JP4709109B2 - Authentication system, mobile communication terminal, authentication device, and program - Google Patents

Description

  The present invention relates to an authentication system, a mobile communication terminal, an authentication device, and a program, and in particular, an authentication system, a mobile communication terminal, an authentication device, and a program suitable for use of a mobile communication terminal having a biometric authentication function. About.

  Mobile communication terminals such as mobile phones have been improved in performance, and are equipped with various functions other than the voice call function which is a basic function. Recently, there is a function for storing and browsing data created by a personal computer or the like, and it is often used for business purposes.

  Convenience is improved by such multi-functionality, but a small mobile communication terminal has a high risk of loss or the like. In particular, when used for business purposes, the loss of stored business data is a great loss and there is a risk that highly confidential data will be leaked.

In order to avoid such a situation, there is a mobile communication terminal equipped with a lock function that prevents an operation by another person. In such a lock function, biometric authentication such as fingerprint authentication is often employed to determine whether the user is a legitimate user, and the lock is released when the legitimate user can be authenticated. (For example, patent document 1).
JP 2003-274007 A

  When a mobile communication terminal is used for business purposes, it is usually in the form of a so-called corporate contract. Therefore, the mobile communication terminal contracted by the business entity is lent to an employee or the like. In this case, normally, one mobile communication terminal is loaned to a specific employee, but the user may be changed to another employee due to personnel changes or other reasons, for example. In such a form, when unlocking by fingerprint authentication is applied, the fingerprint image or password registered in the mobile communication terminal is changed. By performing such an operation, a plurality of persons can substantially share and use one mobile communication terminal as long as the person is permitted by the business entity.

  Here, when changing the user, for example, if it is not possible to contact the person who registered the fingerprint image for some reason (for example, when the fingerprint registrant is in a remote location) Since the user cannot perform fingerprint authentication, the lock cannot be released. In such cases, it is usually impossible to change fingerprint images or passwords unless initialization is performed by an administrator or the like, so it is not possible to browse important business data stored in the mobile communication terminal. As a result, there arises a disadvantage that these pieces of information are deleted by initialization.

  The present invention has been made in view of the above circumstances, and an object thereof is to provide an authentication system, an authentication device, a mobile communication terminal, and a program that can easily and efficiently change a user. .

In order to achieve the above object, an authentication system according to the first aspect of the present invention includes:
An authentication system comprising a mobile communication terminal having a biometric authentication function and an authentication device connected to the mobile communication terminal via a communication network,
The authentication device
Authentication information acquisition means for acquiring biometric authentication information of a person who can use the mobile communication terminal in common;
Based on the biometric authentication information of the intended user of the mobile communication terminal received from the mobile communication terminal via the communication network, and the biometric authentication information acquired by the authentication information acquiring means, the planned use person And authenticating means for authenticating the legitimacy of
The mobile communication terminal is
Biometric information storage means for storing biometric information used for the biometric authentication function of the mobile communication terminal;
Authentication information transmitting means for acquiring biometric authentication information of the prospective user and transmitting it to the authentication device via the communication network;
Biometric authentication information updating means for updating the biometric authentication information stored in the biometric authentication information storage means to the biometric authentication information of the prospective user when the authentication device authenticates the legitimate user. ,
It is characterized by that.

In order to achieve the above object, a mobile communication terminal according to the second aspect of the present invention provides:
A mobile communication terminal having a biometric authentication function,
User information storage means for storing biometric authentication information used for the biometric authentication function;
A biometric authentication information different from the biometric authentication information stored in the user information storage means is acquired, and a communication network is connected to an authentication device in which the biometric authentication information of a person who can use the mobile communication terminal in common is registered. An authentication requesting means for transmitting and requesting authentication;
User information update means for rewriting the biometric authentication information stored in the user information storage means to the acquired biometric authentication information when authenticated by the authentication device;
It is characterized by that.

The mobile communication terminal is
It is desirable to further comprise biometric information storage means for temporarily storing the acquired biometric information, in this case,
It is desirable that the user information updating unit updates the biometric information stored in the user information storage unit by rewriting the biometric information stored in the biometric information storage unit.

In the mobile communication terminal,
The authentication requesting unit transmits the acquired biometric authentication information to the authentication device when the biometric authentication information acquired by the biometric authentication function and the biometric authentication information stored in the user information storage unit do not match. It is desirable.

The mobile communication terminal is
It is desirable to further comprise a control signal receiving means for receiving a control signal to be transmitted when the authentication device authenticates, in this case,
The user information update means preferably updates information in the user information storage means when the control signal receiving means receives a control signal.

The mobile communication terminal is
The authentication requesting unit preferably further includes an encryption unit that encrypts the acquired biometric authentication information.

In order to achieve the above object, an authentication apparatus according to the third aspect of the present invention provides:
Authenticates a user of the mobile communication terminal, comprising: a management device that manages user information of a mobile communication terminal having a biometric authentication function; and a verification device that verifies biometric authentication information used for the biometric authentication function. An authentication device for
The management device
User information storage means for storing biometric authentication information of each person who can use the mobile communication terminal in common;
Authentication information transmitting means for obtaining biometric authentication information about the prospective user of the mobile communication terminal from the usable person information storage means and transmitting it to the verification device via a communication network;
The verification device is
First authentication information receiving means for receiving biometric authentication information transmitted by the management device via the communication network;
Second authentication information receiving means for receiving biometric authentication information about the intended user acquired by the mobile communication terminal via a communication network;
And the first authentication information receiving means biometric authentication information received, the authentication means and the second authentication information receiving means by collating the biometric authentication information received, to authenticate the use prospective,
When the validity of the use schedule user has been authenticated by the authentication unit, the biometric authentication information used for the biometric authentication function generates a control signal for switching to one of said use prospective, the movable body through the communication network Control signal transmission means for transmitting to the communication terminal,
It is characterized by that.

In the above authentication device,
The verification device is
It is desirable to further comprise authentication information storage means for temporarily storing biometric authentication information received by the first authentication information receiving means.
The authentication unit preferably deletes the biometric authentication information used for the authentication operation from the authentication information storage unit after the authentication operation.

In the above authentication device,
The authentication information transmitting unit of the management device preferably includes an encryption unit that encrypts information to be transmitted to the authentication device.
It is desirable that the first authentication information receiving unit of the verification device includes a decoding unit that decodes the information transmitted from the management device.

