JP6892950B1 - Authentication system, terminal equipment, program and authentication management communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To easily, surely and permanently confirm an identity, and when a user authentication itself is locked due to an input error or unauthorized use, an important procedure for releasing the lock. To provide an authentication system that can be used for identity verification. An authentication server device 10 is based on the identification information when an input biometric information indicating a user ID and biometric information of a lock target user is received when the lock state is set by a lock control process. When the database 150 is searched and it is determined that at least one of the reference biometric information corresponding to the user ID and the input biometric information are the same, the unlocking process for unlocking the authentication process by the locked user is performed. Has a configuration to execute. [Selection diagram] Fig. 5

Description

The present invention relates to an authentication system, a terminal device, a program, an authentication management communication system, and the like.

Conventionally, an authentication system that authenticates a user using biological information such as a fingerprint, an iris in the pupil, or a face shape has been known.

In particular, recently, as a biometric authentication system, a system for achieving both security and convenience of electronic money payment is known.

For example, such a biometric authentication device includes an ID acquisition unit that acquires a user's first ID, a biometric information acquisition unit that acquires a user's second biometric information, and a user's first ID and first. The user is authenticated by referring to the first biometric information table associated with the biometric information in advance and collating the first biometric information associated with the acquired first ID with the second biometric information. It has a configuration including a certification unit (for example, Patent Document 1).

JP-A-2019-67075

However, in the system described in Patent Document 1, since the biometric information initially registered and the input biometric information are simply collated, it is physically physical with the passage of time such as aging. If the characteristics change, the reference biometric information and the input biometric information do not match, and even the person himself / herself may be denied authentication.

The present invention has been made to solve the above problems, and an object of the present invention is to be able to easily, surely, and permanently verify an identity, and to authenticate a user due to an input error or unauthorized use. The purpose is to provide an authentication system and its program that can be used for identity verification, which is an important procedure for releasing the lock when it is locked.

(1) In order to solve the above problems, the present invention
An authentication system that authenticates each user
For each user, identification information that identifies the user, reference biometric information in which a plurality of biometric information of the same type that changes over time of each user but at different timings of data conversion are sequentially registered, and standard biometric information for each user. A management means for managing a database in which the key information set in is associated with the reference key information used for authentication and registered in advance as registration information, and
A receiving means for receiving the input information input by each user, and
When executing the authentication of a specific user, the database is searched based on the identification information included in the received input information, and the reference key information corresponding to the identification information and the received input information are included. An authentication processing means that executes an authentication process for the specific user based on the input key information indicating the key information to be obtained.
If the authentication of the specific user is determined to be unsuccessful by the authentication process and the given conditions are satisfied, the execution of the authentication process after the specified conditions are satisfied by the specific user is refused. Lock control means to lock
When the identification information of the locked target user indicating the user whose authentication process is locked and the input biometric information indicating the biometric information are received as the input information, the database is based on the identification information of the locked user. Is searched, and at least one of the reference biometric information corresponding to the identification information or the model information indicating the model of the biometric information generated based on the reference biometric information is compared with the input biometric information of the locked user. Comparison processing means to execute comparison processing and
When it is determined by the comparison process that at least one of the reference biometric information or the model information and the input biometric information are the same, the unlocking means for unlocking the authentication process by the lock target user.
Has a configuration.

With this configuration, the present invention can easily, reliably, and permanently verify the identity, and even when the user authentication itself is locked due to continuous input error or unauthorized use. Use biometrics for identity verification, which is an important procedure for unlocking without having to reissue the reference key information and the associated procedures, or other methods such as identity verification by calling. Can be done.

In particular, in the present invention, the identity can be confirmed by the biometric information registered at different timings without being fixed to the biometric information registered at the beginning, so that the biometric information can be obtained even if the biometric information is aged due to aging or changes in circumstances. Even if the situation is different from when it was first registered, you can accurately verify your identity.

Therefore, the present invention can reliably and permanently verify the identity, reduce the complicated work of the user and the authentication administrator in the identity verification, and improve the convenience of the user and the authentication administrator. Can be made to.

The "biological information" refers to information having physical characteristics of a person such as a face, a fingerprint, a vein pattern, an iris, and a voice, and which can distinguish an individual person.

Further, the "key information" includes, for example, information for identifying the user himself / herself, information about the user, and the like, in addition to information for identifying the user from other users such as a user name, a password, and symbol information. ..

The "registered information" includes, for example, identification information and reference biometric information, as well as identification information (hereinafter, "second identification information") different from the identification information (hereinafter, "first identification information"). ), User attribute information such as address, telephone number, e-mail address, driver's license number for automobiles, passport number, etc., or both may be registered.

Further, the "given condition" includes, for example, that the authentication of the user more than a predetermined number of times (including once) has failed, and that the authentication using other information has failed.

Further, in the "comparison process", for example, a process of determining the identity of each of a plurality of biometric information registered as reference biometric information and the input biometric information, or a model information indicating a model of the biometric information is input. One of the processes for determining the identity of biometric information is included.

In addition to the above, the "model information indicating a model of biometric information generated based on the reference biometric information" is, for example, a face area from each reference biometric information stored in association with the corresponding user ID. While extracting, the image feature amount of the extracted face area is, for example, artificial intelligence (AI: Ar).
It refers to the information of the user's face model generated by machine learning such as tificial Intelligent).

In addition, "when it is determined by the comparison process that any of the reference biometric information and the input biometric information are the same" is, in principle, at least one living body among the plurality of biometric information registered as the reference biometric information. It is shown that the information and the input biological information match in terms of the feature amount. However, in the same case, not only the feature amounts of the biometric information of the reference biometric information and the input biometric information are completely matched, but also when they match at a certain ratio or more (for example, 90% or more), or when there are a plurality of reference biological bodies It also includes a case where model data based on the feature amount of the biometric information is created by the information, and the feature amount of the model data and the input biometric information match (including an exact match) by a certain ratio or more.

Furthermore, regarding the above "when it is determined that they are the same by the comparison process ...", the minimum condition is that any of the reference biometric information and the input biometric information match, and in addition to this condition. It may include other conditions such as matching information indicating the lock status and information about the user.

(2) Further, the present invention
Further provided with a registration means for registering the newly input input biometric information in the database at a given timing.
The comparison processing means
Each time the identification information and the input biometric information input by each user including the lock target user are received, the database is searched based on the received identification information, and the reference biological body corresponding to the identification information is searched. Perform the comparison process to compare at least one of the information or the model information with the input biometric information.
The registration means
When it is determined by the comparison process that at least one of the reference biometric information or the model information and the input biometric information are the same, the input biometric information is associated with the identification information used in the comparative process. It has a structure to be additionally registered as the specified reference biometric information.

With this configuration, the present invention can register the biological information in which the feature amount related to the living body is sequentially updated in association with the reference biological information. Therefore, the latest biological information can be used as the reference biological information for unlocking from the next time onward. Can be done.

Therefore, the present invention can accurately confirm the identity of the user in response to changes in the human body over time.

The "given timing" includes, for example, a timing determined in advance by an administrator such as every year, an execution timing of authentication processing (for example, every few times), and a randomly set timing. Is done.

(3) Further, the present invention
The lock control means
When the lock is locked, the lock status information indicating the lock status is provided to the lock target user, and the lock status information is used as the reference lock status information in the database in association with the identification information of the lock target user. Register and
The comparison processing means
When the input lock status information indicating the provided lock status information is received as the input information together with the identification information and the input biometric information, the identification information corresponding to the identification information of the lock target user is associated with the identification information. The comparison process for determining whether or not the reference lock status information that matches the input lock status information is registered in the database is executed, and the comparison process is executed.
The unlocking means
By the comparison process, it is determined that at least one of the reference biometric information or the model information and the input biometric information are the same, and the reference lock status information that matches the input lock status information is registered in the database. It has a configuration that unlocks the authentication process by the locked target user when it is determined that the information has been set.

With this configuration, the present invention can perform more reliable identity verification using the situation where the authentication process is locked.

The lock status information includes, for example,
(A1) The date and time when the authentication lock occurred, the period from the previous authentication process, the period after the authentication of the previous authentication process and after logging out to the network service enjoyed based on the authentication process, or the authentication process. Timing that meets certain conditions, such as the period from registration to enjoy the services of (eg, from the registration of the first reference biometric information).
(A2) How many times the authentication process caused the lock, the number of times the authentication process lock has occurred, the staying time of the web page (web page for executing the authentication process) where the authentication process lock has occurred, etc. The status such as the transition of the Web page that has been passed through up to that point, or the type of network service that you plan to enjoy based on the authentication process, and
(A3) Web page where the authentication process is locked, or an error code such as information entered in the locked authentication process,
Etc. are included.

(4) Further, the present invention
User information about each user is stored in the database as reference user information in association with the identification information.
The comparison processing means
When the input user information indicating the user information is received as the input information together with the identification information and the input biometric information, the input user is associated with the identification information matching the identification information of the lock target user. The comparison process for determining whether or not the reference user information that matches the information is registered in the database is executed, and the comparison process is executed.
The unlocking means
It is determined by the comparison process that at least one of the reference biometric information or the model information and the input biometric information are the same, and user information that matches the user information received in the database is registered. When it is determined that the information is determined, the lock target user unlocks the authentication process.

With this configuration, the present invention can perform more reliable identity verification using user information.

The user information includes, for example, the user's date of birth, address, telephone number, driver's license number of a car, passport number, my number, and the like, and is text information. It may be the information of the image.

In particular, when image data is used for user information, it is sufficient to determine match and disagreement by analyzing the image when executing the comparison process.

(5) Further, the present invention
Both the input biometric information and the reference biometric information have a structure in which the information is related to a facial image.

With this configuration, the present invention can enhance the distinctiveness from other users and perform more reliable identity verification.

