparatus 100 determines which terminal (SIM information of the local government service terminal) and which service (terminal) the guaranteed user terminal 300 (or the holder of the guaranteed user terminal 300 is a valid holder). It notifies (transmits) the application number to the identification number and the number for identifying the service) with a reception number.

<Use Case 2>
User case 2 is an example in which the present system is applied to an electronic ticket. First, a description will be given assuming that a user has registered as a user and has been given a member number from the present system. The user accesses a predetermined ticket purchase site and performs a ticket reservation / purchase procedure through a predetermined screen. At this time, the user also inputs the membership number of the present system and notifies the business operator. On the business side, the management number for managing the user on the business side and the member number are linked and stored in the database, and the ticket purchase history is associated using the management number.

  After completing the user's ticket purchase procedure, the business operator accesses the present system and issues a ticket issuance request (authentication code issuance request) to the present system using the member number of the target user as a key. The authentication management device 100 generates a record in which a management number and a read permission approval number are added to the authentication code management information of the target user. In response to the ticketing request, the authentication management device 100 notifies the user terminal 300 of a message prompting ticketing (issuing an authentication code) to the user terminal 300 by e-mail or the like based on the user information of the target user. Thereafter, the user receives the authentication code according to the authentication code issuance processing described in FIG. This authentication code becomes an electronic ticket.

  The business operator reads the electronic ticket (authentication code) displayed on the user terminal 300 with the authentication code reader 400, and outputs the user's authentication code (encryption key A2, encryption key B2, encryption key D2, member number) and the authentication code. The information for identifying the reader 400 (the encryption key C, the SIM information of the authentication code reader 400, and the terminal identification information of the authentication code reader 400) is transmitted to the authentication management device 100.

  The authentication management device 100 performs a collation process for proving that the authentication code possessed by the user has been issued properly. The encryption key D1 is extracted from the user basic information based on the member number, and is integrated with the received encryption key D2 to generate an encryption key D, and the encrypted biometric information X1 of the authentication code management information is decrypted. On the other hand, an encryption key A1 is extracted from the user basic information based on the member number and integrated with the received encryption key A2 to generate an encryption key A, and the encrypted biometric information X of the user basic information is decrypted. I do. The decrypted biometric information X1 and the biometric information X are collated, and if the collation result is OK, it is determined that the authentication code is a legally issued authentication code.

  Subsequently, the authentication code reader 400 on the business side is authenticated. The company information (company code, store code, SIM information) encrypted with the encryption key C as described above is decrypted, and the decrypted SIM information is compared with the notified SIM information. If the collation result is OK, it is determined as a legitimate business.

  Then, assuming that the authentication code is a certified authentication code and a legitimate business entity, the authorized business person refers to the read permission approval number stored in the authentication code management information B, and has the right to read the certified authentication code. Confirm that there is (higher code priority: business code → store code → terminal identification information). The authentication management device 100 notifies the authentication code reader 400 having read authority of the authorized business operator that the target user has a certified authentication code.

  As described above, the authentication code displayed on the user terminal 300 is read by the business operator, decrypted and collated by the present system, and this procedure is the existence confirmation of the ticket (authentication code) itself.

  It is also possible to introduce a mechanism in which the issued ticket cannot be used as it is, and to take measures to prove that the owner of the ticket is himself. For example, the user activates (validates) a purchased ticket, and the operator sets a time when the ticket can be validated. For example, the user can set 3 hours before entering the venue on the day of entry, wait for the activation time set by the business operator, and perform the activation processing of the purchased ticket.

  Also in this activation method, the mechanism of the present system can be used, and whether or not the user has the activation authority is authenticated by using the user-registered biometric information. Note that the validity period can be set in units of hours and minutes. If the validity period has expired, the validity must be re-activated. Further, processing such as invalidating revalidation of a ticket whose reading has been completed can be appropriately set and controlled by the business operator. By the activation method, it is possible to confirm that the ticket holder is the person himself.

  If necessary, the business prepares a computer, etc., reads the user's authentication code on the business, and displays the biometric information (face authentication information) of the user managed by this system on the computer, etc. of the business. It is also possible to apply a mechanism in which a dedicated camera is installed to perform a visual check, and a biometric information managed by the present system and a face authentication is performed on the spot.

  The authentication management system according to the embodiment has been described above. As shown in FIG. 1, the present system can cooperate with a service provision related server 500 (for example, a website on the business side). It can be applied internally or externally to the sales structure. In this case, the service providing-related server 500 may receive the issued authentication code, and may transmit the authentication code to the user terminal 300 as an electronic ticket. Further, the personal authentication result using the authentication code is received from the authentication management device 100, and the personal authentication result, that is, the service authentication, is transmitted from the service providing related server 500 to the authentication code reader 400 instead of directly from the authentication management device 100. You may comprise so that a result may be notified.

