JP7468723B2 - Personal authentication system - Google Patents

Description

The present invention relates to an identity authentication system.

Conventionally, when using a service using a mobile terminal, a facial image of the service user is taken using the mobile terminal, so-called a selfie, and the facial image is compared with the facial image of the service user used for identity verification to authenticate the user.
As an example of such identity authentication, there has been disclosed an identity authentication system comprising: an authentication device with a photographing unit carried by a user; and an identity authentication server communicatively connected to the authentication device, wherein the authentication device comprises an image storage processing means for storing in a match image storage unit a match image, which is at least one of a facial photo image included in an identity verification image, which is an image of an identity verification document, acquired via the photographing unit when verifying the identity of the user, and a facial image, which is an image of the face of the holder of the identity verification document; a facial image matching means for acquiring a facial image of the service user via the photographing unit when using a service, and matching the image with the match image stored in the match image storage unit; and a matching result transmission means for transmitting the matching result by the facial image matching means to the identity authentication server, wherein the identity authentication server comprises an authorization means for authorizing the use of the service based on the matching result (for example, Patent Document 1).

JP 2020-087461 A

As for the services used by users, as described in Patent Document 1, taking the example of Internet banking transactions at a bank, there are various types of transactions such as balance inquiry transactions and deposit and withdrawal transactions, but the risks differ depending on the transaction type. For example, a balance inquiry transaction simply outputs the balance, while a transfer transaction involves the transfer of funds. In such various transactions, it is possible to perform identity authentication that always ensures the highest level of security, but doing so would make identity authentication cumbersome and reduce convenience.

Furthermore, identity authentication is performed not only for Internet banking transactions at banks, but also for transactions at bank branches and transactions using ATMs (Automatic Teller Machines).
Moreover, the present invention is not limited to bank transactions, but includes, for example, payment transactions at stores, etc. Furthermore, personal authentication is also performed when unlocking or checking a person for entry into a specific area including a room.

The present invention aims to provide an identity authentication system that ensures security to deal with transaction risks.

The present invention solves the above problems by the following means. Note that, for ease of understanding, the following description will be given with reference symbols corresponding to the embodiments of the present invention, but the present invention is not limited to these. Furthermore, the configurations described with reference symbols may be modified as appropriate, and at least a portion of the configurations may be replaced with other configurations.

A first invention is an identity authentication system (100) including a transaction device (1) used by a user and equipped with a photographing unit (34), and a server (4) communicably connected to the transaction device, the transaction device including a guidance output means (15) for outputting transaction guidance information corresponding to a transaction type, a face image acquisition means (17) for acquiring a face image of the user via the photographing unit in accordance with the transaction guidance information output by the guidance output means, and an authentication information transmission means (19) for transmitting authentication information including the face image acquired by the face image acquisition means to the server, and the server transmits authentication information including the face image of the user whose identity has been confirmed. the authentication information from the transaction device; a match image identification means (42) for identifying the match image stored in the match image storage means based on the facial image in the authentication information; a facial image matching means (42) for acquiring a match result by matching the match image identified by the match image identification means with the facial image; and a transaction permission means (43, 44) for permitting a transaction corresponding to the transaction type when the match result acquired by the facial image matching means satisfies a transaction level corresponding to the transaction type.
A second invention is an identity authentication system in which, in the identity authentication system (100) of the first invention, the authentication information sending means (19) sends the authentication information further including user identification information for identifying the user to the server, the match image storage unit (52) stores the match image in correspondence with the user identification information, and the match image identification means (42) identifies the match image stored in the match image storage unit based on the user identification information in the authentication information.
A third invention is an identity authentication system (100) according to the first or second invention, wherein the transaction guidance information output by the guidance output means (15) includes behavioral guidance for causing the user to take a specified behavior when the transaction type is a predetermined transaction type, and the transaction device (1) is provided with an image acquisition means (18) for acquiring an image of the user after the behavioral guidance is output by the guidance output means, and an image confirmation means (18) for confirming the image of the user acquired by the image acquisition means based on the behavioral guidance output by the guidance output means, and the authentication information transmission means (19) is an identity authentication system which transmits the authentication information to the server (4) when confirmation by the image confirmation means is successful.
A fourth invention is an identity authentication system according to the first or second invention, wherein the transaction guidance information output by the guidance output means (15) includes an action guidance for causing the user to take a specified action when the transaction type is a predetermined transaction type, the transaction device (1) is provided with an image acquisition means (18) for acquiring an image of the user after the action guidance is output by the guidance output means, the authentication information sending means sends the action guidance and the image of the user acquired by the image acquisition means in addition to the authentication information to the server (4), the authentication information receiving means receives the action guidance and the image of the user in addition to the authentication information from the transaction device, the server is provided with a means for confirming the image of the user received by the authentication information receiving means based on the action guidance, and the transaction permission means further permits a transaction corresponding to the transaction type when confirmation by the confirmation means is possible.
A fifth invention is an identity authentication system (100) according to any one of the first to fourth inventions, wherein the transaction guidance information output by the guidance output means (15) is such that the number of times the facial image is acquired by the facial image acquisition means (17) varies depending on the type of transaction, and when the facial image of the user is acquired multiple times, the transaction guidance information includes at least one instruction to rotate the user's face toward the photographing unit (34), and the authentication information transmission means (19) transmits to the server (4) the authentication information including at least the facial image acquired by the facial image acquisition means after the instruction to rotate the user's face toward the front.
A sixth invention is an identity authentication system (100) according to the fifth invention, wherein, when the facial image is acquired multiple times, the transaction guidance information further includes an instruction to orient the user's face in a direction other than the forward direction relative to the photographing unit (34).
The seventh invention is an identity authentication system (100) according to any one of the first to sixth inventions, wherein the transaction device (1) is provided with an instruction action detection means (16) for detecting an action in response to an instruction from the facial image of the user acquired via the photographing unit (34) when the transaction type is a predetermined transaction type, and the facial image acquisition means (17) acquires the facial image after the instruction action detection means detects the action in response to an instruction.
The eighth invention is an identity authentication system (100) in any of the first to seventh inventions, wherein the transaction device (1) is provided with a transaction type receiving means (10) which transmits the transaction type to the server (4) in response to receiving the transaction type, and the transaction permission means (43, 44) is an identity authentication system which permits a transaction corresponding to the transaction type when the matching result obtained by the facial image matching means (42) satisfies the transaction level corresponding to the transaction type received from the transaction device.
A ninth invention is an identity authentication system (100) according to any one of the first to eighth inventions, wherein the server (4) is provided with a matching level memory unit (53) that stores the transaction type in correspondence with a threshold value corresponding to the transaction level, the facial image matching means (42) acquires a matching score indicating the degree of match between the matching image and the facial image as the matching result, and the transaction permission means (43, 44) is an identity authentication system that permits a transaction corresponding to the transaction type when the matching score acquired by the facial image matching means is equal to or greater than the threshold value corresponding to the transaction type in the matching level memory unit.
A tenth invention is a server (4) communicatively connected to a transaction device (1) used by a user and equipped with a photographing unit (34), the server comprising: a match image memory unit (52) storing a match image which is a facial image of a user whose identity has been verified; an authentication information receiving means (41) for receiving from the transaction device authentication information including the facial image of the user acquired by the photographing unit of the transaction device in accordance with transaction guide information corresponding to the transaction type output by the transaction device; a match image identification means (42) for identifying the match image stored in the match image memory unit based on the facial image of the authentication information; a facial image matching means (42) for acquiring a matching result by matching the match image identified by the match image identification means with the facial image; and a transaction permission means (43, 44) for permitting a transaction corresponding to the transaction type when the matching result acquired by the facial image matching means satisfies a transaction level corresponding to the transaction type.
An eleventh invention is a server (1) of the tenth invention, wherein the authentication information receiving means receives from the transaction device (4) in addition to the authentication information, action instructions for causing the user to take a specified action and an image of the user acquired after the transaction device outputs the action instructions, and the authentication information receiving means is provided with a means for confirming the image of the user received by the authentication information receiving means based on the action instructions, and the transaction permission means further permits a transaction corresponding to the transaction type when confirmation is made by the confirmation means.
A twelfth invention is a server program (51a) executed on a server (4) communicatively connected to a transaction device (1) used by a user and equipped with a photographing unit (34), the server having a match image memory unit (52) storing a match image which is a facial image of a user whose identity has been verified, and causing the server to function as: an authentication information receiving means for receiving from the transaction device authentication information including the facial image of the user acquired by the photographing unit of the transaction device in accordance with transaction guide information corresponding to the transaction type output by the transaction device; a match image identification means for identifying the match image stored in the match image memory unit based on the facial image of the authentication information; a facial image matching means for acquiring a matching result by matching the match image identified by the match image identification means with the facial image; and a transaction permission means for permitting a transaction corresponding to the transaction type when the matching result acquired by the facial image matching means satisfies a transaction level corresponding to the transaction type.
A thirteenth aspect of the present invention is a transaction device (1) used by a user and equipped with a photographing unit (34), comprising: guidance output means (15) for outputting transaction guidance information corresponding to a transaction type; face image acquisition means (17) for acquiring a face image of the user via the photographing unit in accordance with the transaction guidance information output by the guidance output means; and authentication information transmission means (19) for transmitting authentication information including the face image acquired by the face image acquisition means to an external device (4) communicably connected and performing authentication to permit a transaction corresponding to the transaction type. The transaction guidance information includes action guidance for having the user take a specified action when the transaction type is a predetermined transaction type, and the transaction device further comprises an image acquisition means (18) for acquiring an image of the user after the action guidance is output by the guidance output means, and an image confirmation means (18) for confirming the image of the user acquired by the image acquisition means based on the action guidance output by the guidance output means, and the authentication information transmission means (19) transmits the authentication information to the external device when confirmation by the image confirmation means is successful.
A fourteenth invention is a transaction device (1) used by a user and equipped with a photographing unit (34), comprising: a guidance output means (15) for outputting transaction guidance information corresponding to a transaction type; a facial image acquisition means (17) for acquiring a facial image of the user via the photographing unit in accordance with the transaction guidance information output by the guidance output means; and an authentication information transmission means (19) for transmitting authentication information including the facial image acquired by the facial image acquisition means to an external device (4) that is communicatively connected and performs authentication to permit a transaction corresponding to the transaction type, wherein the transaction guidance information output by the guidance output means includes action guidance for having the user take a specified action when the transaction type is a predetermined transaction type, and further comprising an image acquisition means (18) for acquiring an image of the user after outputting the action guidance by the guidance output means, and the authentication information transmission means transmits the action guidance and the image of the user acquired by the image acquisition means to the external device in addition to the authentication information.
A fifteenth aspect of the present invention is a device program (31a) executed by a transaction device (1) used by a user and equipped with a photographing unit (34), which causes the transaction device to function as a guidance output means for outputting transaction guidance information corresponding to a transaction type, a face image acquisition means for acquiring a face image of the user via the photographing unit in accordance with the transaction guidance information output by the guidance output means, and an authentication information transmission means for transmitting authentication information including the face image acquired by the face image acquisition means to an external device (4) that is communicatively connected and performs authentication to permit a transaction corresponding to the transaction type, and the guidance output means The transaction guidance information to be output includes action guidance for having the user take a specified action when the transaction type is a predetermined transaction type, and the transaction device further functions as an image acquisition means for acquiring an image of the user after the action guidance is output by the guidance output means, and an image confirmation means for confirming the image of the user acquired by the image acquisition means based on the action guidance output by the guidance output means, and the device program causes the authentication information transmission means to function to transmit the authentication information to the external device when confirmation by the image confirmation means is successful.