(6) Further, in order to solve the above problems, the present invention
A program that authenticates each user
For each user, identification information that identifies the user, reference biometric information in which a plurality of biometric information of the same type that changes over time of each user but at different timings of data conversion are sequentially registered, and standard biometric information for each user. A management means for managing a database in which the key information set in is associated with the reference key information used for authentication and registered in advance as registration information.
Receiving means for receiving the input information input by each user,
When executing the authentication of a specific user, the database is searched based on the identification information included in the received input information, and the reference key information corresponding to the identification information and the received input information are included. An authentication processing means that executes an authentication process for the specific user based on the input key information indicating the key information to be obtained.
If the authentication of the specific user is determined to be unsuccessful by the authentication process and the given conditions are satisfied, the execution of the authentication process after the specified conditions are satisfied by the specific user is refused. Lock control means to lock
When the identification information of the locked target user indicating the user whose authentication process is locked and the input biometric information indicating the biometric information are received as the input information, the database is based on the identification information of the locked user. Is searched, and at least one of the reference biometric information corresponding to the identification information or the model information indicating the model of the biometric information generated based on the reference biometric information is compared with the input biometric information of the locked user. Comparison processing means for executing comparison processing, and
An unlocking means for unlocking the authentication process by the lock target user when it is determined by the comparison process that at least one of the reference biometric information or the model information and the input biometric information are the same.
It has a configuration that allows it to function as a computer.

With this configuration, the present invention can reliably and permanently verify the identity, reduce the complicated work of the user and the authentication administrator in the identity verification, and be convenient for the user and the authentication administrator. Can be improved.

(7) Further, in order to solve the above problems, the present invention
The server device that releases the authentication process when the user's authentication process is locked, the identification information that identifies the user for each user, and the same type of biometric information that changes over time for each user, and the timing of data conversion The reference biometric information in which a plurality of different biometric information is sequentially registered and the reference key information which is the key information set for each user and used for authentication are associated and registered in advance as registration information. A terminal device that is connected to a database via a network.
Input receiving means for receiving input information input by the user,
When executing the authentication of a specific user, the database is searched based on the identification information included in the received input information, and the reference key information corresponding to the identification information and the received input information are included. An authentication processing means that executes an authentication process for the specific user based on the input key information indicating the key information, and
If the authentication of the specific user is determined to be unsuccessful by the authentication process and the given conditions are satisfied, the execution of the authentication process after the specified conditions are satisfied by the specific user is refused. Lock control means to lock
A communication control means for receiving an unlock notification for unlocking the authentication process transmitted from the server device, and
An unlocking means for unlocking the authentication process based on the received unlock notification,
With
The communication control means
When the authentication process is locked, the received identification information and the input biometric information indicating the biometric information are transmitted to the server device as the input information.
The server device searches the database based on the transmitted identification information, and obtains at least one of the reference biometric information corresponding to the identification information or a model of the biometric information generated based on the reference biometric information. A comparison process for comparing the indicated model information with the input biometric information of the user is executed, and it is determined by the comparison process that at least one of the reference biometric information or the model information and the input biometric information are the same. Receive the unlock notification sent when
It has a configuration.

With this configuration, the present invention can reliably and permanently verify the identity, reduce the complicated work of the user and the authentication administrator in the identity verification, and be convenient for the user and the authentication administrator. Can be improved.

(8) Further, in order to solve the above problems, the present invention
The server device that releases the authentication process when the user's authentication process is locked, the identification information that identifies the user for each user, and the same type of biometric information that changes over time for each user, and the timing of data conversion The reference biometric information in which a plurality of different biometric information is sequentially registered and the reference key information which is the key information set for each user and used for authentication are associated and registered in advance as registration information. A database and a terminal device connected via a network
Input receiving means that accepts input information input by the user,
When executing the authentication of a specific user, the database is searched based on the identification information included in the received input information, and the reference key information corresponding to the identification information and the received input information are included. An authentication processing means that executes an authentication process for the specific user based on the input key information indicating the key information.
If the authentication of the specific user is determined to be unsuccessful by the authentication process and the given conditions are satisfied, the execution of the authentication process after the specified conditions are satisfied by the specific user is refused. Lock control means to lock
A communication control means for receiving an unlock notification for unlocking the authentication process transmitted from the server device, and a communication control means.
An unlocking means for unlocking the authentication process based on the received unlock notification,
To function as
The communication control means
When the authentication process is locked, the received identification information and the input biometric information indicating the biometric information are transmitted to the server device as the input information.
The server device searches the database based on the transmitted identification information, and obtains at least one of the reference biometric information corresponding to the identification information or a model of the biometric information generated based on the reference biometric information. A comparison process for comparing the indicated model information with the input biometric information of the user is executed, and it is determined by the comparison process that at least one of the reference biometric information or the model information and the input biometric information are the same. It has a configuration for receiving the unlock notification sent when the information is released.

With this configuration, the present invention can reliably and permanently verify the identity, reduce the complicated work of the user and the authentication administrator in the identity verification, and be convenient for the user and the authentication administrator. Can be improved.

(9) Further, in order to solve the above problems, the present invention
Terminal equipment used for user authentication processing
A server device that is connected to the terminal device via a network and releases the authentication process when it is locked.
With
The server device
For each user, identification information that identifies the user, reference biometric information in which a plurality of biometric information of the same type that changes over time of each user but at different timings of data conversion are sequentially registered, and standard biometric information for each user. A management means for managing a database in which the key information set in is associated with the reference key information used for authentication and registered in advance as registration information, and
A receiving means for receiving input information input by each user and transmitted from the terminal device, and
When executing the authentication of a specific user, the database is searched based on the identification information included in the received input information, and the reference key information corresponding to the identification information and the received input information are included. An authentication processing means that executes an authentication process for the specific user based on the input key information indicating the key information to be obtained.
If the authentication of the specific user is determined to be unsuccessful by the authentication process and the given conditions are satisfied, the execution of the authentication process after the specified conditions are satisfied by the specific user is refused. Lock control means to lock
When the identification information of the locked target user indicating the user whose authentication process is locked and the input biometric information indicating the biometric information are received as the input information, the database is based on the identification information of the locked user. Is searched, and at least one of the reference biometric information corresponding to the identification information or the model information indicating the model of the biometric information generated based on the reference biometric information is compared with the input biometric information of the locked user. Comparison processing means to execute comparison processing and
When it is determined by the comparison process that at least one of the reference biometric information or the model information and the input biometric information are the same, the unlocking means for unlocking the authentication process by the lock target user.
Has a configuration.

With this configuration, the present invention can reliably and permanently verify the identity, reduce the complicated work of the user and the authentication administrator in the identity verification, and be convenient for the user and the authentication administrator. Can be improved.

It is a system block diagram which shows the structure of the authentication management communication system in one Embodiment. This is an example of a functional block diagram showing the configuration of the authentication server device of one embodiment. It is a functional block diagram which shows an example of the structure of the terminal apparatus of one Embodiment. It is a figure for demonstrating the authentication process and the lock control process in the authentication management communication system of one Embodiment, and the unlock process including the identity verification process (the 1). It is a figure for demonstrating the authentication process and the lock control process in the authentication management communication system of one Embodiment, and the unlock process including the identity verification process (the 2). It is a figure which shows the example of the identity verification information registered in the 2nd database of one Embodiment. It is a flowchart (the 1) which shows the operation about the unlock process including the identity verification by the authentication server device of one Embodiment. It is a flowchart (No. 2) which shows the operation about the unlock process including the identity verification by the authentication server device of one Embodiment.

Hereinafter, embodiments according to the present invention will be described with reference to the drawings. In the embodiment described below, authentication management using a network having a terminal device used by a user, an authentication server device that executes an authentication process, and a network service server device that provides a network service. This is an embodiment when the authentication system of the present application is applied to a communication system.

[1] Authentication Management Communication System First, an outline of the authentication management communication system 1 of the present embodiment will be described with reference to FIG. Note that FIG. 1 is a system configuration diagram showing the configuration of the authentication management communication system 1 according to the present embodiment. Further, in order to prevent the figure from becoming complicated, in FIG. 1, the terminal device 20 used by some users and some network service server devices (hereinafter, also referred to as “service server devices”). .) Only 30 is shown. That is, in the actual authentication management communication system 1, there are more terminal devices 20 and service server devices 30 than shown in FIG.

The authentication management communication system 1 of the present embodiment executes a pre-registered user authentication process, and when the user authentication is successful, provides various network services to the authenticated user via the network. It is a system.

In particular, in the authentication management communication system 1 of the present embodiment, in the user authentication process, for example, when the authentication fails a plurality of times in a row (becomes unsuccessful), the execution of the authentication process is refused and locked. In addition, it has a configuration to release the lock by confirming the identity on the network.

Conventionally, as described above, when authentication is locked, for example, it is common for the user himself / herself to access a predetermined contact by telephone, perform identity verification verbally, and release the lock. ..

In addition, instead of the above, an application for unlocking is executed, such as requesting a predetermined contact to issue a new user ID or pass, and identity verification is executed by receiving the new user ID or pass by mail. However, the lock is also released.

For this reason, the work of unlocking the authentication process is complicated for both the user and the administrator who manages the authentication process (that is, the authentication administrator), and is released after the authentication process is locked. It takes time to be unlocked, so it is difficult to unlock it quickly.

Therefore, the authentication management communication system 1 of the present embodiment introduces authentication using highly identifiable biometric information (that is, biometric authentication) to identity verification, and responds to changes over time in the biometric information. Identity verification can be performed easily, reliably, and permanently, and the complicated work of the user and the authentication administrator in the identity verification can be reduced, and the convenience of the user and the authentication administrator can be improved. It has become like.

In particular, the authentication management communication system 1 of the present embodiment is not fixed to the biometric information registered first, but can confirm the identity by the biometric information registered at different timings as appropriate, so that aging, changes in circumstances, etc. Even if the situation is different from the time when the biometric information was first registered due to aging, it is possible to accurately verify the identity.

