JP7248184B2 - Server, system, method and program - Google Patents

Description

The present invention relates to an authentication server, an authentication system, an authentication server control method, and a storage medium.

In recent years, various services using biometric information have started to spread. For example, face recognition is used for various procedures (check-in, baggage check-in, etc.) performed at airports, hotel check-ins, and the like.

Services that use facial recognition are processed in the following flow. First, a terminal (a terminal installed at an airport or hotel) acquires a facial image of a customer and generates a feature amount (feature vector) that characterizes the facial image. The generated feature amount is transmitted to a server on the network.

The server has a database that stores biometric information and personal information (name, address, etc.) of users who receive services based on face authentication. When the server acquires a verification request from the terminal, the server searches (verifies) the database and specifies biometric information and personal information corresponding to the verification request from the terminal. The server transmits the specified personal information to the terminal, and the terminal installed at the airport or the like performs business based on the obtained personal information.

For example, Patent Literature 1 discloses a private lodging management server that, in a private lodging service system, verifies the identity of a lodger using a personal image captured by a mobile terminal and unlocks a room.

JP 2018-101235 A

In the configuration illustrated in FIG. 2 of Patent Literature 1, personal information is managed in association with biometric information in a server that performs authentication based on biometric information. In such a configuration, if information leaks from the database of the server, a serious problem may occur. In particular, biometric information such as face images, fingerprint images, vein patterns, etc., is information that remains unchanged throughout life and cannot be changed even if information leakage occurs. Leakage of such a set of biometric information and personal information to a third party may cause an irreversible situation.

As a countermeasure against the above information leakage, it is conceivable to encrypt personal information and the like. However, if a key for decrypting a ciphertext is stored in the same server, it is conceivable that the key may be leaked at the same time, and this cannot be a fundamental solution.

A main object of the present invention is to provide an authentication server, an authentication system, an authentication server control method, and a storage medium that enable authentication based on biometric information to be performed with greater peace of mind.

According to a first aspect of the present invention, a user registration unit acquires a first ID that uniquely defines a user in a system and first biometric information used for authentication of the user; a service registration unit that processes a service registration request including the first ID and a second ID that identifies the service provider, transmitted from the service provider of the service that the user desires to use; a storage unit; wherein the service registration unit generates a third ID that is uniquely determined by the combination of the user and the service provider, and transmits the third ID to the service provider; , an authentication server that associates and stores the first biometric information, the first ID, the second ID, and the third ID.

According to a second aspect of the present invention, a user registration unit acquires a first ID that uniquely defines a user in a system and first biometric information used for authentication of the user; a service registration unit for processing a service registration request including said first ID and a second ID for identifying said service provider, transmitted from a service provider of a service that said service provider wishes to use; and the service registration unit generates a third ID that is uniquely determined by the combination of the user and the service provider, and transmits the third ID to the service provider, A first storage unit stores the first biometric information, the first ID, the second ID, and the third ID in association with each other, an authentication server; a personal information acquisition unit that acquires an ID and personal information of the user; a service registration request unit that acquires the third ID by transmitting the service registration request to the authentication server; and the user and a management server that stores the personal information of the third ID in association with the third ID.

According to a third aspect of the present invention, the authentication server acquires a first ID that uniquely defines a user in the system and first biometric information used for authentication of the user, receive a service registration request including the first ID and a second ID that identifies the service provider, transmitted from the service provider of the service that desires the service, and the combination of the user and the service provider generating a uniquely determined third ID, transmitting the third ID to the service provider, and transmitting the first biometric information, the first ID, the second ID and the third ID; A control method for an authentication server is provided, which is associated and stored.

According to a fourth aspect of the present invention, a computer installed in an authentication server acquires a first ID that uniquely defines a user in the system and first biometric information used for authentication of the user. a process of receiving a service registration request including the first ID and a second ID that identifies the service provider transmitted from the service provider of the service that the user desires to use; a process of generating a third ID uniquely determined by the combination of the person and the service provider; a process of transmitting the third ID to the service provider; the first biometric information; , a process of correlating and storing the second ID and the third ID, and a computer-readable storage medium for storing a program for executing .

According to each aspect of the present invention, there are provided an authentication server, an authentication system, an authentication server control method, and a storage medium that enable authentication using biometric information with greater peace of mind. In addition, the effect of this invention is not limited above. Other effects may be achieved by the present invention instead of or in addition to this effect.

1 is a diagram for explaining an overview of an embodiment; FIG. It is a figure showing an example of a schematic structure of an authentication system concerning a 1st embodiment. FIG. 4 is a diagram for explaining operations in a user registration phase of the authentication system according to the first embodiment; FIG. FIG. 4 is a diagram for explaining the operation in the service registration phase of the authentication system according to the first embodiment; FIG. FIG. 4 is a diagram for explaining the operation in the service provision phase of the authentication system according to the first embodiment; FIG. It is a figure showing an example of processing composition of an authentication server concerning a 1st embodiment. 4 is a diagram for explaining the operation of a user registration unit of the authentication server according to the first embodiment; FIG. 4 is a diagram for explaining the operation of a user registration unit of the authentication server according to the first embodiment; FIG. It is a figure which shows an example of an authentication information database. It is a figure which shows an example of an authentication information database. It is a figure which shows an example of an authentication information database. It is a figure showing an example of processing composition of a management server concerning a 1st embodiment. FIG. 4 is a diagram for explaining the operation of a personal information acquisition unit of the management server according to the first embodiment; FIG. It is a figure which shows an example of a user information database. It is a figure which shows an example of the processing structure of the authentication terminal which concerns on 1st Embodiment. FIG. 4 is a sequence diagram showing an example of operations related to a service registration phase of the authentication system according to the first embodiment; FIG. 4 is a sequence diagram showing an example of operations related to a service provision phase of the authentication system according to the first embodiment; FIG. 11 is a diagram for explaining the operation in the service registration phase of the authentication system according to the second embodiment; FIG. 11 is a diagram for explaining the operation in the service provision phase of the authentication system according to the second embodiment; It is a figure which shows an example of an authentication information database. FIG. 12 is a diagram for explaining the operation in the service registration phase of the authentication system according to the third embodiment; FIG. 13 is a diagram for explaining the operation in the service provision phase of the authentication system according to the third embodiment; It is a figure which shows an example of a user information database. It is a figure which shows an example of an authentication information database. It is a figure which shows an example of the hardware constitutions of an authentication server.

First, an overview of one embodiment will be described. It should be noted that the drawing reference numerals added to this outline are added to each element for convenience as an example to aid understanding, and the description of this outline does not intend any limitation. Also, unless otherwise specified, the blocks shown in each drawing represent the configuration of each function rather than the configuration of each hardware unit. Connecting lines between blocks in each figure include both bi-directional and uni-directional. The unidirectional arrows schematically show the flow of main signals (data) and do not exclude bidirectionality. In addition, in the present specification and drawings, elements that can be described in the same manner can be omitted from redundant description by assigning the same reference numerals.

The authentication server 100 according to one embodiment includes a user registration unit 101, a service registration unit 102, and a storage unit 103 (see FIG. 1). The user registration unit 101 acquires a first ID that uniquely defines a user in the system and first biometric information used for user authentication. The service registration unit 102 processes a service registration request including a first ID and a second ID for identifying the service provider, transmitted from the service provider of the service that the user desires to use. The service registration unit 102 generates a third ID that is uniquely determined by the combination of the user and the service provider, and transmits the third ID to the service provider. The storage unit 103 associates and stores the first biometric information, the first ID, the second ID, and the third ID.

The storage unit 103 of the authentication server 100 stores the user's biometric information and various IDs, but does not store the user's personal information (for example, name). Therefore, even if information leakage occurs from the authentication server 100, the personal information associated with the biometric information will not be known to a third party. can use the authentication by the authentication server 100 with more peace of mind. The service provider associates and stores the personal information of the user and the third ID, so that the personal information necessary for providing the service can be obtained from the third ID obtained from the authentication server 100. can be done.

Specific embodiments will be described in more detail below with reference to the drawings.

[First embodiment]
The first embodiment will be described in more detail with reference to the drawings.

[System configuration]
FIG. 2 is a diagram showing an example of a schematic configuration of an authentication system according to the first embodiment. As shown in FIG. 2, the authentication system includes an authentication center and multiple service providers.