In order to achieve the above object, an authentication apparatus according to the fourth aspect of the present invention provides:
An authentication device for authenticating a user of a mobile communication terminal having a biometric authentication function,
User information storage means for storing biometric authentication information of each person who can use the mobile communication terminal in common;
Authentication information receiving means for receiving biometric authentication information about a prospective user acquired by the mobile communication terminal via a communication network;
An authentication unit that verifies the biometric authentication information stored in the usable person information storage unit and the biometric authentication information received by the authentication information receiving unit to authenticate the legitimacy of the intended user;
When the validity of the use schedule user has been authenticated by the authentication unit, the biometric authentication information used for the biometric authentication function generates a control signal for switching to one of said use prospective, the movable body through the communication network Control signal transmission means for transmitting to the communication terminal,
It is characterized by that.

In order to achieve the above object, a program according to the fifth aspect of the present invention is:
In a computer that controls a mobile communication terminal having a biometric authentication function,
A function of storing biometric authentication information used for the biometric authentication function;
The biometric authentication information different from the stored biometric authentication information is acquired, and transmitted via a communication network to an authentication device in which the biometric authentication information of a person who can use the mobile communication terminal in common is registered for authentication. A function that requires
A function of rewriting the stored biometric authentication information to the acquired biometric authentication information when authenticated by the authentication device;
It is characterized by realizing.

In order to achieve the above object, a program according to the sixth aspect of the present invention is:
On the computer,
A function of acquiring biometric authentication information of a person scheduled to use the mobile communication terminal from a storage device storing biometric authentication information of each person who can use the mobile communication terminal having a biometric authentication function;
A function of acquiring biometric authentication information of the intended user of the mobile communication terminal from the mobile communication terminal;
A function for verifying the legitimacy of the prospective user by comparing biometric authentication information acquired from the storage device and biometric authentication information acquired from the mobile communication terminal;
A function of transmitting a control signal for switching biometric authentication information used for the biometric authentication function to the mobile communication terminal when authenticating the intended user;
It is characterized by realizing.

  ADVANTAGE OF THE INVENTION According to this invention, the user change of the shared mobile communication terminal can be performed easily and efficiently.

(Embodiment 1)
Embodiments according to the present invention will be described below with reference to the drawings. FIG. 1 is a diagram schematically illustrating a configuration of an authentication system 1 according to the present embodiment. As shown in the figure, the authentication system 1 includes a mobile communication terminal 100, a management device 200, a verification device 300, and the like.

  The mobile communication terminal 100 is a telephone terminal device used in mobile communication such as a mobile phone. The mobile communication terminal 100 according to the present embodiment is assumed to have a biometric authentication (biometric authentication) function for authenticating the user. In the present embodiment, fingerprint authentication is used as a biometric authentication method. And It is assumed that the mobile communication terminal 100 has a lock function that allows only a user who is authenticated by the fingerprint authentication function to operate the mobile communication terminal 100. Further, the mobile communication terminal 100 is assumed to be used by a so-called corporate contract, and a business entity such as a company (hereinafter referred to as business entity BB) makes a contract with a communication carrier so that an employee of the business entity BB Assume that the mobile communication terminal 100 is used for business purposes.

  The management device 200 is a device for managing users of the mobile communication terminal 100 based on such a corporate contract, and is an information processing device operated by the business entity BB. The management device 200 is configured by a computer device such as a workstation or a personal computer, for example, and stores and manages information about employees who are permitted to use the mobile communication terminal 100 by the business entity BB. In this embodiment, since the mobile communication terminal 100 used in the business entity BB is provided with a fingerprint authentication function, the management apparatus 200 includes a fingerprint image of an employee who is permitted to use the mobile communication terminal 100. Is accumulated. Such a management apparatus 200 is assumed to be operated by an employee (so-called manager) who manages the mobile communication terminal 100 in the business entity BB.

  The collation device 300 is an information processing device for collating and authenticating fingerprint images of the previous user and the next user when changing the user of the mobile communication terminal 100. In this embodiment, it shall be operated by the business entity that has contracted with the business entity BB and that provides a service for authenticating the user of the mobile communication terminal 100. The verification device 300 is composed of a computer device such as a mainframe or a workstation, for example.

  In such an authentication system 1, the mobile communication terminal 100 is connected to each of the management device 200 and the verification device 300 via a communication network NW. The communication network NW is a WAN (Wide Area Network) such as a mobile network such as a cellular network or the Internet (IP network). When the mobile communication terminal 100 communicates, it is connected to the communication network NW via the mobile communication base station BS or the like, and when the management device 200 or the verification device 300 communicates, the communication network via the gateway GW or the like. Connected to NW.

  In the present embodiment, the user of the mobile communication terminal 100 is authenticated by the cooperation of the management device 200 and the verification device 300 connected via the communication network NW. That is, the management device 200 and the verification device 300 function as authentication devices.

  Detailed configurations of the mobile communication terminal 100, the management device 200, and the verification device 300 of the authentication system 1 will be described below. First, the configuration of the mobile communication terminal 100 will be described with reference to FIG.

  FIG. 2 is a block diagram showing the configuration of the mobile communication terminal 100. As illustrated, the mobile communication terminal 100 includes a control unit 110, a communication control unit 120, an operation unit 130, a display unit 140, a sound processing unit 150, a sensor unit 160, a storage unit 170, and the like.

  The control unit 110 includes, for example, a CPU (Central Processing Unit), a RAM (Random Access Memory), and the like, and controls each unit of the mobile communication terminal 100. In this embodiment, the function for performing each process mentioned later is implement | achieved because the control part 110 runs a program.

  The communication control unit 120 includes a transmission / reception device for performing communication operation of the mobile communication terminal 100, and controls communication operation between the mobile communication terminal 100 and the base station BS by controlling radio transmission / reception operation by the antenna 121. Is realized.

  The operation unit 130 includes, for example, predetermined keys and buttons operated by the user of the mobile communication terminal 100 and inputs an input signal corresponding to the operation to the control unit 110.

  The display unit 140 includes, for example, a liquid crystal display device, and displays and outputs screens related to the functions of the mobile communication terminal 100.

  The voice processing unit 150 is composed of, for example, a voice codec and performs voice input / output operations related to the voice call function of the mobile communication terminal 100. That is, the digital audio signal received by the communication control unit 120 is converted into an analog audio signal and output from the speaker 151, and the audio input from the microphone 152 is converted into a digital audio signal and provided to the communication control unit 120. Thus, a voice call is realized.

  The sensor unit 160 is a sensor for acquiring biometric information necessary for the biometric authentication function of the mobile communication terminal 100. In this embodiment, since fingerprint authentication is employed, the sensor unit 160 is configured by, for example, a scattering optical fingerprint sensor for acquiring a fingerprint image of the user of the mobile communication terminal 100.

  The storage unit 170 is composed of, for example, a flash memory or a hard disk device, and stores data and programs necessary for the operation of the mobile communication terminal 100. In the present embodiment, storage areas such as a program storage unit 171, a terminal information storage unit 172, a user information storage unit 173, a temporary fingerprint image storage unit 174, and a data storage unit 175 are prepared. Is stored.

