JP2021081860A - Authentication system and authentication device and authentication method and authentication program - Google Patents

Abstract

To increase efficiency of an authentication process using bio-information.SOLUTION: In a settlement system, a face image and a PIN code as a kind of group information of each registered person are registered in a customer information DB 24a. When a new registration of customer information is made, the settlement system accepts a face image A1 and PIN code A2 of a registration object person A S1; calculates a collation score between the face information A1 of the registration object person and a plurality of pieces of registered authentication information registered in the customer information DB 24a and to which the same PIN code A2 is associated, respectively S2; and issues an ID of the customer information of the registration object person on the condition that each calculated collation score does not exceed a first threshold, and registers the personal information, the face image, and the PIN code of the registration object person are in the customer information DB 24a associated with this ID.SELECTED DRAWING: Figure 1

Description

The present invention relates to human physical features such as face, fingerprint, palm print, retina, iris, and voice, or biological information related to behavioral features such as handwriting, walking, and blinking (hereinafter, simply referred to as "biological information"). The present invention relates to an authentication system, an authentication device, an authentication method, and an authentication program that can improve the efficiency of the authentication process using the above.

Conventionally, the biometric information of the person to be authenticated is collated with the registered bioinformation of N registrants registered in advance, and whether or not the person to be authenticated is a registrant or whether the person to be authenticated is a registrant. An authentication technique called one-to-N authentication that authenticates the existence is known (see, for example, Patent Document 1).

When one-to-N authentication is performed using such biometric information, the authentication accuracy is not 100% due to the characteristics of using biometric information. For example, if the false acceptance rate (probability of accepting another person as the person) when collating the authenticated person with 100,000 registrants is 0.1%, the probability is 100 people (= 100,000) each time. The result is that another person (person x 0.1 ÷ 100) is recognized as the person himself / herself. Therefore, there is known a technique for improving the authentication accuracy by using a plurality of biometric information related to the person to be authenticated in combination (see, for example, Patent Document 2).

JP-A-2015-185046 JP-A-2007-334707

However, even if the above-mentioned Patent Document 2 is used, it is difficult to reduce the false acceptance rate as long as the biological information that can change dynamically is used. Therefore, how to improve the efficiency and accuracy when performing the authentication process using such biometric information has become an important issue.

The present invention has been made to solve the above-mentioned problems caused by the prior art, and is an authentication system, an authentication device, an authentication method, and an authentication system, an authentication device, an authentication method, which can improve the efficiency when performing an authentication process using biometric information. The purpose is to provide an authentication program.

In order to solve the above-mentioned problems and achieve the object, the present invention registers the identification information of a plurality of registrants, the authentication information related to the registrant, and the group information of the registrant uniquely identifying the group in association with each other. Then, when an authentication request including the authentication information related to the authenticated person is received, the authentication information related to the authenticated person is collated with the registered authentication information related to the plurality of registrants, and the authenticated person's authentication information is collated. An authentication system that performs authentication processing, a storage means that stores registration authentication information and group information related to each registrant in association with the identification information of the registrant, and authentication information related to a newly registered registered person. And the matching score of the receiving means for receiving the group information, the authentication information received by the receiving means, and the plurality of registered authentication information stored in the storage means and associated with the group information, respectively. On the condition that the predetermined number of the score calculation means and the plurality of collation scores calculated by the collation score calculation means does not exceed the first threshold value, new identification information relating to the registration target person is issued. It is provided with a registration processing means for registering the registration target person by storing the authentication information and the group information related to the registration target person in the storage means in association with the newly issued identification information.

Further, in the present invention, in the above-mentioned invention, the registration processing means includes a registrant whose plurality of collation scores calculated by the collation score calculation means do not exceed a predetermined threshold value and to which the group information is associated. The authentication information and group information related to the registration target person are stored in the storage means on condition that the number of people including the registration target person does not exceed the second threshold value.

Further, in the present invention, in the above invention, the receiving means receives the authentication information and the group information related to the authenticated person, and the matching score calculating means receives the authentication information related to the authenticated person received by the receiving means. The collation score with the plurality of registered authentication information associated with all the groups stored in the storage means is calculated, and the second threshold value is exceeded among the plurality of collation scores calculated by the collation score calculation means. Further, an authentication processing means for performing the authentication processing of the subject to be authenticated based on the collation score is provided.

Further, in the present invention, when the authentication processing means has a plurality of collation scores exceeding the second threshold value among the plurality of collation scores calculated by the collation score calculation means, the person to be authenticated. Is the registrant with the highest matching score among the registrants with the matching score exceeding the second threshold value and the registrants associated with the same group information as the group information of the subject to be authenticated. To identify.

Further, in the present invention, the authentication information is biometric information that uniquely identifies each registrant, the registration target person, or the person to be the authenticated person.

Further, in the present invention, when the identification information of a plurality of registrants and the authentication information related to the registrant are registered in association with each other and an authentication request including the authentication information related to the authenticated person is received, the subject is described. An authentication system that collates the authentication information related to the certifier with the authentication information related to the plurality of registrants to perform the authentication process of the person to be authenticated, and the first authentication information related to the plurality of registrants and the first authentication information. A storage means for storing one authentication information and a second registration authentication information relating to a registrant different from each other in association with the identification information of the registrant, a first reception means for receiving the first authentication information relating to the person to be authenticated, and a first reception means. By the first collation score calculation means for calculating the first collation score between the first authentication information received by the first reception means and the first authentication information of the plurality of registrants, and the first collation score calculation means. When there are a predetermined number or more of the first collation scores exceeding the first threshold among the plurality of calculated first collation scores, the second reception means for accepting the second authentication information relating to the person to be authenticated and the second reception means. 2 The second verification score calculation means for calculating the second verification score of the second authentication information related to the authenticated person received by the reception means and the second authentication information of the plurality of registrants, and the second verification. The authentication processing means for performing the authentication processing of the person to be authenticated is provided based on the second verification score exceeding the second threshold value among the plurality of second verification scores calculated by the score calculation means.

Further, in the present invention, in the above-mentioned invention, the authentication processing means is a second collation score in which the person to be authenticated exceeds a second threshold value among a plurality of second collation scores calculated by the second collation score calculation means. Identify the registrant with the highest matching score.

Further, in the present invention, the first authentication information and the second authentication information are biometric information that uniquely identifies each registrant or the person to be authenticated.

Further, in the present invention, the identification information of a plurality of registrants, the authentication information relating to the registrant, and the group information of the registrant who uniquely identifies the group are registered in association with each other, and the authentication information relating to the authenticated person is registered. An authentication device that collates the authentication information related to the person to be authenticated with the registration authentication information related to the plurality of registrants and performs the authentication process of the person to be authenticated when the authentication request including the above is received. A storage means for storing the registration authentication information and the group information related to the registrant in association with the identification information of the registrant, a reception means for receiving the authentication information and the group information related to the registration target person to be newly registered, and the reception. By the collation score calculation means for calculating the collation score between the authentication information received by the means and the plurality of registered authentication information stored in the storage means and associated with the group information, and the collation score calculation means. On condition that a predetermined number of the calculated collation scores does not exceed the first threshold value, new identification information relating to the registration target person is issued, and the above is associated with the newly issued identification information. It is provided with a registration processing means for registering the registration target person by storing the authentication information and the group information related to the registration target person in the storage means.