The present invention provides an identity authentication system that ensures security to address transaction risks.

1 is a diagram showing an overall configuration of a transaction processing system according to an embodiment of the present invention. FIG. 2 is a functional block diagram of a mobile terminal according to the embodiment. FIG. 2 is a functional block diagram of an identity authentication server according to the embodiment. 4 is a diagram illustrating an example of a storage unit of the identity authentication server according to the embodiment; FIG. 5 is a flowchart showing a main process in the mobile terminal according to the embodiment. FIG. 4 is a diagram showing an example of a screen of a mobile terminal according to the embodiment. 13 is a flowchart showing an account opening process in the transaction processing system according to the present embodiment. 10 is a flowchart showing a transaction process in the mobile terminal according to the embodiment. 11A and 11B are diagrams illustrating an example of a display of a mobile terminal used to explain face registration processing according to the embodiment. FIG. 13 is a diagram showing an example of a display of a mobile terminal used to explain a remittance procedure according to the present embodiment. 4 is a flowchart showing a transaction authentication process in the transaction processing system according to the present embodiment. FIG. 13 is a diagram showing an example display of a mobile terminal used to explain the transaction user authentication process according to the embodiment. 13 is a flowchart showing a transaction authentication process in a transaction processing system according to a modified embodiment.

Below, a description will be given of an embodiment of the present invention with reference to the drawings. Note that this is merely an example, and the technical scope of the present invention is not limited to this example.

(Embodiment)
FIG. 1 is a diagram showing the overall configuration of a transaction processing system 100 according to this embodiment.
FIG. 2 is a functional block diagram of the mobile terminal 1 according to the present embodiment.
FIG. 3 is a functional block diagram of the personal authentication server 4 according to this embodiment.
FIG. 4 is a diagram showing an example of the storage unit 50 of the personal authentication server 4 according to this embodiment.
The transaction processing system 100 (personal authentication system) shown in Fig. 1 is a system used when various transactions are performed at financial institutions (businesses) such as banks using a mobile terminal 1 (transaction device) carried by a user. In the transaction processing system 100, personal identification or personal authentication is performed in response to a transaction designated by the mobile terminal 1, and when the identification or authentication is successful, the designated transaction can be executed.

Here, the difference between identity verification and identity authentication in this specification will be explained. Identity verification refers to a verification process to enable online procedures using a mobile terminal or the like when starting a transaction with a financial institution, such as opening an account, and is always performed only once the first time. Identity verification, for example, uses an official certificate such as a driver's license or a My Number card. On the other hand, identity authentication refers to a state in which identity verification has already been completed, and verification to prevent impersonation, etc., when using a transaction from the second time onwards.
In the following, the transaction processing system 100 will be described using the examples of a case where a mobile terminal 1 is used to perform identity verification to open an account, and a case where a transaction is performed at a later date after identity verification has been completed.