  In the authentication code issuance process, the authentication control unit 340 of the user terminal 300 can control the photographing of the photograph of the user's face as essential. That is, the authentication control unit 340 can perform control so that an authentication code issuance request is not performed unless the photographing operation in step S322 in FIG. 6 is performed. With such a configuration, for example, it is possible to take measures to prevent diversion of, for example, a face photograph of a person other than the user or a photographed face.

  Further, in the above description, as an example of a method of generating each of the encryption keys A, B, and D, a mode using biometric information such as user's face feature data is described. However, the present invention is not limited to this. For example, without using biometric information, an encryption key can be generated using a random number generated by a cryptographically secure pseudo random number generator (CSPRNG). Alternatively, the encryption key may be generated by combining biometric information and a random number generated by a random number generator such as CSPRNG. That is, each of the encryption keys A, B, and D can be generated in any one of three patterns of biometric information, a random number generated by a random number generator, or a combination thereof. Further, in generating the encryption keys A, B, and D, each of the encryption keys may be generated by using the same pattern among the patterns, or a different pattern generation method may be applied to each of the encryption keys. .

  Further, the authentication management apparatus 100 has a hardware configuration other than those described above, including a memory (main storage device), an operation input unit such as a mouse, a keyboard, a touch panel, and a scanner, an output unit such as a printer, and an auxiliary storage device (such as a hard disk) Etc. can be provided.

  Further, each function of the present invention can be realized by a program, a computer program prepared in advance to realize each function is stored in the auxiliary storage device, and a control unit such as a CPU is stored in the auxiliary storage device. The program is read into the main storage device, and the control unit executes the program read into the main storage device, so that the computer can operate the functions of the respective units of the present invention. On the other hand, each function of the present invention can be configured by an individual control device, and a plurality of control devices can be connected directly or via a network to configure the present system (this device).

  Further, the program can be provided to a computer in a state recorded on a computer-readable recording medium. Computer-readable recording media include optical disks such as CD-ROMs, phase-change optical disks such as DVD-ROMs, magneto-optical disks such as MO (Magnet Optical) and MD (Mini Disk), floppy (registered trademark) disks, and the like. Examples include a magnetic disk such as a removable hard disk, a compact flash (registered trademark), a smart media, an SD memory card, and a memory card such as a memory stick. Further, a hardware device such as an integrated circuit (such as an IC chip) specially designed and configured for the purpose of the present invention is also included as a recording medium.

Reference Signs List 100 authentication management device 110 communication device 120 control device 121 authentication management unit 122 biometric authentication control unit 123 encryption control unit 124 authentication code issuing unit 125 business management unit 300 user terminal 310 communication control unit 320 call control unit 330 main body authentication unit 340 Authentication control unit 350 Storage unit 351 SIM information storage unit 360 Display unit 370 Operation input unit 380 Camera 390 Microphone 400 Authentication code reader 500 Service providing related server

Claims (8)

