JP7199134B1 - program, method, information processing device, system - Google Patents

Abstract

An object of the present invention is to efficiently manage equipment.
A program to be executed by a computer having a processor and a memory. The program stores, in the processor, an approval request for requesting approval to use the facility, which is input by the user who intends to use the facility, and authentication data for obtaining authentication as to whether the user is a person who can use the facility. and authentication data for approving the use of each of the plurality of users for each of the plurality of facilities, wherein different authentication data are set for at least one of the facilities, When the authorization request and the authentication data are received, the step of comparing the received authentication data with the user authentication data about the facility, and the received authentication data and the user authentication data about the facility match. If so, authorize the user to use the facility, and if not agree, not to authorize the user to use the facility.
[Selection drawing] Fig. 9

Description

The present disclosure relates to programs, methods, information processing apparatuses, and systems.

When using a predetermined service from an information processing terminal, a user may be authenticated by entering an identification number for identifying the user and a password. Patent Literature 1 describes a technique for centrally managing authentication data on a server.

JP 2005-010856 A

In recent years, in the business scene, in addition to notebook PCs, tablet terminals, smartphones, and the like are used. Also, some users own a plurality of terminals and use different terminals depending on the application. In addition, there are a wide variety of services available on terminals. Therefore, there is an increasing need for some companies to manage facilities such as terminals and services used by employees. As the number of facilities used by employees increases, the burden of managing the facilities on companies increases, and it is desired to manage the facilities efficiently.

An object of the present disclosure is to efficiently manage equipment.

A program to be executed by a computer having a processor and a memory. The program stores, in the processor, an approval request for requesting approval to use the facility, which is input by the user who intends to use the facility, and authentication data for obtaining authentication as to whether the user is a person who can use the facility. and authentication data for approving the use of each of the plurality of users for each of the plurality of facilities, wherein different authentication data are set for at least one of the facilities, When the authorization request and the authentication data are received, the step of comparing the received authentication data with the user authentication data about the facility, and the received authentication data and the user authentication data about the facility match. If so, authorize the user to use the facility, and if not agree, not to authorize the user to use the facility.

According to the present disclosure, equipment can be managed efficiently.

1 is a block diagram showing an example of the overall configuration of system 1; FIG. 2 is a block diagram showing a configuration example of a terminal device 10 shown in FIG. 1; FIG. 3 is a diagram illustrating an example of a functional configuration of server 20; FIG. It is a figure which shows the data structure of the employee information table 2021. FIG. FIG. 11 shows the data structure of a device information table 2022; FIG. 11 shows the data structure of a registration information table 2023. FIG. FIG. 13 is a diagram showing the data structure of a service information table 2024; FIG. FIG. 11 shows the data structure of an account information table 2025; It is a mimetic diagram showing an example of composition of system 1 concerning this embodiment. FIG. 10 is a flow chart showing an example of the operation when the server 20 shown in FIG. 9 approves the use of the terminal device 10; FIG. FIG. 10 is a schematic diagram showing an example of a first authentication screen displayed on the terminal device 10 shown in FIG. 9; FIG. FIG. 10 is a schematic diagram showing an example of a second authentication screen displayed on the terminal device 10 shown in FIG. 9; FIG. FIG. 10 is a schematic diagram showing another example of the second authentication screen displayed on the terminal device 10 shown in FIG. 9; FIG. 10 is a flow chart showing an example of the operation when the server 20 shown in FIG. 9 approves the use of the service in the terminal device 10-2; FIG. 2 is a block diagram showing the basic hardware configuration of computer 90. FIG.

Hereinafter, embodiments of the present disclosure will be described with reference to the drawings. In the following description, the same parts are given the same reference numerals. Their names and functions are also the same. Therefore, detailed description thereof will not be repeated.

<Overview>
The system according to this embodiment centrally manages information for approving users on a server. In the system, a server manages information about terminal devices and services used by users. When a user requests approval to use a terminal device or service, the system determines whether or not each terminal device or service can be used based on the information for approving the user.

<1 Configuration diagram of the entire system>
FIG. 1 is a block diagram showing an example of the overall configuration of system 1. As shown in FIG. A system 1 shown in FIG. 1 includes, for example, a terminal device 10 and a server 20 . The terminal device 10 and the server 20 are connected for communication via a network 80, for example.

Although FIG. 1 shows an example in which the system 1 includes three terminal devices 10, the number of terminal devices 10 included in the system 1 is not limited to three. The number of terminal devices 10 included in the system 1 may be less than three, or may be four or more.

In this embodiment, a set of multiple devices may be used as one server. How to distribute a plurality of functions required to realize the server 20 according to the present embodiment to one or a plurality of pieces of hardware takes into account the processing capability of each piece of hardware and/or the specifications required for the server 20. can be determined as appropriate. Also, the server 20 may be composed of a plurality of servers depending on the functions it has.

A terminal device 10 shown in FIG. 1 is, for example, a terminal possessed by a user who is an employee of a predetermined company. A user may possess a plurality of terminal devices 10 by himself. Alternatively, the terminal device 10 may be a terminal device 10 that is not assigned to a specific user and that can be used by anyone with user authentication. The terminal device 10 is implemented by, for example, a mobile terminal such as a smart phone or a tablet. The terminal device 10 may be a stationary PC (Personal Computer) or a laptop PC. The terminal device 10 may be a wearable terminal such as an HMD (Head Mount Display) or a wristwatch type terminal.

The terminal device 10 includes a communication IF (Interface) 12 , an input device 13 , an output device 14 , a memory 15 , a storage 16 and a processor 19 . The input device 13 is a device (for example, a touch panel, a touch pad, a pointing device such as a mouse, a keyboard, etc.) for receiving an input operation from a user. The output device 14 is a device (display, speaker, etc.) for presenting information to the user.

The server 20 is, for example, an information processing device that performs approval processing in response to an approval request from a user. The server 20 manages information on users, information on the terminal device 10 , and information on software (services) available on the terminal device 10 . The server 20 refers to the managed information and determines whether the user who sent the approval request can use the predetermined terminal device 10 or software.

The server 20 is realized by a computer connected to the network 80, for example. As shown in FIG. 1, the server 20 includes a communication IF 22, an input/output IF 23, a memory 25, a storage 26, and a processor 29. The input/output IF 23 functions as an interface with an input device for receiving input operations from the user and an output device for presenting information to the user.

Each information processing device is composed of a computer having an arithmetic device and a storage device. The basic hardware configuration of the computer and the basic functional configuration of the computer realized by the hardware configuration will be described later. Descriptions of the terminal device 10 and the server 20 that overlap with the basic hardware configuration of the computer and the basic functional configuration of the computer, which will be described later, will be omitted.