Each service provider participating in the authentication system provides services using biometric authentication. Examples of services provided by service providers include payment services at retail stores and lodging services at hotels and the like. Alternatively, the service provided by the service provider may be immigration control or the like at an airport or port. The service provider disclosed in the present application should be able to provide any service that can be provided using biometric authentication.

An authentication server 10 is installed in the authentication center. The authentication server 10 operates as an authentication authority for authentication using biometric information. The authentication server 10 may be a server installed on the premises of the authentication center, or may be a server installed on the cloud.

The biometric information of the user includes, for example, data (feature amounts) calculated from physical features unique to an individual, such as face, fingerprint, voiceprint, vein, retina, and iris pattern of the pupil. be. Alternatively, the user's biometric information may be image data such as a face image or a fingerprint image. A user's biometric information should just contain a user's physical characteristic as information.

The authentication server 10 is a server device for realizing services based on biometric authentication. The authentication server 10 processes the "authentication request" sent from each service provider, and sends the result of authentication processing to the service provider.

Each service provider has a management server and an authentication terminal.

For example, a management server 20 and a plurality of authentication terminals 30 are installed in the service provider S1. A management server 20 and a plurality of authentication terminals 31 are installed in the service provider S2.

In the following description, when it is necessary to distinguish each component, the code on the right side of the hyphen is used. Since the operation of each device included in service provider S1 and service provider S2 can be the same, the following description will focus on service provider S1.

Each device shown in FIG. 2 is interconnected. For example, the authentication server 10 and the management server 20 are connected by wired or wireless communication means, and are configured to be able to communicate with each other.

The management server 20 is a server that controls and manages the overall business of the service provider. For example, if the service provider is a retail store, the management server 20 manages inventory of products. Alternatively, if the service provider is a hotel operator, the management server 20 manages reservation information of guests.

The management server 20 has control functions and management functions related to biometric authentication of users in addition to functions related to the provision of the above services.

The authentication terminal 30 is a device that serves as an interface for a user (customer) who visits the service provider. A user receives various services through the authentication terminal 30 . For example, when the service provider is a retail store, the user uses the authentication terminal 30 to make a payment. Alternatively, if the service provider is a hotel operator, the user uses the authentication terminal 30 to perform check-in procedures.

FIG. 2 is an example, and is not meant to limit the configuration of the authentication system disclosed in the present application. For example, an authentication center may include two or more authentication servers 10 . Alternatively, the service provider may include at least one or more authentication terminals 30 . Alternatively, the functions of the management server 20 and the authentication terminal 30 may be integrated, and a service using biometric authentication may be provided by one unit of the integrated device. Alternatively, each service provider may have a plurality of authentication terminals 30 connected to one management server 20 as shown in FIG. may have been

[Overview of system operation]
Next, a schematic operation of the authentication system according to the first embodiment will be described.

Operation of the authentication system includes three phases.

The first phase is a phase in which a user is registered with the system (user registration phase).

The second phase is a service registration phase (service registration phase).

The third phase is a phase (service provision phase) in which a service using biometric authentication is provided to the user.

[User registration phase]
FIG. 3 is a diagram for explaining the operation in the user registration phase of the authentication system according to the first embodiment.

Users who wish to receive services using biometric authentication must register as users in advance. The user determines information (user ID (Identifier), password (PW: Pass Word)) for identifying the user himself/herself in the authentication system, and registers it in the system. In the drawings including FIG. 3, the user ID is written as "uID".

Also, the user registers his/her own biometric information (eg, face image) in the system. The user registers the above three pieces of information (user ID, password, biometric information) in the system using any means. For example, the user may mail a document containing the above three pieces of information to the authentication center, and an employee of the authentication center may input the above three pieces of information into the authentication server 10 . Alternatively, the user may mail an external storage device such as a USB (Universal Serial Bus) storing the above three pieces of information to the authentication center.

Alternatively, the user may operate the owned terminal 40 to input his or her own face image, user ID, and password into the authentication server 10 . Examples of the terminal 40 include mobile terminal devices such as smartphones, mobile phones, game machines, and tablets, and computers (personal computers, notebook computers).

The authentication server 10 generates a feature amount (a feature vector consisting of a plurality of feature amounts) from the acquired face image, and stores the feature amount, the user ID, and the password in association with each other. Specifically, the authentication server 10 adds a new entry to the authentication information database, and associates and stores the above three pieces of information.

Thus, in the user registration phase, a first ID (for example, user ID) that uniquely defines a user in the system and first biometric information used for user authentication are registered in the system. In the first embodiment, an example of using a user ID and a password as identifiers (first IDs) that uniquely identify system users will be described. It is also possible to use a user ID as (first ID).

[Service registration phase]
FIG. 4 is a diagram for explaining the operation in the service registration phase of the authentication system according to the first embodiment.

After completing user registration, the user selects a service provider from whom he wishes to receive services through biometric authentication, and registers the selected service provider in the system. For example, in FIG. 2, when a user wishes to receive a service from service provider S1, service provider S1 is registered in the system.

The user registers personal information (eg, name, etc.) required to receive services from the selected service provider in the system. Name, age, sex and the like are exemplified as the personal information. In addition to the personal information, the user registers the user ID and password determined in the user registration phase in the system.

In the disclosure of the present application, personal information is defined as information that does not include the biometric information of the user (person to be authenticated). That is, the biometric information and the feature amount generated from the biometric information are excluded from the "personal information" disclosed in the present application.

The user inputs the above three pieces of information (personal information, user ID, password) to the service provider using any means. For example, the user mails a medium (paper medium, electronic medium) containing the above three pieces of information to the selected service provider. An employee of the service provider inputs the above three pieces of information into the management server 20 . The user may input the above three pieces of information to the management server 20 by operating the authentication terminal 30 installed at the service provider.

Alternatively, as shown in FIG. 4, the user may operate the terminal 40 to input the above three pieces of information to the management server 20. FIG. In this case, the user inputs the above three pieces of information on a web page managed and operated by the service provider.

When the management server 20 acquires the above three pieces of information (personal information, user ID, and password), it transmits a “service registration request” to the authentication server 10 . Specifically, the management server 20 transmits a service registration request including the service provider ID, user ID and password to the authentication server 10 .

The service provider ID is identification information for uniquely identifying a service provider included in the authentication system (such as a retail store participating in an authentication platform that uses biometric authentication). In the example of FIG. 2, different service provider IDs are assigned to service providers S1 and S2.

Note that the service provider ID is an ID assigned to each service provider, not an ID assigned to each service. For example, in FIG. 2, even if service providers S1 and S2 provide the same type of service (for example, lodging service), different IDs are assigned to these service providers if they are managed by different entities. .

The authentication server 10 and management server 20 share the service provider ID by any method. For example, when a service provider participates in the authentication infrastructure, the authentication server 10 may generate a service provider ID and distribute (notify) the generated servicer ID to the service provider. In the drawings including FIG. 4, the service provider ID is written as "spID".

Upon receiving the service registration request, the authentication server 10 searches the authentication information database using the user ID and password included in the request as keys to identify the corresponding user. After that, the authentication server 10 generates a "service user ID".

The service user ID is identification information that uniquely determines the correspondence (combination) between the user and the service provider. For example, in the example of FIG. 2, different values are set for the service user ID determined by the combination of user U1 and service provider S1 and the service user ID determined by the combination of user U1 and service provider S2. .

The authentication server 10 associates and stores the user ID, password, feature amount, service provider ID, and the generated service user ID. In the drawings including FIG. 4, the service user ID is written as "suID".

The authentication server 10 transmits the generated service user ID to the sender of the service registration request. The authentication server 10 transmits a response including the service user ID to the management server 20, and issues the service user ID.

The management server 20 associates and stores the service user ID acquired from the authentication server 10 and the user's personal information. The management server 20 adds a new entry to the user information database and stores the above information (personal information, service user ID).

The user repeats the above registration operation for each service provider from whom he/she wishes to receive services using biometric authentication. In other words, the user does not need to register for use with service providers that do not need to provide services.