Further, in the present invention, when the identification information of a plurality of registrants and the authentication information related to the registrant are registered in association with each other and an authentication request including the authentication information related to the authenticated person is received, the subject is described. An authentication device that collates the authentication information related to the certifier with the authentication information related to the plurality of registrants to perform the authentication process of the person to be authenticated, and the first authentication information related to the plurality of registrants and the first authentication information. A storage means for storing the first authentication information and the second registration authentication information for the registrant different from the authentication information in association with the identification information of the registrant, a first reception means for receiving the first authentication information for the person to be authenticated, and a first reception means for receiving the first authentication information for the person to be authenticated. By the first collation score calculation means for calculating the first collation score between the first authentication information received by the first reception means and the first authentication information of the plurality of registrants, and the first collation score calculation means. When there are a predetermined number or more of the first collation scores exceeding the first threshold among the plurality of calculated first collation scores, the second reception means for accepting the second authentication information related to the person to be authenticated and the second reception means. 2 The second verification score calculation means for calculating the second verification score of the second authentication information related to the authenticated person received by the reception means and the second authentication information of the plurality of registrants, and the second verification. The authentication processing means for performing the authentication processing of the person to be authenticated is provided based on the second verification score exceeding the second threshold value among the plurality of second verification scores calculated by the score calculation means.

Further, in the present invention, the identification information of a plurality of registrants, the authentication information relating to the registrant, and the group information of the registrant who uniquely identifies the group are registered in association with each other, and the authentication information relating to the authenticated person is registered. In an authentication system including an authentication device that collates the authentication information related to the person to be authenticated with the registration authentication information related to the plurality of registrants and performs the authentication process of the person to be authenticated when the authentication request including the above is received. In the authentication method, a storage step in which the authentication device stores registration authentication information and group information related to each registrant in a storage unit in association with the identification information of the registrant, and the authentication device newly registers. The reception process for receiving the authentication information and the group information related to the person to be registered, and the authentication information received by the authentication device in the reception process are stored in the storage unit, and the group information is associated with each other. The collation score calculation step of calculating the collation score with the plurality of registered authentication information, and the predetermined number of the plurality of collation scores calculated by the authentication device in the collation score calculation step do not exceed the first threshold value. On condition that, new identification information relating to the registration target person is issued, and the authentication information and group information relating to the registration target person are stored in the storage unit in association with the newly issued identification information. It includes a registration process for registering a person to be registered.

Further, in the present invention, when the identification information of a plurality of registrants and the authentication information related to the registrant are registered in association with each other and an authentication request including the authentication information related to the authenticated person is received, the subject is described. It is an authentication method in an authentication system including an authentication device that collates the authentication information related to the certifier with the authentication information related to the plurality of registrants and performs the authentication process of the person to be authenticated. A storage process in which the first authentication information relating to the registrant and the second registration authentication information relating to the registrant different from the first authentication information are stored in the storage unit in association with the identification information of the registrant, and the authentication device. However, the first receiving process of receiving the first authentication information relating to the person to be authenticated, the first authentication information received by the authentication device in the first receiving process, and the first authentication information of the plurality of registrants. The first collation score calculation step for calculating the first collation score of the above, and the first collation in which the authentication device exceeds the first threshold among the plurality of first collation scores calculated by the first collation score calculation step. When there are a predetermined number or more of scores, a second receiving step of receiving the second authentication information related to the authenticated person and a second authentication related to the authenticated person received by the authentication device in the second receiving step. A second verification score calculation step of calculating the second verification score of the information and the second authentication information of the plurality of registrants, respectively, and a plurality of firsts calculated by the authentication device by the second verification score calculation step. The authentication processing step of performing the authentication processing of the person to be authenticated based on the second verification score exceeding the second threshold value among the two verification scores is included.

Further, in the present invention, the identification information of a plurality of registrants, the authentication information relating to the registrant, and the group information of the registrant who uniquely identifies the group are registered in association with each other, and the authentication information relating to the authenticated person is registered. When an authentication request including the above is received, the authentication executed in the authentication device that collates the authentication information related to the person to be authenticated with the registration authentication information related to the plurality of registrants and performs the authentication process of the person to be authenticated. In the program, the storage procedure of associating the registration authentication information and group information of each registrant with the identification information of the registrant and storing them in the storage unit, and the authentication information and group of the newly registered registered person. Matching score calculation that calculates the matching score of the reception procedure for receiving information, the authentication information received by the reception procedure, and the plurality of registered authentication information stored in the storage unit and associated with the group information. On the condition that the predetermined number of the procedure and the plurality of collation scores calculated by the collation score calculation procedure does not exceed the first threshold value, new identification information relating to the registration target person is newly issued. The authentication information and group information related to the registration target person are stored in the storage unit in association with the issued identification information, and the computer is made to execute the registration processing procedure for registering the registration target person.

Further, in the present invention, when the identification information of a plurality of registrants and the authentication information related to the registrant are registered in association with each other and an authentication request including the authentication information related to the authenticated person is received, the subject is described. It is an authentication program executed in an authentication device that collates the authentication information related to the certifier with the authentication information related to the plurality of registrants and performs the authentication process of the person to be authenticated, and is the first authentication program related to the plurality of registrants. A storage procedure for storing the authentication information and the second registration authentication information related to the registrant different from the first authentication information in the storage unit in association with the identification information of the registrant, and the first authentication related to the authenticated person. The first reception procedure for receiving information, the first verification score calculation procedure for calculating the first verification score between the first authentication information received by the first reception procedure and the first authentication information of the plurality of registrants, respectively. When there are a predetermined number or more of the first collation scores exceeding the first threshold among the plurality of first collation scores calculated by the first collation score calculation procedure, the second authentication information relating to the person to be authenticated is used. The second collation that calculates the second collation score between the second acceptance procedure to be accepted, the second authentication information related to the person to be authenticated received by the second acceptance procedure, and the second authentication information of the plurality of registrants, respectively. An authentication processing procedure for authenticating the person to be authenticated based on the score calculation procedure and the second collation score exceeding the second threshold among the plurality of second collation scores calculated by the second collation score calculation procedure. And let the computer do it.

According to the present invention, it is possible to improve the efficiency when performing the authentication process using biometric information.

FIG. 1 is an explanatory diagram for explaining an outline of the authentication process in the payment system according to the first embodiment. FIG. 2 is a diagram showing an example of a usage mode of the payment system according to the first embodiment. FIG. 3 is a diagram showing a system configuration of the payment system according to the first embodiment. FIG. 4 is a functional block diagram showing the configuration of the payment server shown in FIG. FIG. 5 is a diagram showing an example of the customer information DB shown in FIG. FIG. 6 is a flowchart showing a registration procedure of a registration target person on the payment server shown in FIG. FIG. 7 is a flowchart showing an authentication procedure of the authenticated person in the payment server shown in FIG. FIG. 8 is an explanatory diagram for explaining an outline of the authentication process in the payment system according to the second embodiment. FIG. 9 is a flowchart showing a registration procedure of the registration target person according to the second embodiment. FIG. 10 is a flowchart showing the authentication procedure of the person to be authenticated according to the second embodiment. FIG. 11 is a diagram showing a configuration of an authentication system according to a modified example.