<1.1 Configuration of terminal device>
FIG. 2 is a block diagram showing a configuration example of the terminal device 10 shown in FIG. As shown in FIG. 2, the terminal device 10 includes a communication unit 120, an input device 13, an output device 14, an audio processing unit 17, a microphone 171, a speaker 172, a camera 160, and a position information sensor 150. , a storage unit 180 and a control unit 190 . Each block included in the terminal device 10 is electrically connected by, for example, a bus.

The communication unit 120 performs processing such as modulation/demodulation processing for the terminal device 10 to communicate with other devices. The communication unit 120 performs transmission processing on the signal generated by the control unit 190 and transmits the signal to the outside (for example, the server 20). Communication unit 120 performs reception processing on a signal received from the outside and outputs the signal to control unit 190 .

The input device 13 is a device for a user operating the terminal device 10 to input instructions or information. The input device 13 is implemented by, for example, a touch-sensitive device 131 or the like that inputs an instruction by touching an operation surface. If the terminal device 10 is a PC or the like, the input device 13 may be implemented by a reader, keyboard, mouse, or the like. The input device 13 converts an instruction input by the user into an electric signal and outputs the electric signal to the control unit 190 . Note that the input device 13 may include, for example, a receiving port for receiving an electrical signal input from an external input device.

The output device 14 is a device for presenting information to the user who operates the terminal device 10 . The output device 14 is implemented by, for example, the display 141 or the like. The display 141 displays data under the control of the controller 190 . The display 141 is implemented by, for example, an LCD (Liquid Crystal Display) or an organic EL (Electro-Luminescence) display.

The audio processing unit 17 performs digital-analog conversion processing of audio signals, for example. The audio processing unit 17 converts the signal supplied from the microphone 171 into a digital signal and supplies the converted signal to the control unit 190 . Also, the audio processing unit 17 provides an audio signal to the speaker 172 . The audio processing unit 17 is realized by, for example, a processor for audio processing. The microphone 171 receives an audio input and provides an audio signal corresponding to the audio input to the audio processing section 17 . The speaker 172 converts the audio signal provided from the audio processing unit 17 into audio and outputs the audio to the outside of the terminal device 10 .

The camera 160 is a device for receiving light with a light receiving element and outputting it as a photographing signal.

The position information sensor 150 is a sensor that detects the position of the terminal device 10, and is, for example, a GPS (Global Positioning System) module. A GPS module is a receiving device used in a satellite positioning system. The satellite positioning system receives signals from at least three or four satellites, and detects the current position of the terminal device 10 equipped with a GPS module based on the received signals. The position information sensor 150 may detect the current position of the terminal device 10 from the position of the wireless base station to which the terminal device 10 connects.

The storage unit 180 is realized by, for example, the memory 15 and the storage 16, and stores data and programs used by the terminal device 10. FIG. The storage unit 180 stores user information 181 and authentication method information 182, for example.

The user information 181 includes, for example, information on users who use the terminal device 10 . Information about the user includes, for example, the user's name, age, address, date of birth, telephone number, email address, and the like.

The authentication method information 182 includes information on procedures for authenticating the user using the terminal device 10 . For example, the authentication method information 182 includes the type of authentication required when using the terminal device 10 (authentication information), the order of required authentication, and the like. Note that if only one authentication is required, the order may not be included.

Specifically, the authentication method information 182 includes the type of biometric information requested when using the terminal device 10, the order of the biometric information requested, and the like. More specifically, for example, authentication method information 182 includes requesting the front of the face first, followed by the side of the face. Note that the methods included in the authentication method information 182 are not limited to this example. Biometric information is not limited to facial images, and may include, for example, full-body images, voiceprints, fingerprints, irises, and the like.

Authentication information is not limited to biometric information, and may be a number or the like that can identify a user. Further, the authentication information is not limited to being input one by one when the user is authenticated. Multiple pieces of information may be entered at the same time. For example, the camera 160 may take an image of the user's face and also an image of a predetermined number owned by the user. The photographing of the predetermined number includes, for example, the user having the object with the number described thereon photographed together with the face. Objects on which numbers are written are, for example, employee ID cards, insurance cards, My Number cards, and the like. Alternatively, the camera 160 may be used to photograph the user's face, and the microphone 171 may be used to collect the user's voice.

The authentication method information 182 may also include information on procedures for receiving authorization to use predetermined software via the terminal device 10 . If the software is deployed on a server (not shown) that provides the service, the authentication method information may be stored on that server. For example, the authentication method information 182 includes the type of authentication required when using software, the order of required authentication, and the like.

Control unit 190 is implemented by processor 19 reading a program stored in storage unit 180 and executing instructions included in the program. The control unit 190 controls operations of the terminal device 10 . The control unit 190 functions as an operation reception unit 191, a transmission/reception unit 192, and a presentation control unit 193 by operating according to a program.

The operation reception unit 191 performs processing for receiving instructions or information input from the input device 13 . Specifically, for example, the operation accepting unit 191 accepts an instruction or information input from the touch sensitive device 131 or the like.

Further, the operation accepting unit 191 accepts an image input from the camera 160 . Specifically, for example, the operation reception unit 191 receives an image signal captured by the camera 160 .

Further, the operation accepting unit 191 accepts voice information input from the microphone 171 . Specifically, for example, the operation reception unit 191 receives an audio signal input from the microphone 171 and converted into a digital signal by the audio processing unit 17 .

The transmission/reception unit 192 performs processing for the terminal device 10 to transmit/receive data to/from an external device such as the server 20 according to a communication protocol. Specifically, for example, the transmitting/receiving unit 192 transmits to the server 20 information input by the user for receiving approval for use of the terminal device 10 or software. The transmitting/receiving unit 192 also receives from the server 20 information about approval or disapproval of use of the terminal device 10 or software.

The presentation control unit 193 controls the output device 14 in order to present information regarding the use of the terminal device 10 or the use of software to the user. Specifically, for example, the presentation control unit 193 causes the display 141 to display items for inputting authentication information when the user starts using the terminal device 10 . The presentation control unit 193 causes the display 141 to display items for inputting authentication information when the user starts using the software. Also, the presentation control unit 193 may cause the speaker 172 to output guidance for inputting the authentication information.

<1.2 Functional configuration of the first server>
FIG. 3 is a diagram showing an example of the functional configuration of the server 20. As shown in FIG. As shown in FIG. 3 , the server 20 functions as a communication section 201 , a storage section 202 and a control section 203 .

The communication unit 201 performs processing for the server 20 to communicate with an external device.

The storage unit 202 has, for example, an employee information table 2021, a device information table 2022, a registration information table 2023, a service information table 2024, an account information table 2025, and the like.

The employee information table 2021 is a table that stores information on employees.

The device information table 2022 is a table that stores information about devices managed by the server 20 .

The registration information table 2023 is a table that stores information about devices associated with users. In other words, it is a table that stores information about devices possessed by users.