The transaction processing system 100 comprises a mobile terminal 1, a personal authentication server 4 (server, external device), and a transaction processing server 7. The mobile terminal 1 can be connected to a communication network N, for example, via a wireless communication base station R. The personal authentication server 4 and the transaction processing server 7 are communicatively connected to the communication network N. The transaction processing server 7 is, for example, a server under the jurisdiction of a bank, and performs transaction processing between the mobile terminal 1 and the mobile terminal 1.

The mobile terminal 1 is, for example, a terminal owned by a person who performs transaction processing using the transaction processing server 7. Hereinafter, a person who performs transaction processing using the mobile terminal 1 is referred to as a "user." The mobile terminal 1 is, for example, a portable device that also has computer functions, as typified by a smartphone or tablet.
As shown in FIG. 2, the mobile terminal 1 includes a control unit 10 , a storage unit 30 , a camera 34 (photographing unit), a touch panel display 35 , and a communication interface unit 39 .

The control unit 10 is a CPU (Central Processing Unit) that controls the entire mobile terminal 1. The control unit 10 appropriately reads and executes an operating system (OS) and various application programs stored in the storage unit 30, thereby cooperating with the above-mentioned hardware and executing various functions.
The control unit 10 includes a transaction type reception unit 11 (transaction type reception means), an authentication method determination unit 12, a personal authentication processing unit 14, a transaction processing unit 22, and an account opening processing unit 24.

The transaction type acceptance unit 11 accepts the transaction type. Here, the transaction type refers to the type of transaction performed by the transaction processing server 7, such as an account inquiry transaction or a funds transfer transaction. The transaction type may also include an account opening process for using this transaction processing system 100, or a process related to the reissuance of a passbook or cash card. The transaction type acceptance unit 11 then transmits the accepted transaction type to the identity authentication server 4 at an appropriate timing. The appropriate timing may be, for example, the timing at which the transaction type is accepted, or the timing at which information used for authentication (authentication information) described below is transmitted.

The authentication method determination unit 12 determines the authentication method according to the transaction type accepted by the transaction type acceptance unit 11. Here, the authentication method is a method used in the personal authentication process, and corresponds to one of several types of transaction guidance information output when the user's face image is acquired using the camera 34.

The personal authentication processing unit 14 is a control unit related to personal authentication that is performed before a transaction is made. The personal authentication processing unit 14 includes a guidance output unit 15 (guidance output means), a blink detection unit 16 (pointing action detection means), a face image acquisition unit 17 (face image acquisition means), an image acquisition confirmation unit 18 (image acquisition means, image confirmation means), an authentication information transmission unit 19 (authentication information transmission means), and an authentication result receiving unit 20.

The guidance output unit 15 outputs transaction guidance information corresponding to the transaction type to the touch panel display 35. Here, the transaction guidance information corresponding to the transaction type includes, for example, guidance for inputting a transfer destination and amount, as well as guidance for identity authentication.
The guidance for identity authentication includes guidance for acquiring a face image, as well as guidance for making the user perform a specified action. The guidance for action includes, for example, prompting the user to blink or to turn the face in a specified direction (including shaking the head or nodding) as an action according to the instruction. Other guidance for action includes raising the hand that does not hold the mobile terminal 1, changing the shape of the hand to a specified shape (such as making a fist or an open hand), and opening the mouth. In addition, guidance for action includes moving the eyes in a specified direction, blinking a specified number of times, and uttering a specified sound or phrase (word). Furthermore, guidance for action may include a combination of the above. These guidance for action are guidance for action that the user is to perform while holding the mobile terminal 1 in one hand or while placing the mobile terminal 1 in a stable place, with the in-camera 34a facing in a shooting direction including the user's face. For this reason, it is preferable that the action be confirmed near the user's face.

The blink detection unit 16 detects blinks from an image acquired while the user continues to capture an image of his/her face by positioning the in-camera 34a so that his/her face is captured in the image.
The face image acquisition unit 17 acquires a face image of the user. For example, the face image acquisition unit 17 acquires a face image of the user captured by the in-camera 34a in accordance with the guidance output by the guidance output unit 15. In addition, the face image acquisition unit 17 acquires a face image of the user captured by the in-camera 34a after the blink detection unit 16 detects a blink, for example.

The image acquisition confirmation unit 18 acquires an image of the user captured by the in-camera 34a in accordance with the guidance output by the guidance output unit 15. It is desirable that the image of the user includes a facial image. The image acquisition confirmation unit 18 then checks whether the acquired image of the user is based on the guidance output by the guidance output unit. For example, if the guidance is to encourage the user to look to the right, and the acquired image of the user is not looking to the right, the image acquisition confirmation unit 18 determines that the image is not based on the guidance.

The authentication information transmitting unit 19 transmits authentication information including the face image acquired by the face image acquiring unit 17 and the user's personal identification information (user identification information) to the personal authentication server 4. Here, the user's personal identification information is identification information for identifying the user, and may be, for example, a terminal ID (IDentification) unique to the mobile terminal 1 or a login ID for using the transaction processing system 100. Furthermore, the user's personal identification information may be an account number, assuming that the user already has an account.
When the image acquisition confirmation unit 18 performs processing, the authentication information transmission unit 19 transmits authentication information to the personal authentication server 4 if it can confirm that the image is based on the guidance.
The authentication result receiving unit 20 receives the authentication result from the personal authentication server 4. The authentication result includes, for example, information on whether or not a transaction corresponding to the transaction type is permitted.

When the authentication result received from the identity authentication server 4 authorizes a transaction corresponding to the transaction type, the transaction processing unit 22 performs transaction processing corresponding to the transaction type with the transaction processing server 7.
The account opening processing unit 24 performs processing for opening an account when the transaction type accepted by the transaction type acceptance unit 11 is account opening.

The storage unit 30 is a storage area such as a semiconductor memory element for storing programs, data, etc. required for the control unit 10 to execute various processes.
The storage unit 30 includes a program storage unit 31 .
The program storage unit 31 is a storage area for storing various application programs (hereinafter, the application programs are referred to as applications, apps, programs, etc.) The program storage unit 31 stores a trading application 31a (device program).
The trading application 31a is installed in advance on the mobile terminal 1, or is downloaded to the mobile terminal 1 by communicating with an application distribution server (not shown) via the communication network N.
The transaction application 31 a is a program for carrying out various functions executed by the control unit 10 of the mobile terminal 1 and functions related to transactions with the transaction processing server 7 .

The camera 34 is an image capturing device. The camera 34 has an in-camera 34a and an out-camera 34b. The in-camera 34a is a camera provided on the touch panel display 35 side of the mobile terminal 1. The out-camera 34b is a camera provided on the back side of the mobile terminal 1.
The touch panel display 35 functions as a display unit constituted by a liquid crystal panel or the like, and also functions as an input unit for inputting various operations using a user's finger.
The communication interface unit 39 is an interface for communicating with various servers via the communication network N, and serves as a transmitter and a receiver.