Hereinafter, examples of the authentication system, the authentication device, the authentication method, and the authentication program according to the present application will be described in detail with reference to the drawings. In the following embodiment, the case where the authentication system according to the present application is applied to the payment system will be described. Further, although the case where "face information" is used as the biological information representing the physical characteristics of a human being will be described below, it can also be applied to the case where the biological information other than the face is used.

<Outline of payment system according to Example 1>
First, an outline of the authentication process in the payment system according to the first embodiment will be described. FIG. 1 is an explanatory diagram for explaining an outline of the authentication process in the payment system according to the first embodiment. Here, a case where a customer receives a food and drink service and pays the fee as a payment request amount with a credit card at a store having a restaurant that develops a chain will be described.

A PIN (Personal Identification Number) code is assigned to each store of this restaurant, and when a customer registers in the payment system, the PIN code of the store to which the customer mainly visits is registered. In the example of FIG. 1, the customer information database (hereinafter referred to as “customer information DB”) 24a of the payment server 20 shows a situation in which the customer information of three registrants is stored.

Here, the "registrant" in this embodiment refers to a customer who has already been registered in the customer information DB 24a. On the other hand, the "registration target person" described later refers to a customer who newly wishes to be registered in the customer information DB 24a, and is different from the registrant.

The PIN code of the registrant with ID "001" is "0001", the PIN code of the registrant with ID "002" is "0002", and the PIN code of the registrant with ID "003" is "0002". .. Although not shown here for convenience of explanation, personal information such as the registrant's name and address and the face image of the registrant are registered in the customer information DB 24a for each registrant's ID.

[sign up]
In this situation, when the registration target person A who wishes to newly register in the payment system performs registration, a mobile terminal such as a smartphone owned by the registration target person A is used. It is assumed that an application for using the payment system (hereinafter referred to as "payment application") is installed in this mobile terminal. Although the case of using a mobile terminal will be described in the first embodiment, a mobile terminal such as a tablet terminal provided in a store can also be used.

Specifically, the registration target person A captures the face image A1 by the image pickup unit (camera) of his / her mobile terminal according to the guidance of the payment application, and selects the PIN code. Here, the situation in which the PIN code A2 "0001" is selected is shown. After that, when the registration target person A performs a predetermined operation on the mobile terminal, the face image A1 and the PIN code A2 of the registration target person A are transmitted to the payment server 20, and the payment server 20 is the registration target person A. Face image A1 and PIN code A2 are accepted (S1).

After that, the payment server 20 collates the face image A1 of the registration target person A with the face images of the three registrants (ID001, ID002, ID003) stored in the customer information DB 24a, and calculates a matching score. (S2). As the collation score, for example, the mutual correlation coefficient between two images can be used. By multiplying the value obtained by normalizing the mutual correlation coefficient from 0 to 1 by 100, a matching score of any value from 0 to 100 can be obtained. In addition, a learning image is input to the multi-layer neural network to perform deep learning supervised learning, a face image A1 and a registrant's face image are input to this trained model, and normalization output from the trained model is performed. The probability of 0 to 1 is multiplied by 100 to obtain a matching score of 0 to 100. In addition, the collation score can be obtained by using various existing facial image techniques. Here, the collation score with the registrant of ID001 is "40", the collation score with the registrant of ID002 is "41", and the collation score with the registrant of ID003 is "45". ing.

After calculating the collation score between the registration target person A and each registrant in this way, each collation score is compared with the first threshold value to determine whether or not it is equal to or less than the first threshold value. Here, the case where the first threshold value is set to "65" is shown. In FIG. 1, since the collation score with all the registrants is equal to or less than the first threshold value, the customer information of the registration target person A can be registered.

Further, even if the collation score with the registrants having different PIN codes (for example, ID002 in the figure) exceeds the first threshold value, the registrants having the same PIN code as the registration target person A (for example, in the figure) If the collation score with ID001 and ID003) is equal to or less than the first threshold value, the customer information of the registration target person A can be registered (S3).

On the other hand, if any of the matching scores of the registration target person A and the registrant with the same PIN code (for example, ID001 and ID003 in the figure) exceeds the first threshold value, the customer information of the registration target person A is input. Do not register.

As described above, in the payment system according to the first embodiment, when the registration target person A wishes to register in the payment system, the registrant who has a higher matching score with the registration target person A, that is, the registration target person A and the face When similar registrants are associated with the same PIN code, the registration of the registration target person A in the customer information DB 24a is rejected to prevent the authentication accuracy from being lowered. In such a case, the payment system may be configured to recommend the registration target person A to register using other biological information such as a fingerprint instead of face matching.

[Authentication process]
Next, a case where the authentication process of the customer (hereinafter referred to as “certified person”) B who authenticates by the payment system is performed will be described. The person to be authenticated B captures the face image B1 by the imaging unit of his / her own mobile terminal according to the guidance of the application of the mobile terminal that he / she owns. After that, when the authenticated person B performs a predetermined operation on the mobile terminal, the face image B1 of the authenticated person B is transmitted to the payment server 20, and the payment server 20 sends the face image B1 of the authenticated person B. Is accepted (S4).

After that, the payment server 20 collates the face image B1 of the authenticated person B with the face images of the three registrants (ID001, ID002, ID003) stored in the customer information DB 24a, and calculates the matching score. (S5). Here, the collation score with the registrant of ID001 is "40", the collation score with the registrant of ID002 is "71", the collation score with the registrant of ID003 is "45", and the collation score of ID004 It shows the situation where the collation score with the registrant is "75".

After calculating the collation score between the authenticated person B and each registrant in this way, each collation score is compared with the second threshold value to determine whether or not it is equal to or less than the second threshold value. Here, the case where the second threshold value is set to "70" is shown. FIG. 1 shows a situation in which the collation score with the registrants of ID002 and ID004 exceeds the second threshold value.

Here, if the matching scores of the authenticated person B and each registrant are all equal to or less than the second threshold value (if there is no registrant exceeding the second threshold value), the authenticated person B is not registered. judge. Further, if there is only one registrant whose collation score with the authenticated person B exceeds the second threshold value, it is determined that the authenticated person B is the corresponding registrant.

On the other hand, when there are a plurality of registrants whose collation score exceeds the second threshold value, the input of the PIN code of the authenticated person B is accepted via the mobile terminal of the authenticated person B (S6). Then, authentication is performed based on the collation score with the registrant of the same PIN code (S7). In the example of FIG. 1, the authentication scores of the registrant of ID002 and the registrant of ID004 exceed the second threshold value, but only ID004 is associated with the same PIN code as the PIN code of the person to be authenticated B. Therefore, it is determined that the person to be authenticated B is a registrant of ID004. If there are a plurality of registrants associated with the same PIN code as the PIN code of the person to be authenticated B, it is determined that the registrant has the maximum authentication score.

As described above, in the first embodiment, when there are a plurality of registrants whose authentication score with the authenticated person B exceeds the first threshold value, the PIN code is accepted from the authenticated person B and the same PIN code is associated with them. It is configured to determine that the registrant has the highest authentication score among the registrants.

<Example of usage of payment system>
Next, an example of the usage mode of the payment system according to the first embodiment will be described. FIG. 2 is a diagram showing an example of a usage mode of the payment system according to the first embodiment. Here, a case where the payment system according to the first embodiment is used at the time of payment at a restaurant of a franchise store that develops a chain is shown. Here, it is assumed that the payment application linked with the payment system according to the first embodiment and the store application linked with the payment application are installed on the customer's mobile terminal.