The service information table 2024 is a table that stores information on software (services) managed by the server 20 .

Account information table 2025 is a table that stores information about software associated with a user. In other words, it is a table that stores information about services that are registered as available to users.

The control unit 203 is implemented by the processor 29 reading a program stored in the storage unit 202 and executing instructions included in the program. The control unit 203 operates according to a program to exhibit functions shown as a reception control module 2031, a transmission control module 2032, and an approval control module 2033. FIG.

The reception control module 2031 controls processing for the server 20 to receive a signal from an external device according to a communication protocol.

The transmission control module 2032 controls the processing by which the server 20 transmits signals to external devices according to a communication protocol.

The approval control module 2033 controls approval processing for users who have requested approval. The approval control module 2033 uses the terminal device 10 based on the employee information table 2021 and the registration information table 2023, for example, when the user requests approval for using a predetermined terminal device 10. Sets the authentication information required to authenticate the requesting user and the order of authentication. The authorization control module 2033 compares the authentication data received from the terminal device 10 together with the authorization request with the information for authentication, and determines whether or not the user can use the terminal device 10 . The approval control module 2033 transmits a signal to the effect that the use of the terminal device 10 is approved to the terminal device 10 when the user is authenticated.

Also, for example, when a user requests approval to use predetermined software, the approval control module 2033 makes a request to use this software based on the employee information table 2021 and the account information table 2025. Set the authentication information required to authenticate the user who has registered and the order of authentication. The authorization control module 2033 compares the authentication data received from the terminal device 10 together with the authorization request with the information for authentication, and determines whether or not the user can use the software. The approval control module 2033, when the user is successfully authenticated, transmits a signal to the terminal device 10 indicating that the use of the software has been approved.

<2 Data structure>
4 to 8 are diagrams showing data structures of tables stored by the server 20. FIG. Note that FIGS. 4 to 8 are examples, and do not exclude data that are not described. Moreover, even data described in the same table may be stored in separate storage areas in the storage unit 202 .

FIG. 4 is a diagram showing the data structure of the employee information table 2021. As shown in FIG. The employee information table 2021 shown in FIG. 4 is a table having columns of name, department, position, and information for authentication using employee ID as a key.

The employee ID is an item that stores an identifier for uniquely identifying an employee. The name is an item that stores the name of the employee. Department is an item that stores the department to which the employee belongs. The post is an item that stores the role assigned to the employee or the job. The information for authentication is an item for storing information used for authentication. The authentication information includes multiple types of biometric information. For example, the authentication information includes images of multiple types of faces. Specifically, the authentication information includes, for example, an image of the face from the front, an image of the face from the side, and the like. Also, the authentication information includes a plurality of types of whole-body images. Specifically, the authentication information includes, for example, a full-body image viewed from the front, a full-body image viewed from the side, and the like.

As for the image information, different authentication information may be used for each number of pixels of the image. Specifically, for example, an image captured by a camera provided in a smartphone has a higher number of pixels than an image captured by a camera provided in a notebook PC. For this reason, the authentication information may include a high-pixel image for matching with the authentication data captured using the camera of the smartphone. Also, the authentication information may include an image to be compared with the authentication data captured using the camera of the notebook PC.

In addition to face and full body images, authentication information includes voiceprints, fingerprints, irises, numbers that can identify users (e.g., employee number, my number, pension number, driver's license number, insurance card number, etc.). etc.).

FIG. 5 is a diagram showing the data structure of the device information table 2022. As shown in FIG. The device information table 2022 shown in FIG. 5 is a table having columns of model name, device type, and date of purchase with device ID as a key.

The device ID is an item that stores an identifier for uniquely identifying a device. The model name is an item that stores the name of the model of the device. The model name may be, for example, the model number of the device. The device type is an item that stores the type assigned to the device. In FIG. 5, the device types are set as, for example, "first type", "second type", and "third type". The device type is set according to, for example, the type of terminal device. Specifically, for example, if the terminal device is a notebook PC or desktop PC, the first type is set, if it is a smartphone, the second type is set, and if it is a wearable device, the third type is set. be. Also, the device type may be set according to, for example, a predetermined feature set in the terminal device. Specifically, for example, it is set according to the security level of the drive that can be accessed by the terminal device. Also, for example, it is set according to the security level set in the terminal device. Although FIG. 5 shows the case where the device type is "first type", "second type", or "third type", the device type is not limited to three types, and four or more types are shown. There may be. The date of purchase is an item for storing the date when the terminal device was purchased.

FIG. 6 is a diagram showing the data structure of the registration information table 2023. As shown in FIG. The registration information table 2023 shown in FIG. 6 is a table having columns of device ID and authentication method with employee ID as a key. In FIG. 6, it is assumed that the employee ID "ID9999" is an ID that indicates any employee, not a specific employee.

The authentication method includes the type of biometric information requested when using the device, the order of biometric information requested, or a combination thereof. In the example shown in FIG. 6, for example, "method 1", "method 2", and "method 3" are set. The authentication method is set in advance based on predetermined rules, for example. For example, the authentication method is set according to the device type set for the device. Also, the authentication method may be randomly set for each device. Also, the authentication method may be set by the user. Note that FIG. 6 shows the case where the authentication method is "method 1", "method 2", or "method 3", but the authentication method is not limited to three types, and even if there are four or more types good.

For example, when the authentication method is set according to the device type, the image quality of the image captured by the laptop PC set as the first type and the desktop PC is the same as the image quality of the image captured by the smartphone set as the second type. generally lower than the image quality of For the first type with low image quality, the authentication method may be a combination of multiple stages of authentication in order to reduce the possibility of false approval. For example, an authentication method for the first type may include requesting the front of the face first, followed by the side of the face. Multi-stage authentication is not limited to facial images, and may include, for example, a combination of full-body images, voiceprints, fingerprints, irises, etc. in multiple stages.

The authentication method may also include the accuracy of authentication. Accuracy of authentication represents, for example, how well the information for authentication matches. Accuracy of authentication is set, for example, according to predetermined characteristics set in the terminal device. Specifically, for example, in the case of a terminal device that can access a drive with a high security level, high accuracy may be required. Further, for example, in the case of a terminal device that can access a drive whose security level is not so high, a lower accuracy than the above may be required.

FIG. 7 shows the data structure of the service information table 2024. As shown in FIG. The service information table 2024 shown in FIG. 7 is a table having columns of a service name, a service type, and a usage start date with a service ID as a key.