1, the personal authentication server 4 is a server that performs personal authentication. The personal authentication server 4 may be owned by a bank or a company other than a bank.
As shown in FIG. 3, the authentication server 4 includes a control unit 40 , a storage unit 50 , and a communication interface unit 59 .

The control unit 40 is a CPU that controls the entire identity authentication server 4. The control unit 40 appropriately reads and executes the OS and application programs stored in the storage unit 50, thereby cooperating with the above-mentioned hardware to execute various functions.
The control unit 40 includes an authentication information receiving unit 41 (authentication information receiving means), a facial image matching unit 42 (matching image identification means, facial image matching means), a matching result determination unit 43 (transaction permission means), and an authentication result transmission unit 44 (transaction permission means).

The authentication information receiving unit 41 receives the authentication information transmitted by the portable terminal 1 .
The facial image matching unit 42 refers to the matching image storage unit 52 and specifies a matching image associated with the personal identification information of the authentication information. Then, the facial image matching unit 42 obtains a matching result obtained by matching the facial image of the authentication information with the specified matching image. Here, the facial image matching unit 42 is described as matching the facial image with the matching image using an application (not shown) for image matching and obtaining the matching result from the application. However, this is only an example, and the facial image matching unit 42 may also match the facial image with the matching image. Then, the facial image matching unit 42 obtains a matching score indicating the degree of matching as a matching result. Here, the matching score is expressed by a numerical value ranging from 0 to 100, for example, and the higher the degree of matching, the higher the numerical value.

The matching score may be a value calculated based on the false acceptance rate and the false rejection rate. The false acceptance rate and the false rejection rate are evaluation indexes of the biometric authentication algorithm, and the false acceptance rate (FAR) and the false rejection rate (FRR) are evaluation indexes that indicate the authentication accuracy of the biometric authentication algorithm. The false acceptance rate is the probability that the same person is erroneously recognized when biometric information of different people is matched, and the false rejection rate is the probability that the same person is erroneously recognized when biometric information of the same person is matched. The false acceptance rate and the false rejection rate may be used as the matching score, and in this case, the lower the false acceptance rate and the false rejection rate, the higher the authentication accuracy. Any existing technology may be used to calculate the false acceptance rate and the false rejection rate.

The matching result determination unit 43 determines the matching result by the face image matching unit 42. More specifically, the matching result determination unit 43 refers to the matching level storage unit 53 and determines whether or not to permit a transaction for the transaction type received in advance from the portable terminal 1 based on the matching result.
The authentication result transmission unit 44 transmits the determination result by the matching result determination unit 43 to the mobile terminal 1 .

The storage unit 50 is a storage area such as a hard disk, a semiconductor memory device, etc. for storing programs, data, etc. required for the control unit 40 to execute various processes.
The storage unit 50 includes a program storage unit 51 , a matching image storage unit 52 , and a matching level storage unit 53 .
The program storage unit 51 is a storage area for storing various programs. The program storage unit 51 stores an authentication program 51a (server program).
The personal authentication program 51 a is a program for carrying out various functions executed by the control unit 40 of the personal authentication server 4 .

The comparison image storage unit 52 is a storage area for storing comparison images.
4A shows an example of items in the matching image storage unit 52. The matching image storage unit 52 uses personal identification information as a key to store a matching image and, if necessary, an acquisition date. The matching image is the face image of the user whose identity has been verified. The acquisition date is the date on which the identity was verified.

The matching level storage unit 53 is a storage area for storing the matching level permitted for each transaction type.
The matching level storage unit 53 illustrated in Fig. 4(B) stores transaction types and thresholds in association with each other. The transaction types are types of transactions that require personal authentication. The thresholds are thresholds related to the matching score acquired by the face image matching unit 42 described above. For example, in the case of an account inquiry process, if the matching score acquired by the face image matching unit 42 is 60 or higher, the account inquiry process is permitted.
The communication interface unit 59 is an interface for communicating with various servers such as the transaction processing server 7 and the mobile terminal 1 via the communication network N.

Here, a computer refers to an information processing device equipped with a control unit, a storage device, etc., and the mobile terminal 1 and the personal authentication server 4 are each information processing devices equipped with a control unit, a storage device, etc., and are included in the concept of a computer.

The transaction processing server 7 shown in Fig. 1 is a server that performs transaction processing. In Fig. 1, the transaction processing system 100 is shown to have only one transaction processing server 7, but there may be multiple transaction processing servers. Furthermore, the transaction processing server 7 may be, for example, a server integrated with the identity authentication server 4.
Although not shown, the transaction processing server 7 includes a control unit, a memory unit, a communication interface unit, etc.

1 is a wireless communication base station that relays communication between the mobile terminal 1 and various servers. The base station R is, for example, a base station for a wireless LAN (Local Area Network) or a base station for a mobile terminal communication network of a telecommunications carrier.
The communication network N is a network between various servers or between various servers and the base station R, and is an Internet line, a mobile terminal communication network, or the like.

Next, the processing of transaction processing system 100 will be described.
FIG. 5 is a flowchart showing a main process in the mobile terminal 1 according to this embodiment.
FIG. 6 is a diagram showing an example of a screen of the mobile terminal 1 according to this embodiment.
FIG. 7 is a flowchart showing the account opening process in the transaction processing system 100 according to this embodiment.

First, the user operates the mobile terminal 1 to launch the transaction application 31a in order to carry out a transaction with "XX Bank." This causes the control unit 10 of the mobile terminal 1 to output, for example, a login screen (not shown), and accepts input from the user to carry out login processing. Once login is successful, the main processing of FIG. 5 is started. In step S (hereinafter simply referred to as "S") 11 of FIG. 5, the control unit 10 of the mobile terminal 1 outputs a start screen 60 shown in FIG. 6 to the touch panel display 35. FIG. 6(a) shows an aspect of the start screen 60 displayed on the mobile terminal 1, and FIG. 5(b) shows the start screen 60 in its entirety.
The start screen 60 includes buttons 60a to 60c corresponding to transaction types and buttons 60d and 60e corresponding to other procedures. The user performs an operation to select one of the buttons 60a to 60e corresponding to the process he or she wishes to perform from the start screen 60.

In S12, the control unit 10 (transaction type acceptance unit 11) accepts the selection of a transaction type.
In S13, the control unit 10 (transaction type reception unit 11) judges whether the accepted transaction type is an account application. If the user selects button 60a in FIG. 6(b), the control unit 10 judges that the accepted transaction type is an account application. On the other hand, if the user selects a button other than button 60a in FIG. 6(b), the control unit 10 judges that the accepted transaction type is not an account application. If the accepted transaction type is an account application (S13: YES), the control unit 10 transfers the process to S14. On the other hand, if the accepted transaction type is not an account application (S13: NO), the control unit 10 transfers the process to S15, performs the transaction time processing described below, and then terminates this process.

In S14, the control unit 10 (account opening processing unit 24) performs the account opening process. Note that the user who selects the account application is a user who does not have an account with "XX Bank" and is thinking of conducting transactions with "XX Bank" in the future.
The account opening process will now be described with reference to FIG.
7, the control unit 10 of the mobile terminal 1 outputs a transaction guidance screen (not shown) relating to account opening to the touch panel display 35. Thereafter, the mobile terminal 1 performs processing in accordance with the transaction guidance screen.
In S22, the control unit 10 accepts input of the user's personal information and transmits the accepted personal information of the user to the identity authentication server 4. Here, the personal information of the user is information such as the user's name, address, and telephone number that is necessary for opening an account.