In this way, in the service registration phase, a service registration including a first ID (for example, user ID) and a second ID (for example, service provider ID) is received from the service provider of the service that the user wishes to use. A request is sent to the authentication server 10 . When processing the service registration request, the authentication server 10 generates a third ID (for example, service user ID) that is uniquely determined by the combination of the user and the service provider. The authentication server 10 transmits the third ID to the service provider. The service provider (management server 20) associates and stores the user's personal information and the third ID.

[Service provision phase]
FIG. 5 is a diagram for explaining the operation in the service provision phase of the authentication system according to the first embodiment.

After completing service registration (service registration phase), the user visits the service provider. The user moves in front of the authentication terminal 30 .

The authentication terminal 30 acquires biometric information from the user in front of it. Specifically, the authentication terminal 30 takes an image of the user and acquires the face image. The authentication terminal 30 transmits the acquired face image to the management server 20 .

The management server 20 generates a feature amount from the acquired face image. The management server 20 transmits to the authentication server 10 an authentication request including the generated feature quantity and service provider ID.

The authentication server 10 extracts the feature amount from the authentication request, and executes matching processing (one-to-N matching; N is a positive integer, the same shall apply hereinafter) using the extracted feature amount and the feature amount registered in the authentication information database. do.

The authentication server 10 identifies a user by collation processing, and identifies a service user ID corresponding to the service provider ID included in the authentication request, among a plurality of service user IDs associated with the identified user. .

The authentication server 10 transmits the specified service user ID to the sender of the authentication request. The authentication server 10 transmits a response (response to the authentication request) including the identified service user ID to the management server 20 .

The management server 20 searches the user information database using the acquired service user ID as a key, and identifies personal information corresponding to the service user ID. The service provider (management server 20, authentication terminal 30) provides the user with services (for example, payment settlement, check-in procedures, etc.) based on the identified personal information.

Thus, in the service provision phase, the authentication server 10 receives an authentication request containing the second biometric information of the user and the second ID (service provider ID) from the service provider. The authentication server 10 identifies a third ID (service user ID) using the first and second biometric information and the second ID. The authentication server 10 transmits the specified third ID to the service provider. When providing services to the user, the management server 20 identifies the user's personal information using the third ID obtained by transmitting the authentication request to the authentication server 10 . Service providers use the identified personal information to provide services to users.

Next, details of each device included in the authentication system according to the first embodiment will be described.

[Authentication Server]
FIG. 6 is a diagram showing an example of a processing configuration (processing modules) of the authentication server 10 according to the first embodiment. Referring to FIG. 6, the authentication server 10 includes a communication control unit 201, a user registration unit 202, a database management unit 203, a service registration unit 204, an authentication unit 205, and a storage unit 206.

The communication control unit 201 is means for controlling communication with other devices. Specifically, the communication control unit 201 receives data (packets) from the management server 20 . Also, the communication control unit 201 transmits data to the management server 20 . The communication control unit 201 transfers data received from other devices to other processing modules. The communication control unit 201 transmits data acquired from other processing modules to other devices. In this manner, other processing modules transmit and receive data to and from other devices via the communication control unit 201 .

The user registration unit 202 is means for implementing the user registration described above. The user registration unit 202 acquires user IDs, passwords, and biometric information (face images) of users (users who wish to receive services using biometric authentication; system users).

The user registration unit 202 acquires the above three pieces of information (user ID, password, biometric information) using arbitrary means. For example, the user registration unit 202 displays on the terminal 40 a GUI (Graphical User Interface) and an input form for determining a user ID and password. For example, the user registration unit 202 displays a GUI as shown in FIG. 7 on the terminal 40. FIG.

The user registration unit 202 verifies that the user ID and password obtained from the GUI or the like do not overlap with already registered user IDs and passwords. If the duplication does not occur, the user registration unit 202 displays a GUI for acquiring the user's biometric information on the terminal 40 .

For example, the user registration unit 202 displays a GUI as shown in FIG. 8 on the terminal 40. FIG. For example, the user presses the "select file" button shown in FIG. 8 and designates the image data of the face image to be registered in the system. The designated face image is displayed in the preview area (displayed as the selected face image in FIG. 8). When registering the previewed face image, the user presses the "determine" button.

For example, when the user registration unit 202 acquires a user ID, a password, and biometric information (face image) through a GUI as shown in FIGS. to generate

Specifically, the user registration unit 202 extracts feature points from the acquired face image. Since the existing technology can be used for the feature point extraction processing, detailed description thereof will be omitted. For example, the user registration unit 202 extracts the eyes, nose, mouth, etc. from the face image as feature points. After that, the user registration unit 202 calculates the position of each feature point and the distance between each feature point as a feature amount, and generates a feature vector (vector information that characterizes the face image) composed of a plurality of feature amounts.

The user registration unit 202 hands over the user ID, password, and feature amount generated above to the database management unit 203 .

A database management unit 203 is means for managing an authentication information database. The authentication information database contains information that identifies system users (user IDs and passwords), biometric information (characteristics) of the users, service provider IDs that identify service providers, and services that identify users in each service. A user ID is associated and stored.

When the database management unit 203 acquires the above three pieces of information (user ID, password, feature amount) from the user registration unit 202, it adds a new entry to the authentication information database. For example, when acquiring the above three pieces of information about user U1, the database management unit 203 adds the entry shown at the bottom of FIG. At the stage of user registration, the service provider ID and service user ID are not generated, so nothing is set in these fields.

The service registration unit 204 is means for realizing individual service registration by system users. The service registration unit 204 processes a service registration request obtained from the management server 20 of the service provider.

The service registration unit 204 searches the authentication information database using the user ID and password included in the acquired service registration request as keys. The service registration unit 204 confirms the service provider ID field of the identified user (user identified from the set of user ID and password).

The service registration unit 204 determines whether or not the service provider ID included in the service registration request obtained from the management server 20 is set in the service provider ID field. If the service provider ID acquired from the management server 20 has already been registered in the database, the service registration unit 204 notifies the management server 20 to that effect. In this case, the service (service provider) that the user intends to register is already registered in the authentication information database, so the service registration unit 204 transmits a "negative response" as a response to the service registration request.

On the other hand, if the service provider ID included in the service registration request is not set in the service provider ID field of the specified user, the service registration unit 204 registers the service corresponding to the user and the service provider. Generate a user ID.

As described above, the service user ID is identification information uniquely determined from the combination of the user and the service provider. For example, the service registration unit 204 calculates a hash value using the user ID, password, and service provider ID, and uses the calculated hash value as the service user ID. Specifically, the service registration unit 204 calculates a concatenated value of the user ID, password, and service provider ID, and calculates a hash value of the calculated concatenated value to generate the service user ID.

Note that the generation of the service user ID using the hash value is an example, and is not intended to limit the method of generating the service user ID. The service user ID may be any information that can uniquely identify the combination of system user and service provider. For example, the service registration unit 204 may number a unique value each time it processes a service registration request and use it as the service user ID.

After generating the service user ID, the service registration unit 204 delivers the service provider ID and service user ID to the database management unit 203 together with the user ID and password. The database management unit 203 registers two IDs (service provider ID and service user ID) in the authentication information database. For example, when the user U1 makes a service registration for the service provider S1, the above two IDs are added to the entry shown at the bottom of FIG.

Since service registration is performed for each service provider, a plurality of service provider and service user IDs may be set for one user. For example, when user U1 performs service registration for each of service providers S1 and S2, entries on the second and third lines in FIG. 11 are generated. It should be noted that when the user U2 performs service registration for the service provider S1, the entry at the bottom of FIG. 11 is generated.

The authentication information database shown in FIG. 11 and the like is an example, and is not intended to limit the information stored in the authentication information database. For example, a face image may be registered in the authentication information database instead of the feature amount for authentication. That is, the feature amount may be generated from the face image registered in the authentication information database each time authentication is performed.

When the service provider ID and service user ID are registered in the authentication information database, the service registration unit 204 notifies the management server 20 that the service registration request has been successfully processed. The service registration unit 204 transmits an "acknowledgement" as a response to the service registration request. At that time, the service registration unit 204 transmits a response including the service user ID to the management server 20 .

The authentication unit 205 is means for performing authentication processing for system users. The authentication unit 205 processes an authentication request received from the management server 20 of the service provider.