Service ID is an item that stores an identifier for uniquely identifying a service. The service name is an item that stores the name of the service provided. The service name may be, for example, the name of software. Also, in the case of software provided as a service, it may be the address of the page on which the software is provided. The service type is an item that stores the type assigned to the service. In FIG. 7, the service types are set, for example, as "first type", "second type", and "third type". The service type is set, for example, according to the type of service. Specifically, for example, if the service is a communication service, the first type is set, if it is a financial service, the second type is set, and if it is a personnel service, the third type is set. Also, the service type may be set, for example, according to a predetermined feature set for the service. Specifically, for example, it is set according to the security level of information used in the service. Although FIG. 7 shows the case where the service types are "first type", "second type", or "third type", the service types are not limited to three types, and four or more types are shown. There may be. The usage start date is an item for storing the date when the use of the service was started.

FIG. 8 is a diagram showing the data structure of the account information table 2025. As shown in FIG. The account information table 2025 shown in FIG. 8 is a table having columns of a service ID and an authentication method using an employee ID as a key.

The authentication method includes the type of biometric information requested when using a service, the order of biometric information requested, and the like. In the example shown in FIG. 8, for example, "method 4", "method 5", and "method 6" are set. The authentication method is set in advance based on predetermined rules, for example. For example, the authentication method is set according to the service type set for the service. Also, the authentication method may be randomly set for each service. Also, the authentication method may be set by the user. Note that FIG. 8 shows the case where the authentication method is "method 4", "method 5", or "method 6", but the authentication method is not limited to three types. good.

The authentication method may also include the accuracy of authentication. Accuracy of authentication represents, for example, how well the information for authentication matches. Accuracy of authentication is set according to the type of service, for example. Specifically, for example, accuracy may be required according to the security level of the service. More specifically, for example, high accuracy may be required for important services (first service) such as payment or unlocking a safe. In addition, in the case of a service (second service) that is important but does not have a large external impact, such as attendance confirmation, a lower accuracy than that of the first service may be required.

<3 Operation>
The operation of the server 20 when approving the use of the terminal device 10 or the use of the service will be described.

FIG. 9 is a schematic diagram showing an example of the configuration of the system 1 according to this embodiment. In the following description, as shown in FIG. 9, a case where user 1 receives approval to use terminal devices 10-1, 10-2, and 10-3 will be described as an example. Also, a case where user 1 receives approval to use service 1 and service 2 at terminal device 10-2 will be described as an example.

(Approval for Use of Terminal Equipment)
FIG. 10 is a flow chart showing an example of the operation when the server 20 shown in FIG. 9 approves the use of the terminal device 10. FIG.

First, the user 1 touches the display 141 of the terminal device 10-1, for example. The control unit 190 of the terminal device 10-1 causes the presentation control unit 193 to display the first authentication screen on the display 141 in response to the contact from the user 1. FIG. The first authentication screen is a screen for inputting information for identifying the user 1 . Note that the user 1 may display the first authentication screen by pressing a predetermined button provided on the terminal device 10-1 instead of the display 141. FIG.

FIG. 11 is a schematic diagram showing an example of the first authentication screen displayed on the terminal device 10 shown in FIG. As shown in FIG. 11, on the first authentication screen, a window 1411 stating "Please enter your login ID" is displayed on the display 141 of the terminal device 10-1. An input box 1412 for entering a login ID is displayed in the window 1411 . User 1 inputs, for example, his own employee ID as a login ID, and presses the input button 1413 .

Input of information for identifying the user 1 is not limited to input of a login ID. By inputting a predetermined pattern, an ID associated with the pattern may be obtained. Alternatively, by inputting predetermined biometric information such as a fingerprint or voiceprint, an ID associated with the biometric information may be acquired.

When the input button 1413 is pressed, the control unit 190 of the terminal device 10-1 refers to the authentication method information 182 to determine the type of biometric information set in the terminal device 10-1 and the order of requested biometric information. read out. In this description, it is assumed that the front face image and the side face image are set in the order of the front face image and the side face image as the type of biometric information and the request order of the biometric information. The presentation control unit 193 causes the display 141 to display the second authentication screen based on the read information. The second authentication screen is a screen for allowing the user 1 to enter biometric information.

FIG. 12 is a schematic diagram showing an example of the second authentication screen displayed on the terminal device 10 shown in FIG. As shown in FIG. 12, a window 1414 representing an icon 1416 is displayed on the display 141 of the terminal device 10-1. A display area 1415 is displayed in the window 1414 for the user 1 to check the image being captured. User 1 causes camera 160 to capture a face image in the same orientation as the orientation represented by icon 1416 . Instead of the icon 1416, a guidance display for capturing a front face image may be displayed.

When the front face image is captured, the presentation control unit 193 changes the orientation of the icon 1416 in order to input the side face image.

FIG. 13 is a schematic diagram showing another example of the second authentication screen displayed on the terminal device 10 shown in FIG. As shown in FIG. 13, the display 141 of the terminal device 10-1 displays an icon 1416 directed horizontally. User 1 causes camera 160 to capture a face image in the same orientation as the orientation represented by icon 1416 .

After acquiring the biometric information specified by the authentication method information 182 , the control unit 190 transmits an approval request from the user 1 and the acquired biometric information (authentication information) to the server 20 . Specifically, for example, when obtaining two types of biometric information, the control unit 190 sends an approval request, the login ID of the user 1, two types of biometric information, and the device ID of the terminal device 10-1 to the server 20. Send to

In step S<b>11 , the server 20 receives an approval request, authentication information, and the like transmitted from the terminal device 10 . Specifically, the control unit 203 of the server 20 uses the reception control module 2031 to receive the approval request, the login ID of the user 1, two types of biometric information, and the device ID of the terminal device 10-1 from the terminal device 10-1. do.

In step S12, the authorization control module 2033 acquires the authentication method for the terminal device 10 that has sent the authorization request. Specifically, for example, the authorization control module 2033 refers to the registration information table 2023 and acquires the authentication method associated with the received device ID.

In step S13, the authorization control module 2033 acquires authentication information registered for the user. Specifically, for example, the authorization control module 2033 determines the type of authentication information to be read and the order of reading the authentication information based on the acquired authentication method. The authorization control module 2033 refers to the employee information table 2021 and reads out the determined types of authentication information in the determined order from the received record related to the login ID (employee ID) of user 1 . More specifically, for example, the authorization control module 2033 reads authentication information 1 and authentication information 2 from the employee information table 2021 in this order.

In step S<b>14 , the authorization control module 2033 collates the acquired authentication information with the authentication information acquired from the terminal device 10 . Specifically, for example, the authorization control module 2033 collates the first biometric information as the authentication information transmitted from the terminal device 10-1 with the authentication information 1. FIG. More specifically, for example, the authorization control module 2033 collates the front face image acquired as the first biometric information with the front face image as the authentication information 1 . Subsequently, the authorization control module 2033 collates the authentication information 2 with the second biometric information as the authentication information transmitted from the terminal device 10-1. More specifically, for example, the authorization control module 2033 collates the side face image acquired as the second biometric information with the side face image as the authentication information 2 . Any existing technology may be used for matching the authentication information with the authentication information.