In S23, the control unit 10 photographs the user's identification document and the user's own face. More specifically, for example, the control unit 10 activates the outer camera 34b and instructs the control unit 10 to photograph the identification document. An identification document is, for example, a driver's license or a My Number card that includes a user's face photo on the card. After photographing the identification document, the control unit 10 then activates the inner camera 34a and instructs the control unit 10 to photograph the user's own face.
In S24, the control unit 10 transmits the image of the identification document photographed in S23 and the user's own face image to the personal authentication server 4. Note that the transmission in S22 may be performed simultaneously at this timing.

In S25, the control unit 40 of the personal authentication server 4 performs identity verification based on the various received information, and verifies the authenticity of the user. More specifically, the control unit 40 of the personal authentication server 4 compares, for example, the face photograph included in the personal identification document with the user's own face image, and verifies that the matching level is equal to or higher than a predetermined value. If the matching level between the face photograph included in the personal identification document and the user's own face image is equal to or higher than a predetermined value, the identity verification is successful. The control unit 40 also compares the personal information received from the user with the text information included in the image of the personal identification document, and verifies that the contents match.
In S26, the control unit 40 transmits the confirmation result to the mobile terminal 1. If the authenticity is confirmed, the control unit 40 notifies the mobile terminal 1, for example, that the account opening process is being carried out. The control unit 40 also transmits confirmation result information to the transaction processing server 7 and requests the account opening process. On the other hand, if the authenticity cannot be confirmed, the control unit 40 notifies the mobile terminal 1 that the account opening process could not be carried out.

In S27, the control unit 40 judges whether or not the authenticity has been confirmed based on the confirmation result. If the authenticity has been confirmed (S27; YES), the control unit 40 moves the process to S28. On the other hand, if the authenticity has not been confirmed (S27: NO), the control unit 10 ends this process.
In S28, the control unit 40 associates the user's facial image with the personal identification information and registers them in the match image storage unit 52. Thereafter, the control unit 40 ends this process.

After the account opening process is completed and the transaction processing server 7 assigns an account number, the mobile terminal 1 may then receive account number information from the transaction processing server 7 (or the identity authentication server 4) and output a results screen to the touch panel display 35. The control unit 10 then terminates this process.

In this way, when the identity authentication server 4 confirms the authenticity of the user through the account opening process, it registers the facial image used for identity authentication in the matching image storage unit 52. Therefore, the facial image acquired through the process of acquiring a facial image required for identity authentication can be used for identity authentication in other processes, improving convenience.

Next, the transaction process (S15 in FIG. 5) will be described.
FIG. 8 is a flowchart showing a transaction process in the mobile terminal 1 according to this embodiment.
FIG. 9 is a diagram showing an example of a display on the mobile terminal 1 used to explain the face registration process according to this embodiment.
FIG. 10 is a diagram showing an example of a display on the mobile terminal 1 used to explain the remittance procedure according to this embodiment.
FIG. 11 is a flowchart showing a transaction authentication process in the transaction processing system 100 according to this embodiment.
FIG. 12 is a diagram showing an example of a display on the mobile terminal 1 used to explain the transaction authentication process according to this embodiment.

In S31 of Fig. 8, the control unit 10 (transaction type reception unit 11) of the mobile terminal 1 judges whether the accepted transaction type is face registration or not. When the user selects the button 60d of Fig. 9(a), the control unit 10 judges that the accepted transaction type is face registration. When the accepted transaction type is face registration (S31: YES), the control unit 10 shifts the process to S33. On the other hand, when the accepted transaction type is not face registration (S31: NO), the control unit 10 shifts the process to S32.
In S32, the control unit 10 checks whether or not the face of the user has already been registered, for example, by transmitting personal identification information to the identity authentication server 4. If the face has already been registered (S32: YES), the control unit 10 moves the process to S34. On the other hand, if the face has not been registered (S32: NO), the control unit 10 moves the process to S33. This is because if the face has not been registered, the face must first be registered before the transaction can be processed.

In S33, the control unit 10 performs a face registration process.
The face registration process will be described with reference to FIG.
The control unit 10 outputs the information input screen 61 shown in Fig. 9(b) to the touch panel display 35. The information input screen 61 is a screen for inputting information required for performing a transaction at "XX Bank". The user inputs information corresponding to each item on the information input screen 61.
When the "Next" button on the information input screen 61 is selected, the control unit 10 outputs a photographing screen 62 shown in Fig. 9(c) to the touch panel display 35. The photographing screen 62 is for acquiring an image of the user's face. The user positions his/her face so that it fits within the frame and selects the "Photograph" button, whereby the control unit 10 acquires an image of the user's face. The transaction processing system 100 then stores the acquired image of the user's face as an image for comparison.

When shooting using the shooting screen 62 is completed, the control unit 10 outputs an information confirmation screen shown in Fig. 9(d) to the touch panel display 35. The information confirmation screen 63 is a screen for allowing the user to confirm the information input by the user on the information input screen 61.
The user checks the information confirmation screen 63, and if there are no mistakes, selects the "Register" button, which causes the control unit 10 to transmit the input information confirmed by the user on the information confirmation screen 63 to the personal authentication server 4. When the input information is confirmed by the personal authentication server 4 and the transaction processing server 7, the control unit 10 then outputs a registration completion screen 64 shown in FIG. 9(e) to the touch panel display 35.

More specifically, when the user selects the “Register” button on the information confirmation screen 63, the control unit 10 transmits the input information displayed on the information confirmation screen 63 and the user's facial image acquired by the shooting screen 62 to the identity authentication server 4.
The personal authentication server 4 sends the input information to the transaction processing server 7 and checks whether the transaction processing server 7 has similar information, i.e., whether the relevant account information, etc. exists. The transaction processing server 7 sends the check result to the personal authentication server 4.
If the received confirmation result is correct, the control unit 40 of the personal authentication server 4 stores the user's face image in the matching image storage unit 52 and transmits a normal end of the process to the portable terminal 1. In this way, when the control unit 10 of the portable terminal 1 receives the normal end of the process, it outputs a registration completion screen 64 shown in Fig. 9(e).

If the transaction processing server 7 does not have information similar to the input information, the control unit 10 outputs an error screen (not shown) to the touch panel display 35 .
Although not described in this example, when a face image is registered for the first time in the transaction processing system 100, the control unit 10 of the mobile terminal 1 takes a picture of the user's face image and a personal identification document such as a driver's license to verify the user's identity on the photographing screen, in addition to the user's face image, in the same manner as in the account opening process described above. The control unit 10 then transmits these data to the personal identification server 4 (see the processes of S23 and S24 in FIG. 7). The control unit 40 of the personal identification server 4 compares the face photo included in the personal identification document with the user's face image to verify the user's identity. If the user's identity is verified, the control unit 40 stores the user's face image in the comparison image storage unit 52 (see the processes of S25, S27, and S28 in FIG. 7).
Furthermore, if the transaction type accepted by the control unit 10 of the mobile terminal 1 is other than face registration, then in response to the face image being registered by the face registration process (S33 in FIG. 8), the control unit 10 transitions to processing from S34 onwards, which will be described next.