The authentication unit 205 extracts the feature quantity and service provider ID included in the authentication request. The authentication unit 205 searches the authentication information database using the extracted feature quantity and service provider ID as keys to identify the corresponding service user ID.

The authentication unit 205 sets the feature amount extracted from the authentication request to the matching side feature amount and sets the feature amount stored in the database to the registration side feature amount, and executes 1:N matching. Specifically, the authentication unit 205 calculates the degree of similarity between the feature amounts of the verification side and each of the plurality of registration sides. Chi-square distance, Euclidean distance, or the like can be used for the degree of similarity. Note that the greater the distance, the lower the similarity, and the closer the distance, the higher the similarity.

The authenticating unit 205 determines whether or not there is a feature amount having the highest similarity with the feature amount to be matched that has a similarity equal to or greater than a predetermined value among the plurality of feature amounts registered in the database. judge. If such a feature quantity exists, the authentication unit 205 selects the service provider included in the authentication request among at least one or more service provider IDs associated with the user specified by the one-to-N matching. Determine whether an entry matching the ID exists.

If such an entry exists (if the above two determinations are successful), the authentication unit 205 determines that the user has been successfully authenticated. In this case, the authentication unit 205 sends an “affirmative response” to the management server 20, which is the source of the authentication request. At that time, the authentication unit 205 generates a response (response to the authentication request) including the service user ID of the specified entry, and transmits it to the management server 20 .

If at least one of the above two determinations fails, the authentication unit 205 determines that user authentication has failed. In this case, the authentication unit 205 sends a “negative response” to the management server 20, which is the source of the authentication request.

For example, in the example of FIG. 11, when the authentication request includes the feature value of "FV1" and the service provider ID of "S1", the entries (users) in the second and third lines are specified by the feature value FV1. , and the entry on the second line is specified by the service provider ID "S1". As a result, the authentication request is successfully processed, and an acknowledgment including the service user ID of "U1S1" is sent to the management server 20. FIG.

On the other hand, when the authentication request includes the feature amount of "FV2" and the service provider ID of "S2", the lowest entry is specified by the feature amount, but the service provider ID of the entry is "S2". The authentication request is not processed normally because it is "S1" instead of "S1". As a result, a negative response is sent to the management server 20 .

The storage unit 206 stores information necessary for the operation of the authentication server 10 . An authentication information database is constructed in the storage unit 206 .

[Management Server]
FIG. 12 is a diagram showing an example of a processing configuration (processing modules) of the management server 20 according to the first embodiment. Referring to FIG. 12, the management server 20 includes a communication control unit 301, a personal information acquisition unit 302, a service registration request unit 303, a database management unit 304, an authentication request unit 305, and a storage unit 306. .

The communication control unit 301 is means for controlling communication with other devices. Specifically, the communication control unit 301 receives data (packets) from the authentication server 10 and the authentication terminal 30 . Also, the communication control unit 301 transmits data to the authentication server 10 and the authentication terminal 30 . The communication control unit 301 passes data received from other devices to other processing modules. The communication control unit 301 transmits data acquired from other processing modules to other devices. In this way, other processing modules transmit and receive data to and from other devices via the communication control unit 301 .

The personal information acquisition unit 302 is means for acquiring personal information that is necessary when a service provider provides a service. For example, if the service provider is a "retail store", the personal information acquisition unit 302 collects information on payment (for example, credit card information, bank account information) in addition to the name of the user. get. Alternatively, if the service provider is a "hotel operator," the personal information acquisition unit 302 acquires reservation information (for example, accommodation date, etc.) regarding accommodation in addition to the name and the like.

The personal information acquisition unit 302 acquires the user ID and password determined when the user registers the system, in addition to the personal information such as the name.

Personal information acquisition unit 302 acquires personal information, a user ID, and a password using arbitrary means. For example, the personal information acquisition unit 302 displays a GUI or a form for inputting the information on the terminal 40 (see FIG. 13). Alternatively, information such as that shown in FIG. 13 may be displayed on a WEB page managed and operated by the service provider. Alternatively, the terminal 40 may download an application provided by a service provider, and display as shown in FIG. 13 may be performed by the application. In particular, the WEB page may be a WEB page for managing member information of the service provider. That is, the members of each service provider may register for services on a WEB page that manages their own member information.

The personal information acquisition unit 302 passes the personal information, user ID, and password acquired using a GUI or the like to the service registration request unit 303 .

The service registration requesting unit 303 is means for requesting (requesting) the authentication server 10 to register the service usage of the user.

The service registration requesting unit 303 selects the user ID and password from the above three pieces of information (personal information, user ID, password) acquired from the personal information acquiring unit 302 . The service registration requesting unit 303 transmits a service registration request including the selected user ID, password, and service provider ID to the authentication server 10 .

The service registration requesting unit 303 obtains a response to the service registration request from the authentication server 10 . If the acquired response is a "negative response", the service registration requesting unit 303 notifies the user to that effect. For example, the service registration requesting unit 303 notifies the user that service registration has already been performed.

If the acquired response is a "positive response", the service registration requesting unit 303 notifies the user that the service registration was successful. Further, the service registration requesting section 303 passes the service user ID included in the response and the personal information acquired from the personal information acquiring section 302 to the database managing section 304 .

A database management unit 304 is means for managing a user information database. The user information database is a database that manages information on users (system users) to whom services are provided. The user information database stores the personal information (for example, name) of the user and the service user ID acquired from the authentication server 10 in association with each other.

When the database management unit 304 acquires the above information (personal information, service user ID) from the service registration requesting unit 303, it adds a new entry to the user information database. For example, when the management server 20 of the service provider S1 acquires the above information regarding the user U1, the entry shown at the bottom of FIG. 14 is added.

The authentication requesting unit 305 is means for requesting the authentication server 10 to authenticate the user.

Upon obtaining biometric information (face image) from the authentication terminal 30, the authentication requesting unit 305 generates a feature amount from the face image. The authentication request unit 305 transmits an authentication request including the generated feature amount and service provider ID to the authentication server 10 .

When the response from the authentication server 10 is a “negative response” (in the case of authentication failure), the authentication requesting unit 305 notifies the authentication terminal 30 to that effect.

When the response from the authentication server 10 is a “positive response” (in the case of successful authentication), the authentication requesting unit 305 extracts the service user ID included in the response from the authentication server 10 . The authentication requesting unit 305 searches the user information database using the service user ID as a key to specify the corresponding entry.

The authentication requesting unit 305 reads out the personal information set in the personal information field of the specified entry and transmits it to the authentication terminal 30 . For example, in the example of FIG. 14 , if the service user ID is “U1S1”, the personal information at the bottom is sent to the authentication terminal 30 .

The storage unit 306 stores information necessary for the operation of the management server 20 . A user information database is constructed in the storage unit 306 .

[Authentication terminal]
The authentication terminal 30 acquires the user's personal information from the management server 20 by transmitting the biometric information acquired from the user to the management server 20 . The authentication terminal 30 uses the acquired personal information to provide services to the user.

FIG. 15 is a diagram showing an example of a processing configuration (processing modules) of the authentication terminal 30 according to the first embodiment. Referring to FIG. 15 , authentication terminal 30 includes communication control section 401 , biometric information acquisition section 402 , service provision section 403 , message output section 404 , and storage section 405 .

The communication control unit 401 is means for controlling communication with other devices. Specifically, the communication control unit 401 receives data (packets) from the management server 20 . Also, the communication control unit 401 transmits data to the management server 20 . The communication control unit 401 transfers data received from other devices to other processing modules. The communication control unit 401 transmits data acquired from other processing modules to other devices. In this manner, other processing modules transmit and receive data to and from other devices via the communication control unit 401 .

The biometric information acquisition unit 402 is means for controlling the camera and acquiring biometric information (face image) of the user. The biological information acquisition unit 402 captures an image of the front of the device periodically or at a predetermined timing. The biometric information acquisition unit 402 determines whether or not the acquired image contains a face image of a person, and if the face image is contained, extracts the face image from the acquired image data.

Note that existing technology can be used for face image detection processing and face image extraction processing by the biometric information acquisition unit 402, so detailed description thereof will be omitted. For example, the biometric information acquisition unit 402 may extract a face image (face region) from image data using a learning model learned by a CNN (Convolutional Neural Network). Alternatively, the biometric information acquisition unit 402 may extract a face image using a method such as template matching.