Specifically, as shown in FIG. 1, the authentication management communication system 1 of the present embodiment includes the above-mentioned authentication process, lock process (hereinafter referred to as “lock process”), release thereof, and identity verification. The authentication server device 10 that executes various processes such as the process of performing the above-mentioned authentication process (hereinafter referred to as "identity verification process") and the authentication server device 10 are connected to the authentication server device 10 via a network such as the Internet. A terminal device 20 (for example, terminal devices 20A, 20B, 20C) that accepts user operations related to various processes such as an identity verification process, and a service server device 30 that provides a predetermined network service when the user authentication process is successful. And consists of.

The authentication server device 10 is an information processing device that executes various processes including an authentication process and an identity verification process by using, for example, an API (application programming interface) or a predetermined platform.

Further, the authentication server device 10 may be composed of one (device, processor) or a plurality of (device, processor).

The authentication server device 10 stores information about the user (hereinafter referred to as "user information") and various databases used for the authentication process or the identity verification process (in a broad sense, the storage device, It has a memory). However, the authentication server device 10 of the present embodiment may access a database (storage device, memory in a broad sense) connected via a network (intranet or the Internet).

Further, the authentication server device 10 is linked with each terminal device 20 to execute the authentication process of the user having each terminal device 20 and the identity verification when the authentication process is rejected and the locked state is reached. have.

The terminal device 20 is a communication terminal device composed of a PC (personal computer) used by a user, a tablet-type information communication terminal device, a smartphone, a portable telephone, a game device, or an information processing device such as an HMD.

Further, the terminal device 20 is a device that can be connected to the authentication server device 10 via a network such as the Internet (WAN) or LAN, and various types of communication lines are established with the authentication server device 10 by wire or wirelessly. It has a structure for exchanging data.

Further, the terminal device 20 has a communication control function for communicating with the authentication server device 10 such as input information input by the user, and data received from the authentication server device 10 and the service server device 30. It has a configuration having a display function for performing display control by using it.

The service server device 30 includes a banking service that provides financial institution-related services, a reservation service for restaurants, inns, transportation, etc., a product sales service, an SNS service, a content providing service for games, music, videos, etc., and e-mail, etc. It is a server device for providing cloud services such as various applications or various network services including information providing services such as search and advertisement.

In particular, when the user authentication is successful by the authentication server device 10, the service server device 30 logs the authenticated terminal device 20 into the provided network service and provides the corresponding service to the user. It has a configuration for executing various processes for performing the above.

The service server device 30 may have various functions related to authentication such as authentication processing and lock processing of the authentication server device 10.

[2] Authentication Server Device Next, the authentication server device 10 of the present embodiment will be described with reference to FIG. Note that FIG. 2 is an example of a functional block diagram showing the configuration of the authentication server device 10 of the present embodiment.

As illustrated in FIG. 2, the authentication server device 10 of the present embodiment includes a processing unit 100, a first database 140, a second database 150, a storage unit 170, an information storage medium 180, and a communication unit 196. And have. The authentication server device 10 does not need to include all the parts shown in FIG. 2, and a part thereof may be omitted.

The storage unit 170 serves as a work area for the processing unit 100 and the like, and its function can be realized by hardware such as RAM (VRAM). In particular, the storage unit 170 functions as a work area used when executing various processes.

The information storage medium 180 can be read by a computer, and the information storage medium 180 stores programs, data, and the like. That is, the information storage medium 180 stores a program for operating the computer as each part of the present embodiment (a program for causing the computer to execute the processing of each part).

The processing unit 100 can perform various processes of the present embodiment based on the data read from the program (data) stored in the information storage medium 180.

For example, the information storage medium 180 is an optical disk (CD, DVD), a magneto-optical disk (MO), a magnetic disk, a hard disk, a flash memory such as a solid state drive, a magnetic tape, or a memory (ROM), a memory card, or the like. ..

The first database 140 is formed of an optical disk (CD, DVD), a magneto-optical disk (MO), a magnetic disk, a hard disk, a flash memory such as a solid state drive, a magnetic tape, or a memory (ROM), a memory card, or the like. ..

Further, the first database 140 is a database in which information about each user for performing the authentication process is registered as user authentication information.

In particular, in the first database 140, a user name, a password, user information (for example, a telephone number of an e-mail or a mobile phone), and an authentication process are locked in association with each user ID for each user. Flag information (hereinafter, also referred to as "lock control information") indicating that the inside is inside, and user authentication information for identifying the user himself / herself when executing authentication processing such as symbol information are stored.

The second database 150 is a database in which identity verification information for verifying the identity of each user is registered.

In particular, in the second database 150, as the identity verification information, a plurality of biological information composed of feature quantities indicating the characteristics of the human body and information indicating the locked state when the authentication process is locked (hereinafter, referred to as "Lock status information") and information about each user for identity verification (hereinafter referred to as "identity verification user information") and the like are stored.

The communication unit 196 performs various controls for communicating with the outside (for example, the terminal device 20 or the service server device 30), and its function is hardware such as various processors or communication ASICs. , And programs.

The processing unit 100 performs various processes of the present embodiment based on the program (data) stored in the storage unit 170. The processing unit 100 of the present embodiment reads out the program or data stored in the information storage medium 180, temporarily stores the read program or data in the storage unit 170, and processes based on the program or data. May be done.

Further, the processing unit 100 (processor) performs various processes using the main storage unit in the storage unit 170 as a work area. The function of the processing unit 100 can be realized by hardware such as various processors (CPU, DSP, etc.) or a program.

Specifically, the processing unit 100 includes a communication control unit 101, a DB management control unit 102, an authentication processing unit 103, a lock control unit 104, and a timer management unit 107.

For example, the communication control unit 101 of the present embodiment constitutes the receiving means of the present invention, and the DB management control unit 102 constitutes the management means of the present invention. Further, for example, the authentication processing unit 103 of the present invention constitutes the authentication processing means of the present invention, and the lock control unit 104 constitutes the lock control means, the comparison processing means, and the unlocking means of the present invention.

The communication control unit 101 establishes a communication line with the terminal device 20 and the service server device 30 via the network, and communicates with each other.

The DB management control unit 102 executes processing such as reading, writing, deleting, and updating each data for the first database 140 and the second database 150.

The authentication processing unit 103 receives input information input via each terminal device 20 for each terminal device 20, and receives the received input information (specifically, a user name or a user ID and a password) and a second. 1 The authentication process of each user is executed based on the information for authentication (that is, the user name or user ID and password) for the users already registered in the database 140.

The lock control unit 104 determines whether or not a given condition is satisfied when the authentication process fails during each authentication process for each user.

Then, the lock control unit 104 executes a lock control process for locking the authentication process when a given condition is satisfied when the authentication process fails at each authentication process for each user.

Further, when the user authentication process is locked, the lock control unit 104 executes an identity verification process for determining whether or not to unlock the corresponding user based on the identity verification information transmitted from the terminal device 20. ..

In particular, when the lock control unit 104 determines that the lock can be released based on the identity verification information, the lock control unit 104 releases the locked authentication process.

The timer management unit 107 has a function of performing measurement from the current date and time or a predetermined timing, and outputs the current time and the measurement result when the predetermined timing arrives.

[3] Terminal device Next, the function of the terminal device 20 will be described with reference to FIG. Note that FIG. 3 is a functional block diagram showing an example of the configuration of the terminal device 20 of the present embodiment.

As shown in FIG. 3, the terminal device 20 of the present embodiment includes a processing unit 200, an image pickup unit 250, an operation input unit 260 including a touch panel, a storage unit 270, an information storage medium 280, and a liquid crystal panel. It has a display unit 290 composed of display elements such as the above, a communication unit 296, and a sound output unit 292.

The image pickup unit 250 includes an image pickup camera having a predetermined angle of view and focal length capable of taking an image and having a predetermined image pickup element such as a CCD, and an image generation unit that images the output of the image pickup camera.

Further, the image pickup unit 250 is linked with the processing unit 200, and when executing the identity verification process, for example, a server device for authentication that captures biometric information such as face image information obtained by capturing a user's face and converting the face image into data. Send to 10.

The operation input unit 260 is a device for inputting input information from the player, and outputs the input information of the player to the processing unit 200.

The operation input unit 260 of the present embodiment includes a detection unit 262 that detects user input information (input signal), and is composed of, for example, a lever, a button, a microphone, a touch panel type display, a keyboard, and a mouse.

The storage unit 270 serves as a work area for the processing unit 200 and the like, and its function can be realized by hardware such as RAM (VRAM).

The storage unit 270 of the present embodiment includes a main storage unit 271 used as a work area, an image buffer 272 in which the final display image and the like are stored, and a user information storage unit 273 in which user information is stored. ,including. It should be noted that a configuration in which some of these may be omitted may be used.

The information storage medium 280 can be read by a computer, and the information storage medium 280 includes various applications and an OS (operating system), and in particular, in the present embodiment, a user corresponding to the terminal device 20. Various data including the user ID are stored.

That is, the information storage medium 280 stores an application for operating the computer as each part of the present embodiment (an application for causing the computer to execute the processing of each part) and a user ID.

For example, the information storage medium 280 is an optical disk (CD, DVD), a magneto-optical disk (MO), a magnetic disk, a hard disk drive, a flash memory, a magnetic tape, or a memory (ROM), a memory card, or the like.

The communication unit 296 performs various controls for communicating with the outside (for example, another terminal device 20, the authentication server device 10 and the service server device 30), and its function is various processors. Alternatively, it is composed of hardware such as an ASIC for communication, a program, or the like.

The processing unit 200 can perform various processes of the present embodiment by reading and executing the application stored in the information storage medium 280. The type of application stored in the information storage medium 280 is arbitrary.

