JP7158793B1 - Authentication devices, vending systems, transit systems, and automated teller machines - Google Patents

Abstract

Kind Code: A1 An authentication device capable of suppressing erroneous authentication of an identity verification body even when a facial photograph displayed on the identity verification body or its recorded face data is falsified. An authentication device (30) includes a verification body photographing unit (34) for acquiring an image of the outer surface of a person verification body, and a display for acquiring display face data corresponding to a facial photograph (70) from the image acquired by the verification body photographing unit (34). a face data acquisition unit 61; a display information acquisition unit 62 that acquires the serial number 76 from the image acquired by the verification body photographing unit 34; a transmitting/receiving unit 64 for transmitting a serial number 76 to a server 50 having a database 54 and requesting stored face data associated with the serial number 76; and an authentication unit 63 for authenticating the body. [Selection drawing] Fig. 1

Description

The present invention relates to authentication devices, vending systems, transit systems, and automated teller machines.

In Patent Document 1, claim 1 describes "a personal authentication device for verifying the identity of a user, comprising a photographed image acquiring unit for photographing the user with a camera and acquiring a first facial image; a photo image acquisition unit that reads a face photo attached to an identity verification document to acquire a second face image; A recorded image acquisition unit that acquires an image compares the first facial image, the second facial image, and the third facial image, and if the matching rate of the three facial images is a predetermined value or more, A personal authentication device including a verification processing unit for determining that the user is the person himself/herself.”

Here, referring to paragraphs [0024], [0029], etc. of the specification of Patent Document 1, the collation processing unit, for example, (1) compares the first face image, the second face image, and the second face image; After extracting a plurality of feature points from each of the facial images of 3, (2) comparing the plurality of feature points of these facial images, (3) determining the number of matching feature points in these images is If there are more than a certain number of facial images, it is determined that the facial images are those of the same person.

Then, referring to paragraphs [0005] and [0006] of the specification, the above-mentioned personal authentication device disclosed in Patent Document 1 states, "In the future, various transactions will be conducted via online terminals such as ATMs. It is expected that this will be the case, and it is required to be able to perform highly accurate personal authentication efficiently in compliance with the Act on Prevention of Transfer of Criminal Proceeds. The purpose is to provide an authentication device.

However, in the personal authentication device disclosed in Japanese Patent Laid-Open No. 2002-100001, a third party falsifies the facial photograph attached to the personal identification document or the facial photograph data recorded in the IC chip, so that the person identified by the personal identification document is authenticated. If the person pretends to be the person, there is a risk of erroneously authenticating the person because the face image is unlikely to differ.

Patent No. 6513866

The present invention has been made in view of such problems of the prior art. An object of the present invention is to provide an authentication device capable of suppressing authentication.

ADVANTAGE OF THE INVENTION According to the first aspect of the present invention, it is possible to suppress erroneous authentication of an identity verification body even when a facial photograph displayed on the identity verification body or its recorded face data is falsified. An authentication device is provided that can. This authentication device is used for authenticating a personal identification body including a facial photograph displayed on the outer surface and recorded facial data recorded in a storage unit corresponding to the facial photograph. The authentication device includes: a first image acquisition unit that acquires an image of at least a part of the outer surface of the personal identification body; and a display corresponding to the facial photograph from the image acquired by the first image acquisition unit. a display face data acquisition unit that acquires face data; and an identification that acquires identification information for identifying the identity verification object from the image acquired by the first image acquisition unit or the storage unit of the identity verification object. an information acquisition unit, a recorded face data acquisition unit for acquiring the recorded face data from the storage unit of the personal identification body, and transmitting the identification information acquired by the identification information acquisition unit to a server having a face database. requesting the stored face data associated with the identification information, and that the stored face data stored in the face database from the server in response to the request or the requested stored face data does not exist in the face database; the displayed face data acquired by the displayed face data acquisition unit; the recorded face data acquired by the recorded face data acquisition unit; and the an authentication unit that authenticates the identity verification object based at least on the response from the server.

According to a second aspect of the present invention, there is provided a sales system comprising an authentication device according to any one of configurations 1 to 9 above, and a sales device that is communicatively connected to the authentication device and sells merchandise. The sales device is configured to receive information indicating affirmation from the authentication device when the authentication unit of the authentication device affirms the authentication of the personal identification body, thereby enabling the sale of the product. be.

According to a third aspect of the present invention, the authentication device according to any one of configurations 1 to 9 above is communicably connected to the authentication device, and a user passes through a communication path between one area and another area. and a pass-through device for permitting or monitoring the passage of said user. When the authentication unit of the authentication device affirms the authentication of the personal identification body, the passing device receives information indicating the affirmation from the authentication device and permits the user to pass through the communication path. and, when the authentication unit denies the authentication of the identity verification body, the user is disabled from passing through the communication path or notified.

According to a fourth aspect of the present invention, there is provided an automatic teller system comprising an authentication device according to any one of the configurations 1 to 9 and an automated teller machine communicably connected to the authentication device. be done. When the authentication unit of the authentication device affirms the authentication of the personal identification body, the automatic teller machine receives information indicating the affirmation from the authentication device, and instructs the user to operate the automatic teller machine. is configured to allow

FIG. 1 is a schematic diagram showing a sales system including an authentication device according to the first embodiment of the invention. FIG. 2 is a block diagram showing functional configurations of a sales device and an authentication device in the sales system shown in FIG. 1; FIG. 3 is a diagram schematically showing a My Number card as an example of an identity confirmation body used in the sales system shown in FIG. 1; FIG. 4 is a flow chart of operations in the authentication device of the sales system shown in FIG. FIG. 5 is a flow chart of operations in the server of the sales system shown in FIG. FIG. 6 is a flow chart of operations in the authentication device according to the second embodiment of the present invention. FIG. 7 is a schematic diagram showing a sales system including an authentication device according to a third embodiment of the invention. 8 is a block diagram showing the functional configuration of the sales device and authentication device in the sales system shown in FIG. 7. FIG. FIG. 9 is a flow chart of operations in the authentication device of the sales system shown in FIG. Figure 10 is a schematic diagram of a pass-through device that can be used with an authentication device according to the present invention; FIG. 11 is a schematic diagram of an automated teller machine that can be used with an authentication device according to the present invention;

1 to 11, embodiments of an authentication device according to the present invention will be described in detail below. 1 to 11, the same or corresponding components are denoted by the same reference numerals, and redundant explanations are omitted. In addition, in FIGS. 1 to 11, the scale and dimensions of each component may be exaggerated, and some components may be omitted. In the following description, unless otherwise specified, terms such as "first" and "second" are used only to distinguish components from each other and indicate a particular rank or order. not a thing

A sales system including an authentication device according to a first embodiment of the present invention will be described below with reference to the drawings. First, the function and configuration of the sales system of this embodiment will be described. Next, sales operation of the sales system of this embodiment will be described. Next, the effects of the sales system of this embodiment will be described.

FIG. 1 is a schematic diagram showing a sales system 10 including an authentication device 30 according to the first embodiment of the invention. As shown in FIG. 1, the sales system 10 of this embodiment includes a plurality of sales devices 20 installed at a plurality of locations, an authentication device 30 connected to each sales device 20, and a plurality of authentication devices 30. and a server 50 connected via a network 40 such as the Internet. FIG. 2 is a block diagram showing functional configurations of the sales device 20 and the authentication device 30. As shown in FIG.

[Vending device 20]
The vending device 20 is, for example, a vending machine for selling products (not shown). Examples of products sold by vending device 20 are cigarettes and alcohol, but any product that requires authentication (including age verification) of the user of vending device 20 who is the purchaser in order to purchase the product. is not limited to cigarettes and alcohol.

Vending device 20 is, for example, a vending machine. Although detailed description of the configuration is omitted in this specification, the sales device 20 is communicably connected to the authentication device 30 . Specifically, the vending device 20 is provided with a control unit 22 that controls the main body of the vending device 20 (controllable components other than the control unit 22). The control unit 22 is configured to enable sales of products to the main body of the sales device 20 by receiving information indicating that a positive determination has been made, which will be described later, from the authentication device 30 . As shown in FIG. 1, the vending device 20 includes, as an example, a product display 24 that displays samples S of a plurality of products to be sold, and a product outlet 26 through which the user takes out the purchased products. I have.