As shown in FIG. 2A, when a customer enters a store with a restaurant and sits at a table, the customer activates the store application of the mobile terminal as shown in FIG. 2B. Then, this store app selects the product menu according to the guidance. After that, as shown in FIG. 6C, the payment process is selected using the payment application of the mobile terminal.

As shown in FIG. 3D, when performing this payment processing, identity verification is performed by face authentication according to the guidance of the payment application. Specifically, the image pickup unit (camera) of the mobile terminal captures the customer's face image, prompts the input of the PIN code, and transmits the face image and the PIN code to the payment server 20. When the payment server 20 receives the face image and the PIN code, it performs the authentication process described in FIG. 1 and confirms the identity.

Then, if it is confirmed that the customer is the person himself / herself, the payment process using a credit card or the like is performed as shown in FIG. Specifically, the payment server 20 makes a payment agent request to the payment agent server 30, which will be described later, and the payment agent server 30 that receives the payment agent request makes a payment request to the card company server 40. Become.

In this way, when the payment of the product (food and drink) provided by the customer is completed, the payment completion display is displayed on the display unit of the customer's mobile terminal as shown in FIG. When the completion of this approval is accepted, as shown in Fig. (G), the store application of the customer's mobile terminal cooperates with the in-store system and provides the product to the customer as shown in Fig. (H). ..

In one example of this usage mode, the case where the product is provided after the payment of the product is completed is shown, but when the customer selects the product menu on the mobile terminal in the figure (b), the product is linked with the in-store system. It can also be configured to quickly deliver goods to customers.

Further, in an example of this usage mode, the case where the customer's mobile terminal is used is shown, but it can also be applied to the case where an order terminal such as a tablet provided in a store is used. In this case, a store application linked with the payment application is installed on the order terminal, and after selecting the menu on the order terminal, the face image and PIN code are sent to the payment server to authenticate the customer and settle the payment. The process will be executed.

<System configuration>
Next, the system configuration of the payment system according to the first embodiment will be described. FIG. 3 is a diagram showing a system configuration of the payment system according to the first embodiment. As shown in the figure, this payment system includes a mobile terminal 10, a payment server 20, a payment agent server 30, and a card company server 40. Although the case of performing payment processing using a credit card will be described here, it can also be applied to the case of using other payment processing such as a debit card. When a debit card is used, a bank server is provided instead of the card company server 40.

The mobile terminal 10 is a smartphone or the like owned by the customer, and has a built-in image pickup unit for capturing a face image. In addition, the mobile terminal 10 has a payment application downloaded from a predetermined website installed. This payment application is an application that requests payment of the payment request amount to the payment server 20. Although the case of using the mobile terminal owned by the customer will be described here, the mobile terminal 10 may be an order terminal such as a tablet provided in the store.

When the payment server 20 receives the payment request from the mobile terminal 10, the payment server 20 authenticates the person using the face image which is the biometric information of the customer, and is determined to be the legitimate person on condition that the customer is the legitimate person. A server device that makes a payment agent request to the payment agent server 30, an authentication processing unit 25a that performs personal authentication using a face image and a PIN code, and a payment control unit 25b that performs processing related to payment of the payment request amount. It has a customer information DB 24a for storing customer information. A detailed description of the authentication processing unit 25a, the payment control unit 25b, and the customer information DB 24a will be described later.

Here, in the first embodiment, since the authentication processing unit 25a of the payment server 20 has a main feature, the authentication system according to each claim shows the function of the authentication processing in the payment server 20.

The payment agent server 30 is a server device of a payment agent that performs payment on behalf of each card company. Even if you say a credit card in a nutshell, there are actually various credit companies, so if this payment agent does not exist, the payment server 20 will select various card company servers and process the payment request. Must be done. In addition to credit card payment, there are other payment methods such as debit card payment, which increases the burden on the payment server 20 for payment. A payment agent server 30 is provided to collectively perform this type of payment. Therefore, the payment server 20 may make a payment agent request including necessary information (payment type, payment request amount, etc.) to the payment agent server 30, and the load on the payment server 20 can be reduced.

The card company server 40 is a server device of a card operating company that performs payment processing for a certain credit card, and performs payment processing in response to a payment request from the payment agent server 30. Although only one card company server 40 is shown here for convenience of explanation, various card company servers 40, financial institution servers, and the like actually exist.

Then, when the payment request amount is specified in the mobile terminal 10, the payment application of the mobile terminal 10 makes a payment request including the payment request amount, the face image, and the PIN code to the payment server 20 (S11). The authentication processing unit 25a of the payment server 20 that has received the payment request authenticates the customer's identity using the registrant's data registered in the customer information DB 24a, the customer's face image, and the PIN code (S12). Since the outline thereof has already been described in FIG. 1, the description thereof will be omitted here.

Then, the settlement control unit 25b makes a settlement agent request for the settlement request amount to the settlement agent server 30 on condition that the identity of the customer can be confirmed (S13). The settlement agent server 30 that has received the settlement agent request makes a payment request to the card company server 40 of the corresponding card operating company (S14).

<Configuration of payment server 20>
Next, the configuration of the payment server 20 shown in FIG. 3 will be described. FIG. 4 is a functional block diagram showing the configuration of the payment server 20 shown in FIG. As shown in the figure, the payment server 20 includes an input unit 21, a display unit 22, a communication I / F unit 23, a storage unit 24, and a control unit 25.

The input unit 21 is an input device such as a keyboard and a mouse, and the display unit 22 is a display device such as a liquid crystal panel, an organic EL (electroluminescence), and a display device. The communication I / F unit 23 is a communication interface unit for communicating with the mobile terminal 10 and the payment agent server 30 via the network N.

The storage unit 24 is a storage device including a hard disk device, a non-volatile memory, or the like, and stores customer information DB 24a. A database management unit for managing the customer information DB 24a is provided, but since this point is an existing technique and is not a feature part of the first embodiment, detailed description thereof will be omitted here.

The customer information DB 24a is a database having personal information, face information, PIN code, etc. of the registrant registered in the payment system. FIG. 5 is a diagram showing an example of the customer information DB 24a shown in FIG. Here, for each identification information (hereinafter referred to as "ID") that uniquely identifies the registrant, personal information such as the registrant's name and address, the registrant's face image, the PIN code selected by the registrant, etc. Indicates the registered status. In the figure, the registrant with the ID "001" is the name "Yamada ○ Otoko", the address is "Tokyo ...", and the opportunity information for the face image file is "001.jpg". , The case where the PIN code is "0001" is illustrated.

When a new customer wishes to newly register in the payment system, it will be registered in the customer information DB 24a after performing the determination process using the face image and the PIN code described in FIG.

The control unit 25 is a control unit that controls the entire payment server 20, and includes an authentication processing unit 25a and a payment control unit 25b. Actually, the programs corresponding to the authentication processing unit 25a and the payment control unit 25b are stored in the storage unit 24 or the like, and these programs are loaded into the memory and executed by the CPU to execute the corresponding process. Will let you.