The processing unit 200 performs various processes of the present embodiment based on the application stored in the information storage medium 280. The processing unit 200 of the present embodiment reads out the program or data stored in the information storage medium 280, temporarily stores the read program or data in the storage unit 270, and processes based on the program or data. May be done.

Further, the processing unit 200 (processor) performs various processes using the main storage unit in the storage unit 270 as a work area. The function of the processing unit 200 can be realized by hardware such as various processors (CPU, DSP, etc.) or a program.

The processing unit 200 includes a communication control unit 210, a Web browser 211, an image pickup control unit 212, a display control unit 213, an input reception processing unit 214, a drawing unit 220, and a sound processing unit 230. It should be noted that a configuration in which some of these may be omitted may be used.

The communication control unit 210 performs a process of transmitting / receiving data to / from the authentication server device 10 or the service server device 30. Further, the communication control unit 210 receives data transmitted from the authentication server device 10 or the service server device 30, stores the received data in the storage unit 270, analyzes the received data, and the like. Performs control processing related to the transmission and reception of data.

The communication control unit 210 may perform a process of storing and managing the destination information (IP address, port number) of the authentication server device 10 and the service server device 30 in the information storage medium 280. Then, when the communication control unit 210 receives the input information of the communication start from the user, the communication control unit 210 may perform communication with the authentication server device 10 or the service server device 30.

In particular, the communication control unit 210 transmits the user's identification information, input information, or biometric information to the authentication server device 10, and transmits the information related to the authentication process and the information for enjoying a predetermined service to the authentication server device 10 and the like. The process of receiving from the service server device 30 is performed.

The communication control unit 210 may send and receive data to and from the authentication server device 10 and the service server device 30 at predetermined intervals, and when the input information from the operation input unit 260 is received, the authentication server device Data may be transmitted and received with 10. In particular, the communication control unit 210 of the present embodiment performs a process of receiving the authentication screen and the unlock screen from the authentication server device 10.

The Web browser 211 is an application program for viewing a Web page (authentication screen, unlock screen, or service enjoyment screen) from a Web server (authentication server device 10 or service server device 30). Download HTML files, image files, etc., analyze the layout, and control the display.

Further, the Web browser 211 transmits data to the Web server (authentication server device 10 and service server device 30) using an input form (link, button, text box, etc.).

The terminal device 20 can display information from a Web server (for example, a service server device 30) designated by a URL via the Internet by a Web browser 211. For example, the terminal device 20 can display each content (data such as HTML) received from the authentication server device 10 by the Web browser 211.

The image pickup control unit 212 causes the image pickup unit 250 to take an image of the user's face and generate a face image when the identity verification process is executed in conjunction with the authentication server device 10.

Then, the image pickup control unit 212 interlocks with the communication control unit 210 and transmits the face image generated via the communication unit 296 to the authentication server device 10 as input biometric information.

The display control unit 213 performs a process of displaying on the display unit 290. For example, the display control unit 213 may display using the Web browser 211.

The input reception processing unit 214 recognizes the input information input from the operation input unit 260 by the user, and executes various processes based on the recognized information.

The drawing unit 220 performs drawing processing based on various processes performed by the processing unit 200, generates an image by this, and outputs the image to the display unit 290 by the display control unit 213.

The sound processing unit 230 performs sound processing based on the results of various processes performed by the processing unit 200, generates BGM, sound effects, voice, and the like, and outputs the BGM, sound effects, voice, and the like to the sound output unit 292.

[4] Outline of the method of the present embodiment [4.1] Next, using FIGS. 4 and 5, the authentication process and the lock control process in the authentication management communication system 1 of the present embodiment, and the lock including the identity verification process. The release process will be described. 4 and 5 are diagrams for explaining the authentication process and the lock control process in the authentication management communication system 1 of the present embodiment, and the unlock process including the identity verification process.

The authentication server device 10 is registration information registered in advance in the first database 140 or the second database 150 for each user, and is unique identification information (that is, user ID) for identifying the user and each user's. Reference biometric information in which multiple biometric information of the same type that changes over time but at different timings to be converted into data is sequentially registered, and key information set for each user, which is used for authentication. It has a configuration to execute various processes using the reference key information.

Further, if the input information transmitted from the terminal device 20 and the authentication information already registered in the first database 140 do not match, the authentication server device 10 fails to authenticate the corresponding user. It has a configuration for executing a process of canceling the cooperation between the corresponding terminal device 20 and the service server device 30 as (unsuccessful).

Further, when the authentication server device 10 determines that the authentication of a specific user (hereinafter, also referred to as "specific user") has failed by the authentication process, for example, the authentication is unsuccessful a plurality of times in a row. However, when a given condition is satisfied, a lock control process that rejects and locks the subsequent execution of the corresponding user authentication process is executed.

Then, when the authentication process is locked in this way, the authentication server device 10 executes the identity verification process for verifying the identity using the biometric information of the corresponding user, and when the identity verification is successful, the authentication server device 10 executes the identity verification process. It has a configuration to execute the unlock process that unlocks the corresponding authentication process.

In particular, the authentication server device 10 of the present embodiment is not fixed to the biometric information registered at the beginning, but executes the identity verification process by the biometric information registered at different timings as appropriate, and over time such as aging and situation change. Even if the situation is different from the time when the biometric information was first registered, it has a structure that enables accurate identity verification.

Specifically, the authentication server device 10 is, for example, as shown in FIG.
(A1) When the input information transmitted from the terminal device 20 is received when the authentication of a specific user who wants to execute the authentication process is executed, the first database 140 is searched based on the user ID included in the input information. Then, based on the reference key information (for example, password) corresponding to the user ID and the input key information indicating the key information included in the received input information, the authentication process for the specific user is executed ( [1]) in FIG. 4,
(A2) When the authentication of a specific user is determined to be successful by the authentication process, the service server device 30 and the terminal device 20 including data transfer in order to provide a predetermined network service to the user who executed the authentication. Control the alliance with ([2] in Fig. 4),
(A3) When it is determined by the authentication process that the authentication of a specific user has failed (unsuccessful), in order to prohibit the provision of a predetermined network service, each process related to the prohibition of the provision of the network service is executed (Fig.). 4 [3]),
(A4) When the authentication of a specific user is determined to be unsuccessful by the authentication process and a given condition is satisfied, the subsequent authentication process that satisfies the given condition for the specific user is executed. Execute the lock control process to reject and lock ([4] in FIG. 4),
It has a configuration.

Note that FIG. 4 shows a case where the execution of the authentication process is instructed together with the input information from the plurality of terminal devices 20, and when the authentication process succeeds and the network service is provided, the authentication process fails and fails. It is a figure which shows the example of the case where the provision of the network service is prohibited, and the case where the authentication process fails and the lock control process is executed under the given conditions.

In particular, in FIG. 4, when the authentication process is successful and the network service is provided, a notification indicating that the authentication is successful is given to the corresponding terminal device 20 (hereinafter, referred to as “authentication success notification”). In addition, there is an example in which the authentication server device 10 has succeeded in authenticating to the service server device 30, an instruction for linking with the terminal device 20 that provides a predetermined network service, and a control for performing processing associated therewith. It is shown.

Further, FIG. 4 shows a notification (hereinafter, referred to as “authentication failure notification”) indicating that the corresponding terminal device 20 has failed in authentication when the authentication process fails and the provision of the network service is prohibited. An example of this is shown.

Further, FIG. 4 shows a notification indicating that the terminal device 20 is locked when the authentication process fails and a given condition for locking the authentication process is satisfied (hereinafter, “lock”). An example is shown in which the flag information (that is, the lock control information) indicating that the authentication process associated with the corresponding user ID in the first database 140 is locked is rewritten. ing.

On the other hand, when the authentication server device 10 is locked by such a lock control process, for example, as shown in FIG. 5, the authentication server device 10 is locked.
(B1) When the input biometric information indicating the user ID and biometric information of the user whose authentication process is locked (hereinafter referred to as "locked user") is transmitted as input information and the input biometric information is received (FIG. 5). [1]),
(B2) The second database 150 is searched based on the user ID of the lock target user included in the transmitted input information, and at least one of the reference biometric information corresponding to the user ID and the input living body of the lock target user are searched. Comparison process for comparing information (identity verification process ([2] in FIG. 5)) and
(B2) An unlock process for unlocking the authentication process by the locked target user when it is determined by the comparison process that at least one of the reference biometric information and the input biometric information are the same ([3] in FIG. 5]. ] And [4]),
Has a configuration to execute.

Note that FIG. 5 shows a case where the corresponding terminal device 20 is unlocked, the second database 150 is searched based on the input information transmitted from the terminal device 20, and the input biological information and the reference living body are obtained. It is a figure which shows the example of the case where the identity verification process is executed based on the information, the identity verification is finally succeeded, and the unlock process is executed based on the success of the identity verification.

In particular, in FIG. 5, input information is transmitted by a lock target user (UIDO02) who desires to unlock, and reference bioinformation (group) registered in the second database 150 based on the input bioinformation of the input information. ) And the comparison process for determining the identity is executed, and when the identity verification is successful, the lock control information indicating that the authentication process of the user (UIDO02) registered in the first database 140 is locked is deleted. An example of changing to (Cancel) is shown.

By having such a configuration, the authentication server device 10 of the present embodiment can easily, surely, and permanently confirm the identity, and can be caused by continuous input mistakes, unauthorized use, or the like. Even if the user authentication itself is locked, it is important to unlock it without reissuing the reference key information, the procedure associated with it, or other methods such as identity verification by calling. Biometrics can be used for identity verification, which is a simple procedure.

Then, the authentication server device 10 of the present embodiment can reliably and permanently confirm the identity, reduce the complicated work of the user and the authentication administrator in the identity verification, and perform the user and the authentication. It is possible to improve the convenience of the administrator.