  The program storage unit 171 is an area for storing a program executed by the control unit 110. In the present embodiment, it is assumed that various application programs necessary for business use are stored in addition to a program for performing each process related to a user change of the mobile communication terminal 100.

  The terminal information storage unit 172 is an area for storing information unique to the mobile communication terminal 100 (for example, the serial number and telephone number of the terminal) and identification information (corporate ID) given based on a corporate contract. . In addition, it is assumed that address information and the like for communicating with the verification device 300 via the communication network NW are also stored in the terminal information storage unit 172 in advance.

  The user information storage unit 173 is an area for storing information about the current user of the mobile communication terminal 100. In this embodiment, in addition to a fingerprint image to be used in the fingerprint authentication function, identification information (user ID, etc.) given to the current user and information such as a password set by the user are stored in the user information. Stored in the unit 173.

  The fingerprint image temporary storage unit 174 temporarily stores the fingerprint image acquired by the sensor unit 160 for the next user when the user of the mobile communication terminal 100 is changed.

  The data storage unit 175 stores a file created by an application or the like. In the present embodiment, since the mobile communication terminal 100 is used for business purposes, business data necessary for employees of the business entity BB to perform business operations are stored in the data storage unit 175. .

  Here, a function realized by the control unit 110 executing the program stored in the program storage unit 171 will be described with reference to FIG. Here, functions implemented to perform an operation based on the fingerprint authentication function of mobile communication terminal 100 will be described. As illustrated, the control unit 110 functions as a fingerprint collation unit 111, a lock control unit 112, an authentication request unit 113, a user information update unit 114, and the like.

  The fingerprint collation unit 111 performs user authentication by the fingerprint authentication function by collating the fingerprint image acquired by the sensor unit 160 with the fingerprint image stored in the user information storage unit 173. The collation method is arbitrary, for example, collation is performed by comparing feature points of fingerprint images (feature point method).

  The lock control unit 112 controls the lock function of the mobile communication terminal 100 based on the collation result by the fingerprint collation unit 111. Here, if the acquired fingerprint image and the fingerprint image of the user information storage unit 173 do not match, each unit of the mobile communication terminal 100 is controlled, for example, the operation of the operation unit 130 is invalidated or data storage is performed. The lock function is enabled by prohibiting the display of the business data stored in the section 175. On the other hand, if the fingerprint images match, each unit is controlled so that all operations can be performed (unlocked).

  The authentication request unit 113 performs verification based on the fingerprint image acquired by the sensor unit 160 when the fingerprint image acquired by the sensor unit 160 and the fingerprint image stored in the user information storage unit 173 do not match. Request to 300. In the present embodiment, the acquired fingerprint image is stored in the fingerprint image temporary storage unit 174, and the fingerprint image is encrypted. The encryption method is arbitrary. For example, a device ID, a telephone number, a corporate ID stored in the terminal information storage unit 172, a user ID stored in the terminal information storage unit 172, or the like is used as a secret key or Encrypt using public key.

  In this case, the authentication request unit 113 cooperates with the communication control unit 120 to encrypt the fingerprint image, that is, the fingerprint image that does not match the fingerprint image currently stored in the user information storage unit 173 (hereinafter referred to as the fingerprint image). , “Reference fingerprint image”), and address information (telephone number and the like) for accessing the mobile communication terminal 100 stored in the terminal information storage unit 172 (hereinafter referred to as “terminal ID”) ) Or authentication request data including the user ID stored in the user information storage unit 173 is transmitted to the verification device 300 to request authentication based on the fingerprint image. Note that not only the verification fingerprint image but also the terminal ID and user ID may be encrypted.

  The user information update unit 114 updates the user information stored in the user information storage unit 173 based on the control signal received by the communication control unit 120. Here, in addition to rewriting the fingerprint image stored in the user information storage unit 173 with the fingerprint image stored in the temporary fingerprint image storage unit 174, the user information is stored by setting a password for a new user. Stored in the unit 173.

  In the present embodiment, each function shown in FIG. 3 is realized by the control unit 110 executing a program. For example, hardware such as an ASIC (Application Specific Integrated Circuit) These functions may be realized by the configuration.

  The above configuration is a configuration necessary for realizing the present invention, and other configurations necessary for basic functions and additional functions as a mobile communication terminal are provided as necessary. To do.

  Next, the configuration of the management apparatus 200 will be described with reference to FIG. FIG. 4 is a block diagram illustrating a configuration of the management apparatus 200. As illustrated, the management apparatus 200 includes a control unit 210, a communication control unit 220, an input unit 230, an output unit 240, a storage unit 250, and the like.

  The control unit 210 includes, for example, a CPU and a RAM, and controls each unit of the management device 200. In the present embodiment, each function for performing each process described later is realized by the control unit 210 executing the program.

  The communication control unit 220 includes, for example, a communication device such as a router or a NIC (Network Interface Card), and connects the management device 200 and the gateway GW to perform operations necessary for communication via the communication network NW.

  The input unit 230 includes, for example, an input device such as a keyboard or a pointing device, and inputs an input signal according to an operation of the administrator to the control unit 210.

  The output unit 240 is composed of an output device such as a display device or a printer, for example, and outputs the processing result of the control unit 210 and the like.

  The storage unit 250 includes a storage device such as a hard disk device, for example, and stores data, programs, and the like necessary for the operation of the management device 200. In the present embodiment, storage areas such as a program storage unit 251 and a user information storage unit 252 are prepared, and predetermined information is stored in each storage area.

  The program storage unit 251 stores a program executed by the control unit 210. In this embodiment, a program for realizing an operation of authenticating the user of the mobile communication terminal 100 is stored.

  The user information storage unit 252 stores information on employees of the business entity BB who are permitted to use the mobile communication terminal 100. An example of information stored in the user information storage unit 252 is shown in FIG. As shown in the figure, in the user information storage unit 252, for example, a table composed of records using identification information (user ID) uniquely assigned to each employee as a key is created. Includes a user name corresponding to the user ID, identification information of the mobile communication terminal 100 currently used (such as a serial number and a telephone number (terminal information)), and a fingerprint image acquired from the user. Image data and the like are recorded.

  Here, a function realized when the control unit 210 executes a program stored in the program storage unit 251 will be described with reference to FIG. Here, a description will be given of functions that are realized in order to perform an operation related to a user change of the mobile communication terminal 100. As shown in the figure, the control unit 210 functions as an authentication information search unit 211, a verification request unit 212, a verification request unit 212, a user information update unit 213, and the like.