The authentication processing unit 25a is a processing unit that authenticates the identity of the customer who is the authenticated person prior to the payment processing by the payment control unit 25b. Specifically, the authentication processing unit 25a performs registration processing in the customer information DB 24a of the registration target person who newly wishes to be registered in the payment system, and personal authentication processing of the customer who is the authenticated person.

When registering the registration target person in the customer information DB 24a, the face image and PIN code of the registration target person are accepted, and the face image of the registration target person is collated with the face image of each registrant stored in the customer information DB 24a. Then, the collation score is calculated. As this collation score, as described above, (1) the mutual correlation coefficient between the two images, and (2) the face image of the person to be registered and the face image of the registrant are input to the trained model, and the learning is performed. The collation score or the like output from the completed model can be used. Then, if the collation score between the registration target person and each registrant is calculated, the collation score with each registrant having the same PIN code is compared with the first threshold value, and if all the collation scores are equal to or less than the first threshold value. For example, the customer information of the registration target person is registered in the customer information DB 24a. When the same PIN code is associated with the registrant whose matching score is higher than that of the registration target person, that is, the registrant who has a similar face to the registration target person by performing such a series of processes, the customer information DB 24a It is possible to reject the registration of the person to be registered in and prevent the deterioration of the authentication accuracy.

Further, when the person to be authenticated is to be authenticated, the face image of the person to be authenticated is accepted, and the face image of the person to be authenticated is collated with the face image of each registrant stored in the customer information DB 24a. Calculate the matching score. After that, each matching score is compared with the second threshold value to determine whether or not it is below the second threshold value, and if the matching scores between the authenticated person and each registrant are all below the second threshold value (second threshold value). If there is no registrant exceeding the threshold value), it is determined that the person to be authenticated is unregistered. Further, if there is only one registrant whose collation score with the authenticated person exceeds the second threshold value, it is determined that the authenticated person B is the corresponding registrant. Further, when there are a plurality of registrants whose matching score exceeds the second threshold value, the input of the PIN code of the authenticated person is accepted via the mobile terminal of the authenticated person, and the matching score with the registrant of the same PIN code is received. Authenticate based on. If there are a plurality of registrants associated with the same PIN code as the PIN code of the person to be authenticated, it is determined that the registrant has the maximum authentication score. By performing such a series of processes, when there are a plurality of registrants whose authentication score with the authenticated person exceeds the first threshold value, the PIN code is accepted from the authenticated person and the registrant associated with the same PIN code is associated with the registrant. It can be determined that the registrant has the highest authentication score among them.

The payment control unit 25b is a processing unit that performs payment processing of the payment request amount on condition that the customer making the payment request is authenticated as the person himself / herself. Specifically, a payment agent request including a payment request amount, information necessary for payment (card type, card number, PIN, etc.) is transmitted to the payment agent server 30. Then, when the information of "payment completed" is received from the payment agent server 30, the mobile terminal 10 of the payment request source is notified to that effect.

<Registration procedure for registered persons>
Next, the registration procedure of the registration target person on the payment server 20 shown in FIG. 4 will be described. FIG. 6 is a flowchart showing a registration procedure of the registration target person in the payment server 20 shown in FIG.

As shown in the figure, if the payment server 20 receives the face image of the registration target person and the PIN code from the mobile terminal 10 (step S101), the face image of the registration target person and each stored in the customer information DB 24a. The collation score is calculated by collating with the face image of the registrant (step S102). Then, if there is an unprocessed registrant for which the collation score has not been calculated (step S103; Yes), the process of step S102 is repeated, and if the collation score with all the registrants is calculated (step S103). ; No), the collation score with each registrant having the same PIN code is compared with the first threshold value, and it is determined whether or not all the collation scores are equal to or less than the first threshold value (step S104).

Then, if all the collation scores are equal to or less than the first threshold value (step S105; Yes), the customer information of the registration target person is registered in the customer information DB 24a (step S106). On the other hand, when any of the collation scores exceeds the first threshold value (step S105; No), error processing is performed and the customer information of the registration target person is not registered in the customer information DB 24a (step S107).

When the same PIN code is associated with the registrant whose matching score is higher than that of the registration target person, that is, the registrant who has a similar face to the registration target person by performing the above series of processes, the customer information DB 24a It is possible to reject the registration of the person to be registered in and prevent the deterioration of the authentication accuracy.

<Authentication procedure of the person to be authenticated>
Next, the authentication procedure of the authenticated person in the payment server 20 shown in FIG. 4 will be described. FIG. 7 is a flowchart showing an authentication procedure of the authenticated person in the payment server 20 shown in FIG. As shown in the figure, if the payment server 20 receives the face image of the authenticated person (step S201), the face image of the authenticated person and the face image of each registrant stored in the customer information DB 24a Is collated to calculate a collation score (step S202). Then, if there is an unprocessed registrant for whom the collation score has not been calculated (step S203; Yes), the process of step S202 is repeated, and if the collation score with all the registrants is calculated (step S203). ; No), the number of registrants whose collation score exceeds the second threshold value is counted (step S204).

Then, it is determined whether or not the number of registrants whose collation score exceeds the second threshold value is 0 (step S205), and if it is 0 (step S205; Yes), the authenticated person is unregistered. (Step S206).

On the other hand, when the number of registrants whose collation score exceeds the second threshold value is not 0 (step S205; No), it is determined whether or not there is one (step S207), and the number is one. If (step S207; Yes), it is determined that the person to be authenticated is the corresponding registrant (step S208).

On the other hand, when the number of registrants whose collation score exceeds the second threshold value is not one but a plurality of registrants (step S207; No), the PIN code of the person to be authenticated is newly accepted (step S209), and the same PIN code is used. It is determined that the registrant has the highest matching score among the registrants (step S210).

By performing such a series of processes, when there are a plurality of registrants whose authentication score with the authenticated person exceeds the second threshold value, the PIN code is accepted from the authenticated person and the registrant associated with the same PIN code is associated with the registrant. It can be determined that the registrant has the highest authentication score among them.

As described above, in the first embodiment, the face image of each registrant and the PIN code as a kind of group information are registered in the customer information DB 24a in association with the ID of the registrant, and new registration is performed. If the face image and PIN code of the person to be registered are accepted, the collation score of the face information of the person to be registered and a plurality of registration authentication information registered in the customer information DB 24a and associated with the same PIN code. Is calculated, and on the condition that each calculated collation score does not exceed the first threshold value, the ID of the customer information of the registration target person is issued, and the personal information and face image of the registration target person are associated with this ID. And since the PIN code is configured to be registered in the customer information DB 24a, it is possible to improve the efficiency when performing the authentication process using the face image.

In the first embodiment, it is a condition that all the collation scores do not exceed the first threshold value, but the present invention is not limited to this, and a predetermined number of the collation scores is the first threshold value. It can also be conditioned on not exceeding. Further, the first threshold value or the second threshold value can be made variable.

By the way, in the first embodiment, the case where the face image and the PIN code of the registrant are registered in the customer information DB 24a has been described, but the present invention is not limited to this, and the face of the registrant is imaged from the front. It is also possible to authenticate using the face image (front) and the face image of the left profile or the right profile selected by the registrant. Therefore, in the second embodiment, a case where authentication is performed using these two face images will be described. Since the system configuration and the like are the same as those in the first embodiment, the description thereof will be omitted here.

<Outline of payment system according to Example 2>
First, an outline of the authentication process in the payment system according to the second embodiment will be described. FIG. 8 is an explanatory diagram for explaining an outline of the authentication process in the authentication system according to the second embodiment. As shown in FIG. 8, when the registration target person C who wishes to newly register in the payment system performs registration, a mobile terminal such as a smartphone owned by the registration target person C is used. It is assumed that the payment application is installed on this mobile terminal.

[sign up]
The registration target person C selects whether to image the face image C1 (front) by the image pickup unit (camera) of his / her mobile terminal (S21) according to the guidance of the payment application, and then to image the left profile or the right profile. (S22), the face image C2 of the profile is imaged (S23). Here, the situation in which the left profile is selected is shown. Then, the face image C1 (front) and the face image (left profile) are transmitted to the customer information DB 24a together with the personal information to the payment server 20 and registered in the customer information DB 24a (S24).

[Authentication process]
When the authenticated person D is authenticated, the authenticated person B takes an image of the face image D1 (front) by the image pickup unit of his / her mobile terminal according to the guidance of the application of the mobile terminal that he / she owns, and is authenticated. The face image D1 (front) of the person D is transmitted to the payment server 20, and the payment server 20 accepts the face image D1 (front) of the authenticated person D (S25).

After that, the payment server 20 collates the face image D1 (front) of the authenticated person D with the face images (front) of the three registrants (ID001, ID002, ID003) registered in the customer information DB 24a. , The first collation score is calculated (S26). Here, the first collation score with the registrant of ID001 is "85", the first collation score with the registrant of ID002 is "82", and the first collation score with the registrant of ID003 is "84". It shows the situation.

After calculating the first collation score between the authenticated person D and each registrant in this way, each first collation score is compared with the third threshold value, and whether or not there is one that exceeds the third threshold value. To judge. Here, the case where the third threshold value is set to "80" is shown. FIG. 8 shows a situation in which the first collation score with the registrants of ID001, ID002 and ID003 exceeds the third threshold value.

Here, if the first collation score between the authenticated person D and each registrant exceeds the third threshold value (if there is a registrant exceeding the third threshold value), the authenticated person D selects additional conditions. Accept (S27). Here, the situation where "left profile" is selected as an additional condition is shown. After that, the face image of the left profile of the person to be authenticated D is accepted, and the second collation score between this face image (face image) and the face image of the registrant (left profile) is calculated (S28). The second collation score is not calculated for the registrant whose left profile is not registered. This makes it possible to exclude registrants who are not eligible.

After that, authentication is performed based on the second collation score. Here, since the second collation score with the face image (left profile) of the registrant of ID003 is "75" and exceeds the fourth threshold value "70", it is determined that the person to be authenticated D is the registrant of ID003. To do. When there are a plurality of registrants whose second collation score exceeds the fourth threshold value, the person to be authenticated D determines that the registrant has the maximum second collation score.

As described above, in the second embodiment, when there is a registrant whose first authentication score with the authenticated person D exceeds the third threshold value, the selection of the left profile or the right profile and the face image are accepted as additional conditions. A second collation score between this face image and the face image of the registrant (excluding registrants who do not satisfy the additional conditions) is calculated, and authentication is performed based on the second collation score.

Here, for convenience of explanation, "left profile" or "right profile" is selected as an additional condition, but the present invention is not limited to this, and "diagonal left profile" and "diagonal right profile" are selected. Etc. can be included in the additional conditions. As the number of additional conditions is increased, the number of registrants who calculate the second verification score can be reduced, and the authentication process can be speeded up and the authentication accuracy can be improved.

<Registration procedure for registered persons>
Next, the registration procedure of the registration target person according to the second embodiment will be described. FIG. 9 is a flowchart showing a registration procedure of the registration target person according to the second embodiment.

As shown in the figure, the payment server 20 receives the face image (front) of the registration target person (step S301). After that, the mobile terminal 10 accepts the selection of the left profile or the right profile as the additional condition (step S302), images a face image (left profile or right profile) that matches the additional condition, and obtains the additional condition and the face image. Accepted from the mobile terminal 10 (step S303). After that, the face image (front) and the face image (left profile or right profile) are registered in the customer information DB 24a together with the personal information of the person to be registered (step S304).

<Authentication procedure of the person to be authenticated>
Next, the authentication procedure of the person to be authenticated according to the second embodiment will be described. FIG. 10 is a flowchart showing the authentication procedure of the person to be authenticated according to the second embodiment. As shown in the figure, the payment server 20 accepts the face image (front) of the authenticated person when performing the authentication process of the authenticated person (step S401).

After that, the payment server 20 collates the face image (front) of the authenticated person with the face image (front) of each registrant registered in the customer information DB 24a, and calculates the first collation score (step S302). ). Then, if there is an unprocessed registrant for whom the first collation score has not been calculated (step S403; Yes), the process of step S402 is repeated, and the first collation score with all the registrants is calculated. If (step S403; No), the number of registrants whose first collation score exceeds the third threshold value is counted (step S404).

Then, it is determined whether or not the number of registrants whose first collation score exceeds the third threshold value is 0 (step S405), and if it is 0 (step S405; Yes), the authenticated person is not registered. (Step S406).

On the other hand, when the number of registrants whose first collation score exceeds the third threshold value is not 0 (step S405; No), it is determined whether or not there is one (step S407), one person. If (step S407; Yes), it is determined that the person to be authenticated is the corresponding registrant (step S408).

On the other hand, when the number of registrants whose first collation score exceeds the third threshold value is not one but a plurality of registrants (step S407; No), the selection condition of the left profile or the right profile of the authenticated person is accepted (step S407; No). Step S409), the face image of the left profile or the right profile of the authenticated person is accepted (step S410).

After that, the face image of the authenticated person (for example, left profile) is collated with the face image of each registrant (for example, left profile) to calculate the second collation score (step S411), and the second collation score is the fourth. If the threshold value is exceeded, it is determined that the person to be authenticated is the registrant having the maximum second collation score (step S412).

As described above, in the second embodiment, the face image (front) of the registrant, the additional condition (left profile or right profile), and the face image corresponding to the additional condition (left profile or right profile) are registered, respectively. If the face image (front) of the person to be authenticated is accepted by registering it in the customer information DB 24a in association with the ID of the person, the first with the face image (front) of each customer registered in the customer information DB 24a. The collation score is calculated respectively, and if there is a first collation score that exceeds the third threshold of each first collation score, the additional condition of the person to be authenticated and the face image (left profile or right profile) corresponding to the additional condition are satisfied. ) Is accepted, and the second collation score between the face image of the authenticated person (left profile or right profile) and the face image of each registrant (left profile or right profile) is calculated, and each second collation score is calculated. Of these, since the authentication process of the person to be authenticated is configured based on the second verification score exceeding the fourth threshold value, the efficiency when the authentication process is performed using the face image can be improved.

Further, in Examples 1 and 2 above, the case where a facial image is used is shown, but the present invention is not limited to this, and human physical features such as fingerprints, palm prints, retinas, irises, and voices, or It can also be applied when biometric information related to behavioral characteristics such as handwriting, walking, and blinking is used. It can also be applied when the medium information of the possessed medium possessed by the person or the stored information stored by the person (symbol or character string selected by the customer) is used.

Further, in the first and second embodiments, the case where both the payment processing and the authentication processing are performed by the payment server 20 is shown, but the present invention is not limited to this, and the authentication server that performs the authentication processing is the payment server. It can also be provided separately from the 20. Further, in the first embodiment, the case where the payment server 20 performs a series of processes is shown, but the present invention is not limited to this, and a series of processes can be performed on the cloud.

<Modification example 1>
By the way, in Examples 1 and 2 above, the case where the authentication process is performed using one customer information DB 24a is shown, but a separate biometric information database (hereinafter referred to as “biological information DB”) is provided for each service. Authentication can also be performed using these biometric information DBs.

FIG. 11 is a diagram showing a configuration of an authentication system according to a modified example. Here, a biometric information DB is provided for each service, and when performing authentication, a collation score is calculated with the biometric information of the registrant registered in the corresponding biometric information DB.

In FIG. 11, a biometric information DBX is provided corresponding to the service S, and in this service S, the collation score is calculated by collating the face image of the license with the face image of the registrant registered in the biometric information DBX. (S31).

On the other hand, the information of the registration target person who wishes to be newly registered in the service T is registered in the customer information DBZ (S32). Further, the biometric information DBY is provided corresponding to the service T, and the biometric information DBY is notified of the biometric information about the registrant from the customer information DBZ. Then, in this service T, the collation score is calculated by collating the face image of the authenticated person F with the face image of the registrant registered in the biometric information DBY (S33). If the corresponding customer information is not registered in the biometric information DBY corresponding to the service T, the collation score is calculated using the customer information registered in the customer information DBZ that manages the entire customer information.

By performing such a series of processes, the collation score can be calculated for a small number of people for each service, so that it is possible to perform authentication with high accuracy without performing multi-factor authentication.

Although the customer information DBZ is not updated, the biometric information DB for each service can be updated using the biometric information of the person to be authenticated used for collation. In the case of face recognition, since the shooting conditions are unified, it is possible to improve the authentication accuracy.

Further, although the case where the biometric information DB is provided for each service type is shown here, the present invention is not limited to this, and the biometric information DB may be provided for each providing corporation, store or place. .. Further, the biometric information registered in the customer information DB at the time of customer information registration can be automatically registered in the biometric information DB.

<Modification 2>
The biometric information is basically to authenticate an individual, but it is also possible to determine whether or not the biometric information belongs to a specific group based on the biometric information. Specifically, at the time of registration, the biometric information of a plurality of people (for example, the biometric information of the parent and the biometric information of the child) is registered for one payment method, and at the time of use, the biometric information of the child is used for authentication. When the payment is made, the payment can be made by the payment method specified by the parent. It can also be configured to settle with parental approval.

In addition, each configuration shown in the above embodiment is a schematic function, and does not necessarily have to be physically shown. That is, the form of distribution / integration of each device is not limited to the one shown in the figure, and all or part of the device is functionally or physically distributed / integrated in an arbitrary unit according to various loads and usage conditions. Can be configured.

As described above, the authentication system, the authentication device, the authentication method, and the authentication program of the present application are suitable for improving the efficiency when performing authentication using biometric information.

A, C Registration target person A1 Registration target person's face image A2 Registration target person's PIN code B, D Authenticated person B1 Authenticated person's face image B2 Authenticated person's PIN code C1 Registration target person's face image (front)
Face image of C2 registration target person (left profile)
D1 Face image of the person to be authenticated (front)
D2 Face image of the person to be authenticated (left profile)
N network S, T service X, Y biometric information DB
Z Customer information DB
10 Mobile terminal 20 Payment server 21 Input unit 22 Display unit 23 Communication I / F unit 24 Storage unit 24a Customer information DB
25 Control unit 25a Authentication processing unit 25b Payment control unit 30 Payment agent server 40 Card company server

Claims (14)

The identification information of a plurality of registrants, the authentication information related to the registrant, and the group information of the registrant that uniquely identifies the group are registered in association with each other, and an authentication request including the authentication information related to the person to be authenticated is accepted. In this case, it is an authentication system that collates the authentication information related to the person to be authenticated with the registered authentication information related to the plurality of registrants and performs the authentication process of the person to be authenticated.
A storage means for storing registration authentication information and group information related to each registrant in association with the identification information of the registrant.
A reception means for receiving authentication information and group information related to newly registered persons, and
A collation score calculation means for calculating a collation score between the authentication information received by the reception means and a plurality of registered authentication information stored in the storage means and associated with the group information.
On condition that a predetermined number of the plurality of collation scores calculated by the collation score calculation means does not exceed the first threshold value, new identification information relating to the registration target person is issued, and the newly issued identification is issued. An authentication system including a registration processing means for storing authentication information and group information related to the registration target person in the storage means in association with the information and registering the registration target person. The registration processing means
The plurality of collation scores calculated by the collation score calculation means do not exceed a predetermined threshold value, and the number of people including the registrant to which the group information is associated and the registration target person does not exceed the second threshold value. The authentication system according to claim 1, wherein the authentication information and the group information relating to the registration target person are stored in the storage means, subject to the above. The reception means receives authentication information and group information related to the person to be authenticated, and receives
The collation score calculation means calculates a collation score between the authentication information related to the person to be authenticated received by the reception means and a plurality of registered authentication information associated with all the groups stored in the storage means. ,
The first or second claim, further comprising an authentication processing means for performing an authentication process of the person to be authenticated based on a collation score exceeding a second threshold value among a plurality of collation scores calculated by the collation score calculation means. Authentication system. The authentication processing means is
When there are a plurality of matching scores exceeding the second threshold value among the plurality of matching scores calculated by the matching score calculating means, the authenticated person is among the registrants of the matching scores exceeding the second threshold value. The authentication system according to claim 3, wherein the registrant with the highest matching score among the matching scores with the registrants associated with the same group information as the group information of the authenticated person is specified. The authentication system according to any one of claims 1 to 4, wherein the authentication information is biometric information that uniquely identifies each registrant, the registration target person, or the person to be the person to be authenticated. When the identification information of a plurality of registrants and the authentication information related to the registrant are registered in association with each other and an authentication request including the authentication information related to the authenticated person is received, the authentication information related to the authenticated person is received. This is an authentication system that collates the authentication information of the plurality of registrants with the authentication information of the plurality of registrants and performs the authentication process of the person to be authenticated.
A storage means for storing the first authentication information relating to a plurality of registrants and the second registration authentication information relating to a registrant different from the first authentication information in association with the identification information of the registrants.
The first receiving means for receiving the first authentication information related to the person to be authenticated, and
A first collation score calculation means for calculating a first collation score between the first authentication information received by the first reception means and the first authentication information of the plurality of registrants, respectively.
When there are a predetermined number or more of the first collation scores exceeding the first threshold value among the plurality of first collation scores calculated by the first collation score calculation means, the second authentication information relating to the person to be authenticated is accepted. Second reception means and
A second verification score calculation means for calculating the second verification score of the second authentication information related to the authenticated person received by the second reception means and the second authentication information of the plurality of registrants, respectively.
An authentication system including an authentication processing means for performing authentication processing of the person to be authenticated based on a second verification score exceeding a second threshold value among a plurality of second verification scores calculated by the second verification score calculating means. .. The authentication processing means is
A claim that identifies the person to be authenticated as the registrant having the highest matching score among the second matching scores exceeding the second threshold value among the plurality of second matching scores calculated by the second matching score calculating means. Item 6. The authentication system according to item 6. The authentication system according to claim 6 or 7, wherein the first authentication information and the second authentication information are biometric information that uniquely identifies each registrant or the person to be authenticated. The identification information of a plurality of registrants, the authentication information related to the registrant, and the group information of the registrant that uniquely identifies the group are registered in association with each other, and an authentication request including the authentication information related to the person to be authenticated is accepted. In this case, it is an authentication device that collates the authentication information related to the person to be authenticated with the registered authentication information related to the plurality of registrants and performs the authentication process of the person to be authenticated.
A storage means for storing registration authentication information and group information related to each registrant in association with the identification information of the registrant.
A reception means for receiving authentication information and group information related to newly registered persons, and
A collation score calculation means for calculating a collation score between the authentication information received by the reception means and a plurality of registered authentication information stored in the storage means and associated with the group information.
On condition that a predetermined number of the plurality of collation scores calculated by the collation score calculation means does not exceed the first threshold value, new identification information relating to the registration target person is issued, and the newly issued identification is issued. An authentication device including a registration processing means for storing authentication information and group information related to the registration target person in the storage means in association with the information and registering the registration target person. When the identification information of a plurality of registrants and the authentication information related to the registrant are registered in association with each other and an authentication request including the authentication information related to the authenticated person is received, the authentication information related to the authenticated person is received. It is an authentication device that collates the authentication information related to the plurality of registrants with the authentication information of the plurality of registrants and performs the authentication process of the person to be authenticated.
A storage means for storing the first authentication information relating to a plurality of registrants and the second registration authentication information relating to a registrant different from the first authentication information in association with the identification information of the registrants.
The first receiving means for receiving the first authentication information related to the person to be authenticated, and
A first collation score calculation means for calculating a first collation score between the first authentication information received by the first reception means and the first authentication information of the plurality of registrants, respectively.
When there are a predetermined number or more of the first collation scores exceeding the first threshold value among the plurality of first collation scores calculated by the first collation score calculation means, the second authentication information relating to the person to be authenticated is accepted. Second reception means and
A second verification score calculation means for calculating the second verification score of the second authentication information related to the authenticated person received by the second reception means and the second authentication information of the plurality of registrants, respectively.
An authentication device including an authentication processing means that performs authentication processing of the person to be authenticated based on a second collation score that exceeds the second threshold value among a plurality of second collation scores calculated by the second collation score calculation means. .. The identification information of a plurality of registrants, the authentication information related to the registrant, and the group information of the registrant that uniquely identifies the group are registered in association with each other, and an authentication request including the authentication information related to the person to be authenticated is accepted. In this case, it is an authentication method in an authentication system including an authentication device that collates the authentication information related to the person to be authenticated with the registration authentication information related to the plurality of registrants and performs the authentication process of the person to be authenticated.
A storage step in which the authentication device stores the registration authentication information and group information related to each registrant in the storage unit in association with the identification information of the registrant.
A reception process in which the authentication device receives authentication information and group information related to a newly registered registered person, and
A collation score calculation step in which the authentication device calculates a collation score between the authentication information received by the reception process and a plurality of registered authentication information stored in the storage unit and associated with the group information. ,
The authentication device issues new identification information relating to the registration target person, provided that a predetermined number of the plurality of collation scores calculated by the collation score calculation step does not exceed the first threshold value. An authentication method including a registration processing step of storing authentication information and group information related to the registration target person in the storage unit in association with the newly issued identification information and registering the registration target person. When the identification information of a plurality of registrants and the authentication information related to the registrant are registered in association with each other and an authentication request including the authentication information related to the authenticated person is received, the authentication information related to the authenticated person is received. This is an authentication method in an authentication system including an authentication device that collates the authentication information related to the plurality of registrants with the authentication information of the plurality of registrants and performs the authentication process of the person to be authenticated.
The authentication device stores the first authentication information related to a plurality of registrants and the second registered authentication information related to a registrant different from the first authentication information in the storage unit in association with the identification information of the registrants. Memory process and
The first reception process in which the authentication device receives the first authentication information related to the person to be authenticated, and
A first verification score calculation step of calculating the first verification score of the first authentication information received by the authentication device in the first reception process and the first authentication information of the plurality of registrants, respectively.
When the authentication device has a predetermined number or more of the first collation scores exceeding the first threshold value among the plurality of first collation scores calculated by the first collation score calculation step, the authentication device relates to the person to be authenticated. 2 The second reception process that accepts authentication information and
Second verification score calculation in which the authentication device calculates the second verification score of the second authentication information related to the person to be authenticated received by the second reception step and the second authentication information of the plurality of registrants, respectively. Process and
An authentication processing step in which the authentication device performs an authentication process for the person to be authenticated based on a second verification score that exceeds a second threshold value among a plurality of second verification scores calculated by the second verification score calculation step. Authentication methods including and. The identification information of a plurality of registrants, the authentication information related to the registrant, and the group information of the registrant that uniquely identifies the group are registered in association with each other, and an authentication request including the authentication information related to the person to be authenticated is accepted. In this case, the authentication program is executed in the authentication device that collates the authentication information related to the person to be authenticated with the registered authentication information related to the plurality of registrants and performs the authentication process of the person to be authenticated.
A storage procedure in which registration authentication information and group information relating to each registrant are associated with the identification information of the registrant and stored in the storage unit, and a storage procedure.
The reception procedure for accepting authentication information and group information related to newly registered persons, and
A collation score calculation procedure for calculating a collation score between the authentication information received by the reception procedure and a plurality of registered authentication information stored in the storage unit and associated with the group information.
On condition that a predetermined number of the plurality of collation scores calculated by the collation score calculation procedure does not exceed the first threshold value, new identification information relating to the registration target person is issued, and the newly issued identification is issued. An authentication program that stores authentication information and group information related to the registration target person in association with the information in the storage unit, and causes a computer to execute a registration processing procedure for registering the registration target person. When the identification information of a plurality of registrants and the authentication information related to the registrant are registered in association with each other and an authentication request including the authentication information related to the authenticated person is received, the authentication information related to the authenticated person is received. It is an authentication program executed in an authentication device that collates the authentication information related to the plurality of registrants with the authentication information of the plurality of registrants and performs the authentication process of the person to be authenticated.
A storage procedure for storing the first authentication information relating to a plurality of registrants and the second registration authentication information relating to a registrant different from the first authentication information in the storage unit in association with the identification information of the registrants.
The first reception procedure for accepting the first authentication information related to the person to be authenticated, and
The first collation score calculation procedure for calculating the first collation score between the first authentication information received by the first reception procedure and the first authentication information of the plurality of registrants, respectively.
When there are a predetermined number or more of the first collation scores exceeding the first threshold value among the plurality of first collation scores calculated by the first collation score calculation procedure, the second authentication information relating to the person to be authenticated is accepted. The second reception procedure and
A second verification score calculation procedure for calculating the second verification score of the second authentication information related to the authenticated person received by the second reception procedure and the second authentication information of the plurality of registrants, respectively.
Based on the second collation score that exceeds the second threshold among the plurality of second collation scores calculated by the second collation score calculation procedure, the computer executes the authentication process procedure for performing the authentication process of the person to be authenticated. Authentication program to let you.

Images