[4.2] Identity Verification Information Next, the identity verification information of the present embodiment will be described with reference to FIG. Note that FIG. 6 is a diagram showing an example of identity verification information registered in the second database 150 of the present embodiment.

(Identity verification information)
As shown in FIG. 6, for example, as shown in FIG. 6, the identity verification information of the present embodiment includes a plurality of user IDs and biometric information of the same type in which the user changes over time, but at different timings for data conversion. Biometric information (that is, standard biometric information), lock status information indicating the locked state when authentication processing such as an error code is locked, and a user for identity verification such as a driver's license number of a car or the like. Information and is included. Then, these identity verification information are stored in the second database 150 for each user.

Basically, even if the biometric information of the same type of the same user is used, when the biometric information that changes with the passage of time such as a face is used, the present of the user is present as the user ages. There is a possibility that the difference between the biometric information of the above and the reference biometric information registered in advance for user authentication becomes large.

In addition, when the difference between the current biometric information and the standard biometric information becomes large, even if the biometric information of the same person is used, the current biometric information of the user who should be authenticated is different from the standard biometric information. There is a possibility that the user will not be authenticated after being judged, which may cause an increase in the false rejection rate (FRR).

Therefore, in the present embodiment, in order to avoid or alleviate such a situation, absorb changes in biometric information with the passage of time, and appropriately confirm the identity of the user, a plurality of biometric information having different timings for data conversion are used. ing.

In addition, it is assumed that further information will be used to improve the accuracy of the identity verification process, but although it is possible to perform accurate identity verification, if it becomes too complicated, the burden on the user and the administrator will increase, and the work will be complicated. Will increase.

Therefore, in the present embodiment, in order to improve the accuracy of the identity verification process, the locked user is notified of the lock status information indicating the locked status such as the locked date and time, the homepage where the lock occurred, and the cause of the lock. However, by using the information for the identity verification process, it is possible to perform more reliable identity verification.

Then, in the present embodiment, in order to improve the accuracy in the identity verification process, information about the user (that is, user information) such as user attributes is used for the identity verification process in place of or in addition to the lock status information. By doing so, it is possible to confirm the identity more reliably.

The biological information of the present embodiment may be the same type of biological information that causes aging of the user, and instead of the facial image information, features of the human body such as fingerprints, vein patterns, irises, and voices may be used. The information may be composed of the indicated feature quantities.

(Biological information)
The biological information of the present embodiment is information related to the user's face image (hereinafter, referred to as "face image information").

As the biological information of the present embodiment, a plurality of facial image information is registered for each user and in chronological order.

In particular, the face image information registered first is registered at the start of use of the authentication process, and the face image information of other same user IDs is acquired by the corresponding terminal device 20 at a given timing after the start of use. Is registered.

Further, as the given timing, since the face image information can be diverted, it is preferable to use the face image information captured when performing various identity verification processes.

For example, at the time of new application or renewal of a driver's license such as a passport or a car, facial image information may be acquired in conjunction with the passport application or driver's license application system, and such timing may be used as an authentication server. The device 10 manages the face image information at the relevant timing, or the device 10 manages the face image information by using the authentication server device 10 or by mail or other means such as another network system. The process of registering may be executed.

Further, in the present embodiment, after the start of use of the authentication process, the authentication server device 10 and the above-mentioned inquiries from the administrator side are made at a timing predetermined by the administrator or the like in advance such as every June or every year. It may be registered according to the above, or at the timing when applying for the same authentication process using the authentication server device 10 or another network service using the identity verification process, a face image on the flow at the time of the application. A process for acquiring information may be provided, and the face image information acquired by the process may be registered.

On the other hand, as the face image information, for example, information converted into data in the still image data format is used. However, the face image information is not limited to the information in which the face image is converted into data, but also the information in which the feature amount of the color and shape on the image that can be used in the comparison processing such as the image matching technology is converted into data. Good.

The DB management control unit 102 registers the input biometric information in the second database 150 at the start of use of the authentication process or at a given timing.

Then, the DB management control unit 102 newly executes at least one of the biometric information (hereinafter, referred to as "reference biometric information") already registered in the second database 150 by the identity verification process and the identity verification process. When it is determined that the biometric information input to the terminal device 20 (hereinafter, also referred to as "input biometric information") is the same, the input biometric information is used as the user ID used for the identity verification process. It is additionally registered in the second database 150 as the associated reference biometric information.

In addition, the identity verification process is irregular even if it is executed, and it is assumed that some users will not execute it at all. Therefore, the timing determined in advance by the administrator such as every year and the execution timing of the authentication process (for example) , Occurs once in several authentication processes), may be executed at a randomly set timing, or at a timing when a new face image is acquired in another Internet service or administrative service.

(Lock status information)
Lock status information includes, for example,
(A1) The date and time when the authentication lock occurred, the period from the previous authentication process, the period after the authentication of the previous authentication process and after logging out to the network service enjoyed based on the authentication process, or the authentication process. Timing that meets certain conditions, such as the period from registration to enjoy the services of (eg, from the registration of the first reference biometric information).
(A2) How many times the authentication process caused the lock, the number of times the authentication process lock has occurred, the staying time of the web page (web page for executing the authentication process) where the authentication process lock has occurred, etc. The status such as the transition of the Web page that has been passed through up to that point, or the type of network service that you plan to enjoy based on the authentication process, and
(A3) Web page where the authentication process is locked, or an error code such as information entered in the locked authentication process,
Etc. are included.

When the lock status information is used for the identity verification process, it may be text information such as text, or image information for notifying the lock status such as a two-dimensional bar code. In that case, the image may be converted into text by analyzing the image using an OCR function or the like.

(User information for identity verification)
User information for identity verification includes, for example, the user's date of birth, address, telephone number, driver's license number for automobiles, passport identification number (hereinafter referred to as "passport number"), my number, etc. Contains information.

Further, the user information for identity verification may be text data or image data such as a two-dimensional bar code. In particular, when the user information for identity verification is image data, the user information for identity verification may be included in a part of the image when it is imaged.

In particular, when image data is used for personal identification user information, when the comparison process is executed, the image may be converted into text by analyzing the image using an OCR function or the like.

[4.3] Lock control process including authentication process and lock determination process Next, the authentication process and lock control process that are the premise of the unlock process of the present embodiment will be described.

(Authentication processing)
When executing the authentication of a specific user who wants to execute the authentication process, the authentication processing unit 103 includes input information (specifically, a user name or a user ID) input via each terminal device 20 of the specific user. Password) is received.

Then, the authentication processing unit 103 searches the first database 140 based on the user name or user ID included in the received input information.

At this time, the authentication processing unit 103 determines whether or not the authentication process corresponding to the input user ID is locked based on, for example, lock control information indicating that the authentication process is locked. When it is determined that the lock is not locked, the authentication process for the input user ID is executed.

In particular, the authentication processing unit 103 includes a reference password that is a password (that is, reference key information) stored in the first database 140 in association with a reference user ID that matches the input user ID, and the received input information. The authentication process for the specific user is executed based on the input password which is the password (that is, the input key information) included in.

That is, the authentication processing unit 103 determines that the authentication is successful if the reference password and the input password match, and determines that the authentication fails if they do not match.

Then, when the user authentication is successful, the authentication processing unit 103 logs in to the network service provided by the service server device 30.

The user ID of the present embodiment can be identified from other users such as a character string given when the user is registered in the authentication processing service, a character string set by the user himself, an e-mail address, or a telephone number. Identification information.

On the other hand, the authentication processing unit 103 has registered lock control information indicating that the authentication process is locked, has not registered a reference user ID matching the input user ID in the first database 140, or , If the reference user ID that matches the input user ID matches, but the input password and the reference password stored in association with the reference user ID do not match, the authentication process is determined to be a failure.

Then, when the authentication processing unit 103 determines that the authentication process has failed, the authentication processing unit 103 notifies the corresponding terminal device 20 that the authentication has failed, and notifies that the authentication process is locked. If the lock control information shown is not yet registered, the lock control unit 104 is made to execute a lock determination process for determining whether or not to lock the authentication process of the corresponding user.

In addition, as the authentication process of the present embodiment, in addition to or instead of the above password, the terminal device 20 or other communication device is notified, or the one-time password already given to the storage medium is input. It may be executed based on the above, or input based on an appropriate number or image instruction, input of user authentication information such as a date of birth or a telephone number given to a mobile terminal device, or the like may be used.

Further, as the authentication process of the present embodiment, information capable of identifying an individual such as a passport identification number and a driver's license number of a car or the like may be used together.

(Lock judgment processing)
The lock control unit 104 is the case where the lock control information indicating that the authentication process is locked has not been registered yet, and the user authentication process fails based on the user authentication information. The lock determination process for determining whether or not to lock the authentication process of the corresponding user is executed.

In particular, the lock control unit 104 sets a given condition every time the lock control information indicating that the authentication process is locked is not registered and the user authentication process is determined to be unsuccessful. It is determined whether or not the authentication process is satisfied, and the authentication process is locked when the given conditions are satisfied.

Specifically, the lock control unit 104 adds "+1" to the counter, for example, a predetermined number of times each time it determines that the user authentication process has failed, even when the lock control information has not been registered yet. If it is determined that the user's authentication process has failed, the authentication process is locked assuming that the given conditions are satisfied.

The lock control unit 104 may lock the authentication process each time it determines that the user authentication process has failed, or may perform a lock determination process that determines in combination with other conditions such as a time condition. You may do it.

For example, as another condition, the user authentication process has continuously failed a predetermined number of times, and the user authentication process has continuously failed a predetermined number of times within a predetermined period such as one day. And etc. are included.

On the other hand, if the lock control unit 104 does not satisfy the given condition, the lock control unit 104 determines that the authentication process is not locked and notifies the corresponding terminal device 20 to that effect.

In this case, the authentication processing unit 103 notifies the corresponding terminal device 20 to execute the authentication process again, and performs the authentication process under the instruction of the corresponding user or automatically. Try again.