[Authentication device 30]
The authentication device 30 is composed of, for example, a computer, and as shown in FIG. , a communication unit 37 for connecting to the network 40 and performing data communication with the server 50, and a communication unit 38 for performing data communication with the sales device 20, each configuration and a control unit 39 for controlling the operation of the elements.

The storage unit 35 stores an OS (Operating System), a program for controlling the authentication device 30, a program for performing authentication according to the present invention, and various other data. The control unit 39 includes a processor (CPU), ROM, RAM, etc. The program stored in the storage unit 35 is loaded into the RAM and executed by the processor to perform various functions (display shown in FIG. 2). function of face data acquisition unit 61, display information acquisition unit 62, authentication unit 63, transmission/reception unit 64, etc.). Each unit of the authentication device 30 will be described below. In the description of each unit, the control unit 39 controls the operation of each unit based on the program P. FIG.

The authentication device 30 has a function of authenticating the identity verification body, and is communicably connected to the control unit 22 of the sales device 20 via the communication unit 38 . As used herein, "communicatively connected" means enabled to transfer data. Therefore, an example of this connection may be a wired connection using a cable or the like, a wireless connection using electromagnetic waves such as infrared rays or ultraviolet rays, or a combination of wired connection and wireless connection. It may be, for example, an internet connection.

Examples of identity verification material include driver's licenses, My Number cards, cash cards, credit cards, employee ID cards, boarding cards, electronic money cards, etc., which have a photo on the outside, basic information such as name and address, and other information. information is displayed, and a recording medium is provided inside as a storage unit. In the following explanation, an example of using a My Number card as an identity verification body will be mainly explained, but the following explanation can be similarly applied to other types of identity verification bodies.

FIG. 3 is a diagram schematically showing a My Number card M as an example of an identity verification body used in this embodiment. On the outer surface of the My Number Card M, the owner's face photo 70 of the My Number Card M, the owner's name 71, the owner's address 72, the owner's gender 73, the owner's date of birth 74, An expiration date 75 of the My Number Card M, a serial number 76 of the My Number Card M, and a security code 77 are displayed. These pieces of information can be affixed or printed on the outer surface of the identification.

The name 71, address 72, gender 73, and date of birth 74 displayed on the outer surface of the My Number Card M are part of the basic information about the owner of the My Number Card M, and are referred to here as "basic display information." and The types of information used as display basic information are not limited to the four listed here, and only some of them may be used as display basic information, or other information may be added to these information. The added information may be used as the display basic information, or information different from these information may be used as the display basic information. The manufacturing number 76 of the My Number Card M is a number assigned to each My Number Card, and can be used as identification information for identifying the My Number Card. For example, if the identification is a driver's license, the license number can be used as identification information.

A recording medium as a storage unit is provided inside the My Number card M as an identity confirmation body, and image data (recorded face data) of the face photograph 70 displayed on the outer surface is stored in the recording medium. . The recording medium also stores image data and text data of display basic information displayed on the outer surface as recording basic information. In addition to the above information, this recording medium also stores an electronic certificate that can be used by entering a personal identification number (PIN).

The personal identification device may be, for example, an information communication terminal such as a smart phone. In this case, the face photograph and basic information displayed on the identity verification body may be displayed on an output device such as a display of the identity verification body. Also, the recording medium of the personal identification body may be configured to be communicable with an external database, and the image data of the face photograph received from the external database may be stored as recorded face data in the recording medium.

The verification object photographing unit 34 functions as a (first) image acquisition unit that photographs an identification object that the user intends to use and acquires an image of at least a part of the outer surface of the identification object. This confirming object photographing unit 34 may be any device as long as it is capable of photographing an object to be photographed and acquiring the image data thereof. The confirmation object photographing unit 34 is, for example, a digital camera capable of acquiring photographed data. However, as long as the function described above can be exhibited, an example of the confirming object photographing unit 34 may not be a digital camera, and may be a scanner, for example.

A display face data acquisition unit 61 realized by the program P of the control unit 39 extracts a portion where the face photograph 70 (see FIG. 3) is displayed from the image data of the outer surface of the identification object photographed by the confirmation object photographing unit 34. Acquire as display face data.

Further, the display information acquisition unit 62 realized by the program P obtains information (name 71, address 72, gender 73, date of birth 74, The part where the expiration date 75, the serial number 76, and the security code 77) are displayed is extracted, and the characters written in these parts are recognized to acquire the data. Therefore, the display information acquisition unit 62 acquires the manufacturing number 76 as identification information from the image data acquired by the confirmation object photographing unit 34 and the image data acquired by the confirmation object photographing unit 34 to display the information. It can function as a display basic information acquisition unit that acquires basic information (name 71, address 72, sex 73, and date of birth 74).

The reading unit 36 has a function of reading data stored in the recording medium of the identification body and storing the read data. That is, the reading unit 36 is a recorded face data acquisition unit that reads and acquires image data (recorded face data) of the face photograph 70 from the recording medium of the identification body, and reads and acquires recorded basic information from the recording medium of the identification body. It can function as a recording basic information acquisition unit. For example, when the identification is a card or the like and the data is stored in the memory (not shown) of the RF tag, the reading unit 36 is an RFID type reading device capable of storing the read data. good.

For security reasons, access to the data stored in the recording medium of the identification may be restricted. For example, if the identification is My Number Card M, the display information acquisition unit By inputting a verification number obtained by combining the date of birth 74, the expiration date 75, and the security code 77 acquired by 62, the reading unit 36 can read the recorded face data and the recorded basic information.

Further, for example, when the identity verification device is an information communication device such as a smart phone, the reading unit 36 transfers data from the identity verification device (for example, recorded face data, Recorded basic information) may be read and the read data may be stored. In any case, the reading unit 36 should be able to read data by a method suitable for the type of identity verification material.

The authentication unit 63 realized by the program P of the control unit 39 makes an affirmative judgment that the person confirming the person is genuine (not falsified) based on a plurality of face data acquired as described later. A negative determination is made that the identity verification body is a fake (falsified).

An arbitrary method can be used as a method of authenticating an identification object based on a plurality of face data. For example, the authentication unit 63 (1) calculates feature data for each of the target face data, and (2) (i) sets the feature value obtained from each calculated feature data within a predetermined range. If it exists, make a positive judgment that the identity verifier is genuine (not tampered with); ) may be negatively determined.

Alternatively, the authentication unit 63 (1) calculates a plurality of feature points in each of the target face data, (2) compares these feature points, and (i) determines the number of matching feature points. If the number is greater than or equal to the specified number, affirmative judgment is made that the identity verifier is genuine (not tampered with); It is possible to make a negative judgment that

This "feature data" or "feature point" is, for example, data obtained from an image of a portion of the face including both eyes. More specifically, for example, (1) the skeleton of the face, (2) the distance between the outer edge of one eye and the outer edge of the other eye, (3) the inner edge of one eye and the other eye. Distance from the inner edge of the eye, (4) the inner edge of one eye and the inner edge of the other eye with respect to the first imaginary straight line connecting the outer edge of one eye and the outer edge of the other eye (5) the distance between the center of the eyeball of one eye and the center of the eyeball of the other eye, (6) the center of the eyeball of one eye with respect to the first virtual straight line and the other (7) Maximum width of each eye, (8) Ratio between maximum widths of each eye, (9) Shape of nose, (10) Position of nose with respect to both eyes , (11) one or more data selected in advance from values such as the position of the mouth with respect to both eyes.

The “feature value obtained from each calculated feature data” means a value calculated from a function incorporated in the program P of the control unit 39 using the predetermined feature data. For example, it may be a value calculated by a function whose parameters are (2), (4) and (5), and a value calculated by a function whose parameters are (2), (3) and (6) It may be a calculated value. Alternatively, a value represented by an n×m matrix (where n and m are integers equal to or greater than 1) composed of a plurality of these values may be used.

It should be noted that the above function in the present embodiment was obtained by the inventors of the present application using a large number of samples of humans, in the case of the same person and in the case of different people, the position, size, and angle of each part related to the face exemplified above. It is a function derived by collecting parameters related to Further, the above-mentioned "predetermined range" is a range obtained by adjusting the characteristic value calculated from the function when the inventors of the present application derived the function.