The biometric information acquisition unit 402 delivers the extracted facial image to the service providing unit 403 .

The service providing unit 403 is means for providing predetermined services to users. The service providing unit 403 transmits the face image acquired from the biometric information acquisition unit 402 to the management server 20 . The management server 20 returns personal information (for example, name, etc.) corresponding to the face image. The service providing unit 403 uses the returned personal information to provide a service to the user.

The message output unit 404 is means for outputting various messages to the user. For example, the message output unit 404 outputs a message regarding the authentication result of the user and a message regarding service provision. The message output unit 404 may display a message using a display device such as a liquid crystal monitor, or may reproduce a voice message using an audio device such as a speaker.

The storage unit 405 stores information necessary for the operation of the authentication terminal 30 .

[System operation]
Next, operation of the authentication system according to the first embodiment will be described. The operation will be explained for the service registration phase and the service provision phase, and the explanation for the user registration phase will be omitted.

FIG. 16 is a sequence diagram showing an example of operations related to the service registration phase of the authentication system according to the first embodiment.

The management server 20 acquires personal information (information necessary for providing services), a user ID, and a password from the user (step S01).

The management server 20 transmits a service registration request including the acquired user ID, password, and service provider ID to the authentication server 10 (step S02).

The authentication server 10 generates a service user ID using the acquired user ID, password and service provider ID (step S03).

The authentication server 10 stores the service provider ID and the service user ID in the authentication information database (step S04).

The authentication server 10 transmits a response (response to the service registration request) including the service user ID to the management server 20 (step S05).

The management server 20 associates the personal information acquired in step S01 with the service user ID acquired from the authentication server 10, and stores them in the user information database (step S06).

FIG. 17 is a sequence diagram showing an example of operations related to the service provision phase of the authentication system according to the first embodiment. Since the service registration phase has already ended during the service provision phase, the authentication server 10 stores the first feature amount generated from the user's face image as the first biometric information.

The authentication terminal 30 acquires a user's face image (biometric information) and transmits the acquired face image to the management server 20 (step S11).

The management server 20 generates a feature amount (second feature amount) from the acquired face image (step S12). The management server 20 handles the generated feature amount as second biometric information.

The management server 20 transmits an authentication request including the generated feature quantity and service provider ID to the authentication server 10 (step S13).

The authentication server 10 executes authentication processing using the feature quantity and the service provider ID included in the authentication request, and identifies the corresponding service user ID (step S14).

The authentication server 10 transmits a response (response to the authentication request) including the specified service user ID to the management server 20 (step S15).

The management server 20 searches the user information database using the acquired service user ID and identifies the corresponding personal information (step S16).

The management server 20 transmits the identified personal information to the authentication terminal 30 (step S17).

The authentication terminal 30 provides services using the acquired personal information (step S18).

As described above, in the authentication system according to the first embodiment, the user's biometric information is stored in the authentication server 10, and the service provider does not have the biometric information. User's personal information is stored in the management server 20 managed and operated by the service provider, and the authentication server 10 does not have the personal information. The authentication system according to the first embodiment distributes information in this manner, thereby providing a robust authentication infrastructure against information leakage. In other words, biometric information (especially, feature amounts) that are not linked to personal information is simply a list of numerical values and is information of low value to criminals and the like. Therefore, even if information leakage should occur from the authentication server 10, its influence is limited. With such a configuration, the participants of the authentication system (users who receive service and service providers who provide services) can use the authentication system with peace of mind.

[Second embodiment]
Next, a second embodiment will be described in detail with reference to the drawings.

In the first embodiment, the biometric information used for user authentication is placed in the authentication center, and the personal information necessary for the user to enjoy the service is placed in the service provider. With such a configuration, an authentication system that is strong against information leakage (robust against information leakage) is constructed.

However, in the configuration according to the first embodiment, personal information may be leaked from the service provider. In the second embodiment, an authentication system that is resistant to information leakage from service providers will be described.

Since the configuration of the authentication system according to the second embodiment can be the same as that of the first embodiment, the description corresponding to FIG. 2 is omitted. Further, the processing configurations of the authentication server 10, the management server 20, and the authentication terminal 30 according to the second embodiment can be the same as those of the first embodiment, so the description thereof will be omitted.

The following description focuses on the differences between the first and second embodiments.

The authentication systems according to the first and second embodiments differ in operation between the service registration phase and the service provision phase.

A schematic operation of the service registration phase according to the second embodiment will be described with reference to FIG. Upon receiving the service registration request from the management server 20, the authentication server 10 generates an encryption key. The generated encryption key is associated with the user ID, password, service provider ID, and service user ID, and stored in the authentication information database. The authentication server 10 transmits the generated encryption key to the management server 20 together with the service user ID. The management server 20 uses the obtained encryption key to generate a ciphertext Enc of the personal information obtained from the user, and stores the encrypted personal information in association with the service user ID. The management server 20 deletes the plaintext personal information.

A schematic operation of the service providing phase according to the second embodiment will be described with reference to FIG. 19 . Upon receiving an authentication request from the management server 20, the authentication server 10 searches the authentication information database to identify the corresponding service user ID and encryption key. The authentication server 10 transmits a response (response to the authentication request) including the identified service user ID and encryption key to the management server 20 . The management server 20 searches the user information database using the acquired service user ID as a key, and identifies the corresponding personal information (encrypted personal information). The management server 20 decrypts the encrypted personal information using the encryption key obtained from the authentication server 10 . The management server 20 transmits plaintext personal information to the authentication terminal 30 . The authentication terminal 30 provides services using the personal information.

Next, detailed operations of the authentication server 10 and the management server 20 according to the second embodiment will be described.

The service registration unit 204 of the authentication server 10 generates an encryption key upon receiving a service registration request (a request including a user ID, password, and service provider ID) from the management server 20 . The encryption key is a key for encrypting the personal information input by the user to the service provider, and is also a key for decrypting the encrypted personal information. The service registration unit 204 generates the encryption key for each combination of user and service provider.

For example, the service registration unit 204 generates a common key that allows encryption and decryption to be performed with the same key. For example, the service registration unit 204 calculates a hash value of a concatenated value of the user ID, password, and service provider ID. The service registration unit 204 uses the calculated hash value as a "seed" to generate a common key.

The user ID and password have different values for each user, and the service provider ID has different values for each service provider. Therefore, the hash value (key generation seed) calculated from the concatenated value of these values is a different value for each combination of user and service provider. The encryption key calculated from the "seed" generated for each combination of user and service provider also has a different value depending on the combination.

The service registration unit 204 delivers the generated encryption key and the like to the database management unit 203 .

The database management unit 203 updates the authentication information database using the acquired encryption key. The authentication information database according to the second embodiment has, for example, encryption key fields as shown in FIG.

Referring to FIG. 20, an encryption key K (U1S1) is generated for a combination of user U1 and service provider S1, and an encryption key K (U1S2) is generated for a combination of user U1 and service provider S2. is generated.

The service registration unit 204 transmits a response containing the service user ID and the encryption key generated in response to the service registration request to the sender of the service registration request.

The service registration requesting unit 303 of the management server 20 receives the response to the service registration request. The service registration requesting unit 303 extracts the encryption key from the response and encrypts the user's personal information (eg, name, etc.). The service registration requesting section 303 delivers the encrypted personal information and service user ID to the database management section 304 . After that, the service registration requesting unit 303 deletes the original personal information (plaintext personal information) and the encryption key.

The database management unit 304 adds an entry containing the encrypted personal information and service user ID to the user information database. The user information database associates and stores the encrypted personal information and the service user ID (third ID).

When the authentication unit 205 of the authentication server 10 receives an authentication request (including the user's characteristic amount and the service provider ID) from the management server 20, the authentication unit 205 uses this information to perform the authentication process. If the authentication succeeds, the service user ID and encryption key corresponding to the combination of the user and service provider are identified.

The authentication unit 205 transmits a response (response to the authentication request) including the specified service user ID and encryption key to the management server 20 .

The authentication requesting unit 305 of the management server 20 searches the user information database using the acquired service user ID as a key, and acquires the corresponding personal information (encrypted personal information).