(Lock control processing)
The lock control unit 104 locks the user's authentication process when it is determined that the user's authentication is unsuccessful and the given conditions are satisfied as described above. To execute.

When the authentication process is locked by the lock control unit 104, the authentication processing unit 103 is locked because, for example, lock control information indicating that the authentication process is locked is maintained. Even if the input password entered to execute the authentication process and the reference password are the same, it is determined that the authentication process has failed.

[4.4] Unlocking process including identity verification process Next, the basic principle of the unlocking process including the identity verification process of the present embodiment will be described.

(Basic principle)
When the authentication process is locked by the lock control process as described above, the lock control unit 104 executes the identity verification process based on the user's instruction to release the lock state of the authentication process. Execute the process.

Specifically, the lock control unit 104 gives an unlock instruction (hereinafter, “unlock”) transmitted from the terminal device 20 of the locked user (hereinafter, referred to as “lock target user”) whose authentication process is locked. (Also referred to as "instruction") is received, the terminal device 20 is requested to input the input user ID indicating the user ID of the lock target user and the input biometric information indicating the biometric information.

Further, when the lock control unit 104 receives the requested input user ID and input biometric information, the lock control unit 104 receives.
(A1) Based on the received input user ID, the first database 140 and the second database 150 are searched respectively, and the input user ID is associated with the lock control information indicating that the authentication process is locked. Judge whether or not it matches the standard user ID that exists,
(A2) When the input user ID and the reference user ID match, the received input biometric information is compared with any of a plurality of reference biometric information associated with the reference user ID to determine their identity. judge,
Execute the identity verification process.

In particular, the lock control unit 104 determines the identity of the biometric information in the identity verification process.
(A2-1) A second database is searched based on the input user ID, and a determination process for determining whether or not the same reference user ID as the input user ID is registered in the second database 150 is executed.
(A2-2) When the same reference user ID as the input user ID is registered in the second database 150, the input biometric information (face image information) is stored in association with the reference user ID. Perform a comparison process to compare with one or more reference biometric information,
(A2-3) By the comparison process, a biometric information determination process for determining whether or not at least one of the reference biometric information of one or more reference biometric information and the input biometric information are the same is executed.

Then, the lock control unit 104 stores the lock control information indicating that the authentication process is locked by the identity verification process in association with the reference user ID, and the input biometric information and the reference user ID. If any of the plurality of reference biometric information associated with is the same, it is assumed that the identity verification is successful, and the unlocking process for unlocking the locked authentication process is executed.

At this time, as the unlock process, the lock control unit 104 cancels (deletes) the lock control information indicating that the authentication process stored in the first database in association with the corresponding reference user ID is locked. To do.

On the other hand, when the authentication processing unit 103 does not store the same reference user ID as the input user ID in the second database by the identity verification process, or when none of the reference biometric information and the input biometric information are the same. In order to maintain the lock of the corresponding authentication process, the unlock process is interrupted and the state in which the authentication process is locked is maintained, assuming that the identity verification has failed (unsuccessful).

In particular, in this case, the authentication processing unit 103 maintains the lock control information already stored in association with the reference user ID corresponding to the first database 140.

Further, when the identity verification fails in the identity verification process, the authentication processing unit 103 notifies the corresponding terminal device 20 that the identity verification has failed.

(Unlock processing including identity verification processing based on lock status information)
The lock control unit 104 of the present embodiment locks the authentication process as described above in addition to being based on the identity of the input biometric information and the reference biometric information in order to perform more reliable identity verification. When the authentication process is locked, such as the timing, the status of the user's operation or authentication process at that time, or the code for identifying the error that occurred when the authentication process was locked (that is, the error code). The above identity verification process may be executed using the lock status information indicating the lock status, and the unlock process may be executed.

Specifically, the lock control unit 104 provides the lock status information to the lock target user when the authentication process is locked by the lock control process as described above, and the user ID of the lock target user. The lock status information is registered in the first database 140 as the reference lock status information in association with.

Then, when the lock control unit 104 receives the unlock instruction transmitted from the terminal device 20 of the lock target user, the lock control unit 104 requests the input of the input user ID and the input biometric information as well as the lock status information when the authentication process is locked. To do.

Further, when the lock control unit 104 receives the input lock status information together with the requested input user ID and input biometric information, the lock control unit 104 receives the input lock status information.
(B1) Based on the received input user ID, the first database 140 and the second database 150 are searched respectively, and the input user ID is associated with the lock control information indicating that the authentication process is locked. Judge whether or not it matches the standard user ID that exists,
(B2) The identity of the received input biometric information with any of a plurality of reference biometric information associated with the reference user ID is determined.
(B3) Determine the identity between the received input lock status information and the reference lock status information associated with the reference user ID.
Execute the identity verification process.

In particular, the lock control unit 104 executes a comparison process for comparing the reference lock status information and the input lock status information as a determination of the identity of the lock status information in the identity verification process, and the reference lock status is determined by the comparison process. The lock status information determination process for determining whether or not the information and the input lock status information are the same is executed.

Then, the lock control information indicating that the authentication process is locked is stored in association with the reference user ID, and the lock control unit 104 performs the identity verification process, the input biometric information, and the reference user ID. If any of the plurality of reference biometric information associated with is the same, and the received input lock status information and the reference lock status information are the same, it is assumed that the identity verification is successful and the lock is performed. Execute the unlock process to unlock the authentication process inside.

In the same manner as described above, as the unlock process, the lock control unit 104 provides lock control information indicating that the authentication process stored in the first database is locked in association with the corresponding reference user ID. Cancel.

On the other hand, in the authentication processing unit 103, when the reference user ID same as the input user ID is not stored in the second database 150 by the identity verification process, when any reference biometric information and the input biometric information are not the same, or , When the input lock status information and the reference lock status information are not the same, in order to maintain the lock of the corresponding authentication process, the unlock process is interrupted and the authentication process is locked, assuming that the identity verification has failed. Maintain a certain state.

In particular, in this case, the authentication processing unit 103 maintains the lock control information already stored in association with the reference user ID corresponding to the first database 140.

Further, when the identity verification fails in the identity verification process, the authentication processing unit 103 notifies the corresponding terminal device 20 that the identity verification has failed.

(Unlock processing including identity verification processing based on user information)
The lock control unit 104 of the present embodiment is based on the identity with the biometric information or based on the identity of both the biometric information and the lock status information in order to perform more reliable identity verification. The above-mentioned identity verification process may be executed by using the identity of the identity verification user information, and the unlock process may be executed.

Specifically, the DB management control unit 102 registers the user information for identity verification such as the address, telephone number, or driver's license number of a car or the like as the reference user information in the first database 140 at the start of using the authentication process. In addition, the type of identity verification user information used for one or more unlocking processes is specified.

Further, when the lock control unit 104 receives the unlock instruction transmitted from the terminal device 20 of the lock target user when the authentication process is locked by the lock control process as described above, the lock control unit 104 receives an input user ID and an input. Along with the biometric information, the input of user information (hereinafter referred to as "input user information") specified in advance for unlocking is requested.

Further, when the lock control unit 104 receives the input user information together with the requested input user ID and input biometric information, the lock control unit 104 receives the input user information.
(D1) Based on the received input user ID, the first database 140 and the second database 150 are searched respectively, and the input user ID is associated with the lock control information indicating that the authentication process is locked. Judge whether or not it matches the standard user ID that exists,
(D2) The identity of the received input biometric information with any of a plurality of reference biometric information associated with the reference user ID is determined.
(D3) Judging the identity between the received input user information and the reference user information,
Execute the identity verification process.

In particular, the lock control unit 104 executes a comparison process for comparing the reference user information and the input user information as a determination of the identity of the user information in the identity verification process, and the reference user information and the input user are compared by the comparison process. The user information determination process for determining whether or not the information is the same is executed.

Then, the lock control unit 104 stores the lock control information indicating that the authentication process is locked by the identity verification process in association with the reference user ID, and the input biometric information and the reference user ID. If any of the plurality of reference biometric information associated with is the same, and the received input user information and the reference user information are the same, it is considered that the identity verification is successful and the lock is locked. Unlock the authentication process Execute the unlock process.

As described above, the lock control unit 104 indicates that, as the unlock process, the authentication process stored in the first database 140 in association with the corresponding reference user ID is locked. To cancel.

On the other hand, in the authentication processing unit 103, when the reference user ID same as the input user ID is not stored in the second database by the identity verification process, when any reference biometric information and the input biometric information are not the same, or When the input user information and the reference user information are not the same, in order to maintain the lock of the corresponding authentication process, the unlock process is interrupted and the authentication process is locked, assuming that the identity verification has failed. maintain.

In particular, in this case, the authentication processing unit 103 maintains the lock control information already stored in association with the reference user ID corresponding to the first database 140.

Further, when the authentication processing unit 103 determines that the identity verification has failed in the identity verification process, the authentication processing unit 103 notifies the corresponding terminal device 20 that the identity verification has failed.

[4.5] Modification Example Next, a modification of the present embodiment will be described.

(Authentication processing by terminal device)
In the present embodiment, the authentication server device 10 executes the authentication process and the lock control process, but these processes are executed by the terminal device 20, and the unlock process including the identity verification process is authenticated. It may be executed by the server device 10.

That is, even if the authentication process is executed by the terminal device 20 alone and the authentication process is locked during the operation of the terminal device 20, the unlock process is executed in conjunction with the authentication server device 10. Good.

In this case, the terminal device 20 has some functions of the authentication processing unit 103 and the lock control unit 104.