A transmission/reception unit 64 realized by the program P of the control unit 39 transmits the identification information (manufacturing number 76) acquired by the display information acquisition unit 62 to the server 50 via the communication unit 37, and associates it with the identification information. It has a function of requesting the server 50 for the saved face data. The transmitting/receiving unit 64 also has a function of transmitting the displayed face data acquired by the displayed face data acquiring unit 61 or the recorded face data acquired by the reading unit 36 to the server 50, and the manufacturing number acquired by the display information acquiring unit 62. It also has a function of transmitting information other than 76 to the server 50 . The transmitting/receiving section 64 is configured to receive a response from the server 50 via the communication section 37 .

[Server 50]
As shown in FIG. 1, the server 50 controls the operation of a storage unit 51 including ROM, RAM, flash memory, etc., a communication unit 52 for performing data communication by connecting to the network 40, and the operation of each component. and a control unit 53 . The storage unit 51 stores an OS, a program for controlling the server 50, a face database 54, which will be described later, and various other data. The control unit 53 includes a processor (CPU), ROM, RAM, etc., and implements various functions by loading programs stored in the storage unit 51 into the RAM and executing the programs by the processor.

The face database 54 stored in the storage unit 51 of the server 50 includes records including identification information of identity verification bodies and face data (stored face data) associated with the identification information. In this embodiment, the manufacturing number 76 displayed on the outer surface of the My Number Card M is used as the identification information included in the face database 54 .

The server 50 is communicably connected to the control unit 39 of the authentication device 30 via the communication unit 52 (and the communication unit 37 of the authentication device 30). The server 50 receives the stored face data acquisition request sent from the authentication device 30 together with the manufacturing number 76 as the identification information via the communication unit 52, and retrieves the corresponding record from the face database 54 using the received identification information as a key. It is searchable. The server 50 transmits the search result of this record to the authentication device 30 via the communication unit 52 . The server 50 can also receive the displayed face data or the recorded face data transmitted from the authentication device 30 and store it in the face database 54 as stored face data in association with the received serial number 76 .

Next, sales operations of the sales system 10 of this embodiment will be described mainly with reference to FIGS. 4 and 5. FIG. FIG. 4 is a flow chart of operations in the authentication device 30 of the sales system 10 of this embodiment, and FIG. 5 is a flow chart of operations in the server 50 . As described above, the control unit 39 controls the operation of each unit of the authentication device 30 based on the program P, and the control unit 22 controls the operation of the sales device 20 based on the program P. The operation of the server 50 is controlled by the control unit 53, and the operation of each unit of the server 50 is controlled by the control unit 53. The following explanation is based on this point.

First, when a person who intends to purchase a product from one of the plurality of vending machines 20 is positioned in front of the vending machine 20, the sales system 10 inserts a personal verification body into the card insertion slot of the verification body photographing section . A person who intends to purchase the product is instructed to insert (my number card M). Then, the user of the vending device 20 who wishes to purchase the product inserts the identity confirmation body (my number card M) into the card slot according to this instruction. Then, in the authentication device 30, the sales operation flow shown in FIG. 4 is started.

First, the verification object photographing unit 34 of the authentication device 30 photographs the outer surface of the personal verification object (my number card M) and acquires the photographed image as photographed data (see step S10 in FIG. 4). Then, the display face data acquisition unit 61 extracts the portion where the face photograph 70 is displayed from the photographed data and acquires it as display face data, and the display information acquisition unit 62 extracts each information (name 71, Address 72, gender 73, date of birth 74, expiration date 75, manufacturing number 76, and security code 77) are extracted, and the characters written in these parts are recognized to acquire the data. (see step S11 in FIG. 4).

Further, the reading unit 36 reads the recorded face data and the recorded basic information stored in the recording medium of the personal identification card (My Number Card M), and stores the read recorded face data and the recorded basic information (see FIG. 4). See step S12). At this time, if the security of the identity verification device requires it, part or all of the information acquired by the display information acquisition unit 62 can be used as a security key for identity verification in order to read the recorded face data and the recorded basic information. entered into the body.

The order of the operations described above may be changed. For example, step S10 and step S11 may be performed after step S12. Further, the operations of steps S10 and S11 may be performed in parallel with step S12. In any case, steps S10 to S12 should be completed before step S20, which will be described later.

Next, the transmitting/receiving unit 64 of the authentication device 30 transmits the identification information (manufacturing number 76 of the My Number card M) among the information acquired by the display information acquisition unit 62 to the server 50, and the face associated with this identification information. A request to acquire data (stored face data) from the face database 54 is sent to the server 50 (see step S20 in FIG. 4).

When the communication unit 52 of the server 50 receives the identification information and the data acquisition request transmitted from the authentication device 30 (see step S50 in FIG. 5), the control unit 53 of the server 50 receives the received identification information (serial number 76) is used as a key, the corresponding record is retrieved from the face database 54 stored in the storage unit 51 (see step S51 in FIG. 5). When a corresponding record is found by this search, the control unit 53 of the server 50 transmits the saved face data in the corresponding record to the authentication device 30 via the communication unit 52 (see step S52 in FIG. 5). . On the other hand, if no corresponding record is found, the control unit 53 of the server 50 transmits data indicating that the requested saved face data does not exist in the face database 54 to the authentication device 30 via the communication unit 52. (see step S53 in FIG. 5).

Next, the transmission/reception unit 64 of the authentication device 30 receives the response from the server 50 (see step S21 in FIG. 4), and determines whether the response from the server 50 is stored face data (step S21 in FIG. 4). S30 reference). When the response from the server 50 is stored face data, the authentication unit 63 of the authentication device 30 performs (1) the displayed face data acquired in step S11, (2) the recorded face data acquired in step S12. and (3) My number card M is authenticated based on the stored face data received in step S21. For example, the authentication unit 63 calculates feature data for each of the displayed face data, the recorded face data, and the saved face data (see step S31 in FIG. 4), and the feature value obtained from each calculated feature data is The My Number Card M is authenticated by determining whether or not it exists within a predetermined range (see step S32 in FIG. 4).

If the authenticating section 63 makes an affirmative determination in step S32, it regards the person confirming body as genuine. Next, the control unit 39 of the authentication device 30 transmits information to that effect (information indicating that the identity verification body is genuine) to the control unit 22 of the sales device 20, and when the control unit 22 receives the received information, The operation of selling the product to the user is started (see step S40 in FIG. 4). When the sale of the product to the user by the vending device 20 ends, the vending operation of the present embodiment also ends.

On the other hand, if the authenticating section 63 makes a negative determination in step S32, it considers that the person confirming body is not genuine. Next, the control unit 39 of the authentication device 30 transmits information to that effect (information indicating that the identity verification object is not genuine) to the control unit 22 of the sales device 20, and when the control unit 22 receives the information, the sales device The selling operation of the present embodiment ends without performing the selling operation of the product to the user by 20 . In this case, the sales system 10 notifies the user to that effect, i.e., to the effect that the product cannot be sold because the personal identification cannot be authenticated. The notification means may be used to notify the user.

On the other hand, if it is determined in step S30 that the response from the server 50 is not stored face data, that is, if data indicating that the requested stored face data does not exist in the face database 54 of the server 50 is received from the server 50, , the transmitting/receiving unit 64 transmits the displayed face data acquired by the displayed face data acquisition unit 61 to the server 50 for storage in the face database 54 of the server 50 (see step S33 in FIG. 4).

When the communication unit 52 of the server 50 receives the displayed face data transmitted from the authentication device 30 in step S33, the control unit 53 of the server 50 transmits the received displayed face data to the identification information ( It is stored in the face database 54 in association with the manufacturing number 76). The display face data saved here will be referred to as saved face data in step S31 when authentication is performed using the same identification information next time. Therefore, if, for example, the facial photograph 70 on the outer surface of the identification body is tampered with until the next authentication, the display facial data (image data of the tampered facial photograph 70) acquired in step S11 and the image data of the facial photograph 70 that is tampered with are received in step S21. Since it becomes difficult to match the saved face data (image data of the face photograph 70 before tampering) to be stored, a negative determination is likely to be made in step S32. Therefore, it is possible to prevent erroneous authentication of the person himself/herself even when the facial photograph displayed on the person confirming body has been tampered with. This is the same when the recorded face data stored in the recording medium of the personal identification body is tampered with.