The authentication requesting unit 305 decrypts the encrypted personal information using the encryption key (common key) obtained from the authentication server 10 . The authentication requesting unit 305 transmits plaintext personal information to the authentication terminal 30 . When the authentication request unit 305 successfully decrypts the personal information, it deletes (discards) the encryption key obtained from the authentication server 10 .

It is desirable that the authentication terminal 30 deletes the plaintext personal information when the service provision to the user ends.

As described above, according to the second embodiment, the authentication server 10 generates an encryption key in response to a service registration request, and sends the generated encryption key and service user ID (third ID) to the management server 20. Send. The management server 20 encrypts the user's personal information using the obtained encryption key, and stores the encrypted personal information and the service user ID in association with each other. The authentication server 10 also receives an authentication request including the user's biometric information and the service provider ID (second ID) from the service provider. The authentication server 10 identifies the service user ID (third ID) and encryption key using the two pieces of biometric information and the service provider ID. The authentication server 10 transmits the identified service user ID and encryption key to the service provider. When providing a service to a user, the management server 20 identifies encrypted personal information using a service user ID acquired by transmitting an authentication request to the authentication server 10 . Furthermore, the management server 20 decrypts the encrypted personal information using the encryption key obtained from the authentication server 10 . Services are provided based on the decrypted personal information.

As described above, in the second embodiment, the personal information held by the service provider is encrypted. Even if the encrypted personal information leaks, no big problem will occur. This is because if encrypted personal information is decrypted and its contents become known to a third party, security and privacy problems will arise. An encryption key for decrypting the encrypted personal information is stored in the authentication server 10, and the encryption key is delivered from the authentication server 10 to the service provider each time the service is provided to the user. Due to such a configuration of the authentication system according to the second embodiment, it is difficult to imagine that information leaks from the management server 20 and the authentication server 10 occur at the same time (simultaneously). Therefore, even if the encrypted personal information is leaked, if the encryption key is protected by the authentication center, the information leakage will not pose a serious problem. Furthermore, since the management server 20 deletes the encryption key after decrypting the personal information, the service provider itself cannot access the personal information. Therefore, illegal acquisition of personal information by an employee of the service provider is prevented.

[Third Embodiment]
Next, a third embodiment will be described in detail with reference to the drawings.

In the second embodiment, the service provider encrypts the personal information, and the authentication server 10 holds the encryption key for decrypting the ciphertext. In the second embodiment, it has been explained that an authentication system that is strong against leakage of personal information can be provided by separately holding a ciphertext and an encryption key. However, due to improvements in information processing technology, etc., there is a possibility that the ciphertext of information leaked from the management server 20 may be broken. In other words, it is undesirable for the service provider to leak even encrypted personal information.

In the third embodiment, it will be described that the authentication server 10 holds encrypted personal information and the management server 20 holds encryption keys, thereby providing an authentication system that is strong against leakage of personal information. .

Since the configuration of the authentication system according to the third embodiment can be the same as that of the first embodiment, the description corresponding to FIG. 2 is omitted. Further, since the processing configurations of the authentication server 10, the management server 20, and the authentication terminal 30 according to the third embodiment can be the same as those of the first embodiment, description thereof will be omitted.

The following description focuses on the differences between the first to third embodiments.

In the authentication systems according to the first to third embodiments, operations in the service registration phase and the service provision phase are different.

A schematic operation of the service registration phase according to the third embodiment will be described with reference to FIG. The authentication server 10 generates an encryption key for encrypting the user's personal information. The generated encryption key is sent to the management server 20 together with the service user ID. The management server 20 generates a ciphertext of personal information using the acquired encryption key, and sends a personal information registration request including the generated ciphertext (ciphertext Enc shown in FIG. 21) and the service user ID to the authentication server 10 . Send to The authentication server 10 searches the authentication information database using the service user ID as a key to identify the corresponding entry. The authentication server 10 stores the encrypted personal information in the specified entry. Note that the management server 20 deletes the plaintext personal information after transmitting the personal information registration request. Also, the management server 20 associates the encryption key and the service user ID obtained from the authentication server 10 and stores them in the user database.

A schematic operation of the service provision phase according to the third embodiment will be described with reference to FIG. 22 . Upon receiving the authentication request, the authentication server 10 identifies the corresponding service user ID and encrypted personal information using the authentication information database. The authentication server 10 transmits a response (response to the authentication request) including the identified service user ID and personal information to the management server 20 . The management server 20 searches the user information database using the acquired service user ID as a key, and identifies the corresponding encryption key. The management server 20 decrypts the personal information acquired from the authentication server 10 using the identified encryption key. The management server 20 transmits plaintext personal information to the authentication terminal 30 . The authentication terminal 30 provides services using the personal information.

Next, detailed operations of the authentication server 10 and the management server 20 according to the third embodiment will be described.

When the service registration unit 204 of the authentication server 10 receives a service registration request (request including a user ID, password, and service provider ID) from the management server 20, the encryption key (common key) described in the second embodiment is Generate.

The service registration unit 204 transmits a response containing the service user ID and the encryption key generated in response to the service registration request to the sender of the service registration request.

The service registration requesting unit 303 of the management server 20 receives the response to the service registration request. The service registration requesting unit 303 extracts the encryption key from the response and encrypts the user's personal information (eg, name, etc.). After encrypting the personal information, the service registration requesting unit 303 deletes the plaintext personal information.

The service registration requesting unit 303 generates a “personal information registration request” including the encrypted personal information and service user ID, and transmits it to the authentication server 10 .

The service registration requesting unit 303 also hands over the service user ID and the encryption key acquired from the authentication server 10 to the database management unit 304 . The database management unit 304 adds a new entry containing the service user ID and encryption key to the user information database (see FIG. 23). As shown in FIG. 23, the user information database stores service user IDs and encryption keys in association with each other.

The service registration unit 204 of the authentication server 10 receives the personal information registration request. The service registration unit 204 hands over the personal information registration request to the database management unit 203 .

The database management unit 203 extracts the service user ID from the personal information registration request, and searches the authentication information database using the ID as a key. Database management unit 203 stores the encrypted personal information in the specified entry. resulting in. For example, an authentication information database having personal information fields as shown in FIG. 24 is obtained. The authentication information database stores the user's biometric information, user ID, etc. in association with encrypted personal information.

Referring to FIG. 24, a ciphertext Enc (U11) of the personal information input by the user U1 to the service provider S1 and a ciphertext Enc (U12) of the personal information input to the user U1 and the service provider S2 are stored in the database. be registered.

When the authentication unit 205 of the authentication server 10 receives an authentication request (including the user's characteristic amount and the service provider ID) from the management server 20, the authentication unit 205 uses this information to perform the authentication process. If the authentication succeeds, the service user ID corresponding to the combination of the user and the service provider and the encrypted personal information are specified.

The authentication unit 205 transmits a response (response to the authentication request) including the identified service user ID and encrypted personal information to the management server 20 .

The authentication requesting unit 305 of the management server 20 searches the user information database using the acquired service user ID as a key, and identifies the corresponding encryption key.

The authentication requesting unit 305 decrypts the encrypted personal information acquired from the authentication server 10 using the encryption key. The authentication requesting unit 305 transmits plaintext personal information to the authentication terminal 30 . After successfully decrypting the personal information, the authentication requesting unit 305 deletes (discards) the encrypted personal information acquired from the authentication server 10 .

As described above, in the authentication system according to the third embodiment, the encrypted personal information is stored in the authentication server 10 and the encryption key for decrypting the personal information is stored in the management server 20 . Normally, the authentication server 10 installed in the authentication center has strong measures against unauthorized access by a third party. On the other hand, it is conceivable that the management server 20 installed in the service provider may not have sufficient countermeasures against the above-described unauthorized access. As described above, the authentication server 10 and the management server 20 have different security strengths, and personal information is stored in the authentication server 10 having a high security strength (information leakage is unlikely). Therefore, the risk of leakage of encrypted personal information is smaller than in the second embodiment in which the management server 20 holds encrypted personal information. Also, the management server 20 holds encryption keys and service user IDs, but such information does not provide any useful information to a third party, and information leakage occurs from the management server 20, which is inferior in security strength. no problem arises.

Next, the hardware of each device that constitutes the authentication system will be described. FIG. 25 is a diagram showing an example of the hardware configuration of the authentication server 10. As shown in FIG.