A first receiving unit that receives a user registration request including first biometric information of a user acquired by a mobile terminal owned by the user and SIM information of the mobile terminal;
A first cipher for generating a first biometric encryption key for encrypting the first biometric information and generating a first biometric split key and a second biometric split key obtained by dividing the first biometric encryption key. Performing a process and a second encryption process for generating a SIM encryption key for encrypting the SIM information and generating a first SIM split key and a second SIM split key obtained by dividing the SIM encryption key. A first encryption control unit;
The first biometric information encrypted with the first biometric encryption key and the first biometric split key are registered as user basic information, and the second biometric split key and the second SIM split key are registered as A first authentication management unit for transmitting to the mobile terminal;
Issuing an authentication code from the mobile terminal, the second biometric information having the same biometric type as the first biometric information and the SIM information, the second biometric split key, and the second SIM split key acquired by the mobile terminal. A second receiver for receiving the request;
The first biometric encryption key is generated from the second biometric split key received from the mobile terminal and the first biometric split key stored in the user basic information, and the encrypted biometric key is generated. A first decryption process for decoding the first biometric information; the second SIM split key received from the mobile terminal; and the first SIM split key stored in the user basic information, and the SIM encryption. A first decryption control unit that performs a second decryption process of generating a key and decrypting the encrypted SIM information;
A first biometric authentication control unit that performs a first biometric matching process of matching the decrypted first biometric information with the second biometric information received by the second receiving unit;
A terminal authentication unit that performs a SIM collation process of collating the decrypted SIM information with the SIM information received by the second reception unit;
If both the first biometric matching process and the SIM matching process are OK, generate a second biometric encryption key for encrypting the second biometric information received by the second receiving unit; A second encryption control unit that generates a third biometric split key and a fourth biometric split key obtained by dividing the second biometric encryption key;
The second biometric information encrypted with the second biometric encryption key and the third biometric split key are registered as authentication code issuance management information, and the second biometric split generated by the authentication code issuing unit is registered. A second authentication management unit for transmitting an authentication code including a key, a second SIM split key, and the fourth biometric split key to the mobile terminal;
A third receiving the second biometric split key, the second SIM split key, and the fourth biometric split key included in the authentication code from a predetermined reading device that reads the authentication code displayed on the mobile terminal. A receiving unit,
The first biometric encryption key is generated from the second biometric split key of the authentication code and the first biometric split key stored in the user basic information, and the encrypted first biometric key is generated. A third decryption process for decrypting biometric information; generating the second biometric encryption key from the fourth biometric split key of the authentication code and the third biometric split key of the authentication code issuance management information A second decryption control unit that performs a fourth decryption process for decrypting the encrypted second biometric information;
A second biometric authentication control unit that performs a second biometric matching process of comparing the decrypted first biometric information with the decrypted second biometric information;
An authentication management system comprising:   The authentication management system according to claim 1, wherein the mobile terminal has a terminal use restriction function using predetermined identification information set by a user. The biological information is a face image of a user,
The mobile terminal has a camera that captures the face image, and a control unit that performs each process of the user registration request and the authentication code issuance request,
When performing each of the user registration request and the authentication code issuance request, the control unit determines whether or not there is a photographing operation for acquiring the first biometric information and the second biometric information, and there is a photographing operation. 3. The authentication management system according to claim 1, wherein in such a case, control is performed so as to make the user registration request and the authentication code issuance request to the authentication management system. 4. A third authentication management unit that issues approval information and transmits the approval information to each of the mobile terminal and the reading device when the collation result of the second biometric authentication processing by the second biometric authentication control unit is OK; ,
The authentication management according to any one of claims 1 to 3, wherein the reading device reads the approval information transmitted to the mobile terminal, and checks the authentication information with approval information received from the authentication management system. system. A transfer control unit that performs transfer processing for transferring the authentication code issued to the first user to the second user;
The first user and the second user have their own user basic information registered based on the user registration request, and have their own second biometric split key and second SIM split key registered in each mobile phone. Held in the terminal,
The transfer control unit includes:
A transfer certificate is generated based on the transfer application information transmitted from the mobile terminal of the first user, a transfer encryption key for encrypting the transfer certificate is generated, and the transfer encryption key is divided. A first transfer division key and a second transfer division key are generated, and the transfer certificate and the first transfer division key are registered as transfer management information, and the second transfer division key and the encryption are registered. Sending the transferred certificate to the mobile terminal of the first user,
The second biometric information having the same biometric type as the first biometric information, the SIM information, and the second biometric information from the mobile terminal of the second user that has received the second transfer division key and the encrypted transfer certificate from the first user. Receiving an authentication code receiving application including the second split key for living body, the second split key for SIM, the second split key for transfer, and the encrypted transfer certificate;
The transfer encryption key is generated from the second transfer division key received from the mobile terminal of the second user and the first transfer division key stored in the transfer management information, and received from the mobile terminal. Decrypts the encrypted transfer certificate,
Generating the first biometric encryption key from the second biometric split key received from the second user's mobile terminal and the first biometric split key stored in the user basic information; Decrypts the obtained first biometric information, and obtains the SIM encryption key from the second SIM split key received from the mobile terminal and the first SIM split key stored in the user basic information. And decrypts the encrypted SIM information,
The first biometric matching process for comparing the decrypted first biometric information with the second biometric information received by the second receiving unit; the decoded SIM information; and the second biometric information received by the second receiving unit. Performing a SIM collation process for collating with the SIM information, and when the collation results of both the first biometric collation process and the SIM collation process are OK, receiving the authentication code reception application from the second user. Generating a second biometric encryption key for encrypting the second biometric information, and generating a third biometric split key and a fourth biometric split key obtained by dividing the second biometric encryption key;