After the displayed face data is transmitted to the server 50 in step S33 and stored in the face database 54 as described above, the authentication unit 63 of the authentication device 30 performs (1) the displayed face data acquired in step S11 and (2) ) The My Number Card M is authenticated based on the recorded face data obtained in step S12. For example, the authentication unit 63 calculates feature data for each of the displayed face data and the recorded face data (see step S34 in FIG. 4), and the feature values obtained from the calculated feature data are within a predetermined range. My number card M is authenticated by judging whether or not it exists (see step S35 in FIG. 4).

If the authenticating section 63 makes an affirmative determination in step S35, the identity verification body is regarded as genuine. Next, the control unit 39 of the authentication device 30 transmits information to that effect to the control unit 22 of the sales device 20, and when the control unit 22 receives the received information, it starts selling the product to the user ( (see step S40 in FIG. 4). When the sale of the product to the user by the vending device 20 ends, the vending operation of the present embodiment also ends.

On the other hand, if the authenticating section 63 makes a negative determination in step S35, it considers that the user is not the owner of the personal identification body. Next, the control unit 39 of the authentication device 30 transmits information to that effect to the control unit 22 of the sales device 20, and when the control unit 22 receives the information, the sales device 20 performs the operation of selling the product to the user. The selling operation of the present embodiment is terminated without any items.

For example, in the case of the personal authentication device disclosed in Patent Document 1 (hereinafter referred to as a comparative embodiment), as described above, (1) the first facial image (the facial image attached to the personal identification body) and the second After extracting a plurality of feature points from each of the facial images (face images saved in the recording medium of the identification body), (2) comparing the plurality of feature points of each of the two facial images and (3) when the number of matching feature points in the two images is equal to or greater than a predetermined number, it is determined that the two images are face images of the same person. Therefore, in the case of the comparative form, in order to perform personal authentication, at least the time for extracting a plurality of feature points from the two face images in the above (1) and the time for extracting the plurality of feature points from the two face images in the above (2). Time is required for comparison processing between the feature points of the images.

In response to this, for example, the authentication unit 63 (1) calculates feature data for each of the displayed face data, the recorded face data, and the stored face data, or the displayed face data and the recorded face data, and (2) (i) If the feature value obtained from each calculated feature data exists within a predetermined range, affirmative determination is made that the identity verification object is genuine, and (ii) if not, identity verification. If a negative judgment is made that the body is not real, extraction of a plurality of feature points from two or more face images and further comparison of a plurality of feature points of each face image are not performed. In addition, authentication can be performed only by comparing feature values based on predetermined feature data. Therefore, according to the authentication device 30 of the present embodiment, the authentication time can be shortened compared to the comparison mode. As a result, the sales system 10 including the authentication device 30 of the present embodiment can shorten the time from the start of the user's operation to the end of the sale of the product, compared to the comparative embodiment. Moreover, according to the program P of the present embodiment, the authentication time can be shortened as compared with the comparative embodiment.

Note that, in the case of the present embodiment, an image of a portion including both eyes, which is a part of the face, is used as an example to calculate the feature value. Therefore, it is effective in that authentication can be performed without an accurate image of the entire face. For example, in the case of the present embodiment, the portion used for authentication in the first face image (display face data displayed on the identity confirmation body) (in the case of the present embodiment, both eyes, which are part of the face) It is possible to perform authentication even in the case where, for some reason, a substance that masks a part of the face is attached to a part other than the part including the face. It can be said that this effect cannot be realized in the case of the comparative embodiment.

In addition, as described above, in the personal authentication device in the comparative embodiment, if the face photo or the like attached to the personal identification document is tampered with, there is a risk that the person is erroneously authenticated. According to the form, in addition to the display face data corresponding to the face photo displayed on the identity verification body and the recorded face data recorded corresponding to this face photo, it is associated with the identification information for identifying the identity verification body. Since authentication is performed using the stored face data stored in the face database of the server, both the face photo displayed on the identity verification body and the recorded face data recorded corresponding to this face photo are tampered with. Even so, it becomes difficult for the stored face data, which has not been altered, to match the displayed face data and the recorded face data.

FIG. 6 is a flow chart of operations in the authentication device according to the second embodiment of the present invention. This embodiment differs from the first embodiment in that an additional authentication determination step S111 or S112 is performed when an affirmative determination is made in the authentication determination step S32 or S35 in the first embodiment.

More specifically, after making an affirmative determination in the authentication determination step S32, the authentication unit 63 further uses the display basic information acquired by the display information acquisition unit 62 in step S11 and the display basic information acquired by the reading unit 36 in step S12. It is determined whether the recorded basic information partially (for example, the name 71 and the date of birth 74) or the whole matches (see step S111 in FIG. 6). If it is determined that the displayed basic information and the recorded basic information match, a selling operation (step S40) is performed. assume there is. Then, the flow of this sale operation ends.

After the affirmative determination is made in the authentication determination step S35, an additional authentication determination step S112 is performed in the same way. If it is determined that they do not match, the authentication unit 63 considers that the personal identification has been tampered with. Then, the flow of this sale operation ends.

In the above-described first embodiment, for example, even if the displayed face data and the recorded face data are face data of different persons, if the feature values obtained from the two face data are extremely similar (for example, extremely Similar twins can be considered.), that is, when the feature values of the two face data exist within a predetermined range, the identity verification object is authenticated as genuine. However, in the case of this embodiment, after the so-called face authentication is performed in the authentication judgment step S32 or step S35, the display basic information and the recording basic information, which are authentication from a viewpoint different from the face authentication, are part of them. Alternatively, it is determined whether they match in all (step S111 or step S112). Therefore, in the case of this embodiment, even if a positive determination is made in image authentication, it is possible to make a negative determination that the identity verification material has been tampered with. From another point of view, according to the present embodiment, it is possible to detect falsification of the personal identification body, which cannot be detected by authentication using a face image.

FIG. 7 is a schematic diagram showing a sales system 210 including an authentication device 230 according to the third embodiment of the present invention, and FIG. 8 is a block diagram showing functional configurations of the sales device 20 and the authentication device 230 shown in FIG. It is a diagram. The authentication device 230 in the present embodiment differs from the first embodiment in that it has a user photographing section 231 constituted by, for example, a camera, and a user face data acquiring section 261 realized by the program P of the control section 39. It differs from the authentication device 30 in form.

The user photographing unit 231 functions as a (second) image obtaining unit that photographs the user of the sales device 20 and obtains an image of the user's face. The user photographing unit 231 may be any device as long as it is capable of photographing an object to be photographed and acquiring the image data thereof. The user imaging unit 231 is, for example, a digital camera capable of acquiring imaging data. However, an example of the user photographing unit 231 may not be a digital camera as long as it can exhibit the functions described above.

The user face data acquisition unit 261 realized by the program P of the control unit 39 is configured to acquire user face data obtained by photographing the user's face from the image acquired by the user photographing unit 231. .

The authentication unit 63 in this embodiment uses the user face data acquired by the user face data acquisition unit 261 in addition to the face data used in the first embodiment to authenticate the identity verification object. is configured to In addition to the function described in the first embodiment, the transmitting/receiving section 64 in this embodiment also has a function of transmitting the user face data acquired by the user face data acquiring section 261 to the server 50. there is

FIG. 9 is a flow chart of the operation of the authentication device 230 in this embodiment. When the sales operation flow starts in the authentication device 230, first, the user photographing unit 231 of the sales device 20 photographs the user and acquires the photographed image as photographed data (see step S210 in FIG. 9). ). Then, the user face data acquisition unit 261 extracts the user's face from the photographed data and acquires it as user face data (see step S211 in FIG. 9).

Further, the verification object photographing unit 34 of the authentication device 230 photographs the outer surface of the personal verification object (my number card M) and acquires the photographed image as photographed data (see step S10 in FIG. 9). Then, the display face data acquisition unit 61 extracts the portion where the face photograph 70 is displayed from the photographed data and acquires it as display face data, and the display information acquisition unit 62 extracts each information (name 71, Address 72, gender 73, date of birth 74, expiration date 75, manufacturing number 76, and security code 77) are extracted, and the characters written in these parts are recognized to acquire the data. (see step S11 in FIG. 9).

In addition, the reading unit 36 reads the recorded face data and the recorded basic information stored in the recording medium of the identification body (My Number Card M), and stores the read recorded face data and the recorded basic information (see FIG. 9). See step S12). At this time, if the security of the identity verification device requires it, part or all of the information acquired by the display information acquisition unit 62 can be used as a security key for identity verification in order to read the recorded face data and the recorded basic information. entered into the body.

The order of these operations may be changed. For example, steps S10 and S11 may be performed after step S12, and then steps S210 and S211 may be performed. Further, the operations of steps S210 and S211 and the operations of steps S10 and S11 may be performed in parallel with step S12. In any case, steps S210, S211, and steps S10 to S12 should be completed before step S20, which will be described later.

Next, the transmitting/receiving unit 64 of the authentication device 30 transmits the identification information (manufacturing number 76 of the My Number card M) among the information acquired by the display information acquisition unit 62 to the server 50, and the face associated with this identification information. A request to acquire data (stored face data) from the face database 54 is sent to the server 50 (see step S20 in FIG. 9).

As in the first embodiment, when the communication unit 52 of the server 50 receives the identification information and the data acquisition request transmitted from the authentication device 30, the control unit 53 of the server 50 receives the received identification information (serial number 76 ) is used as a key, the corresponding record is retrieved from the face database 54 stored in the storage unit 51 . If a corresponding record is found by this search, the control unit 53 of the server 50 transmits the saved face data in the corresponding record to the authentication device 30 via the communication unit 52 . On the other hand, if no corresponding record is found, the control unit 53 of the server 50 transmits data indicating that the requested saved face data does not exist in the face database 54 to the authentication device 30 via the communication unit 52. do.

Next, the transmission/reception unit 64 of the authentication device 30 receives the response from the server 50 (see step S21 in FIG. 9), and determines whether or not the response from the server 50 is saved face data (step S21 in FIG. 9). S30 reference). When the response from the server 50 is stored face data, the authentication unit 63 performs (1) the user face data acquired in step S211, (2) the display face data acquired in step S11, (3) ) The My Number Card M is authenticated based on the recorded face data acquired in step S12 and (4) the saved face data transmitted from the server 50 . For example, the authentication unit 63 calculates predetermined feature data for each of the user face data, displayed face data, recorded face data, and stored face data (see step S231 in FIG. 9), and The My Number Card M is authenticated by determining whether or not the feature value obtained from the feature data is within a predetermined range (see step S32 in FIG. 9).

If the authentication unit 63 makes an affirmative determination in the determination step S32, the authentication unit 63 regards the person confirming object as genuine. Next, the control unit 39 of the authentication device 30 transmits information to that effect (information indicating that the identity verification body is genuine) to the control unit 22 of the sales device 20, and when the control unit 22 receives the received information, The operation of selling the product to the user is started (see step S40 in FIG. 9). When the sale of the product to the user by the vending device 20 ends, the vending operation of the present embodiment also ends.

On the other hand, if the authenticating section 63 makes a negative determination in step S32, it considers that the person confirming body is not genuine. Next, the control unit 39 of the authentication device 30 transmits information to that effect (information indicating that the identity verification object is not genuine) to the control unit 22 of the sales device 20, and when the control unit 22 receives the information, the sales device The selling operation of the present embodiment ends without performing the selling operation of the product to the user by 20 .

On the other hand, if it is determined in step S30 that the response from the server 50 is not stored face data, that is, if data indicating that the requested stored face data does not exist in the face database 54 of the server 50 is received from the server 50, , the transmitting/receiving unit 64 transmits the displayed face data acquired by the displayed face data acquisition unit 61 to the server 50 for storage in the face database 54 of the server 50 (see step S33 in FIG. 9).

When the communication unit 52 of the server 50 receives the displayed face data transmitted by the transmitting/receiving unit 64 in step S33, the control unit 53 of the server 50 associates the received displayed face data with the received identification information to create a face database. Save to 54. The display face data saved here will be referred to as saved face data in authentication step S231 when authentication is performed using the same identification information next time. Therefore, if, for example, the facial photograph 70 on the outer surface of the identification body is tampered with until the next authentication, the display facial data (image data of the tampered facial photograph 70) acquired in step S11 and the image data of the facial photograph 70 that is tampered with are received in step S21. Since the stored facial data (the image data of the facial photograph 70 before being altered) is less likely to match, a negative determination is more likely to be made in the determination step S32. Therefore, it is possible to prevent erroneous authentication of the person himself/herself even when the facial photograph displayed on the person confirming body has been tampered with. This is the same when the recorded face data stored in the recording medium of the personal identification body is tampered with.

After the display face data is transmitted to the server 50 in step S33 and stored in the face database 54 as described above, the authentication unit 63 of the authentication device 230 performs (1) the user face data acquired in step S211, ( 2) The personal number card M is authenticated based on the displayed face data acquired in step S11 and (3) the recorded face data acquired in step S12. For example, the authentication unit 63 calculates predetermined feature data for each of the user face data, the displayed face data, and the recorded face data (see step S34 in FIG. 9), and from the calculated feature data, The My Number Card M is authenticated by judging whether or not the obtained characteristic value exists within a predetermined range (see step S35 in FIG. 9).

If the authenticating section 63 makes an affirmative determination in step S35, the identity verification body is regarded as genuine. Next, the control unit 39 of the authentication device 30 transmits information to that effect to the control unit 22 of the sales device 20, and when the control unit 22 receives the received information, it starts selling the product to the user ( (see step S40 in FIG. 9). When the sale of the product to the user by the vending device 20 ends, the vending operation of the present embodiment also ends.

On the other hand, if the authenticating section 63 makes a negative determination in step S35, it considers that the user is not the owner of the personal identification body. Next, the control unit 39 of the authentication device 30 transmits information to that effect to the control unit 22 of the sales device 20, and when the control unit 22 receives the information, the sales device 20 performs the operation of selling the product to the user. The selling operation of the present embodiment is terminated without any items.


As described above, according to the present embodiment, display face data corresponding to the face photograph displayed on the identity verification body, recorded face data recorded corresponding to this face photograph, and stored face data stored in the face database of the server In addition to face data, authentication is performed using user face data obtained by photographing the face of the user of the sales device 20. Therefore, it is possible to determine whether the owner of the identity verification body and the user of the sales device 20 are the same person. It is possible to authenticate

Also in this embodiment, as in the second embodiment, after the authentication unit 63 makes an affirmative determination in the authentication determination step S32, the display basic information acquired by the display information acquisition unit 62 in step S11 and the step In S12, it is determined whether or not the recorded basic information acquired by the reading unit 36 matches in part or in whole. In this case, the authentication unit 63 may consider that the identity confirmation body has been tampered with. After the affirmative determination is made in the authentication determination step S35, an additional authentication determination step is similarly performed, and if it is determined that the display basic information and the record basic information match, the selling operation is performed, and it is determined that they do not match. If so, the authentication unit 63 may consider that the identity confirmation body has been tampered with.

In each of the above-described embodiments, when the stored face data requested by the authentication device 30 does not exist in the face database 54 of the server 50 , the displayed face data acquired by the displayed face data acquiring section 61 is stored in the face database of the server 50 . 54 is transmitted from the authentication device 30 to the server 50 (step S33), but instead of or in addition to the displayed face data, the recorded face data acquired by the reading unit 36 and/or Alternatively, the user face data acquired by the user face data acquisition unit 261 in the third embodiment may be transmitted from the authentication device 30 to the server 50 and stored in the face database 54 as stored face data.

In particular, if user face data obtained by photographing the user of the sales device 20 is stored in the face database 54 of the server 50, the stored face data stored in the face database 54 of the server 50 is the most recent face of the user. Therefore, if either the face photo displayed on the identity verification body or the recorded face data recorded corresponding to this face photo is tampered with, the stored face data will be tampered with. There is a high possibility that it will be difficult to match face data or recorded face data. Therefore, it is possible to more effectively prevent erroneous authentication of the person in question when the person in question has been tampered with.

In addition to the functions described above, the transmitting/receiving unit 64 also has a function of transmitting the basic display information acquired in S11 or the basic recording information acquired in S12 to the server 50 for storage in the face database 54 of the server 50. may have. The server 50 may receive the display basic information or the recording basic information transmitted from the transmission/reception unit 64 via the communication unit 52 and store it in the face database 54 in association with the manufacturing number 76 as the identification number. If such display basic information or recorded basic information is stored in the face database 54, the displayed basic information or recorded basic information acquired from the identity verification body will be used when authentication is performed using the same identification information next time. It becomes possible to collate the information with display basic information or recording basic information stored in the face database 54 . Therefore, it is possible to find out that the basic information displayed on the outer surface of the personal identification device or the basic information stored in the recording medium has been tampered with until the next authentication.

In step S231 or S234 in this embodiment, (1) the user face data acquired in step S211, (2) the displayed face data acquired in step S11, and (3) the recorded face data acquired in step S12. However, in step S231 or S234, it is also possible to perform authentication of the person confirming body without using either the displayed face data or the recorded face data. For example, in step S231, authentication is performed based on (1) user face data, (2) recorded face data, and (3) stored face data, and in step S234, (1) user face data and ( 2) Authentication of the identity verification body may be performed based on the recorded face data. In this case, steps S10 and S11 are unnecessary. Alternatively, in step S231, (1) user face data, (2) display face data, and (3) stored face data are used to authenticate the identity verification body, and in step S234, (1) user face data and ( 2) Authentication of the identity verification body may be performed based on the displayed face data. In this case, there is no need to acquire recorded face data in step S12.

The user photographing unit 231 in this embodiment may have a function of photographing the face of the user of the sales device 20 at a predetermined frame rate and acquiring a plurality of photographed images of the face as frame data. good. That is, the user photographing unit 231 may have a function of photographing the user's face during a predetermined period and obtaining moving image data, which is a bundle of a plurality of still images recorded in chronological order. . In this case, the user photographing unit 231 only needs to be able to continuously photograph the object to be photographed (in this example, the user's face) and acquire the data thereof. . Such a user imaging unit 231 is, for example, a digital camera or a digital video camera capable of acquiring imaging data. However, an example of the user photographing unit 231 need not be a digital camera or a digital video camera as long as the functions described above can be exhibited. Note that the “determined frame rate” referred to here may be, for example, a fixed time interval such as 0.05 seconds or 0.1 seconds, or a plurality of different time intervals. In any case, the user photographing unit 231 can acquire at least two still images of the face during the period of photographing the user, for example, a period of 2 seconds.

When the user photographing unit 231 acquires the user's face as frame data consisting of a plurality of images (for example, N images (N is a positive integer equal to or greater than 1)), the user face data acquisition unit 261 , the user face data may be obtained from one frame data among the plurality of frame data obtained by the user photographing section 231 . In this case, the control unit 39 uses its own counter (not shown) to initialize the counter prior to the authentication determination step S32 or S35. This counter is used to specify the frame data to be judged in the authentication judgment step S32 or S35. In the initial setting of the counter, the first frame of the plurality of frame data acquired in step S210 (the first captured image among the plurality of images captured during a predetermined period) is set. Become. Then, if a negative determination is made in step S32 or S35, the counter is incremented by one, and the user face data acquiring section 261 acquires another frame out of the plurality of frame data acquired by the user photographing section 231. User face data may be obtained from the data, the authentication unit 63 may calculate feature data from the user face data, and authentication determination step S32 or S35 may be repeated again until the counter reaches a predetermined value. This process can be repeated up to the maximum N-th frame data to authenticate the identity verification body.

When the authentication unit 63 performs authentication based on the user face data acquired from a single photographed image, the state of the face at the time of photographing (for example, muscles that change the expression of the face such as the degree of eye opening) state), there may be a case where authentication cannot be affirmed when it should be affirmed. As described above, the user photographing unit 231 obtains frame data consisting of a plurality of images, and the user face data obtaining unit 261 obtains a plurality of pieces of user face data from these frame data. It may be possible to affirm the authentication even when the authentication is denied due to the state of the face. In this way, it becomes possible to carry out more appropriate sales operations by performing highly accurate authentication of the identity verification body.

In this case, the authentication device 230 suggests or instructs the user to continuously change the facial expression during the period in which the user photographing unit 231 photographs the user's face at a predetermined frame rate. It may have an imparting part having a function of imparting a stimulus. Such an imparting unit may be a speaker that generates sound based on audio data. In this case, the speaker may generate sound to the user being imaged, and give the user a suggestion, for example, to open or close one or both eyes or open and close the mouth. Further, for example, the imparting unit may display a moving image or text suggesting that the facial expression is changed continuously on a display device such as a display. Furthermore, it may be suggested that moving images or still images displayed on a display device such as a display stimulate the five senses of the user to continuously change the facial expression. Authentication can be performed with higher accuracy by using frame data of a plurality of face images obtained by photographing face states that change continuously.

In each of the above-described embodiments, an example of using the manufacturing number 76 (FIG. 3) of the My Number Card as the identification information for identifying the My Number Card has been described, but the identification information for identifying the My Number Card is limited to the manufacturing number. For example, part of the information acquired by the display information acquisition unit 62 (for example, a combination of the name 71 and the date of birth 74) may be used as the identification information. Alternatively, a combination of basic information (name, address, gender, and date of birth) that can be obtained from the recording medium of My Number Card M by the reading unit 36, or an individual that can be obtained from the recording medium of My Number Card M by the reading unit 36 A number may be used as identification information.

The authentication unit 63 of the authentication device 30 described above extracts the feature points from the data of the entire face in each face data, but the feature points may be extracted from the "partial" data of the face. If the feature points are extracted from the "partial" data of the face in this way, the time required for extracting the feature points is shortened compared to the above-described embodiment, and the authentication time is shortened. be able to.

When the feature points are extracted from the "partial" face data in this way, after the authentication unit 63 extracts the feature points from the "partial" face data and makes a negative determination, Re-authentication may be performed by extracting feature points from the data of "another part" of the face. For example, after the authentication unit 63 performs authentication based on both eyes as a “part” of the face, the face is re-authenticated based on the nose, both eyelashes, skeleton and other parts other than both eyes as “another part” of the face. Authentication may be performed. Also, re-authentication may be performed based on a combination of both eyes and a part other than both eyes as the "other part" of the face. By performing such re-authentication, more accurate authentication can be performed even if the authentication unit 63 does not make an affirmative determination even though the user is the owner. In particular, when the affirmative determination is not made in the previous determination step S31 or step S34, the part including the part (both eyes in the above example) that was the target of the previous determination step S31 or step S34 as a part of the different face image. By doing so, it is possible to make an affirmative judgment more reliably.

Further, such re-authentication may be performed multiple times. In this case, the second and subsequent re-authentications may be performed with respect to the data of the face image of the part that is not the same as the "other part" that has been converted into data in the past.

Further, in each of the above-described embodiments, when the confirmation object photographing unit 34 photographs the face photograph 70 of the outer surface of the person confirming person, the confirmation object photographing unit 34 changes the irradiation conditions of the irradiation light with which the face photograph 70 is irradiated. A plurality of face images may be photographed, and the display face data acquisition unit 61 may acquire the display face data from one of the face images. Then, if a negative determination is made in step S32 or S35, the display face data acquisition unit 61 acquires display face data from a face image captured under irradiation conditions different from the face image used for authentication, The authentication determination step S32 or S35 may be repeated again. In this way, for example, when the outer surface of the identification body is darkened due to dirt, for example, even when the authentication should be affirmed but is denied due to the problem of the contrast of the face image, different irradiation can be performed. By performing authentication based on display face data acquired from other face images captured under the conditions, it may be possible to affirm the authentication. That is, the probability of performing correct authentication increases. As irradiation conditions of such irradiation light, the light amount (or light intensity), wavelength, or wavelength distribution of the irradiation light can be considered.

In each of the above-described embodiments, for example, the identity verification entity (for example, an information communication device such as a smartphone) and the authentication device 30 can be connected to each other via a network such as the Internet, and the identity verification entity can be connected via an application. It may be possible to communicate with the authentication device 30 . In this case, the authentication unit 63 is capable of one-step or multi-step authentication of the identity verification body using an authentication ID (for example, a password, etc.) via an application for the identity verification body. If the verification body authentication fails, a negative judgment may be made that the user is not the owner of this identity verification body without making affirmative judgments and re-affirmative judgments.

In the description of each of the above embodiments, the sales system 10 or 210 is composed of the sales device 20 and the authentication device 30 or 230. However, as described below, a different device and the authentication device 30 are used instead of the sales device 20. Alternatively, 230 can be combined to construct a system.

FIG. 10 is a schematic diagram showing a pass-through device 320 that can be used with the authentication device 30 or 230 described above. A pass system can be configured by such a pass device 320 and the authentication device 30 or 230 described above.

The passing device 320 is communicably connected to the authentication device 30 or 230 and has an opening/closing bar 321 arranged in a communication path (not shown) between one area and another area. When the authentication unit 63 of the authentication device 30 or 230 affirms the authentication of the personal identification body, the passage device 320 receives information indicating that the authentication has been affirmatively made from the authentication device 30 or 230, and connects the open/close bar 321. It has the function of moving the passage from the blocking position to the opening position to allow the passage of the user.

According to such a passage system, it is possible to determine whether or not the user can pass through the communication path in a short period of time from the start of the user's movement. In addition, even if either the face photo displayed on the identity verification body or the recorded face data recorded corresponding to this face photo is tampered with, the falsified display face data or recorded face data Since it is difficult to match the stored face data that has not been falsified, it is less likely that the person is mistakenly permitted to pass through.

In the example shown in FIG. 10, the passage device 320 has the function of moving the opening/closing bar 321 from the communication path blocking position to the communication path opening position to allow the user to pass through the communication path. , it is possible to irradiate electromagnetic waves such as infrared rays so as to straddle the communication path, and when a positive judgment is made, the infrared rays are turned off and the user is allowed to pass, and when a negative judgment is made, the infrared rays are turned on. The user's unauthorized passage may be notified by cutting off the infrared rays due to the user's passage. In either case, the passage of passers-by who are judged affirmatively may be permitted, and the passage of passers-by who are judged to be negative may be made impossible, or the unauthorized passage may be notified. In this case, the notification of unauthorized passage may be made by a notification device (not shown) provided in the passage device 320 .

FIG. 11 is a schematic diagram showing an automated teller machine 420 that can be used with the authentication device 30 or 230 described above. An automated teller machine 420 and the above-described authentication device 30 or 230 can constitute an automated teller system.

The automated teller machine 420 is communicably connected to the authentication device 30 or 230, and information to the effect that when the authentication unit 63 of the authentication device 30 or 230 affirms the authentication of the identity verification body, it has made an affirmative determination. is received from the authentication device 30 or 230, and the user can use, for example, the monitor 421 as a user interface to enable automated teller machine operations.

According to such an automatic teller system, it is possible to determine whether the user can perform the automatic teller operation in a short time after the user starts the operation. In addition, even if either the face photo displayed on the identity verification body or the recorded face data recorded corresponding to this face photo is tampered with, the falsified display face data or recorded face data Since it becomes difficult to match the stored face data that has not been falsified, it is less likely that the automatic teller machine will be permitted to operate the automatic teller machine by mistake.

Each embodiment has been described herein as a different form. However, it is also possible to combine some components of one of the embodiments with components of other embodiments.

As described above, according to the first aspect of the present invention, even if the photograph of the face displayed on the identity verification body or the recorded face data thereof is falsified, the identity verification body is erroneously authenticated. Provided is an authentication device capable of suppressing this. Specifically, the authentication device according to the present invention can employ the following configuration.

(Configuration 1)
The authentication device is used to authenticate an identity verification body including a facial photograph displayed on the outside and recorded facial data recorded in a storage unit corresponding to the facial photograph. The authentication device includes: a first image acquisition unit that acquires an image of at least a part of the outer surface of the personal identification body; and a display corresponding to the facial photograph from the image acquired by the first image acquisition unit. a display face data acquisition unit that acquires face data; and an identification that acquires identification information for identifying the identity verification object from the image acquired by the first image acquisition unit or the storage unit of the identity verification object. an information acquisition unit, a recorded face data acquisition unit for acquiring the recorded face data from the storage unit of the personal identification body, and transmitting the identification information acquired by the identification information acquisition unit to a server having a face database. requesting the stored face data associated with the identification information, and that the stored face data stored in the face database from the server in response to the request or the requested stored face data does not exist in the face database; the displayed face data acquired by the displayed face data acquisition unit; the recorded face data acquired by the recorded face data acquisition unit; and the an authentication unit that authenticates the identity verification object based at least on the response from the server.

According to such a configuration, in addition to the display face data corresponding to the face photograph displayed on the person confirming body and the recorded face data recorded corresponding to this face photograph, identification for identifying the person confirming body Since authentication is performed using stored face data that is associated with information and stored in the face database of the server, either the face photo displayed on the identity verification body or the recorded face data recorded corresponding to this face photo Even if one of the face data is tampered with, the tampered display face data or the recorded face data is less likely to match the untampered stored face data, so that the person is less likely to be erroneously authenticated.

(Configuration 2)
In the above configuration 1, when the transmitting/receiving unit receives the stored face data stored in the face database from the server, the authentication unit performs (1) the display acquired by the display face data acquisition unit. (2) the recorded face data acquired by the recorded face data acquiring unit; and (3) the stored face data received by the transmitting/receiving unit. receives from the server data indicating that the requested stored face data does not exist in the face database, (1) the displayed face data acquired by the displayed face data acquiring unit and (2) the It may be configured to authenticate the person confirming body based on the recorded face data acquired by the recorded face data acquisition unit.

(Composition 3)
In the configuration 1 or 2, the transmitting/receiving unit stores at least one of the displayed face data acquired by the displayed face data acquisition unit and the recorded face data acquired by the recorded face data acquisition unit in the face database. It may be configured to further transmit to the server for the purpose of

(Composition 4)
In the configuration 1 or 2 above, when the transmission/reception unit receives data indicating that the requested saved face data does not exist in the face database from the server, the display acquired by the display face data acquisition unit At least one of the face data and the recorded face data acquired by the recorded face data acquisition section may be further transmitted to the server for storage in the face database.

(Composition 5)
In any one of the above configurations 1 to 4, the identity verification object includes display basic information displayed on the outer surface as basic information about the owner of the identity verification object, and a record recorded in the storage unit as the basic information. It may further include basic information. The authentication device includes a display basic information acquisition unit that acquires the display basic information from the image acquired by the first image acquisition unit; A basic information acquisition unit may be further provided. When the authentication of the personal identification is affirmative, the authentication unit determines that the display basic information acquired by the display basic information acquisition unit and the record basic information acquired by the record basic information acquisition unit are different. If part or all of them do not match, authentication of the identity verification material may be denied. According to this configuration, it is possible to detect falsification of the personal identification body, which cannot be detected by authentication using a face image.

(Composition 6)
In any one of the configurations 1 to 5, the transmitting/receiving section may be configured to further transmit the display basic information or the record basic information to the server for storage in the face database.

(Composition 7)
In any one of the above configurations 1 to 6, the authentication device includes: a second image acquisition unit that acquires an image of the user; A user face data acquiring unit for acquiring user face data obtained by photographing a face may be further provided. The authenticating unit, in addition to the displayed face data, the recorded face data, and the response from the server, uses the user face data obtained by the user face data obtaining unit to obtain the identity verification device. can be configured to authenticate the

According to such a configuration, the display face data corresponding to the face photograph displayed on the personal identification body, the recorded face data recorded corresponding to this face photograph, and the saved face data saved in the face database of the server. In addition, since authentication is performed using user face data obtained by photographing the user's face, it is possible to authenticate whether or not the owner of the personal identification body and the user are the same person.

(Composition 8)
In configuration 7 above, when the transmitting/receiving unit receives the stored face data stored in the face database from the server, the authenticating unit performs (1) the user face data acquired by the user face data acquisition unit. (2) the displayed face data obtained by the displayed face data obtaining section; (3) the recorded face data obtained by the recorded face data obtaining section; and (4) received by the transmitting/receiving section. When the authentication body is authenticated based on the saved face data received, and the transmission/reception unit receives data from the server indicating that the requested saved face data does not exist in the face database, (1 ) the user face data obtained by the user face data obtaining unit, (2) the displayed face data obtained by the displayed face data obtaining unit, and (3) the recorded face data obtained by the recorded face data obtaining unit It may be configured to authenticate the authenticator based on the recorded facial data.