The authentication server 10 can be configured by an information processing device (so-called computer), and has a configuration illustrated in FIG. 25 . For example, the authentication server 10 includes a processor 311, a memory 312, an input/output interface 313, a communication interface 314, and the like. Components such as the processor 311 are connected by an internal bus or the like and configured to be able to communicate with each other.

However, the configuration shown in FIG. 25 is not meant to limit the hardware configuration of the authentication server 10 . The authentication server 10 may include hardware (not shown), and may not include the input/output interface 313 as necessary. Also, the number of processors 311 and the like included in the authentication server 10 is not limited to the example shown in FIG.

The processor 311 is, for example, a programmable device such as a CPU (Central Processing Unit), MPU (Micro Processing Unit), DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array), an ASIC (Application Specific Integrated Circuit), or the like. The processor 311 executes various programs including an operating system (OS).

The memory 312 is RAM (Random Access Memory), ROM (Read Only Memory), HDD (Hard Disk Drive), SSD (Solid State Drive), or the like. The memory 312 stores an OS program, application programs, and various data.

The input/output interface 313 is an interface for a display device and an input device (not shown). The display device is, for example, a liquid crystal display. The input device is, for example, a device such as a keyboard or mouse that receives user operations.

The communication interface 314 is a circuit, module, etc. that communicates with other devices. For example, the communication interface 314 includes a NIC (Network Interface Card) or the like.

Functions of the authentication server 10 are realized by various processing modules. The processing module is implemented by the processor 311 executing a program stored in the memory 312, for example. Also, the program can be recorded in a computer-readable storage medium. The storage medium can be non-transitory such as semiconductor memory, hard disk, magnetic recording medium, optical recording medium, and the like. That is, the present invention can also be embodied as a computer program product. Also, the program can be downloaded via a network or updated using a storage medium storing the program. Furthermore, the processing module may be realized by a semiconductor chip.

Note that the management server 20, the authentication terminal 30, and the like can also be configured by an information processing device like the authentication server 10, and the basic hardware configuration thereof is the same as that of the authentication server 10, so description thereof will be omitted. For example, the authentication terminal 30 may have a camera for capturing an image of the user.

The authentication server 10 is equipped with a computer, and the functions of the authentication server 10 can be realized by causing the computer to execute a program. Further, the authentication server 10 executes the control method of the authentication server by the program.

[Modification]
The configuration, operation, and the like of the authentication system described in the above embodiment are examples, and are not intended to limit the configuration and the like of the system.

In the above embodiment, the user determines the user ID and password, and uses the user ID and password to specify the user (system user) registered in the system. However, the authentication system may determine an ID (identifier) that uniquely identifies the system user. For example, in the user registration phase, the authentication server 10 acquires the user's biometric information (face image, feature amount). The authentication server 10 may generate the ID based on the biometric information. For example, the authentication server 10 may calculate a hash value from the feature amount of the face image and use the calculated hash value instead of the user ID and password. Since the feature amount of the face image differs for each user, and the hash value generated from the feature amount also differs for each user, it can be used as the ID of the system user.

Although the user registration phase and the service registration phase are executed at different timings in the above embodiment, these phases may be executed substantially at the same timing. For example, the above two registration phases may be executed using the authentication terminal 30 installed at the service provider that the user desires to provide the service. Specifically, the user performs user registration (biometric information, user ID, and password input) using the authentication terminal 30, and then continuously performs service registration (personal information, user ID, and password input). ) may be performed. In this case, the authentication terminal 30 may have the user registration function of the authentication server 10 (user registration unit 202) and the personal information acquisition function of the management server 20 (personal information acquisition unit 302).

A plurality of authentication terminals 30 owned by a service provider may not be installed on the same site, building, or the like. As long as the service provider is common, each authentication terminal 30 may be installed in a place spatially apart.

Although one service provider ID is assigned to one service provider in the above embodiment, one service provider ID may be assigned to a plurality of service providers. A plurality of service providers may be grouped together and a service provider ID may be issued for each group. For example, when service providers S1 and S2 work together to provide the same service, a common service provider ID may be issued to these service providers S1 and S2.

In the above embodiment, a case has been described in which the management server 20 transmits the biometric information related to the “feature amount generated from the face image” to the authentication server 10 . However, biometric information related to the “face image” may be transmitted from the management server 20 to the authentication server 10 . In this case, the authentication server 10 may generate a feature amount from the acquired face image and perform authentication processing (verification processing).

In the above embodiment, a case has been described where the authentication terminal 30 acquires a face image and the management server 20 generates a feature amount from the face image. However, the authentication terminal 30 may generate a feature amount from the face image and transmit the generated feature amount to the management server 20 . That is, the management server 20 does not have to generate the feature amount.

In the above embodiment, a case has been described in which the user inputs the user ID and password to the service provider when registering personal information in the service registration phase (see FIG. 13). However, instead of the user ID and password, the user's biometric information (face image) may be input to the service provider. In this case, the management server 20 transmits to the authentication server 10 a service registration request including the feature quantity generated from the face image and the service provider ID. The authentication server 10 executes matching processing using the feature amount included in the request and the feature amount registered in the authentication information database, and identifies the corresponding user. The authentication server 10 issues a service user ID when the identification (authentication) of the user is successful. With such support, even if the user forgets the user ID or password, the user can easily register for the service. Alternatively, the service provider may acquire the user's biometric information (face image) in addition to the user ID and password. In this case, the authentication server 10 may issue a service user ID when the user ID, password, and biometric information match (two-factor authentication using the biometric information and password may be performed).

The service provider may cache (temporarily hold) the information acquired from the authentication server 10 and the information acquired from the authentication terminal 30 . For example, the management server 20 caches the biometric information acquired from the authentication terminal 30 and the authentication result (service user ID) based on the biometric information for a predetermined period. When the biometric information is acquired from the authentication terminal 30, the management server 20 confirms the first cached data, and does not transmit the authentication request to the authentication server 10 if there is cache data that hits the acquired biometric information. . The management server 20 identifies personal information using the service user ID included in the cache data. Alternatively, the management server 20 may cache a combination of biometric information and personal information. Alternatively, the conditions for deleting cached data may be changed according to the type of service. For example, when an accommodation service is provided by a hotel operator, the management server 20 may delete the cache data at the timing when the guest's stay period ends.

Although the authentication server 10 generates the encryption key in the above embodiment, the management server 20 may generate the encryption key. In this case, in the second embodiment, the management server 20 generates an encryption key and encrypts personal information. The management server 20 associates and stores the encrypted personal information and the service user ID. After that, the management server 20 transmits the encryption key to the authentication server 10 . The authentication server 10 stores the acquired encryption key in association with the user ID and the like. In the third embodiment, the management server 20 transmits encrypted personal information to the authentication server 10 . The management server 20 associates and stores the generated encryption key and the service user ID. The authentication server 10 associates and stores the acquired personal information (encrypted text of the personal information) with the user ID and the like. The management server 20 deletes the original personal information and encryption key at the timing described in the second and third embodiments. With the management server 20 generating the encryption key, the number of communications between the authentication server 10 and the management server 20 can be reduced in the case of the third embodiment.

In the above embodiment, a case where a common key is used as an encryption key for encrypting personal information has been described. However, a "secret key" or a "public key" may be used as the encryption key for encrypting personal information. In this case, the authentication server 10 stores the private key in association with the user ID and the like. Also, the authentication server 10 distributes the public key to the management server 20 . The management server 20 encrypts personal information using a public key. Upon receiving the authentication request, the authentication server 10 transmits the service user ID and secret key to the management server 20 . The management server 20 decrypts the personal information using the acquired private key.

The form of data transmission/reception between each device (authentication server 10, management server 20, authentication terminal 30) is not particularly limited, but the data transmitted/received between these devices may be encrypted. Biometric information is transmitted and received between these devices, and encrypted data is desirably transmitted and received in order to properly protect the biometric information.

In the flowcharts (flowcharts, sequence diagrams) used in the above description, a plurality of steps (processes) are described in order, but the execution order of the steps executed in the embodiment is not limited to the described order. In the embodiment, the order of the illustrated steps can be changed within a range that does not interfere with the content, such as executing each process in parallel.