Specifically, the terminal device 20 includes an authentication server device 10 that releases the authentication process in the user when the authentication process is locked, and identification information (that is, a user ID or user name) that identifies the user for each user. And the reference biometric information in which a plurality of biometric information (for example, facial image information) of the same type that changes over time of each user but at different timings of data conversion are sequentially registered, and set for each user. The first database 140 and the second database 150, which are the key information and are pre-registered as registration information in association with the reference key information (that is, the password) used for authentication, and via the network. Be connected.

And the terminal device 20
(A1) Accepts the input information input by the user and accepts it.
(A2) When executing authentication of a specific user, the first database 140 and the second database 150 are searched based on the user ID included in the received input information, and the reference key information (reference password) corresponding to the user ID is searched. ) And the input key information indicating the key information (input password) included in the received input information, and the authentication process for the specific user is executed.
(A3) When the authentication of a specific user is determined to be unsuccessful by the authentication process and a given condition is satisfied, the subsequent authentication process that satisfies the given condition for the specific user is executed. Refuse and lock,
(A4) Upon receiving the unlock notification sent from the authentication server device 10,
(A5) Unlock the authentication process based on the received unlock notification,
It has a configuration.

Then, when the authentication process is locked, the terminal device 20 transmits the received user ID and input biometric information as input information to the authentication server device 10, and the transmission is performed by the authentication server device 10. The first database 140 and the second database 150 are searched based on the user ID, a comparison process for comparing at least one of the reference biometric information corresponding to the user ID with the input biometric information of the locked user is executed, and the comparison process is executed. , When it is determined by the comparison process that at least one of the reference biometric information and the input biometric information are the same, the unlock notification is received.

(Comparison processing based on model information and biological information judgment processing)
In the above embodiment, a living body that performs a comparison process for comparing the reference biological information already registered in the second database 150 with the input biological information (face image information) and determines the identity thereof. Although the information determination process is being executed, the comparison process and the biometric information determination process may be executed using the model information indicating the model of the biometric information generated based on the reference biometric information.

In this case, the lock control unit 104 extracts the detected face area from each reference biometric information stored in association with the corresponding user ID, and sets the image feature amount of the extracted face area, for example. , Artificial Intelligence (AI) or other machine learning is used to generate model information that serves as a face model for the user, and whether or not the generated model information and input biometric information are the same. The biometric information determination process for determining is executed.

That is, the lock control unit 104 executes machine learning such as a support vector machine or a neural network (including deep learning) that uses reference biometric information as teacher data, and generates model information that serves as a face model for each user. Based on the matching rate between the generated model information and the input biometric information, a biometric information determination process for determining whether or not they are the same is executed.

In particular, when the lock control unit 104 performs machine learning such as deep learning using artificial intelligence, the number of neurons in the intermediate layer of the neural network forming a learning model (that is, model information as a face model) is increased. The weighting coefficient is updated, and a biometric information determination process for determining whether or not the model information and the input biometric information are the same is executed.

In this case, the lock control unit 104 preferably generates the model information in advance, but it may be generated when the comparison process and the biometric information determination process are executed. Further, the model information may be generated by another device and the generated model information may be acquired.

[5] Operation in the present embodiment Next, the operation related to the unlocking process including the identity verification by the authentication server device 10 of the present embodiment will be described with reference to FIGS. 7 and 8.

7 and 8 are flowcharts showing the operation related to the unlocking process including the identity verification by the authentication server device of the present embodiment.

In this operation, user authentication information such as a password and user information is already registered in the first database 140 in association with each user, and reference biometric information is associated with each user for each user. Is already registered in the second database 150.

Further, in this operation, the authentication process has already been executed, and depending on the situation, the lock control information indicating that the lock is being locked is already registered in association with the user ID of the corresponding user. To do.

In this operation, the case of executing the process of determining the identity of the biological information as the identity verification process will be described.

First, when the lock control unit 104 receives the unlock instruction of the lock target user from the terminal device 20 (step S101), the lock control unit 104 generates information for requesting the lock target user to input the user ID and biometric information, and the terminal. It is transmitted to the device 20 and waits for the reception of these input information (step S102).

Next, when the lock control unit 104 receives the input information including the user ID and the biometric information (step S103), the lock control unit 104 searches the first database 140 based on the input user ID which is the received user ID, and finds the reference user ID. It is determined whether or not there is a reference user ID that is the same as the input user ID (step S104).

At this time, when the lock control unit 104 determines that the reference user ID same as the input user ID is registered in the first database, the process proceeds to the process of step S105, and the lock control unit 104 proceeds to the process of step S105 and is the same reference user as the input user ID. If it is determined that the ID is not registered in the first database, the terminal device 20 is notified that the input user ID is incorrect (step S111), and this operation is terminated.

Next, when the lock control unit 104 determines that the same reference user ID as the input user ID is registered in the first database, the lock control unit 104 indicates that the lock is being locked in association with the reference user ID. It is determined whether or not the information is registered (step S105).

At this time, when the lock control unit 104 determines that the lock control information indicating that the lock is being locked is registered in association with the reference user ID, the lock control unit 104 proceeds to the process of step S106 and the lock control information. If it is determined that is not registered, the terminal device 20 is notified that the authentication process is not locked (step S112), and this operation is terminated.

Next, when the lock control unit 104 determines that the lock control information indicating that the lock is in progress is registered in association with the reference user ID, the lock control unit 104 searches the second database 150 based on the input user ID. , The same reference user ID as the input user ID is specified from the reference user IDs (step S106).

Next, the lock control unit 104 compares the plurality of reference biometric information registered in association with the specified reference user ID with the input biometric information, and determines whether or not there is the same reference biometric information as the input biometric information. Execute the identity verification process (step S107).

At this time, when the lock control unit 104 determines that there is the same reference biometric information as the input biometric information, it considers that the identity verification is successful and executes the unlocking process of releasing the authentication process during locking (step). S108).

Next, the lock control unit 104 notifies the terminal device 20 that the lock of the authentication process has been released (step S109), and ends this operation.

On the other hand, when the lock control unit 104 determines that there is no reference biometric information that is the same as the input biometric information, it considers that the identity verification has failed and interrupts the unlocking process (step S113).

Finally, the lock control unit 104 notifies the terminal device 20 that the unlock process is interrupted and the lock of the authentication process cannot be released (hereinafter, referred to as “notification of interruption of unlock process”) (step S114). ) End this operation.

[6] Others In the present embodiment, each process such as authentication process, lock control process, identity verification process, and unlock process may be provided to each terminal device 20 by one authentication server device 10, or a plurality of such processes. It may be provided to each terminal device by constructing a server system by interlocking the authentication server device 10 of the above.

Further, the first database 140 and the second database 150 of the present embodiment may be connected to the network independently of the authentication server device 10, or may be formed of one or a plurality of databases, respectively. Further, the first database 140 and the second database 150 may be provided by one database.

Further, in the present embodiment, the authentication server device 10 and the service server device 30 are described separately and independently, but they may be formed as one server device or one server system, and authentication processing and locking may be performed. The control process and the unlock process may be included in the service server device 30.

The present invention is not limited to the one described in the above embodiment, and various modifications can be made. For example, a term cited as a broad or synonymous term in a description in a specification or drawing can be replaced with a broad or synonymous term in another description in the specification or drawing.

The present invention includes a configuration substantially the same as the configuration described in the embodiment (for example, a configuration having the same function, method and result, or a configuration having the same purpose and effect). The present invention also includes a configuration in which a non-essential part of the configuration described in the embodiment is replaced. In addition, the present invention includes a configuration that exhibits the same effects as the configuration described in the embodiment or a configuration that can achieve the same object. Further, the present invention includes a configuration in which a known technique is added to the configuration described in the embodiment.

As described above, the embodiments of the present invention have been described in detail, but those skilled in the art will easily understand that many modifications that do not substantially deviate from the novel matters and effects of the present invention are possible. .. Therefore, all such modifications are included in the scope of the present invention.

1: Authentication management communication system 10: Authentication server device 20: Terminal device 30: Service server device 100: Processing unit 101: Communication control unit 102: DB management control unit 103: Authentication processing unit 104: Lock control unit 107: Timer Management unit 140: First database 150: Second database 170: Storage unit 180: Information storage medium 196: Communication unit 200: Processing unit 210: Communication control unit 211: Web browser 212: Imaging control unit 213: Display control unit 214: Input reception processing unit 220: Drawing unit 230: Sound processing unit 250: Imaging unit 260: Operation input unit 262: Detection unit 270: Storage unit 271: Main storage unit 272: Image buffer 273: User information storage unit 280: Information storage medium 290: Display unit 292: Sound output unit 296: Communication unit

Claims (8)