  The authentication information search unit 211 searches the user information storage unit 252 for information necessary for user authentication of the mobile communication terminal 100 based on an input from the input unit 230 according to the operation of the administrator. In the present embodiment, based on the user ID input by the administrator and the terminal information (telephone number etc.) of the mobile communication terminal 100 to be changed, the fingerprint image of the person who applied for the user change and the mobile communication A user ID currently registered in the terminal 100 is searched from the user information storage unit 252.

  The collation request unit 212 is currently registered in the mobile communication terminal 100 with the fingerprint image searched by the authentication information search unit 211 (hereinafter referred to as “user fingerprint image”) in cooperation with the communication control unit 220. Collation request data including a user ID and a terminal ID (telephone number, etc.) are transmitted to the collation device 300, and collation with a collation fingerprint image provided from the mobile communication terminal 100 to the collation device 300 is requested.

  Here, the verification request unit 212 encrypts and transmits the user fingerprint image searched by the authentication information search unit 211. It is assumed that the encryption method is the same as that performed by the authentication request unit 113 of the mobile communication terminal 100. In this case, not only the user fingerprint image but also the user ID and the terminal ID may be encrypted.

  The user information update unit 213 updates the user information stored in the user information storage unit 252 based on the control signal transmitted from the verification device 300 in cooperation with the communication control unit 220. In the present embodiment, the user information is updated when the user of the mobile communication terminal 100 is changed by the collation of the fingerprint image by the collation device 300.

  In this embodiment, the functions shown in FIG. 6 are realized by the control unit 210 executing the program. However, these functions may be realized by a hardware configuration such as an ASIC, for example.

  Next, the configuration of the verification device 300 will be described with reference to FIG. FIG. 7 is a block diagram illustrating the configuration of the collation device 300. As illustrated, the collation device 300 includes a control unit 310, a communication control unit 320, an input unit 330, an output unit 340, a storage unit 350, and the like.

  The control unit 310 includes, for example, a CPU and a RAM, and controls each unit of the verification device 300. In the present embodiment, each function for performing each process described later is realized by the control unit 310 executing the program.

  The communication control unit 320 includes, for example, a communication device such as a router or a NIC (Network Interface Card), and connects the verification device 300 and the gateway GW to perform operations necessary for communication via the communication network NW. In the present embodiment, the operation of the communication control unit 320 receives authentication request data transmitted from the mobile communication terminal 100, verification request data transmitted from the management device 200, and the like via the communication network NW.

  The input unit 330 includes, for example, an input device such as a keyboard or a pointing device, and inputs an input signal according to an operation of the operator to the control unit 310.

  The output unit 340 is composed of, for example, an output device such as a display device or a printer, and outputs the processing result of the control unit 310 and the like.

  The storage unit 350 is configured by a storage device such as a hard disk device, for example, and stores data, programs, and the like necessary for the operation of the verification device 300. In the present embodiment, storage areas such as a program storage unit 351, a collation fingerprint image storage unit 352, and a user fingerprint image storage unit 353 are prepared, and predetermined information is stored in each storage area.

  The program storage unit 351 stores a program executed by the control unit 310. In the present embodiment, a program for performing an operation of authenticating the user of the mobile communication terminal 100 is stored.

  The verification fingerprint image storage unit 352 stores the authentication request data transmitted from the mobile communication terminal 100.

  The user fingerprint image storage unit 353 stores the verification request data transmitted from the management device 200.

  Here, a function realized when the control unit 310 executes a program stored in the program storage unit 351 will be described with reference to FIG. Here, a description will be given of functions that are realized in order to perform an operation related to a user change of the mobile communication terminal 100. As illustrated, the control unit 310 functions as a decoding unit 311, a matching unit 312, a control signal generation unit 313, a control signal transmission unit 314, and the like.

  The decryption unit 311 decrypts encrypted data (such as a fingerprint image) included in the authentication request data stored in the collation fingerprint image storage unit 352 and the collation request data stored in the user fingerprint image storage unit 353. To do. The decryption method corresponds to the encryption method performed by the mobile communication terminal 100 and the management apparatus 200, and if there is a secret key to be shared in advance, the contract between the authentication service provider and the business entity BB. It is assumed that it has been given and received in advance.

  The collation unit 312 collates the collation fingerprint image corresponding to the same user ID and the user fingerprint image, and determines whether or not they match, so that the collation fingerprint image transmitted from the mobile communication terminal 100 is obtained. It is determined whether the user is a legitimate user. The collation method is arbitrary, for example, collation is performed by comparing feature points of fingerprint images (feature point method).

  The control signal generation unit 313 generates a control signal according to the determination result of the verification unit 312. In the present embodiment, when the verification matches and it is authenticated that the user is a valid user, a control signal is generated that causes the mobile communication terminal 100 to execute an operation related to the user change of the mobile communication terminal 100. On the other hand, if the verification does not match and it cannot be authenticated that the user is a valid user, a control signal for the mobile communication terminal 100 is not generated. Moreover, the control signal production | generation part 313 produces | generates the control signal for updating the user information of the management apparatus 200, when collation corresponds.

  The control signal transmission unit 314 cooperates with the communication control unit 320 to transmit the control signal generated by the control signal generation unit 313 to the mobile communication terminal 100 that has transmitted the authentication request data. When a control signal for updating the user information of the management apparatus 200 is generated, the control signal is transmitted to the management apparatus 200.

  In the present embodiment, each function illustrated in FIG. 8 is realized by the control unit 310 executing a program. However, for example, these functions may be realized by a hardware configuration such as an ASIC.

  The operation of the authentication system 1 having the above configuration will be described below. In the present embodiment, a case where the user of the mobile communication terminal 100 used by the corporate contract of the business entity BB is changed will be described as an example. In this case, the user (previous user) of the mobile communication terminal 100 up to the present is user X, and the user (next user) to change is user Y. Therefore, the user information storage unit 173 stores the fingerprint image for the user X.

  Further, it is assumed that both the user X and the user Y are employees of the business entity BB. The mobile communication terminal 100 is assumed to be operable by the user Y, and the user X cannot operate the mobile communication terminal 100 (for example, the user X is in a remote location, retirement or other social It is assumed that the user X cannot be contacted for some reason).

  In such a situation, when the user of the mobile communication terminal 100 is to be changed from the user X to the user Y, the user is requested to change the user. This application is made by user Y who is a new user (next user). In this case, the user Y makes an application to the administrator using, for example, a local telephone of the business unit BB. At the time of application, the user Y notifies the administrator of the user ID and name (hereinafter referred to as “employee information”) as information indicating himself / herself, and also indicates the mobile communication terminal 100 that the user wants to change. Inform the administrator of information such as numbers (hereinafter referred to as “terminal information”).