The above embodiments have been described in detail to facilitate understanding of the present disclosure, and are not intended to require all the configurations described above. Also, when a plurality of embodiments are described, each embodiment may be used alone or in combination. For example, it is possible to replace part of the configuration of the embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of the embodiment. Furthermore, additions, deletions, and replacements of other configurations are possible for some of the configurations of the embodiments.

Although the industrial applicability of the present invention is clear from the above description, the present invention can be suitably applied to an authentication system for authenticating customers such as retail stores and hotel companies.

Some or all of the above embodiments may also be described in the following additional remarks, but are not limited to the following.
[Appendix 1]
a user registration unit that acquires a first ID that uniquely defines a user in the system and first biometric information used for authentication of the user;
a service registration unit that processes a service registration request including the first ID and a second ID that identifies the service provider, which is transmitted from the service provider of the service that the user desires to use;
a storage unit;
with
The service registration unit generates a third ID uniquely determined by a combination of the user and the service provider, and transmits the third ID to the service provider;
The authentication server, wherein the storage unit associates and stores the first biometric information, the first ID, the second ID, and the third ID.
[Appendix 2]
receiving an authentication request including the second biometric information of the user and the second ID from the service provider, and performing the third authentication using the first and second biometric information and the second ID; The authentication server according to appendix 1, further comprising an authentication unit that identifies an ID and transmits the identified third ID to the service provider.
[Appendix 3]
The user registration unit acquires the password of the user,
3. The authentication server according to appendix 1 or 2, wherein the storage unit associates and stores the first biometric information, the first ID, the password, the second ID, and the third ID.
[Appendix 4]
Authentication according to appendix 3, wherein the service registration unit calculates a hash value using the first ID, the password, and the second ID, and uses the calculated hash value as the third ID. server.
[Appendix 5]
5. The authentication server according to any one of appendices 1 to 4, wherein the first biometric information is a feature amount generated from the face image of the user.
[Appendix 6]
a user registration unit that acquires a first ID that uniquely defines a user in the system and first biometric information used for authentication of the user;
a service registration unit that processes a service registration request including the first ID and a second ID that identifies the service provider, which is transmitted from the service provider of the service that the user desires to use;
a first storage unit;
with
The service registration unit generates a third ID uniquely determined by a combination of the user and the service provider, and transmits the third ID to the service provider;
an authentication server, wherein the first storage unit stores the first biometric information, the first ID, the second ID, and the third ID in association with each other;
a personal information acquisition unit that acquires the first ID and personal information of the user from the user;
a service registration request unit that acquires the third ID by transmitting the service registration request to the authentication server;
a management server comprising a second storage unit that associates and stores the personal information of the user and the third ID;
authentication system, including
[Appendix 7]
The authentication server receives an authentication request including second biometric information and the second ID of the user from the service provider, and uses the first and second biometric information and the second ID. further comprising an authentication unit that identifies the third ID and transmits the identified third ID to the service provider;
The authentication request unit, wherein the management server specifies the personal information of the user by using the third ID obtained by transmitting the authentication request to the authentication server when providing the service to the user. 7. The authentication system of clause 6, further comprising:
[Appendix 8]
authentication of acquiring personal information of the user from the management server by transmitting biometric information acquired from the user to the management server, and providing a service to the user using the acquired personal information; 8. The authentication system of clause 7, further comprising a terminal.
[Appendix 9]
The authentication server stores a first feature amount generated from the face image of the user as the first biometric information,
The authentication terminal transmits the face image of the user to the management server,
The authentication system according to appendix 8, wherein the management server uses a second feature amount generated from the face image as the second biometric information.
[Appendix 10]
10. The authentication system according to any one of Appendices 6 to 9, wherein the personal information does not include biometric information of the user.
[Appendix 11]
At the authentication server,
Acquiring a first ID that uniquely defines a user in the system and first biometric information used for authentication of the user;
receiving a service registration request including the first ID and a second ID that identifies the service provider, transmitted from the service provider of the service that the user desires to use;
generating a third ID that is uniquely determined by the combination of the user and the service provider;
transmitting the third ID to the service provider;
A method of controlling an authentication server, wherein the first biometric information, the first ID, the second ID, and the third ID are stored in association with each other.
[Appendix 12]
on the computer installed on the authentication server,
A process of acquiring a first ID that uniquely defines a user in the system and a first biometric information used for authentication of the user;
a process of receiving a service registration request including the first ID and a second ID that identifies the service provider, transmitted from the service provider of the service that the user desires to use;
a process of generating a third ID that is uniquely determined by the combination of the user and the service provider;
a process of transmitting the third ID to the service provider;
a process of correlating and storing the first biometric information, the first ID, the second ID and the third ID;
A computer-readable storage medium that stores a program for executing

It should be noted that the respective disclosures of the cited prior art documents are incorporated herein by reference. Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments. Those skilled in the art will appreciate that these embodiments are illustrative only and that various modifications can be made without departing from the scope and spirit of the invention. That is, the present invention naturally includes various variations and modifications that can be made by those skilled in the art according to the entire disclosure including claims and technical ideas.

10, 100 authentication server 20 management server 30 authentication terminal 40 terminals 101, 202 user registration units 102, 204 service registration units 103, 206, 306, 405 storage units 201, 301, 401 communication control units 203, 304 database (DB; Data Base) management unit 205 authentication unit 302 personal information acquisition unit 303 service registration request unit 305 authentication request unit 311 processor 312 memory 313 input/output interface 314 communication interface 402 biometric information acquisition unit 403 service provision unit 404 message output unit

Claims (11)

a receiving unit for receiving a service registration request containing face information of a user and identification information relating to a service that the user desires to use;
a storage unit that associates and stores the face information, identification information related to the service, and user identification information that differs for each service;
A server with A server according to claim 1 ;
a personal information acquisition unit that acquires personal information from the user;
a service registration request unit that acquires the user identification information by transmitting the service registration request to the server;
a management server comprising a storage unit that associates and stores the personal information of the user and the user identification information;
system, including a receiving unit for receiving an authentication request including photographed face information of a user photographed and identification information relating to a service;
an identification unit that identifies different user identification information for each of the services based on a comparison result of the photographed face information and pre-registered face information and identification information regarding the service;
a transmission unit that transmits the user identification information to a terminal that has captured the user ;
A server with a server according to claim 3 ;
a management server that identifies the user's personal information using the user identification information acquired by transmitting the authentication request to the server when providing the service to the user;
system, including a receiving unit for receiving an authentication request including photographed face information of a user photographed and identification information relating to a service;
an identification unit that identifies different user identification information for each of the services based on a comparison result of the photographed face information and pre-registered face information and identification information regarding the service;
a transmission unit that transmits the user identification information to a transmission source of the photographed face information and the identification information related to the service;
A server with on the server,
receiving a service registration request including the user's face information and identification information relating to the service that the user wishes to use;
A method of storing the face information, the identification information related to the service, and the user identification information different for each service in association with each other. on the server,
receiving an authentication request including photographed face information of the user and identification information related to the service;
Identifying different user identification information for each of the services based on the result of matching the photographed face information, the pre-registered face information, and the identification information regarding the service;
A method of transmitting the user identification information to a terminal that has photographed the user . on the server,
receiving an authentication request including photographed face information of the user and identification information related to the service;
Identifying different user identification information for each of the services based on the result of matching the photographed face information, the pre-registered face information, and the identification information regarding the service;
transmitting the user identification information to a sender of the photographed face information and identification information related to the service; computer installed on the server,
a process of receiving a service registration request including user's face information and identification information about a service that the user wishes to use;
a process of associating and storing the face information, identification information related to the service, and user identification information different for each service;
program to run the computer installed on the server,
a process of receiving an authentication request containing photographed face information of the user and identification information related to the service;
a process of identifying user identification information that differs for each of the services, based on the results of matching the photographed face information with the pre-registered face information and the identification information regarding the service;
a process of transmitting the user identification information to the terminal that captured the user ;
program to run the computer installed on the server,
a process of receiving an authentication request containing photographed face information of the user and identification information related to the service;
a process of identifying user identification information that differs for each of the services, based on the results of matching the photographed face information with the pre-registered face information and the identification information regarding the service;
a process of transmitting the user identification information to a transmission source of the photographed face information and identification information related to the service;
program to run the

Images