In step S15, the authorization control module 2033 determines whether or not the authentication information read from the employee information table 2021 and the authentication information received from the terminal device 10 match. Here, the match may have a predetermined tolerance. If they match, the approval control module 2033 advances the process to step S16. On the other hand, if they do not match, the approval control module 2033 advances the process to step S17.

Specifically, for example, the authorization control module 2033 determines that the first biometric information as the authentication information transmitted from the terminal device 10-1 matches the authentication information 1, and that the authentication information transmitted from the terminal device 10-1 If the second biometric information as the authentication information matches the authentication information 2, it is determined that the authentication information read from the employee information table 2021 and the authentication information received from the terminal device 10 match. do. On the other hand, for example, the authorization control module 2033 receives the first biometric information and authentication information 1 as authentication information transmitted from the terminal device 10-1, and the second authentication information transmitted from the terminal device 10-1. If at least one of the biometric information and the authentication information 2 does not match, it is determined that the authentication information read from the employee information table 2021 and the authentication information received from the terminal device 10 do not match.

The authorization control module 2033 may omit the subsequent collation if the first biometric information as the authentication information transmitted from the terminal device 10-1 and the authentication information 1 do not match.

In step S16, the approval control module 2033 approves the use of the terminal device 10-1 by the user 1. Approval control module 2033 transmits a signal to the effect that use is approved to terminal device 10-1. Upon receiving the approval signal from the server 20, the terminal device 10-1 displays to the user 1 that the terminal device 10-1 can be used, and makes the function operable.

In step S17, the approval control module 2033 does not approve the use of the terminal device 10-1 by the user 1. The approval control module 2033 transmits a signal not to approve the use to the terminal device 10-1. When the terminal device 10-1 receives the unapproved signal from the server 20, the terminal device 10-1 displays to the user 1 that it cannot be used.

When receiving an approval request from the terminal devices 10-2 and 10-3, the server 20 performs similar approval processing on the received approval request. That is, the server 20 determines whether or not to approve the user's use of the terminal devices 10-2 and 10-3. For example, the terminal device 10-1, which is a smart phone, can capture a higher quality image than the terminal device 10-2, which is a notebook PC. A high-quality image can be rephrased as a high-resolution image, for example. The pixels of the image as the authentication information used when approving the use of the terminal device 10-1 are set higher than the pixels of the image as the authentication information used when approving the use of the terminal device 10-2. may In other words, the image as the authentication information used when approving the use of the terminal device 10-1 is a high-quality image captured by a camera or the like mounted on the smart phone. Also, the image as the authentication information used when approving the use of the terminal device 10-2 is an image of not very high image quality taken by a camera or the like mounted on the notebook PC. In this way, by incorporating the difference in the functions of the cameras installed in the terminal devices 10 into authentication, it is possible to perform highly accurate user authentication for each terminal device used.

(Approval of Service Use)
FIG. 14 is a flow chart showing an example of operation when server 20 shown in FIG. 9 approves use of a service in terminal device 10-2.

First, the user 1 operates the terminal device 10-2 that has become available, for example, to start a predetermined service. The control unit 190 of the terminal device 10-2 causes the presentation control unit 193 to display the first authentication screen on the display 141 in response to the service start instruction from the user 1. FIG. The first authentication screen is a screen for inputting information for identifying the user 1 .

When information for identifying the user 1, for example, a login ID is input to the first authentication screen, the control unit 190 of the terminal device 10-2 refers to the authentication method information 182, and the terminal device 10-2 Reads the type of biometric information that has been set and the order of requested biometric information. In this description, it is assumed that the front face image and the side face image are set in the order of the front face image and the side face image as the type of biometric information and the request order of the biometric information. The presentation control unit 193 causes the display 141 to display the second authentication screen based on the read information. The second authentication screen is a screen for allowing the user 1 to enter biometric information.

When the first type of biometric information is input, the presentation control unit 193 causes the user 1 to input the next type of biometric information.

After acquiring the biometric information specified by the authentication method information 182 , the control unit 190 transmits an approval request from the user 1 and the acquired biometric information (authentication information) to the server 20 . Specifically, for example, when obtaining two types of biometric information, the control unit 190 transmits an approval request, a login ID of user 1, two types of biometric information, and a service ID of service 1 to the server 20. .

In step S<b>21 , the server 20 receives an approval request, authentication information, and the like transmitted from the terminal device 10 . Specifically, the control unit 203 of the server 20 uses the reception control module 2031 to receive the approval request, the login ID of the user 1, two types of biometric information, and the service ID of the service 1 from the terminal device 10-2.

In step S22, the authorization control module 2033 acquires an authentication method for service 1 for which an authorization request is requested. Specifically, for example, the authorization control module 2033 refers to the account information table 2025 and acquires the authentication method associated with the received service ID.

In step S23, the authorization control module 2033 acquires authentication information registered for the user. Specifically, for example, the authorization control module 2033 determines the type of authentication information to be read and the order of reading the authentication information based on the acquired authentication method. The authorization control module 2033 refers to the employee information table 2021 and reads out the determined types of authentication information in the determined order from the received record related to the login ID (employee ID) of user 1 . More specifically, for example, the authorization control module 2033 reads authentication information 1 and authentication information 2 from the employee information table 2021 in this order.

In step S<b>24 , the authorization control module 2033 collates the acquired authentication information with the authentication information acquired from the terminal device 10 . Specifically, for example, the authorization control module 2033 collates the first biometric information as the authentication information transmitted from the terminal device 10-2 with the authentication information 1. FIG. Subsequently, the authorization control module 2033 collates the authentication information 2 with the second biometric information as the authentication information transmitted from the terminal device 10-2.

In step S25, the authorization control module 2033 determines whether the authentication information read from the employee information table 2021 and the authentication information received from the terminal device 10 match. Here, the match may have a predetermined tolerance. If they match, the approval control module 2033 advances the process to step S26. On the other hand, if they do not match, the approval control module 2033 advances the process to step S27.

Specifically, for example, the authorization control module 2033 determines that the first biometric information as the authentication information transmitted from the terminal device 10-2 matches the authentication information 1, and that the authentication information transmitted from the terminal device 10-2 If the second biometric information as the authentication information matches the authentication information 2, it is determined that the authentication information read from the employee information table 2021 and the authentication information received from the terminal device 10 match. do. On the other hand, for example, the authorization control module 2033 receives the first biometric information and authentication information 1 as the authentication information transmitted from the terminal device 10-2, and the second authentication information transmitted from the terminal device 10-2. If at least one of the biometric information and the authentication information 2 does not match, it is determined that the authentication information read from the employee information table 2021 and the authentication information received from the terminal device 10 do not match.