  The administrator operates the management apparatus 200 to input employee information and terminal information transmitted from the user Y, and instructs the user Y to perform fingerprint authentication on the mobile communication terminal 100. In this embodiment, it is assumed that there is a time limit for applying the fingerprint authentication operation after the application, and the administrator instructs the user Y to perform fingerprint authentication within this time limit.

  The operations of the mobile communication terminal 100, the management device 200, and the verification device 300 after the above procedure is performed will be described below.

  First, the verification request process executed by the management apparatus 200 operated by the administrator according to the application from the user Y will be described. This verification request process is started when the administrator inputs employee information and terminal information to the management apparatus 200 when the user Y applies for a user change. This collation request process will be described with reference to the flowchart shown in FIG.

  When the process is started, the authentication information search unit 211 accesses the user information storage unit 252 and searches for a record using the user ID of the user Y input from the input unit 230 as a key (step S101). .

  Here, when the notified user ID is not registered in the user information storage unit 252 (step S102: No), the person who made the user change application is permitted to use the mobile communication terminal 100. Not a person. Therefore, since the user cannot be changed to such a person, the processing is ended as it is.

  On the other hand, when a record using the input user ID as a key is searched (step S102: Yes), the authentication information search unit 211 acquires fingerprint image data stored in the record (step S103).

  Next, the authentication information search unit 211 searches the user information storage unit 252 based on the terminal ID (telephone number or the like) of the mobile communication terminal 100 input from the input unit 230, and the terminal ID is registered. The user ID (that is, the ID of the user X) that is the key of the existing record is acquired (step S104).

  The authentication information search unit 211 includes the fingerprint image data of the user Y acquired in step S103 and the user ID thereof, the user ID of the user X acquired in step S104, and the input terminal of the mobile communication terminal 100. The ID is handed over to the verification request unit 212. The verification request unit 212 encrypts the fingerprint image data delivered from the authentication information search unit 211 to generate verification request data (step S105), transmits the verification request data to the verification device 300 via the communication control unit 220, and ends the process. (Step S106). Through this process, the verification device 300 is requested to authenticate based on the acquired fingerprint image of the user Y.

  Next, an operation executed by the mobile communication terminal 100 operated by the user Y who has applied for the user change will be described. In the present embodiment, the following description will be made on the assumption that the lock function based on fingerprint authentication is valid in each of the mobile communication terminals 100 used by the business entity BB.

  First, the user Y tries fingerprint authentication at the mobile communication terminal 100 within a predetermined time in accordance with an instruction from the administrator. In this case, an operation on the mobile communication terminal 100 is performed by pressing any key of the operation unit 130 or the like. In this case, some input signal is input to the control unit 110 from the operation unit 130, and the control unit 110 starts user authentication processing for authenticating the user of the mobile communication terminal 100, triggered by this input. This user authentication process will be described with reference to the flowchart shown in FIG.

  When processing is started, the lock control unit 112 displays a screen (scanning guide screen) for instructing the user to scan the fingerprint with the sensor unit 160 in order to obtain a fingerprint image necessary for fingerprint authentication. (Step S201). It is assumed that a message indicating that the lock function of the mobile communication terminal 100 is enabled, a message that a fingerprint needs to be scanned for unlocking, and the like are displayed on the scan guidance screen.

  When the user (user Y) scans his / her fingertip with the sensor unit 160 in accordance with the screen, a fingerprint image is obtained by the sensor unit 160 and input to the control unit 110. When the fingerprint image is acquired in this way (step S202), the fingerprint collation unit 111 holds the input fingerprint image in a RAM or the like, and also stores fingerprint image data (registration) stored in the user information storage unit 173. A fingerprint image) is read and collated (step S203).

  In this case, the fingerprint verification unit 111 verifies the similarity between the fingerprint image acquired by the sensor unit 160 and the fingerprint image registered in advance at a plurality of positions by, for example, feature point matching or the like. It is determined whether the fingerprint images match (step S204).

  Here, if the user X uses the mobile communication terminal 100 instead of the user change that is the premise of the current process, the fingerprint image acquired by the sensor unit 160 and the registered fingerprint image are displayed. Since they match (step S204: Yes), the lock control unit 112 releases the lock (step S208), and the process ends.

  On the other hand, when the fingerprint of the user Y is scanned to change the user, it does not match the registered fingerprint image of the user X (step S204: No). In this case, the authentication request unit 113 operates and stores the fingerprint image acquired in step S203 in the temporary fingerprint image storage unit 174 (step S205).

  Next, the authentication request unit 113 accesses the terminal information storage unit 172 to acquire identification information (telephone number or the like) that is an address of the mobile communication terminal 100, and also accesses the user information storage unit 173, The currently registered user ID (that is, the ID of user X) is acquired. Then, the fingerprint image (collation fingerprint image) stored in the fingerprint image temporary storage unit 174 is encrypted to generate authentication request data (step S206), and is transmitted to the collation device 300 via the communication control unit 120 to complete the process. (Step S207). Through this process, the verification device 300 is requested to authenticate based on the acquired fingerprint image of the user Y.

  As described above, when the user of the mobile communication terminal 100 is changed, each of the fingerprint image acquired by the mobile communication terminal 100 and the fingerprint image registered in the management device 200 is transmitted to the verification device 300. . The collation device 300 executes a fingerprint image collation process for collating fingerprint images transmitted from the mobile communication terminal 100 and the management device 200. This fingerprint image matching process will be described with reference to the flowchart shown in FIG. For example, this fingerprint image collation process is started when the collation request data transmitted from the management apparatus 200 is received.

  When the processing is started, first, the decryption unit 311 decrypts the encrypted information (fingerprint image data, etc.) in the received verification request data, and starts timing by the operation of the timer circuit of the control unit 310 or the like. (Step S301). This timing is executed in order to perform the user change process within the set time limit by starting from the reception of the verification request data transmitted in response to the input by the administrator at the management apparatus 200. .

  When the decryption unit 311 stores the decrypted verification request data in the user fingerprint image storage unit 353 (step S302), the decryption unit 311 waits for the arrival of the authentication request data transmitted from the mobile communication terminal 100 (step S303). Here, when the authentication request data is not received within the set time limit due to the time measurement started in step S301 (step S303: No, step S304: Yes), the fingerprint authentication operation by the user Y is performed within the time limit. Since it was not done, the user change application is cancelled. In this case, the collation request data stored in the user fingerprint image storage unit 353 in step S302 is deleted (step S312), and the process ends.

  On the other hand, when the authentication request data is received from the mobile communication terminal 100 within the time limit (step S304: No, step S303: Yes), the decryption unit 311 encrypts the received authentication request data (fingerprint). The image data and the like are decoded (step S305) and stored in the collation fingerprint image storage unit 352 (step S306).