On the other hand, in S34 of FIG. 8, the control unit 10 outputs to the touch panel display 35 a transaction guidance screen corresponding to the accepted transaction type.
For example, when a user selects the “Transfer Procedure” button 60c on the start screen 60 shown in FIG. 10(a) and a facial image has already been registered, the control unit 10 outputs the remittance procedure screen 66 shown in FIG. 10(b) to the touch panel display 35.
When the user inputs the necessary information into the remittance procedure screen 66 and selects the "Confirm with face authentication" button 66a, the control unit 10 accepts an authentication request in S35 of FIG.
Next, in S36, the control unit 10 (personal authentication processing unit 14) performs a transaction personal authentication process.

Here, the transaction authentication process will be described with reference to FIG.
In S41 of Fig. 11, the control unit 10 (authentication method determination unit 12, guidance output unit 15) determines an authentication method according to the transaction type, and outputs a transaction guidance screen (photographed screen) to the touch panel display 35. Here, determining the authentication method according to the transaction type means, for example, determining the content of the action guidance. Among transaction types, inquiry transactions such as balance inquiry transactions and deposit/withdrawal inquiry transactions have a relatively low risk, while funds transfer transactions such as transfer transactions have a relatively high risk. For this reason, it is desirable to make it more difficult for other users to commit fraud in high-risk transactions.
In S42, the control unit 10 (personal authentication processing unit 14) performs a process of acquiring a face image. A photographing screen 67 shown in Fig. 10C is an example output to the touch panel display 35 in the face image acquisition process.

Here, the process of acquiring a face image will be described based on a specific example shown in FIG.
Fig. 12(A) is an example of a screen from output of a transaction guide screen to acquisition of a face image in a high-risk transaction. In Fig. 12(A), first, the guide output unit 15 outputs a shooting screen 71 for fitting the user's face to a frame as shown in (a). When the position of the user's face is fitted to the frame, the image acquisition confirmation unit 18 takes an image via the in-camera 34a. Next, the guide output unit 15 outputs a shooting screen 72 including a behavior guide for changing the direction of the user's face to the right as shown in (b), and the image acquisition confirmation unit 18 takes an image via the in-camera 34a. Furthermore, the guide output unit 15 outputs a shooting screen 73 for turning the user's face to the front again as shown in (c), and the face image acquisition unit 17 takes an image via the in-camera 34a. The mobile terminal 1 uses the user's face image acquired by the face image acquisition unit 17 as an image to be used for matching.

The image acquisition confirmation unit 18 confirms whether the image captured after the shooting screen 71 shown in (a) is output and the image captured after the shooting screen 72 shown in (b) is output complies with the instructions of the behavioral guide.
By outputting a transaction guidance screen including such action guidance, the user can be made to take an action (behavior) according to the instruction on the transaction guidance screen on the spot. In other words, it is possible to prevent fraudulent acts such as taking a photo of another person directly with the camera 34 and pretending to be another person performing an operation.

On the other hand, for low-risk transactions, for example, a transaction guidance screen as shown in FIG. 12(B) is output. First, the guidance output unit 15 outputs the photographing screen 75 shown in (a), and when the user aligns the position of the face with the frame, it outputs the photographing screen 76 as shown in (b), which includes a behavioral guide encouraging the user to blink. Then, when the blink detection unit 16 detects the blinking of the user's eyes, the facial image acquisition unit 17 captures an image via the in-camera 34a. The mobile terminal 1 uses the user's facial image acquired by the facial image acquisition unit 17 as the image to be used for matching.

By outputting a transaction guidance screen including such action guidance, the user can be made to take an action (behavior) according to the instructions on the transaction guidance screen on the spot. In other words, it is possible to prevent fraudulent use of another person's photo, etc. to impersonate a transaction.
This is just one example, and capturing images by blink detection may of course be used in high-risk transactions as well. Also, in low-risk transactions, a simple photograph of the user's face may be captured.
Regardless of the method, in high-risk transactions, spoofing can be prevented by having the user take some action before capturing an image and verifying the action.

11, the control unit 10 (authentication information transmission unit 19) transmits authentication information to the personal authentication server 4. The authentication information includes personal identification information and a face image of the user. The control unit 10 may also transmit the type of transaction at this time.
When the control unit 40 (authentication information receiving unit 41) of the personal authentication server 4 receives the authentication information from the portable terminal 1, in S44 the control unit 40 extracts a match image corresponding to the personal identification information included in the authentication information from the match image storage unit 52. If the match image corresponding to the personal identification information does not exist in the match image storage unit 52, the control unit 40 proceeds to S37 in Fig. 8 and transmits a determination result to the portable terminal 1 that authentication was not possible.

In S45, the control unit 40 (face image matching unit 42) matches the face image of the user included in the authentication information with the extracted match image. More specifically, the control unit 40 matches the face image of the user with the match image using an image matching application, and obtains a match score as a match result from the application.
In S46, the control unit 40 (matching result determination unit 43) refers to the matching level storage unit 53 and determines whether or not to permit the transaction using a threshold value corresponding to the transaction type. The threshold value for a remittance procedure (funds transfer transaction (small amount)) in the matching level storage unit 53 illustrated in Fig. 4 is 80. Therefore, if the matching score acquired in the process of S45 is 80 or more, authentication is deemed to have been successful and the transaction is permitted.
In S47, the control unit 40 (authentication result transmission unit 44) transmits the determination result to the portable terminal 1. After that, the control unit 40 ends this process. In addition, in response to receiving the determination result from the personal authentication server 4, the control unit 10 (authentication result reception unit 20) of the portable terminal 1 shifts the process to S37 in FIG. 8.

In S37 of FIG. 8, the control unit 10 (personal authentication processing unit 14) judges whether or not authentication has been successful based on the received judgment result. If authentication has been successful (S37: YES), the control unit 10 moves the process to S38. On the other hand, if authentication has not been successful (S37: NO), the control unit 10 ends this process. Note that if authentication has not been successful, a result screen 68 shown in FIG. 10(e) may be output to the touch panel display 35 to notify the user that authentication has failed.

In S38, the control unit 10 (transaction processing unit 22) executes the transaction of the transaction type designated by the user with the transaction processing server 7. Thereafter, the control unit 10 outputs a result screen 70 shown in FIG. 10(d) to the touch panel display 35.
When multiple transaction types are consecutively carried out, after the transaction process of S38, a "Go to start screen" button shown in Fig. 10(d) may be selected to output a start screen 60 to the touch panel display 35. When another transaction is carried out within a predetermined time, for example, within 5 minutes, the control unit 10 transitions to transaction time processing (S15 in Fig. 5) after accepting the selection of the transaction type (S12 in Fig. 5), but the process from S34 to S37 in Fig. 8 may be omitted and the transaction process of S38 may be carried out.