In step S26, the approval control module 2033 approves the use of the service 1 on the terminal device 10-2 of the user 1. Approval control module 2033 transmits a signal to the effect that use is approved to terminal device 10-2. Upon receiving the approval signal from the server 20, the terminal device 10-2 displays to the user 1 that the service 1 can be used, and makes the function operable.

In step S27, the approval control module 2033 does not approve the use of the service 1 on the terminal device 10-2 of the user 1. The approval control module 2033 transmits a signal not to approve the use to the terminal device 10-2. When the terminal device 10-2 receives the unapproved signal from the server 20, the terminal device 10-2 displays to the user 1 that it cannot be used.

As described above, in the above-described embodiment, the control unit 203 of the server 20 uses the reception control module 2031 to receive an approval request requesting approval to use the facility, which is input by the user who intends to use the facility. Receives authentication data for authentication as to whether or not a person can use the facility. In the server 20, the storage unit 202 stores authentication data for approving the use of each of the plurality of users for each of the plurality of facilities. At this time, different authentication data are set for the authentication data of at least one of the facilities. When the control unit 203 receives the approval request and the authentication data, the approval control module 2033 checks the received authentication data against the user's authentication data regarding the facility. The approval control module 2033 approves the user to use the facility when the received authentication data and the user authentication data regarding the facility match, and does not approve the use of the facility when they do not match. As a result, the server 20 can centrally manage the authentication data even if the authentication data differs for each facility and for each user.

Therefore, according to the system according to the present embodiment, equipment can be managed efficiently. In addition, multiple facilities can be managed at a high security level.

In the above embodiment, the authentication data received by the reception control module 2031 includes image data of the user's face. The authentication data stored in the storage unit 202 includes face image data. The authentication data for at least one of the facilities is the authentication data for different facial features. As a result, different facial images are required for each facility, and the security level is improved.

Further, in the above-described embodiment, different face modes include different face orientations, multiple levels of image data, different pixels, or a combination of at least two of these. This increases the variety of face images required for each facility, further improving the security level.

Further, in the above-described embodiment, the difference in facial appearance includes the difference in pixels for each imaging device provided in the facility. This enables authentication that reflects the features of the facility, further improving the security level.

Also, in the above embodiments, the facility is a terminal device. As a result, when using a terminal device such as a smart phone, a notebook PC, a tablet terminal, or an HMD, it is possible to set authentication according to the type of the terminal device, further improving the security level.

Also, in the above embodiments, the facility is a service. As a result, it becomes possible to set authentication according to the type of service such as communication service, financial service, personnel service, etc., further improving the security level.

In the above embodiment, the authentication data received by the reception control module 2031 includes image data of the user's face and other biometric information. The authentication data stored in the storage unit 202 includes face image data and other biometric information. The authentication data of at least one of the facilities is the authentication data in which the aspect of the face or the aspect of the biometric information is different. This increases the variation of authentication data required for each facility, further improving the security level.

In the above embodiment, the authorization control module 2033 determines whether or not the received authentication data matches the user authentication data for the facility based on the matching accuracy set for each facility. . As a result, it becomes possible to switch the accuracy of authentication according to the security level, the type of support, or the like, thereby improving convenience.

<Modification>
In the above embodiment, a case has been described in which images with different image qualities are stored in the authentication information. However, it is not limited to storing images with different image qualities as separate authentication information. For example, the server 20 may store one type of image as the image quality and convert the image quality as necessary.

Specifically, for example, when the terminal device 10, which is a smartphone, requests approval for a terminal or service, the server 20 converts an image read from the authentication information into pixels corresponding to the smartphone. image. Any existing method may be used as the conversion method. A trained model may be used for conversion. Further, for example, when the terminal device 10, which is a notebook PC, requests approval for a terminal or service, the server 20 converts an image read from the authentication information into pixels corresponding to the notebook PC. Convert to image. In this way, by converting into an image compatible with the terminal device 10 and using it for authentication, it is possible to reduce the number of images stored in the storage unit 202 .

A trained model is, for example, a model for converting an image into an image of corresponding image quality. The trained model is stored in advance when the server 20 provides the service. A trained model is generated by causing a machine learning model to perform machine learning according to a model learning program. A trained model is, for example, a parameterized synthetic function obtained by synthesizing a plurality of functions. A parameterized composite function is defined by a combination of multiple adjustable functions and parameters. A trained model according to this embodiment may be any parameterized composite function that satisfies the above requirements.

For example, if the trained model is generated using a forward propagation multi-layered network, the parameterized combination function can be, for example, a linear relationship between each layer using a weight matrix, a nonlinear relationship using an activation function in each layer (or linear relationship), and a combination of biases. Weighting matrices and biases are called parameters of the multilayered network. A parameterized composite function changes its form as a function depending on how the parameters are chosen. In a multi-layered network, by appropriately setting the constituent parameters, it is possible to define a function capable of outputting favorable results from the output layer.

As the multi-layered network according to the present embodiment, for example, a deep neural network (DNN), which is a multi-layered neural network targeted for deep learning, can be used. As the DNN, for example, a convolution neural network (CNN) targeting images may be used.

A trained model is trained, for example, to output a predetermined response to an input answer. At this time, the learning data for training the learned model uses, for example, images with a plurality of types of image quality as input data and an image with a preset image quality as correct output data.

Further, in the above embodiment, when approving the use of the terminal device 10, it is not determined whether or not the user and the terminal device 10 are associated. However, the server 20 may determine whether the user and the terminal device 10 are associated. Specifically, for example, when the approval control module 2033 receives an approval request sent from the terminal device 10, a user's login ID (employee ID), authentication information (biometric information), and the device ID of the terminal device 10, By referring to the registration information table 2023, it is determined whether the login ID is associated with the device ID. If so, the approval control module 2033 carries out the process of step S12. If not associated, the approval control module 2033 transmits to the terminal device 10 that it does not approve. As a result, approval requests from users who are not associated with the terminal device 10 are excluded, thereby further improving the security level.

Further, in the above embodiment, when approving use of the service, it is not determined whether the user has an account for the service in advance. However, the server 20 may determine whether it has user and service accounts. Specifically, for example, when the approval control module 2033 receives an approval request, a user's login ID (employee ID), authentication information (biometric information), and a service ID transmitted from the terminal device 10, the account information By referring to the table 2025, it is determined whether the login ID is associated with the service ID. If so, the approval control module 2033 carries out the process of step S22. If not associated, the approval control module 2033 transmits to the terminal device 10 that it does not approve. As a result, approval requests from users who do not have service accounts are excluded, and the security level is further improved.