  When the authentication request data is stored in the verification fingerprint image storage unit 352, the verification unit 312 displays the verification request data with the same user ID as the user ID included in the authentication request data as the user fingerprint image. Whether it is stored in the storage unit 353 is searched (step S307). In the present embodiment, since the verification request data is transmitted to the verification device 300 in response to an input to the management device 200 by the administrator, the authentication request data from the mobile communication terminal 100 operated by the user Y thereafter is used. This means that it has already arrived at the collation device 300. Therefore, if the authentication request data is transmitted through a regular user change application, the verification request data with the same user ID as the user ID included therein is already stored in the user fingerprint image. It is stored in the part 353.

  For this reason, when there is no verification request data having the same user ID as the authentication request data received from the mobile communication terminal 100 in the user fingerprint image storage unit 353 (step S307: No), a regular user change application is applied. The authentication request data stored in the collation fingerprint image storage unit 352 in step S306 is deleted (step S312), and the process ends.

  On the other hand, when collation request data having the same user ID is stored in the user fingerprint image storage unit 353 (step S307: Yes), the collation unit 312 includes both the corresponding authentication request data and the collation request data. The included fingerprint image data is acquired and collated (step S308).

  Here, if the person who scanned the fingerprint with the mobile communication terminal 100 is the user Y registered in the management apparatus 200, the fingerprint images will match, but not the user Y but the business BB. If a fingerprint image of a person who is not an employee has been transmitted, the fingerprint collation does not match (step S309: No). In this case, for example, there is a possibility that a person impersonating the user Y has made a user change application, so the user change in the mobile communication terminal 100 should not be performed. Therefore, both the authentication request data stored in the verification fingerprint image storage unit 352 and the verification request data stored in the user fingerprint image storage unit 353 are deleted (step S312), and the process ends.

  On the other hand, when the collation between the fingerprint image transmitted from the management apparatus 200 and the fingerprint image transmitted from the mobile communication terminal 100 matches (step S309: Yes), the collation unit 312 informs the control signal generation unit 313. Notify

  The control signal generation unit 313 generates a control signal for changing the user information of the mobile communication terminal 100 and the management apparatus 200 in response to the notification from the verification unit 312 (step S310). Here, as a control signal for the mobile communication terminal 100, the fingerprint image data stored in the user information storage unit 173 of the mobile communication terminal 100 is rewritten to the fingerprint image data stored in the temporary fingerprint image storage unit 174. A control signal to be generated is generated. Further, the user ID of the user Y and the terminal ID of the mobile communication terminal 100 are extracted from the information included in the received verification request data as a control signal for the management apparatus 200, and the terminal ID of the terminal ID is extracted. A control signal for changing the user to the user Y is generated.

  The control signal generation unit 313 passes the generated control signal to the control signal transmission unit 314. The control signal transmission unit 314 controls the communication control unit 320 and transmits the generated control signal to each of the mobile communication terminal 100 and the management device 200 (step S311). Here, it is assumed that the mobile communication terminal 100 is transmitted based on the address information included in the authentication request data received from the mobile communication terminal 100, and the management device 200 is preliminarily verified. Assume that transmission is performed based on the address information of the management apparatus 200 possessed by 300.

  When the control signal is transmitted, the control signal transmission unit 314 accesses each of the verification fingerprint image storage unit 352 and the user fingerprint image storage unit 353, and deletes the stored authentication request data and verification request data (step S312), the process is terminated.

  Next, the operation of mobile communication terminal 100 that has received the control signal transmitted from verification device 300 will be described. That is, this is an operation performed by the mobile communication terminal 100 when the verification device 300 authenticates that the user Y is a valid person as the next user. In this case, the mobile communication terminal 100 executes user change processing for changing the user. This user change process will be described with reference to the flowchart shown in FIG. The user change process is started when the communication control unit 120 receives the control signal transmitted from the verification device 300 and inputs the control signal to the control unit 110.

  Thus, when a control signal is input to the user information update unit 114, the lock control unit 112 is instructed to release the lock. The lock control unit 112 releases the lock function by controlling each unit of the mobile communication terminal 100 in accordance with an instruction from the user information update unit 114 (step S401). That is, since the control signal is transmitted from the verification device 300 only when the user Y who scanned the fingerprint is authenticated as a valid user, the user Y who currently holds the mobile communication terminal 100 Release the lock to perform the operation.

  When unlocking is performed by the lock control unit 112, the user information updating unit 114 displays a user information input screen for allowing the user to input user information about the new user on the display unit 140. (Step S402). On this user information input screen, a text box for inputting a user ID and password of a new user (user Y) is arranged, and the user Y operates the operation unit 130. Then enter your user ID and password.

  When the user ID and password are input from the user information input screen, the user information update unit 114 accesses the user information storage unit 173 and uses the stored user ID and password as input. Change (step S403). That is, the user ID and password of user Y are updated to the user ID and password of user Y.

  When the user ID and password are updated, the user information update unit 114 accesses the fingerprint image temporary storage unit 174 and acquires the stored fingerprint image of the user Y. Then, the fingerprint image of the user X stored in the user information storage unit 173 is rewritten to the acquired fingerprint image of the user Y (step S404). As a result, the updated user ID and password of the user Y and the fingerprint image of the user Y are associated with each other and stored in the user information storage unit 173.

  When the fingerprint image is rewritten, the user information update unit 114 deletes the fingerprint image in the temporary fingerprint image storage unit 174 (step S405) and ends the process.

  In this way, only when the next user is a legitimate user, the fingerprint image used for fingerprint authentication is updated to the next user, and the mobile communication terminal 100 is used by the next user. Can do.

  When a user change is made at the mobile communication terminal 100, the user information recorded in the management apparatus 200 needs to be updated. User information update processing executed by the management apparatus 200 in order to update user information will be described with reference to FIG. This user information update process is started when the communication control unit 220 receives the control signal transmitted from the verification device 300 and inputs it to the control unit 210.

  When the process is started, the user information update unit 213 accesses the user information storage unit 252, and the terminal ID (for example, telephone number) included in the received control signal is recorded in the “terminal information”. The record that is being searched is searched (step S501).

  Here, since the terminal ID included in the control signal is the terminal ID included in the verification request data transmitted from the management apparatus 200 to the verification apparatus 300, the record in which the terminal ID is recorded is the user X. It will be a record of. Since the control signal from the verification device 300 is transmitted only when the user change of the mobile communication terminal 100 is authenticated, when the control signal is received, it is necessary to use the changed user information. Therefore, the user information update unit 213 first deletes the terminal information from the retrieved record of the user X (step S502).

  Next, the user information update unit 213 searches the user information storage unit 252 for a record of the user ID of the user Y included in the received control signal (step S503). Then, the terminal information deleted in step S502 is recorded in the retrieved record of user Y (step S504), and the process ends.

  By such processing, the user change of the mobile communication terminal 100 is reflected in the user information of the management apparatus 200, and the subsequent user change can be appropriately performed.

  As described above, according to the first embodiment, when the mobile communication terminal 100 having the fingerprint authentication function is shared by employees of the business entity, the fingerprint of the current user (previous user) is used. Even if the authentication cannot be performed, the change to the next user can be performed easily and efficiently.

  In this case, the collation apparatus 300 that provides a collation service between the fingerprint image registered in the management apparatus 200 of the business entity that directly manages the user information and the fingerprint image acquired by the mobile communication terminal 100. Since verification is performed in step 1, authentication can be performed while eliminating fraudulent acts or the like within the business entity.

  In addition, not only the user ID of the authorized user registered in the management apparatus 200 but also the person who is not permitted to use because the authentication is performed by collating the fingerprint image acquired from the mobile communication terminal 100. Unauthorized user changes due to spoofing can be eliminated.

  Since each of the mobile communication terminal 100, the management device 200, and the verification device 300 is connected via the communication network NW and authentication is performed by mutual communication between these, even if the user and the administrator are separated, Users can be changed immediately. The data such as the fingerprint image communicated here is encrypted, and the data transmitted to the verification device 300 is deleted after the authentication, so that the confidentiality of the fingerprint data which is personal information is maintained efficiently. User changes can be made.

  In addition, if the authentication is not performed by fingerprint authentication at the mobile communication terminal 100, the acquired fingerprint image is automatically transmitted to the verification device 300. Therefore, the person who applied for the user change only needs to scan the fingerprint. No complicated operation is required. Further, even if the mobile communication terminal 100 scans the fingerprint, if the user change application has not been made, the control signal is not transmitted from the verification device 300 and the locked state of the mobile communication terminal 100 is maintained. The user can be changed efficiently while the lock function is enabled.

(Embodiment 2)
In the first embodiment, authentication is performed by collating fingerprint images with the collation apparatus 300 of the provider providing the authentication service. However, the management apparatus 200 may be provided with the function of the collation apparatus 300. In this case, the management device 200 alone functions as an authentication device for authenticating the user of the mobile communication terminal 100.

  In this configuration, the mobile communication terminal 100 transmits the acquired fingerprint image or the like of the next user to the management apparatus 200, and collates it with a fingerprint image registered in advance in the management apparatus 200. As a result, if the user can be authenticated, a control signal generated by the verification device 300 is generated by the management device 200 and transmitted to the mobile communication terminal 100, so as in the first embodiment. The user of the mobile communication terminal 100 can be changed. Moreover, if the collation results do not match, the control signal is not transmitted, so that the locked state in the mobile communication terminal 100 is maintained.

  According to such a configuration, since there is no need to provide fingerprint data or the like to the outside, personal information can be protected more reliably, and authentication can be performed only by the operation of the management apparatus 200 operated by the administrator. As a result, the user can be changed more quickly.

  As described above, according to each of the above embodiments of the present invention, the user change of the shared mobile communication terminal can be easily and efficiently performed using the biometric information used for fingerprint authentication or the like. It is possible to make changes to those who are permitted to use it.

  The said embodiment is an example and the application range of this invention is not restricted to this. That is, various applications are possible, and all embodiments are included in the scope of the present invention.

  In the above embodiment, fingerprint authentication is exemplified as biometric authentication. However, as long as biometric information can be transmitted and received, any biometric authentication may be applied without being limited to fingerprint authentication.

  In the above embodiment, the control signal for updating the user information is transmitted only when the user is authenticated. However, the control signal may be transmitted even when the user is not authenticated. In this case, for example, the mobile communication terminal 100 that has received the control signal when it has not been authenticated may display that the user change application has not been authenticated.

  It should be noted that, like the mobile communication terminal 100 described above, a program can be provided to a mobile communication terminal that does not have these functions as well as can be provided as a mobile communication terminal that has the functions for realizing the present invention in advance. By applying, it can be made to function as a mobile communication terminal according to the present invention. In this case, a computer (CPU or the like) that controls the mobile communication terminal by applying a program for executing each process of the mobile communication terminal 100 described above to at least a mobile communication terminal equipped with biometric authentication. By executing the program, it can function as a mobile communication terminal according to the present invention.

  In addition, the management device 200 and the collation device 300 of the above embodiment can be realized by a general-purpose device such as a workstation or a personal computer by applying a program as well as being configured by a dedicated device. . In this case, the management unit 200 is configured by applying (installing) the program executed by the control unit 210 or the control unit 310 described above to a general-purpose device, and executing the program to which the computer (CPU or the like) of the general-purpose device is applied. Or the collation device 300 can be made to function.

  The application method of such a program is arbitrary. For example, the program can be applied to an arbitrary device by providing it via a communication medium such as the Internet, or a predetermined recording medium (for example, a memory card, a CD-ROM, a DVD, Etc.) can also be applied by storing and distributing the program.

It is a figure which shows the structure of the authentication system concerning embodiment of this invention. It is a block diagram which shows the structure of the mobile communication terminal shown in FIG. It is a functional block diagram which shows the function structure implement | achieved by the control part shown in FIG. It is a block diagram which shows the structure of the management apparatus shown in FIG. It is a figure which shows the example of the information stored in the user information storage part shown in FIG. It is a functional block diagram which shows the function structure implement | achieved by the control part shown in FIG. It is a block diagram which shows the structure of the collation apparatus shown in FIG. It is a functional block diagram which shows the function structure implement | achieved by the control part shown in FIG. It is a flowchart for demonstrating the collation request | requirement process concerning embodiment of this invention. It is a flowchart for demonstrating the user authentication process concerning embodiment of this invention. It is a flowchart for demonstrating the fingerprint image collation process concerning embodiment of this invention. It is a flowchart for demonstrating the user change process concerning embodiment of this invention. It is a flowchart for demonstrating the user information change process concerning embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Authentication system, NW ... Communication network, BS ... Base station, GW ... Gateway, 100 ... Mobile communication terminal, 110 ... Control part, 111 ... Fingerprint verification part, 112 ... Lock control part, 113 ... Authentication request part, 114 User information update unit, 120 ... Communication control unit, 121 ... Antenna, 130 ... Operation unit, 140 ... Display unit, 150 ... Audio processing unit, 151 ... Speaker, 152 ... Microphone, 160 ... Sensor unit, 170 ... Storage unit 171: Program storage unit 172 Terminal information storage unit 173 User information storage unit 174 Fingerprint image temporary storage unit 175 Data storage unit 200 Management device 210 Control unit 211 Authentication information Retrieval unit, 212 ... verification request unit, 213 ... user information update unit, 220 ... communication control unit, 230 ... input unit, 240 ... output unit, 250 ... storage unit, DESCRIPTION OF SYMBOLS 51 ... Program storage part, 252 ... User information storage part, 300 ... Collation apparatus, 310 ... Control part, 311 ... Decoding part, 312 ... Collation part, 313 ... Control signal generation part, 314 ... Control signal transmission part, 320 ... Communication control unit, 330 ... input unit, 340 ... output unit, 350 ... storage unit, 351 ... program storage unit, 352 ... collation fingerprint image storage unit, 353 ... user fingerprint image storage unit

Claims (12)

An authentication system comprising a mobile communication terminal having a biometric authentication function and an authentication device connected to the mobile communication terminal via a communication network,
The authentication device
Authentication information acquisition means for acquiring biometric authentication information of a person who can use the mobile communication terminal in common;
Based on the biometric authentication information received by the mobile communication terminal from the mobile communication terminal via the communication network and the biometric authentication information acquired by the authentication information acquisition means, the planned use person And authenticating means for authenticating the legitimacy of
The mobile communication terminal is
Biometric authentication information storage means for storing biometric authentication information used for the biometric authentication function of the mobile communication terminal;
Authentication information transmitting means for acquiring biometric authentication information of the prospective user and transmitting it to the authentication device via the communication network;
Biometric authentication information updating means for updating the biometric authentication information stored in the biometric authentication information storage means to the biometric authentication information of the prospective user when the authentication device authenticates the legitimate user. ,
An authentication system characterized by that. A mobile communication terminal having a biometric authentication function,
User information storage means for storing biometric authentication information used for the biometric authentication function;
A biometric authentication information different from the biometric authentication information stored in the user information storage means is acquired, and a communication network is connected to an authentication device in which the biometric authentication information of a person who can use the mobile communication terminal in common is registered. An authentication requesting means for transmitting and requesting authentication;
User information update means for rewriting the biometric authentication information stored in the user information storage means to the acquired biometric authentication information when authenticated by the authentication device;
A mobile communication terminal characterized by that. Further comprising biometric information storage means for temporarily storing the acquired biometric information,
The user information update means updates the biometric information stored in the user information storage means by rewriting the biometric information stored in the biometric information storage means.
The mobile communication terminal according to claim 2. The authentication requesting unit transmits the acquired biometric authentication information to the authentication device when the biometric authentication information acquired by the biometric authentication function and the biometric authentication information stored in the user information storage unit do not match. ,
The mobile communication terminal according to claim 2, wherein the mobile communication terminal is a mobile communication terminal. A control signal receiving means for receiving a control signal to be transmitted when the authentication device authenticates,
The user information update means updates information in the user information storage means when the control signal receiving means receives a control signal.
The mobile communication terminal according to claim 2, wherein the mobile communication terminal is a mobile communication terminal. The authentication request unit further includes an encryption unit that encrypts the acquired biometric authentication information.
The mobile communication terminal according to claim 2, wherein the mobile communication terminal is a mobile communication terminal. Authenticates a user of the mobile communication terminal, comprising: a management device that manages user information of a mobile communication terminal having a biometric authentication function; and a verification device that verifies biometric authentication information used for the biometric authentication function. An authentication device for
The management device
User information storage means for storing biometric authentication information of each person who can use the mobile communication terminal in common;
Authentication information transmitting means for obtaining biometric authentication information about the prospective user of the mobile communication terminal from the usable person information storage means and transmitting it to the verification device via a communication network;
The verification device is
First authentication information receiving means for receiving biometric authentication information transmitted by the management device via the communication network;
Second authentication information receiving means for receiving biometric authentication information about the intended user acquired by the mobile communication terminal via a communication network;
An authentication unit that verifies the biometric authentication information received by the first authentication information receiving unit and the biometric authentication information received by the second authentication information receiving unit, and authenticates the legitimacy of the intended user;
When the validity of the use schedule user has been authenticated by the authentication unit, the biometric authentication information used for the biometric authentication function generates a control signal for switching to one of said use prospective, the movable body through the communication network Control signal transmission means for transmitting to the communication terminal,
An authentication apparatus characterized by that. The verification device is
An authentication information storage means for temporarily storing biometric authentication information received by the first authentication information receiving means;
The authentication unit deletes the biometric authentication information used for the authentication operation from the authentication information storage unit after the authentication operation.
The authentication apparatus according to claim 7. The authentication information transmission means of the management device comprises an encryption means for encrypting information to be transmitted to the authentication device,
The first authentication information receiving means of the verification device includes a decoding means for decoding information transmitted from the management device,
The authentication apparatus according to claim 7 or 8, wherein An authentication device for authenticating a user of a mobile communication terminal having a biometric authentication function,
User information storage means for storing biometric authentication information of each person who can use the mobile communication terminal in common;
Authentication information receiving means for receiving biometric authentication information about a prospective user acquired by the mobile communication terminal via a communication network;
An authentication unit that verifies the biometric authentication information stored in the usable person information storage unit and the biometric authentication information received by the authentication information receiving unit to authenticate the legitimacy of the intended user;
When the validity of the use schedule user has been authenticated by the authentication unit, the biometric authentication information used for the biometric authentication function generates a control signal for switching to one of said use prospective, the movable body through the communication network Control signal transmission means for transmitting to the communication terminal,
An authentication apparatus characterized by that. In a computer that controls a mobile communication terminal having a biometric authentication function,
A function of storing biometric authentication information used for the biometric authentication function;
The biometric authentication information different from the stored biometric authentication information is acquired, and transmitted via a communication network to the authentication device in which the biometric authentication information of a person who can use the mobile communication terminal in common is registered for authentication. A function that requires
A function of rewriting the stored biometric authentication information to the acquired biometric authentication information when authenticated by the authentication device;
A program characterized by realizing. On the computer,
A function of acquiring biometric authentication information of a person scheduled to use the mobile communication terminal from a storage device storing biometric authentication information of each person who can use the mobile communication terminal having a biometric authentication function;
A function of acquiring biometric authentication information of the intended user of the mobile communication terminal from the mobile communication terminal;
A function for verifying the legitimacy of the intended user by checking biometric authentication information acquired from the storage device and biometric authentication information acquired from the mobile communication terminal;
A function for transmitting a control signal for switching biometric authentication information used for the biometric authentication function to the mobile communication terminal when authenticating the intended user;
A program characterized by realizing.

Images