Thus, according to this embodiment, transaction processing system 100 has the following advantages.
(1) The mobile terminal 1 outputs a transaction guidance screen corresponding to the transaction type selected by the user, photographs the user's face image, and transmits it to the identity authentication server 4, so that the photographed face image of the user can be used for matching with a matching image. Since the transaction guidance screen corresponds to the transaction type, it is possible to input values for each item according to the transaction type, and a different transaction guidance screen can be output according to the risk of the transaction type.
The face image used for identity verification is stored in the identity authentication server 4 as a matching image in association with personal identification information, and the identity authentication server 4 uses the stored matching image for identity verification performed each time a transaction is made. Then, when the matching result satisfies a transaction level corresponding to the transaction type, the identity authentication server 4 permits a transaction corresponding to that transaction type. Thus, a different transaction level can be set for each transaction type, and a system can be constructed in which a transaction is permitted if the transaction level is satisfied. More specifically, for example, whether or not the matching score obtained as the matching result is tradable can be made different depending on the transaction level.

(2) The transaction guidance information includes action guidance for making the user take a specified action when the transaction type is a predetermined transaction type. Therefore, after making the user take the specified action, the mobile terminal 1 acquires an image of the user and checks whether the image corresponds to the specified action, thereby preventing impersonation by a third party.
(3) The mobile terminal 1 outputs an instruction to orient the user's face in one of various directions, such as facing forward or facing up, down, left, right, etc., different from the forward direction, and then captures an image, and uses the image in which the user's face is facing forward for matching. This makes it possible to make the user take a different action from taking a picture of the user's face, and to make the action easy for the user to perform.
(4) Since the mobile terminal 1 acquires the user's face image after detecting a blink from an image of the user's face, it is possible to eliminate fraudulent acts such as using a photograph of the user's face. In addition, since the user's face image is acquired after a blink, there is a high possibility that an image in which the user's eyes are properly open can be acquired.

(5) The identity authentication server 4 is provided with a matching level storage unit 53, and uses the matching score, which is the result of the matching, to determine whether or not to permit a transaction. The matching level storage unit 53 associates a threshold value for permitting each type of transaction. Thus, the matching score for permitting a transaction can be changed depending on the type of transaction.

(6) Until now, when making a fund transfer transaction such as a bank transfer, for example, it was necessary to input a PIN number. By using facial image matching as described in this embodiment, it is possible to simply take a picture of one's own face using the mobile terminal 1, eliminating the need to manually input a PIN number, thereby improving security. Also, in Internet banking transactions, for example, a one-time password may be used instead of a PIN number. However, in the case of a one-time password, it was necessary to prepare hardware and software in advance. By using facial image matching as described in this embodiment, no advance preparation is required, making it highly convenient.

Although the embodiments of the present invention have been described above, the present invention is not limited to the above-mentioned embodiments. Furthermore, the effects described in the embodiments are merely a list of the most favorable effects resulting from the present invention, and the effects of the present invention are not limited to those described in the embodiments. Note that the above-mentioned embodiments and the modified forms described below can be used in appropriate combinations, but detailed explanations will be omitted.

(Modifications)
(1) In the present embodiment, the transaction authentication process is described by way of example in which authentication information including a face image and personal identification information is transmitted from a mobile terminal to a personal authentication server. However, the present invention is not limited to this. The personal identification information does not have to be transmitted to the personal authentication server.
FIG. 13 is a flowchart showing a transaction authentication process in a transaction processing system according to a modified embodiment, in which no personal identification information is transmitted.
The processes of S241 and S242 in FIG. 13 are similar to the processes of S41 and S42 in this embodiment (FIG. 11).
In S243, the control unit of the portable terminal transmits authentication information including a face image to the personal authentication server.

In S244, the control unit of the personal authentication server extracts a match image from the match image storage unit based on the received facial image. This process of the personal authentication server is a process of extracting one or more match images similar to the received facial image.
The processes from S245 to S247 are similar to the processes from S45 to S47 in this embodiment (FIG. 11).
In this way, the mobile terminal transmits a facial image to the personal authentication server, and the personal authentication server can perform personal authentication using only the facial image, without transmitting personal identification information. However, the processing load of the personal authentication server is large because the processing involves searching for a matching image similar to the facial image from the matching image storage unit.

(2) In the present embodiment, the main processing performed after the login processing and the subsequent processing are described as being performed by authentication through matching using a face image. Although no particular mention was made of the login processing, for example, the login processing may be performed by utilizing a face recognition function of a mobile terminal.
In this case, a facial image is registered in advance in the storage unit of the portable terminal, and the control unit of the portable terminal compares the facial image registered in the storage unit of the portable terminal with the facial image captured at the time of login. If the comparison is successful, the control unit of the portable terminal permits login. Although the accuracy of the comparison depends on the comparison process in the portable terminal, the user can log in simply by photographing his or her face. This eliminates the need for the user to remember passwords, etc., making the system highly convenient.
Even if a user is able to log in through such login processing, a process of registering a face image in the personal authentication server is still required.

(3) In this embodiment, a transaction at a bank has been described as an example, but the present invention is not limited to this. Various transactions are applicable to the transaction for which identity authentication is performed in this embodiment. For example, among transactions at a bank, the present embodiment can be used for a transaction such as a cash withdrawal using an ATM. For example, an ATM can be used for identity authentication using a mobile terminal, and a QR code (registered trademark) is displayed on the mobile terminal in response to authentication. Then, by having the ATM read the QR code (registered trademark), the mobile terminal can be used in place of a cash card and PIN input.
Furthermore, when conducting a transaction at a counter, the personal authentication in this embodiment can be used instead of a seal.
Furthermore, transactions requiring identity authentication are not limited to various transactions at financial institutions.
For example, the present invention can be used for lending keys in car sharing services, transactions related to real estate rental, and use at ticket gates at stations. In the case of lending keys in car sharing services, the present invention can be used for face authentication when a mobile terminal is made into a digital key, and the face-authenticated mobile terminal can be used to unlock the key and start driving the car. Similarly, in the case of transactions related to real estate rental, the present invention can be used for face authentication when a mobile terminal is made into a digital key, and the face-authenticated mobile terminal can be used to automatically open the key of a specified real estate property, and can be used for unmanned viewings, etc. Furthermore, in the case of use at ticket gates at stations, the present invention can be used for face authentication when a mobile terminal is made into a pass, and entry and exit at the ticket gates at stations can be made possible.
When using the present invention for these transactions, the personal identification information of this embodiment may be used, or in addition to the personal identification information, a user ID that uniquely identifies the user, an email address, etc. may be used.

(4) In the present embodiment, some examples of behavioral guidance are given as transaction guidance information corresponding to the transaction type, but the present invention is not limited to these examples. Any other information may be used as long as it allows the user to perform a certain action and allows confirmation of whether or not the action has been performed by an image.
In addition, the action guidance may be changed depending on whether or not the transaction requires immediacy. For example, in the case of a transaction that does not require immediacy, such as a request for a reissue of a card, the action guidance may be to move a pointed object (e.g., an identification document) in a pointed direction, or to write pointed characters, which requires some effort.