Further, in the above-described embodiment, an example of approval when using the terminal device 10 and when using a service has been described. Use of the terminal device 10 and use of services are examples of use of facilities. The use of facilities includes, for example, entering and exiting a predetermined area. At this time, for example, the server 20 registers different authentication methods for opening/closing gate 1 and opening/closing gate 2 in an entrance/exit management system or the like. In other words, gate 1 and gate 2 require different authentication information to open the gate. In addition, the use of equipment includes, for example, the release of restrictions on the operation of equipment. At this time, for example, the server 20 registers different authentication methods for releasing the operation restriction of the device 1 and releasing the operation restriction of the device 2 in the device operation system or the like. In other words, the device 1 and the device 2 have different authentication information required to release the operation restriction. Further, the server 20 registers different authentication methods for releasing the driving restriction of the vehicle 1 and releasing the driving restriction of the vehicle 2, for example, in a vehicle driving system such as an automobile. In other words, the vehicle 1 and the vehicle 2 have different authentication information required to release the driving restriction. Also, the use of facilities may include, for example, the use of predetermined fixtures.

<4 Basic hardware configuration of computer>
FIG. 15 is a block diagram showing the basic hardware configuration of computer 90. As shown in FIG. The computer 90 includes at least a processor 91, a main storage device 92, an auxiliary storage device 93, and a communication IF 99 (interface). These are electrically connected to each other by a bus.

The processor 91 is hardware for executing an instruction set described in a program. The processor 91 is composed of an arithmetic unit, registers, peripheral circuits, and the like.

The main storage device 92 is for temporarily storing programs and data processed by the programs. For example, it is a volatile memory such as a DRAM (Dynamic Random Access Memory).

The auxiliary storage device 93 is a storage device for storing data and programs. For example, flash memory, HDD (Hard Disc Drive), magneto-optical disk, CD-ROM, DVD-ROM, semiconductor memory, and the like.

The communication IF 99 is an interface for inputting/outputting signals for communicating with other computers via a network using a wired or wireless communication standard.
The network is composed of various mobile communication systems constructed by the Internet, LAN, wireless base stations, and the like. For example, networks include 3G, 4G, and 5G mobile communication systems, LTE (Long Term Evolution), wireless networks (for example, Wi-Fi (registered trademark)) that can be connected to the Internet through predetermined access points, and the like. When connecting wirelessly, communication protocols include, for example, Z-Wave (registered trademark), ZigBee (registered trademark), Bluetooth (registered trademark), and the like. In the case of wired connection, the network includes direct connection using a USB (Universal Serial Bus) cable or the like.

It should be noted that the computer 90 can be virtually realized by distributing all or part of each hardware configuration to a plurality of computers 90 and connecting them to each other via a network. Thus, the computer 90 is a concept that includes not only the computer 90 housed in a single housing or case, but also a virtualized computer system.

<Basic Functional Configuration of Computer 90>
A functional configuration of the computer realized by the basic hardware configuration of the computer 90 shown in FIG. 15 will be described. The computer includes at least functional units of a control section, a storage section, and a communication section.

Note that the functional units included in the computer 90 can also be implemented by distributing all or part of each functional unit to a plurality of computers 90 interconnected via a network. The computer 90 is a concept that includes not only a single computer 90 but also a virtualized computer system.

The control unit is implemented by the processor 91 reading various programs stored in the auxiliary storage device 93, developing them in the main storage device 92, and executing processing according to the programs. The control unit can implement functional units that perform various information processing according to the type of program. Thereby, the computer is implemented as an information processing device that performs information processing.

A storage unit is realized by the main storage device 92 and the auxiliary storage device 93 . The storage unit stores data, various programs, and various databases. Further, the processor 91 can secure a storage area corresponding to the storage unit in the main storage device 92 or the auxiliary storage device 93 according to the program. In addition, the control unit can cause the processor 91 to execute addition, update, and deletion processing of data stored in the storage unit according to various programs.

A database refers to a relational database, and is for managing data sets called tables in tabular form, which are structurally defined by rows and columns, in association with each other. In a database, a table is called a table, columns of a table are called columns, and rows of a table are called records. Relational databases allow you to establish and associate relationships between tables.
Each table usually has a key column that uniquely identifies a record, but setting a key to the column is not essential. The control unit can cause the processor 91 to add, delete, and update records in a specific table stored in the storage unit according to various programs.

A communication unit is realized by the communication IF 99 . The communication unit implements a function of communicating with another computer 90 via a network. The communication section can receive information transmitted from another computer 90 and input it to the control section. The control unit can cause the processor 91 to execute information processing on the received information according to various programs. Also, the communication section can transmit information output from the control section to another computer 90 .

Although several embodiments of the present disclosure have been described above, these embodiments can be implemented in various other forms, and various omissions, replacements, and modifications are possible without departing from the spirit of the invention. It can be performed. These embodiments and their modifications are intended to be included in the invention described in the claims and their equivalents as well as included in the scope and gist of the invention.

<Appendix>
The items described in the above embodiments will be added below.
(Appendix 1)
A program to be executed by a computer comprising a processor and a memory. At least one of: a step of receiving authentication data for receiving authentication as to whether or not a person can use the facility; Different authentication data are set for the authentication data of the equipment, and when receiving the approval request and the authentication data, comparing the received authentication data with the user authentication data about the equipment; A program for executing a step of authorizing the use of the facility to the user if the received authentication data and the user's authentication data about the facility match, and disapproving the use if they do not match.
(Appendix 2)
In the receiving step, the authentication data includes image data of the face of the user, and in the matching step, the authentication data includes image data of the face, and the authentication data of at least one of the facilities includes the face. The program according to (Appendix 1), which is authentication data in which the aspect of is different.
(Appendix 3)
In the collating step, different facial aspects include different face orientations, multiple levels of image data, different pixels, or a combination of at least two of these (Appendix 2). program.
(Appendix 4)
The program according to (Appendix 2), wherein, in the matching step, the difference in face aspect includes a difference in pixels for each imaging device provided in the facility.
(Appendix 5)
The program according to (Appendix 4), wherein in the matching step, image data with different pixels is created using a trained model.
(Appendix 6)
The program according to any one of (Appendix 1) to (Appendix 5), wherein the equipment is a terminal device.
(Appendix 7)
In the step of collating, if there is a terminal device associated with the user in advance and the user who requested authorization is not associated with the terminal device that is requested to use, the authentication data and the data for authentication are collated. is not implemented (Appendix 6).
(Appendix 8)
The program according to any one of (Appendix 1) to (Appendix 5), wherein the facility is a service.
(Appendix 9)
In the matching step, if there is a service associated with the user in advance and the user who requested authorization is not associated with the service that the user is requested to use, the authentication data and the data for authentication are compared. The program according to (Appendix 8).
(Appendix 10)
In the receiving step, the authentication data includes image data of the user's face and other biometric information, and in the matching step, the authentication data includes image data of the user's face and other biometric information. The program according to any one of (Appendix 1) to (Appendix 9), wherein the authentication data for at least one of the facilities is authentication data with a different face mode or biometric information mode.
(Appendix 11)
Any one of (Appendix 1) to (Appendix 10) in which, in the matching step, it is determined whether or not the received authentication data and the user authentication data for the facility match with an accuracy set for each facility program described in .
(Appendix 12)
A computer-implemented method comprising a processor and a memory, wherein the processor receives an authorization request from a user seeking to use the facility, requesting authorization to use the facility, and enabling the user to use the facility. and authentication data for approving the use of each of a plurality of users for each of a plurality of facilities, wherein at least one of the facilities is authenticated. Different authentication data are set for each of the data for authentication, and when the approval request and the authentication data are received, a step of comparing the accepted authentication data with the authentication data of the user regarding the facility; and authorizing the user to use the facility if there is a match with the user's authentication data for the facility, and disallowing the user to use the facility if they do not match.
(Appendix 13)
An information processing apparatus comprising a control unit and a storage unit, wherein the control unit receives an approval request for requesting approval to use the facility, which is input by a user who intends to use the facility, and allows the user to use the facility. and authentication data for approving the use of each of a plurality of users for each of a plurality of facilities, wherein at least one of the facilities is authenticated. Different authentication data are set for each of the data for authentication, and when the approval request and the authentication data are received, a step of comparing the accepted authentication data with the authentication data of the user regarding the facility; and a step of authorizing the use of the equipment to the user if the data for user authentication about the equipment matches, and not authorizing the use of the equipment if they do not match.
(Appendix 14)
a means for receiving an approval request for requesting approval to use the facility, input from a user who intends to use the facility, and authentication data for receiving authentication as to whether the user is a person who can use the facility; authentication data for approving the use of each of a plurality of users for each facility, and different authentication data is set for at least one of the facilities, and an authorization request and authentication data is received, the means for collating the received authentication data with the user authentication data about the equipment, and if the received authentication data and the user authentication data about the equipment match, the user and means for authorizing use of the facility and, in the case of disagreement, disapproving the use.

1... System 10... Terminal device 12... Communication IF
DESCRIPTION OF SYMBOLS 120... Communication part 13... Input device 131... Touch sensitive device 14... Output device 141... Display 15... Memory 150... Position information sensor 16... Storage 160... Camera 17... Sound processing part 171... Microphone 172... Speaker 180... Storage Unit 19... Processor 190... Control unit 20... Server

Claims (13)

A program to be executed by a computer comprising a processor and a memory, the program comprising:
a step of receiving an approval request for requesting approval to use the facility, input from a user who intends to use the facility, and authentication data for obtaining authentication as to whether the user is authorized to use the facility; When,
authentication data for approving the use of each of a plurality of users for each of a plurality of facilities, wherein different authentication data is set for at least one of the facilities, and the approval request; upon receiving the authentication data, comparing the received authentication data with authentication data of the user for the equipment;
If the received authentication data matches the authentication data of the user regarding the facility, the user is authorized to use the facility, and if they do not match, the user is not authorized to use the facility. ,
In the receiving step, the authentication data includes image data of the face of the user,
In the matching step, the authentication data includes face image data, and the authentication data of at least one facility has different pixels in the image data depending on the imaging device provided in the facility, A program, wherein the image data with different pixels is created using a trained model. A program to be executed by a computer comprising a processor and a memory, the program comprising:
An approval request for requesting approval to use the terminal device, which is input by a user who intends to use the terminal device, and authentication data for receiving authentication as to whether the user is authorized to use the terminal device. a step of receiving
authentication data for approving use by each of a plurality of users for each of a plurality of terminal devices, wherein different authentication data is set for at least one of the terminal devices; and, when receiving the authentication data, comparing the received authentication data with authentication data of the user for the terminal device;
a step of authorizing the user to use the terminal device if the received authentication data and the authentication data of the user regarding the terminal device match; let it run,
In the collating step, if there is a terminal device associated with the user in advance and the user who requested authorization is not associated with the terminal device that is requested to use, the authentication data and the data for authentication A program that does not perform matching. A program to be executed by a computer comprising a processor and a memory, the program comprising:
a step of receiving an approval request for requesting approval to use the service, input from a user who intends to use the service, and authentication data for obtaining authentication as to whether the user can use the service; When,
authentication data for approving the use of each of a plurality of users for each of a plurality of services, wherein different authentication data is set for at least one of the services, wherein the approval request; upon receiving the authentication data, comparing the received authentication data with authentication data of the user for the service;
a step of approving the user to use the service if the received authentication data and the authentication data of the user regarding the service match, and disapproving the use of the service if they do not match; ,
In the matching step, if there is a service associated with the user in advance and the user who requested the authorization is not associated with the service that the user is requested to use, the authentication data and the authentication data are matched. Not implemented, program. A program to be executed by a computer comprising a processor and a memory, the program comprising:
a step of receiving an approval request for requesting approval to use the facility, input from a user who intends to use the facility, and authentication data for obtaining authentication as to whether the user is authorized to use the facility; When,
Authentication data for approving the use of each of a plurality of users for each of a plurality of facilities, wherein authentication data for at least one of the facilities is set with different authentication data according to the security level of the facility. and when receiving the approval request and the authentication data, comparing the received authentication data with the authentication data of the user regarding the equipment;
If the received authentication data and the authentication data of the user about the facility match, the user is authorized to use the facility, and if they do not match, the user is not authorized to use the facility. program. In the receiving step, the authentication data includes image data of the face of the user,
5. Any one of claims 2 to 4, wherein in said matching step, said authentication data includes face image data, and authentication data for at least one facility is authentication data with a different facial aspect. program described in . 6. The method according to claim 5, wherein in said collating step, different facial aspects include different face orientations, image data of multiple stages, different pixels, or a combination of at least two of these. program. 6. The program according to claim 5, wherein in said collating step, the difference in face aspect includes a difference in pixels for each imaging device provided in the facility. 8. The program according to claim 7, wherein in said matching step, image data with different pixels are created using a trained model. In the receiving step, the authentication data includes image data of the user's face and other biometric information,
In the matching step, the authentication data includes face image data and other biometric information, and the authentication data of at least one of the facilities differs in the aspect of the face or the aspect of the biometric information. 9. The program according to any one of claims 1 to 8, which is authentication data. 5. The method according to claim 1 or 4, wherein, in said collating step, it is determined whether or not said authentication data received matches said authentication data of said user regarding said facility with an accuracy set for each facility. program as described. 11. A computer-implemented method comprising a processor and a memory, said processor performing all the steps of any of the inventions according to claims 1-10. An information processing apparatus comprising a control section and a storage section, wherein the control section executes all the steps of any one of the inventions according to claims 1 to 10. A system comprising means for executing all the steps of any one of the inventions according to claims 1 to 10.

Images