Registering the second biometric information encrypted with the second biometric encryption key and the third biometric split key in the second user authentication code issuance management information in association with the transfer management information, Transmitting an authentication code including the second biometric split key, the second SIM split key, and the fourth biometric split key generated by the code issuing unit to the mobile terminal of the second user;
The authentication management system according to any one of claims 1 to 4, wherein: Business information including a read permission approval number including terminal identification information of the reading device is stored, and the authentication code issuance management information includes the read permission approval number,
When the reading device reads the authentication code displayed on the mobile terminal and transmits the authentication code to the third receiving unit, the reading device transmits the authentication code together with its own terminal identification information,
The terminal identification information received from the reading device is compared with the business operator information to extract a read permission approval number to be linked, and the extracted read permission approval number is compared with the authentication code issue management information of the read authentication code. The authentication management system according to any one of claims 1 to 5, further comprising a business management unit that performs authentication processing of the reading device. A program executed by a computer that performs authentication management of a user who has a mobile terminal, wherein the computer has
Generating a first biometric encryption key for encrypting the first biometric information based on the first biometric information of the user acquired by the mobile terminal possessed by the user and a user registration request including the SIM information of the mobile terminal And a first encryption process for generating a first biometric split key and a second biometric split key obtained by dividing the first biometric encryption key, and generating a SIM encryption key for encrypting the SIM information. A first function of performing a second encryption process for generating a first SIM split key and a second SIM split key obtained by splitting the SIM encryption key, and a second function of performing encryption using the first biometric encryption key. A second function of registering first biometric information and the first biometric split key as user basic information, and transmitting the second biometric split key and the second SIM split key to the mobile terminal. User registration function,
Based on an authentication code issuance request including the second biometric information of the same biometric type as the first biometric information acquired by the mobile terminal, the SIM information, the second biometric split key, and the second SIM split key. Generating the first biometric encryption key from the second biometric split key received from the mobile terminal and the first biometric split key stored in the user basic information, and encrypting the first biometric encryption key. A first decryption process for decoding the first biometric information, the second SIM split key received from the mobile terminal, and the first SIM split key stored in the user basic information are used for the SIM. A third function of generating an encryption key and performing a second decryption process for decrypting the encrypted SIM information, and comparing the decrypted first biometric information with the received second biometric information Perform first biometric matching process A fourth function, a fifth function of performing a SIM collation process for collating the decrypted SIM information with the received SIM information, and a collation result of both the first biometric collation process and the SIM collation process is OK. In some cases, a second biometric encryption key for encrypting the received second biometric information is generated, and a third biometric split key and a fourth biometric split key obtained by dividing the second biometric encryption key are generated. And the second biometric information encrypted with the second biometric encryption key and the third biometric split key are registered as authentication code issuance management information, and the second biometric split An authentication code issuing function including: a seventh function of generating an authentication code including a key, a second SIM split key, and the fourth biometric split key and transmitting the authentication code to the mobile terminal;
Based on the second biometric split key, the second SIM split key, and the fourth biometric split key included in the authentication code, received from a predetermined reading device that reads the authentication code displayed on the mobile terminal. Generating the first biometric encryption key from the second biometric split key of the authentication code and the first biometric split key stored in the user basic information; A third decryption process for decoding one biometric information, the fourth biometric split key of the authentication code, and the third biometric split key of the authentication code issuance management information, An eighth function of performing a fourth decryption process to generate and decrypt the encrypted second biometric information, and a second function of collating the decrypted first biometric information with the decrypted second biometric information A ninth function of performing a biometric matching process; Function and,
A program characterized by realizing. An authentication management system that performs personal authentication management of a user having a mobile terminal,
A first encryption control unit that encrypts first biometric information obtained by the mobile terminal using a first encryption key, and divides the first encryption key to generate a first divided key and a second divided key. When,
A first authentication management unit for registering the first biometric information encrypted with the first encryption key and the first divided key as user basic information, and transmitting the second divided key to the mobile terminal;
Upon receiving an authentication code issuance request including the second biometric information of the same biometric type as the first biometric information acquired by the mobile terminal and the second split key at the time of issuing the authentication code, the second split key and A first decryption control unit that generates the first encryption key from the first divided key extracted from the user basic information and decrypts the encrypted first biometric information;
A first biometric authentication unit that compares the decrypted first biometric information with the second biometric information received in the authentication code issuance request;
If the collation result is OK, a second encryption key is generated, the second biometric information is encrypted using the second encryption key, and the second encryption key is divided into a third divided key and a third divided key. A second encryption control unit that generates a fourth divided key;
The second biometric information encrypted with the second encryption key and the third divided key are registered as authentication code issuance management information, and an authentication code including the second divided key and the fourth divided key is generated. And an authentication code management unit for transmitting to the mobile terminal,
In response to an authentication request from a predetermined reading device that has read the authentication code displayed on the mobile terminal, the fourth split key included in the authentication code and the third key extracted from the authentication code issuance management information. The second encryption key is generated from the divided key, the encrypted second biometric information is decrypted, and the second biometric information is extracted from the second divided key included in the authentication code and the user basic information. A second decryption control unit that generates the first encryption key from the first split key and decrypts the encrypted first biometric information;
A second biometric authentication unit that compares the first biometric information decrypted by the second decryption control unit with the second biometric information,
A second authentication management unit that outputs a verification result of the second biometric authentication unit as a personal authentication result,
An authentication management system comprising: