JP2023099613A - Server device, method for controlling server device, and computer program - Google Patents

Abstract

To provide a technique enabling detection of occurrence of erroneous authentication in biometric authentication.SOLUTION: A server device includes an acquisition part and an authentication part. The acquisition part acquires biometric information of a person to be authenticated from a terminal. The authentication part controls the biometric authentication using the biometric information of the person to be authenticated and biological information of each of a plurality of users registered in advance. Moreover, when the biometric authentication succeeds and a predetermined condition is satisfied, the authentication part transmits an authentication result, including the biometric information obtained from the terminal and the registered biometric information corresponding to a successful authentication person who has succeeded in the biometric authentication, as information used for detection of erroneous authentication by occurence of false acceptance to an office staff terminal used by the office staff, or the terminal.SELECTED DRAWING: Figure 1

Description

The present invention relates to technology related to biometric authentication.

Immigration inspections are conducted at airports and ports. The immigration officer will compare the face photo affixed to the passport with the face of the person in front of him, and if the face image on the passport matches the face of the person in front of him, he will be allowed to enter the country.

Technological development is being carried out for performing the immigration examination procedure using biometric authentication.

For example, Patent Literature 1 describes that the operator can grasp the factors of the face recognition result at a glance, so that the operator can confirm or correct the face recognition result on the spot.

The display control device of Patent Literature 1 includes a similarity acquisition unit and a display control unit. The similarity acquisition unit acquires a similarity derived by matching processing for each partial region of the face image. The display control unit performs control so that at least one of a first region whose similarity exceeds the threshold and a second region whose similarity does not exceed the threshold is displayed superimposed on the face image.

Patent Literature 2 describes providing a security inspection confirmation system capable of enhancing security inspections at airports. The system of Patent Literature 2 includes a storage unit, a collation unit, and a notification unit. The storage unit stores first face image data of a person included in the first captured image acquired by the first imaging unit. The collation unit collates second facial image data of the passenger included in the second captured image acquired by the second imaging unit with the first facial image data. The notification unit notifies the result of collation by the collation unit.

WO2017/043132 JP 2019-125237 A

As disclosed in Patent Documents 1 and 2, various technical developments related to biometric authentication have been made. However, there is a limit to the accuracy of biometric authentication, and a certain rate of false authentication (acceptance of other person, rejection of the actual person) may occur. If erroneous authentication occurs in procedures at an airport, it may take time to correct the erroneous authentication, or the user may leave the country while boarding the wrong aircraft.

A main object of the present invention is to provide a server device, a system, a server device control method, and a storage medium that contribute to detecting the occurrence of false authentication (particularly false acceptance) in biometric authentication.

According to a first aspect of the present invention, an acquisition unit that acquires biometric information of a person to be authenticated from a terminal; an authentication unit that performs biometric authentication, wherein the authentication unit includes biometric information acquired from the terminal and registered biometric information of an authenticated person who has succeeded in biometric authentication when a predetermined condition is satisfied. A server device is provided that transmits authentication result information including to an employee terminal used by an employee.

According to a second aspect of the present invention, it includes a terminal, an employee terminal used by an employee, and a server device connected to the terminal and the employee terminal, wherein the server device receives an authentication request from the terminal. an acquisition unit that acquires biometric information; and an authentication unit that performs biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a plurality of users registered in advance, the authentication unit comprising: A system is provided for transmitting authentication result information including biometric information acquired from the terminal and registered biometric information of a successful person who has succeeded in biometric authentication to the staff terminal when a predetermined condition is satisfied. be.

According to a third aspect of the present invention, the server device acquires the biometric information of the person to be authenticated from the terminal, and uses the biometric information of the person to be authenticated and the biometric information of each of a plurality of users registered in advance. When biometric authentication is performed and a predetermined condition is satisfied, an employee uses the authentication result information including the biometric information obtained from the terminal and the registered biometric information of the person who succeeded in the biometric authentication. A method for controlling a server device for sending to a terminal is provided.

According to a fourth aspect of the present invention, a computer installed in a server device acquires the biometric information of a person to be authenticated from a terminal, and processes the biometric information of the person to be authenticated and a plurality of users registered in advance. A process of performing biometric authentication using each biometric information, and authentication including biometric information acquired from the terminal and registered biometric information of the successfully authenticated person who succeeded in the biometric authentication when a predetermined condition is satisfied. A computer-readable storage medium storing a program for executing a process of transmitting result information to an employee terminal used by an employee is provided.

According to each aspect of the present invention, there are provided a server device, a system, a server device control method, and a storage medium that contribute to detecting the occurrence of false authentication (especially false acceptance) in biometric authentication. In addition, the effect of this invention is not limited above. Other effects may be achieved by the present invention instead of or in addition to this effect.

1 is a diagram for explaining an overview of an embodiment; FIG. BRIEF DESCRIPTION OF THE DRAWINGS It is a figure which shows an example of a schematic structure of the boarding procedure system which concerns on 1st Embodiment. 4 is a diagram for explaining the operation of the terminal according to the first embodiment; FIG. 4 is a diagram for explaining the operation of the terminal according to the first embodiment; FIG. 4 is a diagram showing an example of a processing configuration of a check-in terminal according to the first embodiment; FIG. It is a figure for demonstrating operation|movement of the system registration part which concerns on 1st Embodiment. It is a figure which shows an example of the processing structure of the system registration part which concerns on 1st Embodiment. It is a figure which shows an example of the processing structure of the boarding gate apparatus which concerns on 1st Embodiment. FIG. 4 is a diagram showing an example of an authentication request according to the first embodiment; FIG. It is a figure showing an example of processing composition of a server device concerning a 1st embodiment. It is a figure which shows an example of the token ID information database which concerns on 1st Embodiment. It is a figure which shows an example of the business information database which concerns on 1st Embodiment. FIG. 4 is a sequence diagram showing an example of the operation of the boarding procedure system according to the first embodiment; FIG. 10 is a diagram showing an example of a schematic configuration of a boarding procedure system according to a second embodiment; FIG. It is a figure for demonstrating operation|movement of the staff terminal which concerns on 2nd Embodiment. It is a figure which shows an example of the information which the server apparatus which concerns on 2nd Embodiment memorize|stores. It is a figure which shows an example of the hardware constitutions of a server apparatus. FIG. 13 is a diagram for explaining the operation of a terminal according to a modification of the disclosure of the present application; FIG. 12 is a diagram for explaining the operation of the staff terminal according to the modification of the disclosure of the present application;

First, an overview of one embodiment will be described. It should be noted that the drawing reference numerals added to this outline are added to each element for convenience as an example to aid understanding, and the description of this outline does not intend any limitation. Also, unless otherwise specified, the blocks depicted in each drawing represent the configuration of each function rather than the configuration of each hardware unit. Connecting lines between blocks in each figure include both bi-directional and uni-directional. The unidirectional arrows schematically show the flow of main signals (data) and do not exclude bidirectionality. In addition, in the present specification and drawings, elements that can be described in the same manner can be omitted from redundant description by assigning the same reference numerals.

A server device 100 according to one embodiment includes an acquisition unit 101 and an authentication unit 102 (see FIG. 1). Acquisition unit 101 acquires the biometric information of the person to be authenticated from the terminal. The authentication unit 102 performs biometric authentication using biometric information of a person to be authenticated and biometric information of each of a plurality of users registered in advance. When a predetermined condition is satisfied, the authentication unit 102 sends the authentication result information including the biometric information acquired from the terminal and the registered biometric information of the successfully authenticated person to the staff terminal used by the staff. Send.

When the authentication of the person to be authenticated is successful, the server device 20 detects the biometric information used for authentication (for example, the acquired face image acquired by the terminal, the registered face image registered in advance) when a predetermined condition is satisfied. ) to the terminal used by the staff. The staff terminal presents this information to the staff of the airport or the like. The employee compares the two presented face images to detect the occurrence of false authentication (acceptance of other person). At that time, the staff terminal displays the authentication results (two face images) narrowed down in advance by the server device 20 . As a result, the staff only needs to carefully check the narrowed-down authentication results, thereby reducing the probability of overlooking the occurrence of false acceptance. In other words, the system including the server device 100 can detect the occurrence of false authentication (in particular, false acceptance) in biometric authentication.

Specific embodiments will be described in more detail below with reference to the drawings.

[First Embodiment]
The first embodiment will be described in more detail with reference to the drawings.

[System configuration]
FIG. 2 is a diagram showing an example of a schematic configuration of the boarding procedure system according to the first embodiment. The boarding procedure system according to the first embodiment is a system that implements a series of procedures (luggage check-in, security check, etc.) at an airport by biometric authentication. The boarding procedure system shown in FIG. 2 is operated, for example, by a public institution such as an immigration control bureau or a trustee entrusted with operations from the public institution.

In the disclosure of the present application, "boarding procedure" indicates a series of procedures from check-in to boarding an aircraft.

Referring to FIG. 2 , the boarding procedure system includes check-in terminal 10 , baggage drop machine 11 , passenger passage system 12 , gate device 13 , boarding gate device 14 and server device 20 .

The check-in terminal 10, baggage drop machine 11, passenger passage system 12, gate device 13, and boarding gate device 14 are terminals (touch points) installed at the airport. These terminals are connected to the server device 20 via a network. The network shown in FIG. 2 is composed of a LAN (Local Area Network) including an airport private communication network, a WAN (Wide Area Network), a mobile communication network, and the like. The connection method is not limited to a wired method, and may be a wireless method.

The server device 20 is installed in a facility such as an airport company. Alternatively, the server device 20 may be a server installed in a cloud on a network.

Note that the configuration shown in FIG. 2 is an example, and is not intended to limit the configuration of the boarding procedure system. The boarding procedure system may include devices and the like that are not shown.

A user's boarding procedure is performed by each terminal shown in FIG. Specifically, a series of procedures when a user leaves the country are sequentially carried out at terminals installed at five locations. In the boarding procedure system shown in FIG. 2, a user's boarding procedure is realized by authentication using biometric information (biometric authentication).

The biometric information disclosed in the present application includes a face image, a fingerprint image, an iris image, a finger vein image, a palm print image, a palm vein image, and the like. Alternatively, the biometric information may be voice data (voiceprint) in which human voice is stored. The number of pieces of biometric information may be one or plural. Note that the term “biological information” in the disclosure of the present application means image data and audio data including all or part of a living body and feature amounts extracted from the image.

A user (system user) who wishes to use biometrics for boarding procedures operates the check-in terminal 10 to perform a "check-in procedure" upon arrival at the airport. A system user presents to the check-in terminal 10 a paper airline ticket, a two-dimensional bar code with boarding information, a mobile terminal displaying a copy of an e-ticket, or the like. The check-in terminal 10 outputs a boarding pass when the check-in procedure is completed. The boarding pass includes a paper boarding pass and an electronic boarding pass.

A system user who has completed the check-in procedure and who wishes to use the biometric authentication for boarding procedures uses the check-in terminal 10 to register with the system. Specifically, the system user causes the check-in terminal 10 to read the acquired boarding pass and passport. Also, the check-in terminal 10 acquires the system user's biometric information (eg, face image).

The check-in terminal 10 transmits information regarding these (boarding pass, passport, biometric information) to the server device 20 .

The server device 20 confirms the validity of the information acquired from the check-in terminal 10 . Specifically, the server device 20 confirms the legitimacy of the presented passport. After completing the confirmation, the server device 20 registers the system user. Specifically, the server device 20 issues a token that is used for the boarding procedure of the user registered in the system.

The issued token is identified by a token ID (Identifier). Information required for the boarding procedure (eg, biometric information, business information required for the boarding procedure, etc.) is associated via the token ID. That is, the "token" is issued together with the registration of the system user, and is identification information for the registered system user to undergo boarding procedures using biometric information. When the token (token ID) is issued, the system user can use the boarding procedure using biometric authentication.

In response to token generation, the server device 20 adds an entry to each of the token ID information database and the business information database.

The token ID information database is a database that stores detailed information on generated tokens. The database stores at least token IDs and biometric information (face images, feature amounts) in association with each other. The server device 20 refers to the token ID information database and executes biometric authentication.

The business information database is a database that stores business information. The business information database associates and stores the token ID and business information.

When a system user to whom a token has been issued arrives at a terminal, biometric information (for example, face image) is obtained at the terminal. The terminal transmits an authentication request including a face image to server device 20 .

In the disclosure of the present application, the term “terminal” means an apparatus, a device, or the like that transmits an authentication request including biometric information to the server device 20 . In the example of FIG. 2, the baggage drop machine 11, the passenger passage system 12, the gate device 13, and the boarding gate device 14 correspond to the "terminals". Alternatively, if the check-in procedure is also performed by biometric authentication, the check-in terminal 10 also corresponds to the "terminal".

The server device 20 performs biometric authentication using the biometric information acquired from the terminal and the biometric information registered in the system. When the biometric authentication is successful, the server device 20 transmits to the terminal an acknowledgment including the biometric information (registered face image) of the registrant used for biometric authentication and business information. If the biometric authentication fails, the server device 20 transmits a negative response to that effect to the terminal.

The terminal that has received the successful authentication performs the user's boarding procedure based on the acquired business information. In addition, the terminal opens a gate or the like as necessary to allow the user to pass through.

A terminal that has received an authentication result (authentication success, authentication failure) performs display according to the result. Specifically, the terminal provides information to the passenger (person to be authenticated) using a liquid crystal display or the like. A display device such as a liquid crystal display is installed in a place where the person to be authenticated can easily view it. The liquid crystal display or the like may be installed in the terminal, or may be installed away from the terminal. Alternatively, an image or the like may be projected onto the floor through which the passenger passes to provide information to the person to be authenticated.

The terminal that has received the authentication success displays the biometric information (face image of the registered side) acquired from the server device 20 . For example, the terminal displays as shown in FIG. The terminal that receives the authentication failure displays, for example, as shown in FIG. The authenticated person confirms the display on the terminal.

Note that the display shown in FIG. 3 is an example and is not meant to limit the content. Also, the displayed contents may be different depending on the type of the terminal. For example, items such as the name, destination, airline company, and flight number may be displayed in common on each terminal, and the departure time of the boarding flight may be displayed only on the boarding gate device 14 .

Here, there are four combinations of the authentication result (authentication success, authentication failure) by the server device 20 and the validity of the authentication result (authentication result is correct, incorrect).

The first combination is when authentication is successful and the authentication result is correct. Specifically, the case where user A is the person to be authenticated and the server device 20 also recognizes the person to be authenticated as user A corresponds to the first combination.

The second combination is a case where authentication is successful and the authentication result is erroneous (occurrence of false acceptance). For example, a case where user A is the person to be authenticated and the server device 20 recognizes user B as the person to be authenticated corresponds to the second combination.

A third combination is when authentication fails and the authentication result is correct. Specifically, the third combination may occur when the biometric information of the person to be authenticated is not registered in the server device 20 .

A fourth combination is a case where authentication fails and the authentication result is erroneous (occurrence of identity rejection). For example, the fourth combination corresponds to a case where the server device 20 fails to authenticate the user A even though the biometric information of the user A is registered in the server device 20 .

In the case of the first combination, the person to be authenticated passes through the gate or the like without questioning the display as shown in FIG. Since the person's own face image is displayed on the terminal, the person to be authenticated thinks that the biometric authentication procedure has been completed normally.

In the case of the second combination, when the person to be authenticated sees the display as shown in FIG. This is because the face image of another person is displayed even though the gate or the like is open and it is possible to pass through. In addition, if information different from the flight information (destination, airline, etc.) that the person to be authenticated thinks about is displayed, the person to be authenticated doubts whether it is permissible to pass through the gate. In such a case, the person to be authenticated (successfully authenticated person) informs the above-mentioned fact (that the face image of another person is being displayed) to a staff member standing by near the terminal. The staff or the like confirms the passport or the like possessed by the user, supports the user in the procedure, and corrects the authentication result of the server device 20 as necessary.

In the case of the third combination and the fourth combination, when the person to be authenticated comes into contact with the display shown in FIG. 4, he inquires of a staff member waiting near the terminal how to deal with it.

The staff will ask about the status of the person to be authenticated (person who failed authentication) (for example, whether or not the token issuance procedure for biometric authentication has been completed). If the person to be authenticated has not completed the above procedures, the employee will request the person to be authenticated to perform the token issuance procedure. Alternatively, if the person to be authenticated is in the process of issuing a token, the staff member may confirm the passport or boarding pass possessed by the person to proceed with the procedure.

Next, the schematic configuration, function, etc. of each device will be described.

The check-in terminal 10 is installed in the check-in lobby in the airport. As described above, the user uses the check-in terminal 10 to perform system registration for realizing boarding procedures using biometric authentication. Also, the system user operates the check-in terminal 10 to perform the check-in procedure. That is, the check-in terminal 10 is also a self-service terminal for performing check-in procedures by being operated by the user. The check-in terminal 10 is also called a CUSS (Common Use Self Service) terminal. After completing the check-in procedure, the user moves to the baggage check-in area or the security checkpoint.

The baggage deposit machine 11 is installed in an area adjacent to the baggage counter (manned counter) or in the vicinity of the check-in terminal 10 in the airport. The baggage deposit machine 11 is a self-service terminal operated by the user to carry out procedures for depositing baggage that is not carried into the aircraft (baggage deposit procedure). The baggage deposit machine 11 is also called a CUBD (Common Use Bag Drop) terminal. After completing the baggage check-in procedure, the user moves to the security checkpoint. If the user does not check baggage, the baggage check procedure is omitted.

The passenger passage system 12 is a gate device installed at the entrance of the security checkpoint in the airport. The passenger passage system 12 is also called a PRS (Passenger Reconciliation System), and is a system that determines whether or not a user can pass through at the entrance of a security checkpoint. After passing through the passenger passage system 12 and completing the security check procedure, the user moves to the immigration inspection area.

The gate device 13 is installed at the immigration control area in the airport. The gate device 13 is a device that automatically performs immigration procedures for the user. After completing the immigration procedures, the user moves to the departure area where duty-free shops and boarding gates are located.

The boarding gate device 14 is a traffic control device installed at each boarding gate in the departure area. The boarding gate device 14 is the final gate device in a series of procedures for departure examination (examination using biometric information). The boarding gate device 14 is also called an ABG (Automated Boarding Gates) terminal. The boarding gate device 14 confirms that the user is a passenger of an aircraft that can board from the boarding gate. After passing through the boarding gate device 14, the user boards the aircraft and departs for the second country.

The boarding procedure using biometric authentication by each device (check-in terminal 10, baggage drop machine 11, passenger passage system 12, gate device 13, boarding gate device 14) shown in FIG. It is not intended to limit the device to be used. For example, a device different from the above device may be used for the boarding procedure, or some of the above devices may not be used for the procedure. For example, the gate device 13 may not be included in the boarding procedure system.

The server device 20 is a server device for supporting and managing the boarding procedures. The server device 20 manages token IDs. Specifically, the server device 20 issues and invalidates token IDs. The server device 20 also processes authentication requests from various terminals in the airport.

Next, details of each device included in the boarding procedure system according to the first embodiment will be described. In the following description, a user's "face image" and "feature amount generated from the face image" will be taken as examples of biometric information.

[Check-in terminal]
As described above, the check-in terminal 10 is a device that provides system users with operations related to check-in procedures and system registration.

FIG. 5 is a diagram showing an example of a processing configuration (processing modules) of the check-in terminal 10 according to the first embodiment. Referring to FIG. 5, the check-in terminal 10 includes a communication control unit 201, a system registration unit 202, a token issue request unit 203, a message output unit 204, a check-in execution unit 205, and a storage unit 206. include.

The communication control unit 201 is means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the server device 20 . Also, the communication control unit 201 transmits data to the server device 20 . The communication control unit 201 transfers data received from other devices to other processing modules. The communication control unit 201 transmits data acquired from other processing modules to other devices. In this manner, other processing modules transmit and receive data to and from other devices via the communication control unit 201 .

The system registration unit 202 is means for performing system registration of a user who desires boarding procedures by biometric authentication. For example, after completing the check-in procedure, the system registration unit 202 provides the user with a GUI (Graphical User Interface) for confirming whether or not the user desires "boarding procedure using a facial image". (see Figure 6).

When the user desires boarding procedures using a facial image, the system registration unit 202 uses the GUI to obtain three types of information (boarding pass information, passport information, and biometric information).

The system registration unit 202 has three submodules. FIG. 7 is a diagram showing an example of the processing configuration (processing modules) of the system registration unit 202 according to the first embodiment. As shown in FIG. 7, the system registration unit 202 includes a boarding pass information acquisition unit 211, a passport information acquisition unit 212, and a biometric information acquisition unit 213.

The boarding pass information acquisition unit 211 is means for acquiring information (hereinafter referred to as boarding pass information) written on a boarding pass possessed by a system user. A boarding pass information acquisition unit 211 controls a reader (not shown) such as a scanner to acquire boarding pass information.

The boarding pass information includes name (surname, first name), airline code, flight number, boarding date, departure point (boarding airport), destination (arrival airport), seat number, boarding time, arrival time, and the like.

The passport information acquisition unit 212 is means for acquiring information described in the passport owned by the system user (hereinafter referred to as passport information). A passport information acquisition unit 212 controls a reader such as a scanner to acquire passport information.

The passport information includes a face image (hereinafter referred to as a passport face image), name, gender, nationality, passport number, passport issuing country, and the like.

The biometric information acquisition unit 213 is means for acquiring biometric information of a system user. The biometric information acquisition unit 213 controls the camera and acquires the facial image of the system user. For example, when the biometric information acquisition unit 213 detects a face in an image that is constantly or periodically captured, the biometric information acquisition unit 213 captures the face of the user and acquires the face image.

It is desirable that the biometric information acquisition unit 213 displays a guidance message regarding the photographing of the face image via the message output unit 204 before photographing the face image. For example, the biometric information acquisition unit 213 displays a message such as "Your facial image will be photographed and registered in the system. The registered facial image will be deleted from the system after boarding is completed."

The system registration unit 202 delivers the acquired three pieces of information (boarding pass information, passport information, biometric information) to the token issue request unit 203 .

A token issue requesting unit 203 shown in FIG. 5 is means for requesting the server device 20 to issue a token. The token issuance request unit 203 generates a token issuance request including boarding pass information, passport information, and biometric information (face image). The token issuance request unit 203 transmits the generated token issuance request to the server device 20 .

The token issuance request unit 203 delivers the response (response to the token issuance request) acquired from the server device 20 to the message output unit 204 .

The message output unit 204 is means for outputting various messages. For example, the message output unit 204 outputs a message according to the response obtained from the server device 20 .

When receiving a response (acknowledgment) to the effect that the token has been successfully issued, the message output unit 204 outputs that effect. For example, the message output unit 204 outputs a message such as "Future procedures can be performed by face authentication."

When receiving a response (negative response) to the effect that token issuance has failed, the message output unit 204 outputs that effect. For example, the message output unit 204 outputs a message such as "Sorry. Face authentication procedures cannot be performed. Please go to the manned booth."

The check-in execution unit 205 is means for performing check-in procedures for users. The check-in execution unit 205 executes check-in procedures such as seat selection based on the airline ticket presented by the user. For example, the check-in executing unit 205 transmits information written on an airline ticket to a DCS (Departure Control System), and acquires information written on a boarding pass from the DCS. Note that the operation of the check-in execution unit 205 can be the same as that of the existing check-in terminal, so a more detailed explanation will be omitted.

The storage unit 206 is means for storing information necessary for the operation of the check-in terminal 10 .

[Boarding gate device]
FIG. 8 is a diagram showing an example of a processing configuration (processing modules) of the boarding gate device 14 according to the first embodiment. Referring to FIG. 8, the boarding gate device 14 includes a communication control unit 301, a biometric information acquisition unit 302, an authentication request unit 303, a message output unit 304, a function implementation unit 305, and a storage unit 306. .

The communication control unit 301 is means for controlling communication with other devices. For example, the communication control unit 301 receives data (packets) from the server device 20 . Also, the communication control unit 301 transmits data to the server device 20 . The communication control unit 301 passes data received from another device to another processing module. The communication control unit 301 transmits data acquired from other processing modules to other devices. In this manner, other processing modules transmit and receive data to and from other devices via the communication control unit 301 .

The biometric information acquisition unit 302 is means for controlling a camera (not shown) and acquiring biometric information of the user. The biometric information acquisition unit 302 captures an image of the front of the device periodically or at a predetermined timing. The biological information acquisition unit 302 determines whether or not the acquired image contains a face image of a person, and if the face image is contained, extracts the face image from the acquired image data.

Note that existing techniques can be used for face image detection processing and face image extraction processing by the biometric information acquisition unit 302, so detailed description thereof will be omitted. For example, the biometric information acquisition unit 302 may extract a face image (face region) from image data using a learning model learned by a CNN (Convolutional Neural Network). Alternatively, the biometric information acquisition unit 302 may extract a face image using a technique such as template matching.

The biometric information acquisition unit 302 hands over the extracted face image to the authentication request unit 303 .

The authentication requesting unit 303 is means for requesting the authentication of the user in front of the server device 20 . The authentication requesting unit 303 generates an authentication request including an identifier of its own device (hereinafter referred to as a terminal identifier), the acquired face image, and the like (see FIG. 9). A MAC (Media Access Control address) address, an IP (Internet Protocol) address, or the like can be used as the terminal identifier. Authentication request unit 303 transmits the generated authentication request to server device 20 .

By checking the terminal identifier included in the authentication request, the server device 20 can uniquely identify the terminal that is the source of the authentication request. The server device 20 can also identify the type of terminal (baggage drop machine 11, passenger passage system 12, gate device 13, boarding gate device 14) based on the terminal identifier. Note that the terminal identifier is shared between each terminal included in the system and the server device 20 . For example, a system administrator or the like may determine a terminal identifier and input the determined terminal identifier to each terminal. In addition, the system administrator may input to the server device 20 table information or the like that associates terminal identifiers with terminal types.

Authentication request unit 303 receives a response from server device 20 to the authentication request. The authentication requesting unit 303 passes the response obtained from the server device 20 to the message outputting unit 304 and the function realizing unit 305 .

The message output unit 304 is means for outputting various messages. For example, the message output unit 304 performs display as shown in FIGS.

When the authentication success is obtained, the message output unit 304 performs display including the face image (registered face image) obtained from the server device 20 . Alternatively, as shown in FIG. 3, the message output unit 304 outputs the personal information (name, etc.) of the successful authentication person (the person to be authenticated who is determined to have been successfully authenticated), information on the flight of the successful authentication person (information on airlines, information on arrival airport, flight number of boarding plane, departure time, etc.) may be displayed.

Examples of the information about airlines include names of airlines, airline codes, and the like. The information about the arrival airport includes, for example, the name of the arrival airport and the name of the country to which the arrival airport belongs. The message output unit 304 may extract and generate the personal information and flight information of the successfully authenticated person from the business information acquired from the server device 20 .

When the authentication failure is acquired, the message output unit 304 displays as shown in FIG. That is, the message output unit 304 notifies the authentication failure person (the person to be authenticated who has been determined to have failed authentication) of the fact of the authentication failure.

The function implementation unit 305 is means for implementing the functions of the boarding gate device 14 . A function implementation unit 305 implements a procedure for an authenticated person. The function implementation unit 305 identifies the flight number of an aircraft on which the user (authenticated person) can board from the acquired business information. If the specified flight number matches the flight number assigned to the device itself, the function implementation unit 305 permits the person who has succeeded in authentication to pass through the gate. Note that the operation of the function implementation unit 305 can be the same as the operation of the existing boarding gate device, so a detailed description thereof will be omitted. In addition, a staff member who works for the airline company of the aircraft boarded from the boarding gate device 14 may assign (input) the required flight number to the boarding gate device 14 .

When the function implementing unit 305 permits the authenticated person to pass through the gate, the function implementing unit 305 notifies the server device 20 to that effect.

The storage unit 306 is means for storing information necessary for the operation of the boarding gate device 14 .

[Other devices]
The basic processing configuration of other terminals (baggage drop machine 11, passenger passage system 12, gate device 13) included in the boarding procedure system can be the same as the processing configuration of the boarding gate device 14 shown in FIG. Therefore, detailed description is omitted. Each terminal acquires the biometric information (face image) of the system user and requests the server device 20 for authentication using the acquired biometric information. After successful authentication, the function assigned to each terminal is executed. Also, each terminal outputs a display (message) according to the authentication result (authentication success, authentication failure).

[Server device]
FIG. 10 is a diagram showing an example of a processing configuration (processing modules) of the server device 20 according to the first embodiment. Referring to FIG. 10 , server device 20 includes communication control section 401 , token generation section 402 , database management section 403 , authentication section 404 and storage section 405 .

The communication control unit 401 is means for controlling communication with other devices. For example, the communication control unit 401 receives data (packets) from the check-in terminal 10 . The communication control unit 401 also transmits data to the check-in terminal 10 . The communication control unit 401 transfers data received from other devices to other processing modules. The communication control unit 401 transmits data acquired from other processing modules to other devices. In this manner, other processing modules transmit and receive data to and from other devices via the communication control unit 401 . The communication control unit 401 has a function as an “acquisition unit” that acquires the biometric information of the person to be authenticated from the terminal. Alternatively, the communication control unit 401 functions as a “receiving unit” for receiving an authentication request including biometric information of a person to be authenticated, and as a “transmitting unit” for transmitting a response to the authentication request.

The token generation unit 402 is means for generating a token in response to a token generation request from the check-in terminal 10 . At that time, the token generation unit 402 determines the legitimacy of the passport presented by the user.

Specifically, the token generation unit 402 determines whether the person who presented the passport to the check-in terminal 10 and the person who was issued the passport are the same person. In order to perform the determination, the token generation unit 402 extracts the facial image (system user's facial image) included in the token generation request and the passport facial image included in the passport information. Token generator 402 determines whether these two facial images substantially match.

The token generation unit 402 performs matching (one-to-one matching) of the two face images. The token generator 402 calculates feature vectors from each of the two images. The token generating unit 402 calculates the degree of similarity (e.g., Euclidean distance) between the two images, and determines whether the two images are facial images of the same person based on the result of threshold processing for the calculated degree of similarity. do. For example, if the similarity is greater than a predetermined value (if the distance is shorter than a predetermined value), the token generation unit 402 determines that the two face images are of the same person.

The token generation unit 402 issues a token when the validity determination of the passport using biometric information is successful. For example, the token generation unit 402 generates a unique value as the token ID based on the date and time of processing, the sequence number, and the like.

After generating the token (token ID), the token generation unit 402 transmits a positive response (token issue) to the check-in terminal 10 . If the token generation unit 402 fails to generate the token ID, the token generation unit 402 transmits a negative response (token not issued) to the check-in terminal 10 .

When the token generation unit 402 successfully generates (issues) the token ID, the token generation unit 402 delivers the generated token ID, boarding pass information, passport information, and facial image (system user's facial image) to the database management unit 403 .

The database management unit 403 is means (management unit) for managing various databases constructed in the server device 20 .

The server device 20 has a token ID information database and a business information database.

The token ID information database stores at least the token ID and the biometric information of the user in association with each other. FIG. 11 is a diagram showing an example of the token ID information database. Referring to FIG. 11, the token ID information database has fields for storing token IDs, registered face images, feature amounts, token issue times, token issue device names, and the like.

As mentioned above, the token ID is a temporarily issued identifier. When the user completes the procedures at the boarding gate device 14, the token ID is invalidated. That is, the token ID is not a permanent identifier, but a one-time ID with a valid period (life cycle).

A registered face image is a face image of a system user. For example, the registered face image may be the user's face image captured by the check-in terminal 10, or may be the passport face image. A feature amount is a feature vector generated from a face image. The token issue time is the time when the server device 20 issued the token ID. The device name is the name of the device (check-in terminal 10) from which the registered face image that triggered the issuance of the token ID was acquired.

The business information database is a database that manages information (business information) necessary for the user's boarding procedure. FIG. 12 is a diagram showing an example of the business information database. Referring to FIG. 12, the business information database has fields for storing token ID, passenger name, departure point, destination, airline code, flight number, operation date, and the like. In addition to the above fields, the business information database may have fields for storing sheet number, nationality, passport number, family name, first name, date of birth, gender, and the like. The business information database stores business information necessary for predetermined business (procedural business performed at each touch point) for each token ID.

The information stored in the business information database is obtained from boarding pass information and passport information.

When the database management unit 403 acquires the token ID from the token generation unit 402 (when the token ID is issued), the database management unit 403 adds new entries to the above two databases. The database management unit 403 sets setting values in the fields of each database. For example, the database management unit 403 generates a feature amount from the registered face image, and registers the generated feature amount in the token ID information database. Note that the database management unit 403 may set initial values (default values) for fields in which setting values cannot be set.

The authentication unit 404 is means for performing biometric authentication. The authentication unit 404 processes authentication requests obtained from terminals. The authentication unit 404 performs biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a plurality of users registered in advance in the token ID information database.

Specifically, the authentication unit 404 processes authentication requests from each of a plurality of terminals including the boarding gate device 14 with reference to the token ID information database. The authentication request includes biometric information of the person to be authenticated. The authentication unit 404 executes a matching process (1:N matching) using the biometric information included in the authentication request and the biometric information registered in the token ID information database.

The authentication unit 404 generates a feature amount from a face image acquired from a terminal (baggage drop machine 11, passenger passage system 12, gate device 13, boarding gate device 14). Since the existing technology can be used for the feature amount generation processing, detailed description thereof will be omitted. For example, the authentication unit 404 extracts the eyes, nose, mouth, etc. from the face image as feature points. After that, the authentication unit 404 calculates the position of each feature point and the distance between each feature point as a feature amount, and generates a feature vector composed of a plurality of feature amounts.

The authentication unit 404 sets the generated feature amount (feature vector) as the feature amount on the verification side, and sets the feature amount stored in the token ID information database as the feature amount on the registration side.

The authentication unit 404 calculates the degree of similarity (score) between the matching side feature amount and each of the plurality of registration side feature amounts. Chi-square distance, Euclidean distance, or the like can be used for the degree of similarity. Note that the greater the distance, the lower the similarity, and the closer the distance, the higher the similarity.

The authenticating unit 404 performs authentication if there is a feature amount whose similarity to the target feature amount is equal to or greater than a predetermined value among a plurality of feature amounts (valid feature amounts) registered in the token ID information database. determined to be successful.

If the authentication succeeds, the authentication unit 404 identifies the token ID corresponding to the feature quantity with the highest degree of similarity. The authentication unit 404 searches the business information database using the identified token ID as a key to identify the corresponding entry.

The authentication unit 404 transmits the authentication result to the terminal (responds to the authentication request).

If the authentication is successful, the authentication unit 404 sends an affirmative response including the entry (token ID, business information) specified from the business information database and the face image of the successful authentication person (face image on the registration side) to the terminal. Send. In this way, the authentication unit 404 transmits to the terminal the registered biometric information (registered face image) of the successful person who has successfully biometrically authenticated and the information about the flight of the successful person.

If authentication fails, the authentication unit 404 sends a negative response indicating authentication failure to the terminal.

The storage unit 405 stores various information necessary for the operation of the server device 20 . A token ID information database and a business information database are constructed in the storage unit 405 . The token ID information database is a first database that associates and stores at least biometric information of each of a plurality of users and token IDs issued to each of the plurality of users. The business information database is a second database that stores at least a token ID issued to each of a plurality of users and business information of each of the plurality of users in association with each other. The business information database stores at least information about flights as business information.

[System operation]
Next, operations of the boarding procedure system according to the first embodiment will be described. FIG. 13 is a sequence diagram showing an example of the operation of the boarding procedure system according to the first embodiment. The operation of executing the user authentication process will be described with reference to FIG. 13 . A description of operations related to system registration is omitted.

The terminal (either of the baggage check-in machine 11, the passenger passage system 12, the gate device 13, and the boarding gate device 14) acquires the face image of the user (person to be authenticated) and transmits an authentication request to the server device 20 ( step S01).

Server device 20 generates a feature amount from the face image included in the authentication request, and executes authentication processing using the token ID information database (step S02).

When the authentication is successful (step S03, Yes branch), the server device 20 searches the business information database using the token ID obtained by the collation process as a key (step S04).

If the authentication fails (step S03, No branch), the server device 20 executes the processes after step S05.

The server device 20 transmits the authentication result (authentication success, authentication failure) to the terminal (touch point) (step S05). If the authentication succeeds, the server device 20 transmits to the terminal a response including the content of the entry (token ID, business information) specified in the search in step S04 and the registered face image of the person who succeeded in authentication.

The terminal displays according to the authentication result obtained from the server device 20 (step S06). When receiving a response regarding authentication success, the terminal displays, for example, as shown in FIG. That is, the terminal displays the biometric information of the successfully authenticated person and the information about the flight. When receiving a response regarding authentication failure, the terminal displays, for example, as shown in FIG.

Also, the terminal executes the user's boarding procedure according to the authentication result. A description of this operation is omitted. Each terminal should just perform the assigned function.

As described above, when the boarding procedure system according to the first embodiment succeeds in authenticating the person to be authenticated, the pre-registered face image (the face image registered in the system by the check-in terminal 10) and the flight information ( destination, airline company, etc.) is presented to the user. The user (authenticated person) confirms this information, and can recognize that the processing of the system is not normal if other person's information (other person's face image, other person's flight information) is displayed. That is, the server device 20 and the terminal generate information that enables the user to detect misauthentication due to false acceptance, and present the information to the user. As a result, even if an erroneous authentication occurs, the problem, contradiction, etc. caused by the erroneous authentication can be resolved by the user notifying the employee of the fact.

[Second embodiment]
Next, a second embodiment will be described in detail with reference to the drawings.

In the first embodiment, the terminal simultaneously displays the registered face image of the successful authentication person, the personal information of the successful authentication person, and the flight information. By displaying the above information, even if the false acceptance occurs, the person to be authenticated can detect the occurrence of the false acceptance because his or her own face and flight information are displayed. That is, in the first embodiment, detection of false acceptance is entrusted to the user.

In the second embodiment, a case will be described in which an airport or airline staff or the like can detect the occurrence of false acceptance.

The processing configurations of the server device 20 and the terminal according to the second embodiment can be the same as those of the first embodiment, and thus descriptions thereof will be omitted.

Differences between the first and second embodiments will be described below.

FIG. 14 is a diagram showing an example of a schematic configuration of a boarding procedure system according to the second embodiment. Referring to FIG. 14 , the boarding procedure system according to the second embodiment includes staff terminal 30 .

The staff terminal 30 is a terminal used by staff members of airports and airlines. The boarding procedure system may include one staff terminal 30 or a plurality of staff terminals 30 . When multiple staff terminals 30 are included in the system, at least one staff terminal 30 may be installed at each procedure location (for example, immigration checkpoint). That is, staff terminals 30 may be installed corresponding to each terminal used for boarding procedures.

The staff terminal 30 may be a stationary computer as shown in FIG. 14, or a portable terminal such as a mobile phone, smart phone, tablet, or laptop computer. The staff terminal 30 may be of any type and form as long as it is a terminal used by staff.

The staff terminal 30 may include a display device such as a liquid crystal panel, an operation device such as a touch panel, and an information providing function and an information input function. The staff terminal 30 can be realized by a commercially available computer or the like, and the internal processing configuration and the like are obvious to those skilled in the art, and the description thereof will be omitted.

When the server device 20 successfully authenticates the person to be authenticated, the server device 20 transmits the authentication result information to the staff terminal 30 . The authentication result information includes the face image of the person to be authenticated acquired by the terminal (acquired face image) and the face image of the person determined to be the same person as the person to be authenticated by biometric authentication (face image registered in the token ID information database; registered face image).

In response to receiving the authentication result information, the staff terminal 30 displays as shown in FIG. The employee confirms the display on the employee terminal 30 . The staff member compares the two face images to determine whether false acceptance has occurred. Specifically, when it is determined that the two face images are of the same person, it is determined that false acceptance has not occurred. If it is determined that the two face images are not the face image of the same person, it is determined that false acceptance has occurred.

If no other person is accepted, the staff will not take any special measures. If an unauthorized person is accepted, the staff corrects and corrects the authentication result by the server device 20 based on the authentication ID and the like. Specifically, the employee enters the authentication ID into the server device 20 to identify the two parties involved in the stranger acceptance. Based on the person's name and flight number, the staff corrects the token ID information database, visits the person concerned, informs them of the occurrence of an authentication error, and takes necessary measures. It should be noted that the response to the occurrence of false acceptance varies depending on the terminal and passenger situation (before or after boarding the aircraft) at the time of occurrence of false acceptance, and uniform processing by the system is difficult. In other words, since it is assumed that the staff will respond flexibly when a false person is accepted, a more detailed explanation will be omitted. When false acceptance occurs, the staff should appropriately correct the inconvenience and contradiction caused by the false authentication.

When biometric authentication succeeds, authentication unit 404 generates an authentication ID that uniquely identifies the result of biometric authentication. The authentication unit 404 generates an authentication ID by assigning a unique value each time biometric authentication is successful.

The authentication unit 404 associates and stores the generated authentication ID and the information acquired from the authentication unit 404 (see FIG. 16).

After generating the authentication ID, the authentication unit 404 generates authentication result information. Specifically, authentication unit 404 generates authentication result information including an authentication ID, a terminal identifier, an acquired face image, and a registered face image. The authentication unit 404 transmits the generated authentication result information to the staff terminal 30 .

Alternatively, the authentication unit 404 may generate authentication result information including personal information (name, etc.) and flight information (flight number, etc.) of the successfully authenticated person. The authentication unit 404 can use the token ID to acquire (read) the personal information of the successfully authenticated person from the business information database.

Note that the authentication unit 404 may transmit the authentication result information to the staff terminal 30 when a predetermined condition is satisfied. For example, if the degree of similarity between two images (acquired face image, registered face image) at the time of successful authentication is smaller than a predetermined threshold, the server device 20 may transmit the authentication result information to the staff terminal 30. good. That is, when the degree of similarity between the two images is larger than a first threshold for determining successful authentication and smaller than a predetermined second threshold, the server device 20 sends the authentication result information to the employee. You may transmit to the terminal 30. FIG.

In this way, the authentication unit 404 may perform threshold processing on the calculated similarity, and determine whether or not to transmit the authentication result information to the staff terminal 30 according to the result. As a result, when the certainty (accuracy) of the authentication result is sufficiently high (when the similarity between images is equal to or higher than the second threshold), the authentication result information is transmitted from the server device 20 to the staff terminal 30. no. In other words, the authentication result information is sent to the staff terminal 30 when the biometric authentication is successful but the accuracy is not sufficient.

By confirming the authentication result information filtered by the server device 20, the staff can detect the occurrence of false acceptance with higher concentration.

Alternatively, the server device 20 calculates the similarity with the largest value (first similarity) and the similarity with the next largest value (second similarity; >second similarity) may be used to determine whether or not to transmit the authentication result information. Specifically, the server device 20 may transmit the authentication result information to the staff terminal 30 when the difference between the first similarity and the second similarity is smaller than a predetermined threshold.

The fact that the difference between the first degree of similarity and the second degree of similarity is large indicates that the face of the person judged to be second most similar to the person to be authenticated does not resemble the face of the person to be authenticated (the person himself/herself). . On the other hand, the fact that the difference between the first similarity and the second similarity is small means that the face of the person judged to be the second most similar to the person to be authenticated resembles the face of the person to be authenticated. show. For example, if the person to be authenticated is a twin and both face images are registered, the similarity (first similarity) by the person's face image and the similarity (first similarity) by the other face image of the twin ( second degree of similarity) becomes smaller.

The server device 20 may determine whether or not to transmit the authentication result information based on the difference in similarity. Also in this case, the authentication unit 404 may perform threshold processing on the difference between the first similarity and the second similarity, and determine whether or not to transmit the authentication result information based on the result.

As described above, in the boarding procedure system according to the second embodiment, when the server device 20 successfully authenticates the person to be authenticated, it transmits the authentication result information including the obtained face image and the registered face image to the staff terminal 30. . The staff terminal 30 provides the staff and others with information that can be verified as to whether or not erroneous authentication has occurred due to the acceptance of someone else. The staff member detects the occurrence of false authentication by comparing the two face images. In the second embodiment, staff members who are familiar with the work monitor the occurrence of misauthentication, so the occurrence of false acceptance can be detected more reliably. Also in the second embodiment, problems, contradictions, etc. caused by incorrect authentication are resolved.

Next, the hardware of each device that constitutes the boarding procedure system will be described. FIG. 17 is a diagram showing an example of the hardware configuration of the server device 20. As shown in FIG.

The server device 20 can be configured by an information processing device (so-called computer), and has a configuration illustrated in FIG. 17 . For example, the server device 20 includes a processor 311, a memory 312, an input/output interface 313, a communication interface 314, and the like. Components such as the processor 311 are connected by an internal bus or the like and configured to be able to communicate with each other.

However, the configuration shown in FIG. 17 is not meant to limit the hardware configuration of the server device 20 . The server device 20 may include hardware (not shown) and may not have the input/output interface 313 as necessary. Also, the number of processors 311 and the like included in the server device 20 is not limited to the example illustrated in FIG.

The processor 311 is, for example, a programmable device such as a CPU (Central Processing Unit), MPU (Micro Processing Unit), DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array), an ASIC (Application Specific Integrated Circuit), or the like. The processor 311 executes various programs including an operating system (OS).

The memory 312 is RAM (Random Access Memory), ROM (Read Only Memory), HDD (Hard Disk Drive), SSD (Solid State Drive), or the like. The memory 312 stores an OS program, application programs, and various data.

The input/output interface 313 is an interface for a display device and an input device (not shown). The display device is, for example, a liquid crystal display. The input device is, for example, a device such as a keyboard or mouse that receives user operations.

The communication interface 314 is a circuit, module, etc. that communicates with other devices. For example, the communication interface 314 includes a NIC (Network Interface Card) or the like.

The functions of the server device 20 are implemented by various processing modules. The processing module is implemented by the processor 311 executing a program stored in the memory 312, for example. Also, the program can be recorded in a computer-readable storage medium. The storage medium can be non-transitory such as semiconductor memory, hard disk, magnetic recording medium, optical recording medium, and the like. That is, the present invention can also be embodied as a computer program product. Also, the program can be downloaded via a network or updated using a storage medium storing the program. Furthermore, the processing module may be realized by a semiconductor chip.

Note that the check-in terminal 10, the boarding gate device 14, the staff terminal 30, etc. can also be configured by an information processing device like the server device 20, and the basic hardware configuration thereof is the same as that of the server device 20. Description is omitted. The check-in terminal 10 or the like may be equipped with a camera or the like.

The server device 20 is equipped with a computer, and the functions of the server device 20 can be realized by causing the computer to execute a program. Further, the server device 20 executes a server device control method by the program.

[Modification]
The configuration, operation, and the like of the boarding procedure system described in the above embodiment are examples, and are not meant to limit the configuration and the like of the system.

In the above embodiment, system registration is performed after the user's check-in procedure, but system registration may be performed before check-in procedure. In this case, since the boarding pass is not issued before the check-in procedure, the server device 20 can be registered in the system using the airline ticket information instead of the boarding pass.

In the above embodiment, the case where system registration (registration for implementing boarding procedures using biometric authentication) is performed at the check-in terminal 10 has been described. However, system registration may be performed at a device or terminal other than the check-in terminal 10 . For example, a device dedicated to system registration may be installed at the airport, or system registration may be performed at terminals (touch points) such as the baggage drop machine 11 and the passenger transit system 12 .

In the above-described embodiment, a case where a series of boarding procedures are performed by biometric authentication has been described, but some procedures may be performed by biometric authentication. For example, in FIG. 2, system registration may be performed at the baggage deposit machine 11, and procedures after baggage deposit (security inspection, etc.) may be performed by biometric authentication. In other words, part of the series of boarding procedures may be carried out at a manned booth or the like.

In the above embodiment, the case where the server device 20 has two databases has been described. However, the token ID information database and the business information database constructed in the server device 20 may be constructed in a database server different from the server device 20 . That is, the boarding procedure system may include various means (for example, token generation means) and the like described in the above embodiments.

In the above embodiment, the authentication request includes a face image, but the authentication request may include a feature amount generated from the face image. In this case, the server device 20 may process the authentication request using the feature amount extracted from the authentication request and the feature amount registered in the token ID information database.

In the first embodiment, the server device 20 includes the registered face image in the response to the authentication request. However, the server device 20 may transmit the registered face image to the terminal by a method other than the response to the authentication request. For example, the server device 20 may transmit authentication result information as described in the second embodiment to the terminal.

The server device 20 according to the first embodiment may include the registered face image or the like in the positive response to the authentication request when a predetermined condition is satisfied. For example, as described in the second embodiment, the server device 20 may include a registered face image or the like in the affirmative response according to the result of threshold processing for the degree of similarity calculated during authentication processing. In this case, the terminal should output a display as shown in FIG. 3 when it receives an affirmative response including the registered face image.

In the display for providing the authentication result to the successful authentication person, information regarding the seat of the successful authentication person may also be displayed. For example, the seat number, seat class (first class, business class, economy class) of the person who has successfully authenticated may be displayed together with the registered face image. The authenticated person can detect the occurrence of false acceptance based on this information.

The terminal may generate a GUI including a button or the like for acquiring that the successfully authenticated person has viewed the display when displaying the display as shown in FIG. 3 (see FIG. 18). That is, the terminal may use the GUI to acquire whether or not the successfully authenticated person has confirmed that false acceptance has not occurred based on the displayed biometric information and flight information. The terminal may proceed with the procedures of the successful authentication person in response to the successful authentication person pressing the OK button. Alternatively, the terminal may control the gate or the like so that the authenticated person can pass through in response to pressing of the OK button. Alternatively, the terminal may obtain that the successfully authenticated person has visually recognized (confirmed) the displayed content by non-contact input such as voice or gesture.

In the second embodiment, the employee terminal 30 and the terminal may operate in cooperation. For example, the staff terminal 30 may control a gate provided by the terminal. For example, the staff terminal 30 displays a GUI as shown in FIG. When the staff member compares the two face images and determines that false acceptance has occurred, he/she presses the procedure interruption button. In response to pressing of the button, the staff terminal 30 instructs the terminal (the boarding gate device 14 in the example of FIG. 19) on which biometric authentication has been performed to suspend the procedure. The terminal (function implementation unit 305 of the terminal) that has received the instruction interrupts the procedure for the successfully authenticated person. For example, the terminal controls so that the authenticated person cannot pass through the gate. The staff will go to the terminal that interrupted the procedure and take necessary measures.

In this way, the employee terminal 30 obtains from the GUI whether or not the employee has determined that false acceptance has occurred, based on the biometric information acquired from the terminal and the registered biometric information of the successfully authenticated person. Further, the staff terminal 30 may instruct the terminal to interrupt the procedure when the staff determines that the acceptance of a stranger has occurred. That is, the staff terminal 30 may control the terminal in accordance with the staff member's operation (judgment result of the staff member's acceptance of a stranger).

Server device 20 (authentication unit 404) may include an “alarm flag” in the positive response including the registered face image or in the authentication result information when a predetermined condition is satisfied. The alarm flag is information for notifying the terminal or staff terminal 30 that the predetermined condition is satisfied. The alert flag is set to require the authenticated person or staff to carefully review the authentication result. For example, the server device 20 sets an alarm flag according to the result of the threshold processing for the degree of similarity described in the second embodiment. More specifically, server device 20 sets an alarm flag when authentication is successful but is assumed to be less likely.

The terminal or staff terminal 30 may change the mode of display provided to the authenticated person or staff depending on whether or not the alarm flag is set. For example, the terminal may change the aspect of the display (for example, the display shown in FIG. 3) including the biometric information of the successfully authenticated person and the information about the flight, depending on whether or not a predetermined condition is satisfied.

For example, if the alarm flag is set, the terminal or staff terminal 30 may display with more colors (highlighted display) that draws more attention than when the flag is not set. All or part of them may be blinked. Alternatively, the terminal or the like may use voice to prompt the user to carefully check the registered face image.

In the above description, the case where the authentication result information is transmitted to the staff terminal 30 when a predetermined condition is satisfied has been described. The above-described predetermined conditions are examples, and whether or not to transmit the authentication result information may be determined based on other conditions. For example, whether or not to transmit the authentication result information may be determined based on the seat class (seat class: highest class passenger seat, upper class passenger room, ordinary passenger seat) or travel history of the person who has successfully authenticated. For example, if the seat class of an authenticated person is first class, the authentication result information may be transmitted to the staff terminal 30 . In this case, staff can carefully monitor the occurrence of misidentifications for first class passengers (passengers that airlines, etc. want to avoid trouble with).

Alternatively, server device 20 may transmit an acknowledgment including authentication result information and a registered face image based on an index or the like different from the similarity between face images based on feature amounts generated from face images. Misidentification (acceptance of other person) in biometric authentication is caused by the fact that the "faces" of the verification side and the registration side are similar. More precisely, if the positions of the eyes and nose and the distances between these feature points are approximately the same, erroneous authentication (acceptance of other persons) may occur even if the faces are of different people. Here, in the boarding procedure system at the airport, a registered face image is input to the server device 20 at the time of check-in, and thereafter, the terminal (boarding gate device 14, etc.) requests the server device 20 for biometric authentication in a relatively short time. become. It is difficult to imagine that the hairstyle of the person to be authenticated, whether or not he wears glasses, his clothes, etc. will change in such a short period of time. The server device 20 may determine whether or not to transmit the authentication result information by using such features and characteristics of biometric authentication at the airport.

More specifically, the server device 20 (authentication unit 404) calculates the degree of similarity between the two images using a method different from the method using the feature amount. For example, the server device 20 sets a low value for the degree of similarity if the hairstyle of a person depicted in two face images is different. Alternatively, server device 20 sets a low similarity value if one face image includes eyeglasses and the other face image does not include eyeglasses. Alternatively, the server device 20 sets a low value for the degree of similarity if the clothes of the person appearing in the two face images are different. The server device 20 may transmit the authentication result information to the staff terminal 30 when the similarity calculated by the above method is lower than a predetermined threshold. That is, the server device 20 may determine whether or not to transmit the authentication result information based on the similarity between the images calculated by a method different from the similarity based on the feature amount. Similarly, the server device 20 may transmit an acknowledgment including the registered face image to the terminal based on the similarity between the images calculated by a method different from the similarity based on the feature amount.

In addition, regarding determination of the similarity of hairstyles, the server device 20 may compare the areas of the regions of the upper part of the face, or may use the shapes of the regions. In addition, the server device 20 may determine whether or not the user is wearing eyeglasses using a technique such as template matching. Server device 20 may use a frequency analysis result of an area other than the face area for determining the identity of clothes. The server device may determine the identity of the clothes according to whether or not patterns and textures in areas other than the face area are different.

In the second embodiment, the case of transmitting the authentication result information to the staff terminal 30 has been described, but the information may be transmitted to the terminal. The terminal may perform display using the registered face image included in the response to the authentication request and display using the registered face image included in the authentication result information on different display devices. For example, the former display may be performed on a main display visible to the person to be authenticated, and the latter display may be performed on a sub-display visible to a staff member (staff standing by near the terminal).

In the above embodiment, the case where the employee uses the employee terminal 30 to detect the occurrence of false acceptance has been described. However, the detection of occurrence of false acceptance may be performed using a learning model generated by machine learning. Specifically, the system administrator or the like collects a large number of data (acquired face images, registered face images) at the time of false acceptance. The system administrator or the like attaches a label relating to authentication failure to the collected data to generate training data. A system administrator or the like inputs the teacher data into a learning device to generate a learning model (classification model). Implement the learning model on a computer. The computer inputs the two face images acquired from the server device 20 to the learning model, and outputs the determination result (false acceptance occurrence, non-occurrence). Personnel and the like may take necessary actions in response to the results determined by the computer. Any algorithm such as a support vector machine, boosting, or neural network can be used to generate the learning model. Since well-known techniques can be used for algorithms such as the support vector machine, the description thereof is omitted.

In the above-described embodiment, a facial image and a feature amount generated from the facial image are treated as "biological information", and the operation of the system and the like have been described. However, other information may be used as the "biological information" in place of the face image or the like. For example, when voiceprint authentication is used, voiceprint information (voice data) registered in advance may be played back, and flight information and the like may be displayed.

Also, when biometric information other than a face image is used, the biometric information on the registration side may not be displayed. For example, personal information (name) of the person to be authenticated, flight information (destination, etc.), etc. may be displayed on the terminal. The user can detect false authentication if this information differs from his/her own information.

The server device 20 may notify the terminal and the staff terminal 30 of the degree of similarity used in the authentication process (the degree of similarity of the successfully authenticated person). The staff terminal 30 or the like may provide the staff or the like with the degree of similarity. According to the presented degree of similarity, the staff can take measures such as checking the two face images more carefully.

The form of data transmission/reception between the check-in terminal 10 or the like and the server device 20 is not particularly limited, but the data transmitted/received between these devices may be encrypted. Boarding pass information and passport information include personal information, and in order to properly protect the personal information, it is desirable to send and receive encrypted data.

In the flowcharts (flowcharts, sequence diagrams) used in the above description, a plurality of steps (processes) are described in order, but the execution order of the steps executed in the embodiment is not limited to the described order. In the embodiment, the order of the illustrated steps can be changed within a range that does not interfere with the content, such as executing each process in parallel.

The above embodiments have been described in detail to facilitate understanding of the present disclosure, and are not intended to require all the configurations described above. Also, when a plurality of embodiments are described, each embodiment may be used alone or in combination. For example, it is possible to replace part of the configuration of the embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of the embodiment. Furthermore, additions, deletions, and replacements of other configurations are possible for some of the configurations of the embodiments.

Although the industrial applicability of the present invention is clear from the above description, the present invention can be suitably applied to a boarding procedure system at an airport or the like. However, the application of the present disclosure is not limited to airport procedures, and the present disclosure is applicable to systems that require multiple procedures. For example, the disclosure of the present application can also be applied to entrance/exit control at an event site or the like. For example, the server device 20 may analyze the authentication history at the event site, and notify the event organizer or the like of the result of strongly suspected false authentication.

Some or all of the above embodiments may also be described in the following additional remarks, but are not limited to the following.
[Appendix 1]
an acquisition unit that acquires biometric information of a person to be authenticated from a terminal;
an authentication unit that performs biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a plurality of users registered in advance;
with
When a predetermined condition is satisfied, the authentication unit uses authentication result information including the biometric information acquired from the terminal and the registered biometric information of the person who succeeded in the biometric authentication. A server device that sends data to terminals.
[Appendix 2]
The authentication unit calculates a degree of similarity between the biometric information of the person to be authenticated and the biometric information of each of the plurality of users registered in advance,
wherein the authentication result information is transmitted to the staff terminal when the largest similarity among the calculated similarities is greater than a first threshold and smaller than a second threshold; Server equipment as described.
[Appendix 3]
The authentication unit calculates a degree of similarity between the biometric information of the person to be authenticated and the biometric information of each of the plurality of users registered in advance,
calculating the difference between the first similarity with the largest value and the second similarity with the second largest value among the calculated multiple similarities;
The server device according to appendix 1, wherein the authentication result information is transmitted to the staff terminal when the calculated difference is smaller than a predetermined threshold.
[Appendix 4]
The server device according to supplementary note 1, wherein the authentication unit determines whether or not to transmit the authentication result information to the staff terminal based on the seat class of the successfully authenticated person.
[Appendix 5]
The server device according to appendix 4, wherein the authentication unit transmits the authentication result information to the staff terminal when the seat class of the successful authentication person is the highest passenger seat.
[Appendix 6]
6. The server device according to any one of appendices 1 to 5, further comprising a database that stores biometric information of each of the plurality of users.
[Appendix 7]
7. The server device according to any one of appendices 1 to 6, wherein the biometric information is a face image or a feature amount extracted from the face image.
[Appendix 8]
8. The server device according to any one of appendices 1 to 7, wherein the authentication unit transmits the authentication result information to the terminal instead of the staff terminal.
[Appendix 9]
a terminal;
staff terminals used by staff;
a server device connected to the terminal and the staff terminal;
including
The server device
an acquisition unit that acquires biometric information of a person to be authenticated from a terminal;
an authentication unit that performs biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a plurality of users registered in advance;
with
When a predetermined condition is satisfied, the authentication unit transmits authentication result information including biometric information acquired from the terminal and registered biometric information of an authenticated person who succeeded in biometric authentication to the staff terminal. ,system.
[Appendix 10]
The system according to appendix 9, wherein the staff terminal displays the biometric information acquired from the terminal and the registered biometric information of the successfully authenticated person.
[Appendix 11]
The staff terminal is
11. The system according to supplementary note 10, wherein the staff acquires whether or not it is determined that false acceptance has occurred based on the biometric information acquired from the terminal and the registered biometric information of the successfully authenticated person.
[Appendix 12]
The staff terminal is
12. The system according to appendix 11, wherein the terminal is instructed to suspend the procedure when it is determined that a false acceptance has occurred.
[Appendix 13]
in the server device,
Acquire the biometric information of the person to be authenticated from the terminal,
performing biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a plurality of users registered in advance;
When a predetermined condition is satisfied, the authentication result information including the biometric information obtained from the terminal and the registered biometric information of the successful person who succeeded in the biometric authentication is transmitted to the staff terminal used by the staff. A method of controlling a server device.
[Appendix 14]
The computer installed in the server device,
A process of acquiring biometric information of a person to be authenticated from a terminal;
a process of performing biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a plurality of users registered in advance;
A process of transmitting authentication result information including biometric information obtained from the terminal and the registered biometric information of the person who succeeded in biometric authentication to the employee terminal used by the employee when a predetermined condition is satisfied. and,
A computer-readable storage medium that stores a program for executing

It should be noted that the respective disclosures of the cited prior art documents are incorporated herein by reference. Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments. Those skilled in the art will appreciate that these embodiments are illustrative only and that various modifications can be made without departing from the scope and spirit of the invention. That is, the present invention naturally includes various variations and modifications that can be made by those skilled in the art according to the entire disclosure including claims and technical ideas.

10 Check-in terminal 11 Baggage deposit machine 12 Passenger passage system 13 Gate device 14 Boarding gate device 20, 100 Server device 30 Staff terminal 101 Acquisition unit 102 Authentication unit 201, 301, 401 Communication control unit 202 System registration unit 203 Token issuance request unit 204, 304 message output unit 205 check-in execution unit 206, 306, 405 storage unit 211 boarding pass information acquisition unit 212 passport information acquisition unit 213, 302 biometric information acquisition unit 303 authentication request unit 311 processor 312 memory 313 input/output interface 314 communication Interface 402 Token generation unit 403 Database management unit 404 Authentication unit

Claims (12)

an acquisition unit that acquires biometric information of a person to be authenticated from a terminal;
an authentication unit that controls biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a plurality of users registered in advance,
When the biometric authentication is successful and a predetermined condition is satisfied, the authentication unit stores the biometric information acquired from the terminal and the registered biometric information corresponding to the successful authentication person who has succeeded in the biometric authentication. as information used for detecting incorrect authentication due to the occurrence of false acceptance, to an employee terminal used by an employee or the terminal. the predetermined condition is a condition relating to the degree of similarity between the biometric information of the person to be authenticated and the biometric information of each of the plurality of users registered in advance;
2. The server device according to claim 1, wherein said authentication unit transmits said authentication result information to said employee terminal or said terminal when said predetermined condition is satisfied. The predetermined condition is a condition regarding a seat class corresponding to the successful authentication person,
2. The server device according to claim 1, wherein said authentication unit transmits said authentication result information to said employee terminal or said terminal when said predetermined condition is satisfied. The authentication result information includes flight information including at least one of information on an airline company, information on an arrival airport, information on a flight number and departure time of a boarding plane corresponding to the successful authentication person, and flight information corresponding to the successful authentication person. 4. The server device according to any one of claims 1 to 3, comprising one or both of personal information corresponding to . A computer installed in the server device
Acquire the biometric information of the person to be authenticated from the terminal,
controlling biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a plurality of users registered in advance;
Further, when the biometric authentication is successful and a predetermined condition is satisfied, the biometric information obtained from the terminal and the registered biometric information corresponding to the successful authentication person who has succeeded in the biometric authentication are accepted by others. A method for controlling a server device, which transmits authentication result information, which is included as information used for detecting incorrect authentication due to the occurrence of , to an employee terminal used by an employee, or the terminal. the predetermined condition is a condition relating to the degree of similarity between the biometric information of the person to be authenticated and the biometric information of each of the plurality of users registered in advance;
6. The method of controlling a server device according to claim 5, wherein when the predetermined condition is satisfied, a computer installed in the server device transmits the authentication result information to the employee terminal or the terminal. The predetermined condition is a condition regarding a seat class corresponding to the successful authentication person,
6. The method of controlling a server device according to claim 5, wherein when the predetermined condition is satisfied, a computer installed in the server device transmits the authentication result information to the employee terminal or the terminal. The authentication result information includes flight information including at least one of information on an airline company, information on an arrival airport, information on a flight number and departure time of a boarding plane corresponding to the successful authentication person, and flight information corresponding to the successful authentication person. 8. The method of controlling a server device according to claim 5, wherein one or both of personal information corresponding to . A process of acquiring biometric information of a person to be authenticated from a terminal;
a process of controlling biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a plurality of users registered in advance;
When the biometric authentication is successful and a predetermined condition is satisfied, the biometric information acquired from the terminal and the registered biometric information corresponding to the successful authentication person who has succeeded in the biometric authentication are accepted by others. A process of transmitting authentication result information, which is included as information used to detect mis-authentication by the staff terminal used by the staff, or to the terminal;
A computer program that causes a computer to execute the predetermined condition is a condition relating to the degree of similarity between the biometric information of the person to be authenticated and the biometric information of each of the plurality of users registered in advance;
10. The computer program according to claim 9, for causing a computer to execute a process of transmitting said authentication result information to said employee terminal or said terminal when said predetermined condition is satisfied. The predetermined condition is a condition regarding a seat class corresponding to the successful authentication person,
10. The computer program according to claim 9, for causing a computer to execute a process of transmitting said authentication result information to said employee terminal or said terminal when said predetermined condition is satisfied. The authentication result information includes flight information including at least one of information on an airline company, information on an arrival airport, information on a flight number and departure time of a boarding plane corresponding to the successful authentication person, and flight information corresponding to the successful authentication person. 12. A computer program as claimed in any one of claims 9 to 11, comprising one or both of personal information corresponding to

Images