(Composition 9)
In configuration 7 or 8 above, the transmitting/receiving section may be configured to further transmit the user face data acquired by the user face data acquiring section to the server for storage in the face database. In this way, if the user's face data obtained by photographing the user's face is stored in the server's face database, the stored face data stored in the server's face database is the most recently photographed face of the user. Therefore, even if one of the face photo displayed on the identity verification body and the recorded face data recorded corresponding to this face photo is tampered with, the displayed face whose stored face data has been tampered with It is more likely that it will be difficult to match data or recorded face data. Therefore, it is possible to more effectively prevent erroneous authentication of the person in question when the person in question has been tampered with.

(Configuration 10)
According to a second aspect of the present invention, there is provided a sales system comprising an authentication device according to any one of configurations 1 to 9 above, and a sales device that is communicatively connected to the authentication device and sells merchandise. The sales device is configured to receive information indicating affirmation from the authentication device when the authentication unit of the authentication device affirms the authentication of the personal identification body, thereby enabling the sale of the product. be.

(Composition 11)
According to a third aspect of the present invention, the authentication device according to any one of configurations 1 to 9 above is communicably connected to the authentication device, and a user passes through a communication path between one area and another area. and a pass-through device for permitting or monitoring the passage of said user. When the authentication unit of the authentication device affirms the authentication of the personal identification body, the passing device receives information indicating the affirmation from the authentication device and permits the user to pass through the communication path. and, when the authentication unit denies the authentication of the identity verification body, the user is disabled from passing through the communication path or notified.

(Composition 12)
According to a fourth aspect of the present invention, there is provided an automatic teller system comprising an authentication device according to any one of the configurations 1 to 9 and an automated teller machine communicably connected to the authentication device. be done. When the authentication unit of the authentication device affirms the authentication of the personal identification body, the automatic teller machine receives information indicating the affirmation from the authentication device, and instructs the user to operate the automatic teller machine. is configured to allow

Although the preferred embodiments of the present invention have been described so far, it goes without saying that the present invention is not limited to the above-described embodiments and may be embodied in various forms within the scope of its technical concept.

REFERENCE SIGNS LIST 10, 210 sales system 20 sales device 22 control unit 24 product display 26 product take-out port 30, 230 authentication device 34 confirmation object photographing unit 35 storage unit 36 reading unit 37, 38 communication unit 39 control unit 40 network 50 server 51 storage unit 52 Communication unit 53 Control unit 54 Face database 61 Display face data acquisition unit 62 Display information acquisition unit 63 Authentication unit 64 Transmission/reception unit 70 Face photograph 231 User photographing unit 261 User face data acquisition unit 320 Passing device 321 Opening/closing bar 420 Wiping device 421 Monitor M My number card (personal identification)
P Program S Sample

Claims (12)

An authentication device that authenticates an identity verification body including a face photo displayed on the outer surface and recorded face data recorded in a storage unit corresponding to the face photo,
a first image acquisition unit that acquires an image of at least a part of the outer surface of the personal identification body;

a display face data acquisition unit for acquiring display face data corresponding to the face photograph from the image acquired by the first image acquisition unit;
an identification information acquisition unit that acquires identification information for identifying the identity verification object from the image acquired by the first image acquisition unit or the storage unit of the identity verification object;
a recorded face data acquisition unit that acquires the recorded face data from the storage unit of the personal identification body;
transmitting the identification information acquired by the identification information acquisition unit to a server having a face database, requesting stored face data associated with the identification information, and sending a response to the request from the server to the face database; a transmission/reception unit that receives data indicating that the saved face data or the requested saved face data does not exist in the face database;
based on at least the displayed face data acquired by the displayed face data acquisition unit, the recorded face data acquired by the recorded face data acquisition unit, and the response from the server received by the transmission/reception unit , and an authentication unit that authenticates the identity verification body. The authentication unit
When the transmitting/receiving unit receives the stored face data stored in the face database from the server, (1) the displayed face data acquired by the displayed face data acquiring unit, (2) the recorded face data (3) authenticating the identity verification entity based on the recorded face data acquired by the acquiring unit and the stored face data received by the transmitting/receiving unit;
When the transmitting/receiving unit receives from the server data indicating that the requested stored face data does not exist in the face database, (1) the displayed face data acquired by the displayed face data acquiring unit and ( 2) configured to authenticate the identity verification entity based on the recorded face data acquired by the recorded face data acquisition unit;
The authentication device according to claim 1. The transmitting/receiving unit further stores at least one of the displayed face data acquired by the displayed face data acquisition unit and the recorded face data acquired by the recorded face data acquisition unit in the face database. 2. An authentication device according to claim 1, configured to transmit. The transmitting/receiving unit receives the displayed face data and the recorded face data obtained by the displayed face data obtaining unit when data indicating that the requested saved face data does not exist in the face database is received from the server. 2. The authentication device according to claim 1, further configured to transmit at least one of the recorded face data acquired by the acquisition unit to the server for storage in the face database. The identity verification entity is
display basic information displayed on the outer surface as basic information about the owner of the identity verification body;
and recording basic information recorded in the storage unit as the basic information,
a display basic information acquisition unit that acquires the display basic information from the image acquired by the first image acquisition unit;
further comprising a recorded basic information acquisition unit that acquires the recorded basic information from the storage unit of the personal identification body,
When the authentication of the person confirming body is affirmed, the authentication unit determines that the display basic information acquired by the display basic information acquisition unit and the recording basic information acquired by the recording basic information acquisition unit are different. configured to deny authentication of the identity verification entity if they do not match in part or in whole,
The authentication device according to claim 1. 6. The authentication device according to claim 5, wherein the transmitting/receiving unit is configured to further transmit the display basic information or the recording basic information to the server for storage in the face database. a second image acquisition unit that acquires an image of the user;
a user face data acquisition unit that acquires user face data obtained by photographing the user's face from the image acquired by the second image acquisition unit;
The authenticating unit, in addition to the displayed face data, the recorded face data, and the response from the server, uses the user face data acquired by the user face data acquisition unit to obtain the identity verification body. configured to authenticate the
The authentication device according to claim 1. The authentication unit
When the transmission/reception unit receives the stored face data stored in the face database from the server, (1) the user face data acquired by the user face data acquisition unit, (2) the display Based on the display face data acquired by the face data acquisition unit, (3) the recorded face data acquired by the recorded face data acquisition unit, and (4) the saved face data received by the transmission/reception unit Authenticate your identity,
When the transmission/reception unit receives data from the server indicating that the requested saved face data does not exist in the face database, (1) the user face data acquired by the user face data acquisition unit (2) the displayed face data acquired by the displayed face data acquisition unit; and (3) the recorded face data acquired by the recorded face data acquisition unit. to be
The authentication device according to claim 7. 8. The authentication device according to claim 7, wherein said transmission/reception unit is configured to further transmit said user face data acquired by said user face data acquisition unit to said server for storage in said face database. . an authentication device according to any one of claims 1 to 9;
a sales device that is communicatively connected to the authentication device and that sells products;
The sales device is configured to receive information indicating affirmation from the authentication device when the authentication unit of the authentication device affirms the authentication of the personal identification body, and to enable sales of the product. Ru
sales system. an authentication device according to any one of claims 1 to 9;
a passage device communicatively connected to the authentication device and configured to allow a user to pass through a communication path between one area and another area or to monitor the passage of the user;
When the authentication section of the authentication device affirms the authentication of the personal identification body, the passing device receives information indicating affirmation from the authentication device and permits the user to pass through the communication path. , configured to disable or notify the user from passing through the communication path when the authentication unit denies authentication of the identity verification body;
passage system. an authentication device according to any one of claims 1 to 9;
an automatic teller machine communicatively connected to the authentication device;
When the authentication unit of the authentication device affirms the authentication of the identity verification body, the automated teller machine receives information indicating the affirmation from the authentication device and instructs the user to operate the automated teller machine. configured to allow
Automated teller system.

Images