An authentication system that authenticates each user
For each user, identification information that identifies the user, reference biometric information in which a plurality of biometric information of the same type that changes over time of each user but at different timings of data conversion are sequentially registered, and standard biometric information for each user. A management means for managing a database in which the key information set in is associated with the reference key information used for authentication and registered in advance as registration information, and
A receiving means for receiving the input information input by each user, and
When executing the authentication of a specific user, the database is searched based on the identification information included in the received input information, and the reference key information corresponding to the identification information and the received input information are included. An authentication processing means that executes an authentication process for the specific user based on the input key information indicating the key information to be obtained.
If the authentication of the specific user is determined to be unsuccessful by the authentication process and the given conditions are satisfied, the execution of the authentication process after the specified conditions are satisfied by the specific user is refused. Lock control means to lock
When the identification information of the locked target user indicating the user whose authentication process is locked and the input biometric information indicating the biometric information are received as the input information, the database is based on the identification information of the locked user. Is searched, and at least one of the reference biometric information corresponding to the identification information or the model information indicating the model of the biometric information generated based on the reference biometric information is compared with the input biometric information of the locked user. Comparison processing means to execute comparison processing and
When it is determined by the comparison process that at least one of the reference biometric information or the model information and the input biometric information are the same, the unlocking means for unlocking the authentication process by the lock target user.
With
The lock control means
When the lock is locked, the lock status information indicating the lock status is provided to the lock target user, and the lock status information is used as the reference lock status information in the database in association with the identification information of the lock target user. Register and
The comparison processing means
When the input lock status information indicating the provided lock status information is received as the input information together with the identification information and the input biometric information, the identification information corresponding to the identification information of the lock target user is associated with the identification information. The comparison process for determining whether or not the reference lock status information that matches the input lock status information is registered in the database is executed, and the comparison process is executed.
The unlocking means
By the comparison process, it is determined that at least one of the reference biometric information or the model information and the input biometric information are the same, and the reference lock status information that matches the input lock status information is registered in the database. An authentication system characterized in that the lock of the authentication process by the locked target user is released when it is determined that the information has been set. In the authentication system according to claim 1,
Further provided with a registration means for registering the newly input input biometric information in the database at a given timing.
The comparison processing means
Each time the identification information and the input biometric information input by each user including the lock target user are received, the database is searched based on the received identification information, and the reference biological body corresponding to the identification information is searched. Perform the comparison process to compare at least one of the information or the model information with the input biometric information.
The registration means
When it is determined by the comparison process that at least one of the reference biometric information or the model information and the input biometric information are the same, the input biometric information is associated with the identification information used in the comparative process. An authentication system that additionally registers as the standard biometric information. In the authentication system according to claim 1 or 2.
User information about each user is stored in the database as reference user information in association with the identification information.
The comparison processing means
When the input user information indicating the user information is received as the input information together with the identification information and the input biometric information, the input user is associated with the identification information matching the identification information of the lock target user. The comparison process for determining whether or not the reference user information that matches the information is registered in the database is executed, and the comparison process is executed.
The unlocking means
It is determined by the comparison process that at least one of the reference biometric information or the model information and the input biometric information are the same, and user information that matches the user information received in the database is registered. An authentication system that unlocks the authentication process by the locked user when it is determined. In the authentication system according to claim 1 or 2.
An authentication system in which the input biometric information and the reference biometric information are both information related to a facial image. A program that authenticates each user
For each user, identification information that identifies the user, reference biometric information in which a plurality of biometric information of the same type that changes over time of each user but at different timings of data conversion are sequentially registered, and standard biometric information for each user. A management means for managing a database in which the key information set in is associated with the reference key information used for authentication and registered in advance as registration information.
Receiving means for receiving the input information input by each user,
When executing the authentication of a specific user, the database is searched based on the identification information included in the received input information, and the reference key information corresponding to the identification information and the received input information are included. An authentication processing means that executes an authentication process for the specific user based on the input key information indicating the key information to be obtained.
If the authentication of the specific user is determined to be unsuccessful by the authentication process and the given conditions are satisfied, the execution of the authentication process after the specified conditions are satisfied by the specific user is refused. Lock control means to lock
When the identification information of the locked target user indicating the user whose authentication process is locked and the input biometric information indicating the biometric information are received as the input information, the database is based on the identification information of the locked user. Is searched, and at least one of the reference biometric information corresponding to the identification information or the model information indicating the model of the biometric information generated based on the reference biometric information is compared with the input biometric information of the locked user. Comparison processing means for executing comparison processing, and
An unlocking means for unlocking the authentication process by the lock target user when it is determined by the comparison process that at least one of the reference biometric information or the model information and the input biometric information are the same.
To function as a computer,
The lock control means
When the lock is locked, the lock status information indicating the lock status is provided to the lock target user, and the lock status information is used as the reference lock status information in the database in association with the identification information of the lock target user. Register and
The comparison processing means
When the input lock status information indicating the provided lock status information is received as the input information together with the identification information and the input biometric information, the identification information corresponding to the identification information of the lock target user is associated with the identification information. The comparison process for determining whether or not the reference lock status information that matches the input lock status information is registered in the database is executed, and the comparison process is executed.
The unlocking means
By the comparison process, it is determined that at least one of the reference biometric information or the model information and the input biometric information are the same, and the reference lock status information that matches the input lock status information is registered in the database. A program characterized in that, when it is determined that the information has been set, the lock of the authentication process by the locked user is released. The server device that releases the authentication process when the user's authentication process is locked, the identification information that identifies the user for each user, and the same type of biometric information that changes over time for each user, and the timing of data conversion The reference biometric information in which a plurality of different biometric information is sequentially registered and the reference key information which is the key information set for each user and used for authentication are associated and registered in advance as registration information. A terminal device that is connected to a database via a network.
Input receiving means for receiving input information input by the user,
When executing the authentication of a specific user, the database is searched based on the identification information included in the received input information, the reference key information corresponding to the identification information, and the key included in the received input information. An authentication processing means that executes an authentication process for the specific user based on the input key information indicating the information, and
If the authentication of the specific user is determined to be unsuccessful by the authentication process and the given conditions are satisfied, the execution of the authentication process after the specified conditions are satisfied by the specific user is refused. Lock control means to lock
A communication control means for receiving an unlock notification for unlocking the authentication process transmitted from the server device, and
An unlocking means for unlocking the authentication process based on the received unlock notification,
With
The lock control means
In conjunction with the server device, lock status information indicating the lock status when the authentication process is locked is associated with the identification information of the specific user and registered in the database as reference lock status information. ,
The communication control means
When the authentication process is locked, the input lock status information indicating the lock status information is transmitted to the server device as the input information together with the received identification information and the input biometric information indicating the biometric information. ,
The server device searches the database based on (a) the transmitted identification information, and the biometric information generated based on at least one of the reference biometric information corresponding to the identification information or the reference biometric information. A comparison process for comparing the model information indicating the model of the user with the input biometric information of the user is executed, and (b) at least one of the reference biometric information or the model information and the input biometric information are the same by the comparison process. It is determined that (c) the reference lock status information that matches the input lock status information is registered in the database in association with the identification information that matches the identification information of the input information. In this case, the terminal device is characterized by receiving the unlock notification transmitted from the server device. The server device that releases the authentication process when the user's authentication process is locked, the identification information that identifies the user for each user, and the same type of biometric information that changes over time for each user, and the timing of data conversion The reference biometric information in which a plurality of different biometric information is sequentially registered and the reference key information which is the key information set for each user and used for authentication are associated and registered in advance as registration information. A database and a terminal device connected via a network
Input receiving means that accepts input information input by the user,
When executing the authentication of a specific user, the database is searched based on the identification information included in the received input information, the reference key information corresponding to the identification information, and the key included in the received input information. An authentication processing means that executes an authentication process for the specific user based on the input key information indicating the information.
If the authentication of the specific user is determined to be unsuccessful by the authentication process and the given conditions are satisfied, the execution of the authentication process after the specified conditions are satisfied by the specific user is refused. Lock control means to lock
A communication control means for receiving an unlock notification for unlocking the authentication process transmitted from the server device, and a communication control means.
An unlocking means for unlocking the authentication process based on the received unlock notification,
To function as
The lock control means
In conjunction with the server device, lock status information indicating the lock status when the authentication process is locked is associated with the identification information of the specific user and registered in the database as reference lock status information. ,
The communication control means
When the authentication process is locked, the input lock status information indicating the lock status information is transmitted to the server device as the input information together with the received identification information and the input biometric information indicating the biometric information. ,
The server device searches the database based on (a) the transmitted identification information, and the biometric information generated based on at least one of the reference biometric information corresponding to the identification information or the reference biometric information. A comparison process for comparing the model information indicating the model of the user with the input biometric information of the user is executed, and (b) at least one of the reference biometric information or the model information and the input biometric information are the same by the comparison process. It is determined that (c) the reference lock status information that matches the input lock status information is registered in the database in association with the identification information that matches the identification information of the input information. A program characterized by receiving the unlock notification transmitted from the server device in the event of a failure. Terminal equipment used for user authentication processing
A server device that is connected to the terminal device via a network and releases the authentication process when it is locked.
With
The server device
For each user, identification information that identifies the user, reference biometric information in which a plurality of biometric information of the same type that changes over time of each user but at different timings of data conversion are sequentially registered, and standard biometric information for each user. A management means for managing a database in which the key information set in is associated with the reference key information used for authentication and registered in advance as registration information, and
A receiving means for receiving input information input by each user and transmitted from the terminal device, and
When executing the authentication of a specific user, the database is searched based on the identification information included in the received input information, and the reference key information corresponding to the identification information and the received input information are included. An authentication processing means that executes an authentication process for the specific user based on the input key information indicating the key information to be obtained.
If the authentication of the specific user is determined to be unsuccessful by the authentication process and the given conditions are satisfied, the execution of the authentication process after the specified conditions are satisfied by the specific user is refused. Lock control means to lock
When the identification information of the locked target user indicating the user whose authentication process is locked and the input biometric information indicating the biometric information are received as the input information, the database is based on the identification information of the locked user. Is searched, and at least one of the reference biometric information corresponding to the identification information or the model information indicating the model of the biometric information generated based on the reference biometric information is compared with the input biometric information of the locked user. Comparison processing means to execute comparison processing and
When it is determined by the comparison process that at least one of the reference biometric information or the model information and the input biometric information are the same, the unlocking means for unlocking the authentication process by the lock target user.
With
The lock control means
When the lock is locked, the lock status information indicating the lock status is provided to the lock target user, and the lock status information is used as the reference lock status information in the database in association with the identification information of the lock target user. Register and
The comparison processing means
When the input lock status information indicating the provided lock status information is received as the input information together with the identification information and the input biometric information, the identification information corresponding to the identification information of the lock target user is associated with the identification information. The comparison process for determining whether or not the reference lock status information that matches the input lock status information is registered in the database is executed, and the comparison process is executed.
The unlocking means
By the comparison process, it is determined that at least one of the reference biometric information or the model information and the input biometric information are the same, and the reference lock status information that matches the input lock status information is registered in the database. An authentication management communication system characterized in that the lock of the authentication process by the locked target user is released when it is determined that the information has been set.

Images