(5) In this embodiment, high-risk and low-risk transactions are described, and examples are given in which different action guidance is given for high-risk and low-risk transactions, but this is not limited to the above. The risk level may be further subdivided depending on the transaction content. For example, in the case of an attribute change transaction such as an address or name change, the risk may be a medium level. Furthermore, the subdivision is not limited to two or three levels. For example, if the risk level is determined to be higher as the number increases, the risk level of logging in may be 1, the risk level of attribute change may be 2, the risk level of funds transfer without an account (transfer) may be 3, the risk level of remittance to another bank may be 4, and the risk level of cash card reissue may be 5. Furthermore, the risk of a transaction may be set differently depending on the business operator.

(6) In the present embodiment, an example has been described in which the mobile terminal checks the user's image acquired after outputting the action guide based on the action guide, but this is not limiting. The personal authentication server may check the user's image acquired after outputting the action guide based on the action guide. In this case, the mobile terminal transmits the action guide and the user's image to the personal authentication server, and the personal authentication server's checking means checks whether the user's image complies with the instructions in the action guide. Here, the user's image may be a still image or a moving image, but in the case of a still image, information is required to indicate the order in which it was taken.

(7) In the present embodiment, the verification level storage unit is provided and a threshold value of the verification score for permitting a transaction is associated with a transaction type. However, the present invention is not limited to this. For example, the verification level may be associated with a threshold value.
Also, a level determination application (not shown) may be prepared for each transaction type, which determines the matching level when items to be used in the transaction are specified, and the matching level may be determined using the level determination application. For example, when personal information is used, the level determination application may change the level according to the number of items used, so that the determined matching level matches the actual feeling.

(8) In the present embodiment, the facial image of the user used for identity verification is stored in the matching image storage unit and used for identity verification when using a transaction. However, the present invention is not limited to this. For example, in a transaction with a high matching level, the facial image of the user received when matching is successful may be additionally registered in the matching image storage unit. Then, if the result of matching with the initially registered matching image is at a level that does not allow the transaction to be approved, the facial image may be matched with the newly registered additional matching image. Alternatively, the latest matching image may be matched from the beginning. In this way, the accuracy of the matching result is expected to improve when matching with the user's facial image, which changes over time.

(9) In the present embodiment, the facial image acquired by the mobile terminal during identity verification is used as the image to be used for matching during identity authentication. However, the present invention is not limited to this. A facial photo image obtained from an image of an identification document acquired by the mobile terminal during identity verification may be used as the image to be used for matching during identity authentication.
In addition, identity verification does not have to be performed using a mobile terminal. For example, at a counter of a bank or the like, staff may use a camera-equipped terminal (not shown) to take a picture of the identity document and the face of the counter user, and associate the acquired face image with various information including the image of the identity document.

(10) In this embodiment, a transaction guidance screen is output when photographing. In this case, the time from outputting the transaction guidance screen to photographing is not specifically described, but if photographing is not done within a predetermined time, the control unit may treat it as an error and not perform subsequent processing. In addition to the transaction guidance screen, audio transaction guidance may also be provided. This is particularly effective when the user faces in a direction other than the front, since the user cannot see the screen.

LIST OF SYMBOLS 1 Mobile terminal 4 Personal authentication server 7 Transaction processing server 10, 40 Control unit 11 Transaction type reception unit 12 Authentication method determination unit 14 Personal authentication processing unit 15 Guidance output unit 16 Blink detection unit 17 Facial image acquisition unit 18 Image acquisition confirmation unit 19 Authentication information transmission unit 20 Authentication result reception unit 22 Transaction processing unit 24 Account opening processing unit 30, 50 Memory unit 31a Transaction application 34 Camera 34a In-camera 35 Touch panel display 41 Authentication information reception unit 42 Facial image matching unit 43 Matching result determination unit 44 Authentication result transmission unit 51a Personal authentication program 52 Matching image storage unit 53 Matching level storage unit 100 Transaction processing system

Claims (7)

A transaction device equipped with a photographing unit and used by a user;
a server communicatively connected to the transaction device;
A personal authentication system comprising:
The transaction device includes:
a guidance output means for outputting transaction guidance information corresponding to a transaction type, the transaction guidance information including action guidance for causing the user to take a specified action when the transaction type is a predetermined transaction type;
an image acquisition means for acquiring an image of the user after the action guidance is output by the guidance output means;
a face image acquisition means for acquiring a face image of the user via the photographing unit in accordance with the transaction guidance information output by the guidance output means;
an authentication information transmitting means for transmitting, to the server , the action guide and the image of the user acquired by the image acquiring means in addition to authentication information including the face image acquired by the face image acquiring means;
Equipped with
The server,
a verification image storage unit that stores a verification image, which is a facial image of a user whose identity has been verified;
an authentication information receiving means for receiving the action guide and an image of the user from the transaction device in addition to the authentication information;
means for confirming the image of the user received by the authentication information receiving means based on the action guide;
a match image specifying means for specifying the match image stored in the match image storage unit based on the face image of the authentication information;
a face image matching means for acquiring a matching result obtained by matching the face image with the match image specified by the match image specifying means;
a transaction permission means for permitting a transaction corresponding to the transaction type when the confirmation means is able to confirm and the matching result acquired by the face image matching means satisfies a transaction level corresponding to the transaction type;
An identity authentication system comprising: 2. The personal authentication system according to claim 1,
the authentication information transmitting means transmits the authentication information, which further includes user identification information for identifying the user, to the server;
the comparison image storage unit stores the comparison image in association with the user identification information;
The match image specifying means specifies the match image stored in the match image storage unit based on the user identification information of the authentication information. In the personal authentication system according to claim 1 or 2,
the transaction guidance information output by the guidance output means is such that the number of times the face image is captured by the face image capture means varies depending on the type of transaction,
When the face image of the user is acquired multiple times, the transaction guidance information includes an instruction to orient the face of the user to face the photographing unit at least once,
An identity authentication system, wherein the authentication information sending means sends the authentication information to the server, the authentication information including at least the facial image acquired by the facial image acquisition means after the instruction to turn the user's face forward. 4. The personal authentication system according to claim 3,
An identity authentication system, wherein when the facial image is acquired multiple times, the transaction guidance information further includes an instruction to orient the user's face in a direction other than the forward direction relative to the imaging unit. In the personal authentication system according to any one of claims 1 to 4,
the transaction device includes an instruction action detection means for detecting an action corresponding to an instruction from the face image of the user acquired via the photographing unit when the transaction type is the predetermined transaction type,
The face image acquisition means acquires the face image after the instruction action detection means detects an action corresponding to an instruction. In the personal authentication system according to any one of claims 1 to 5,
the transaction device includes a transaction type receiving means for transmitting the transaction type to the server in response to receiving the transaction type;
The transaction permission means is an identity authentication system that permits a transaction corresponding to the transaction type when the matching result obtained by the facial image matching means satisfies the transaction level corresponding to the transaction type received from the transaction device. In the personal authentication system according to any one of claims 1 to 6,
the server includes a matching level storage unit that stores the transaction type and a threshold value corresponding to the transaction level in association with each other;
the facial image matching means acquires, as the matching result, a matching score indicating a degree of matching between the matching image and the facial image;
The transaction permission means of the personal authentication system permits a transaction corresponding to the transaction type when the matching score obtained by the facial image matching means is equal to or greater than the threshold value corresponding to the transaction type in the matching level memory unit.

Images