TW202026981A - Authentication system - Google Patents

Authentication system Download PDF

Info

Publication number
TW202026981A
TW202026981A TW107147850A TW107147850A TW202026981A TW 202026981 A TW202026981 A TW 202026981A TW 107147850 A TW107147850 A TW 107147850A TW 107147850 A TW107147850 A TW 107147850A TW 202026981 A TW202026981 A TW 202026981A
Authority
TW
Taiwan
Prior art keywords
authentication
biometric authentication
terminal
user
data
Prior art date
Application number
TW107147850A
Other languages
Chinese (zh)
Other versions
TWI797227B (en
Inventor
渡辺貴
古賀康介
松浦肇
Original Assignee
日商Jcb股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日商Jcb股份有限公司 filed Critical 日商Jcb股份有限公司
Publication of TW202026981A publication Critical patent/TW202026981A/en
Application granted granted Critical
Publication of TWI797227B publication Critical patent/TWI797227B/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T7/00Image analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Collating Specific Patterns (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Lock And Its Accessories (AREA)

Abstract

This authentication system performs personal identification with a simple procedure. An authentication terminal includes: an authentication light source that projects, toward a body part of a terminal user, light including a wavelength in a visible light region; an image acquisition unit that acquires a reflection image generated by the light that was projected from the authentication light source and that was reflected by the body part; a biometric authentication data generation unit that generates biometric authentication data by extracting, from the acquired reflection image, a feature shape and a vein shape in the body part; and a data transmission unit that transmits the generated biometric authentication data to a biometric authentication server. The biometric authentication server includes: a storage unit that stores identification information for uniquely identifying a plurality of registered users in association with biometric authentication data of the plurality of registered users; an authentication unit that authenticates whether the terminal user is a registered user on the basis of the biometric authentication data transmitted from the data transmission unit; and a post-authentication processing unit that performs a predetermined post-authentication process if the terminal user was authenticated as a registered user.

Description

認證系統Authentication system

本發明涉及認證系統。The invention relates to an authentication system.

近年,在信用卡結算或出入建築物等本人認證方面,利用生物體認證的情況變多。通過利用生物體認證,能夠更可靠地進行本人認證。例如,專利文獻1揭示了一種利用生物體認證的電子商務的結算認證系統。 [現有技術文獻] [專利文獻]In recent years, the use of biometric authentication has increased in credit card settlement or personal authentication such as entering and exiting buildings. By using biometric authentication, personal authentication can be performed more reliably. For example, Patent Document 1 discloses an e-commerce settlement authentication system using biometric authentication. [Prior Art Document] [Patent Document]

專利文獻1:日本專利6159840號公報Patent Document 1: Japanese Patent No. 6159840

[發明要解決的問題][The problem to be solved by the invention]

然而,上述專利文獻1所揭示的技術,在進行利用使用者ID及密碼進行認證之後,為了進行生物體認證,使用者需要輸入使用者ID及密碼,從而認證手續變得複雜。However, in the technique disclosed in Patent Document 1, after performing authentication using a user ID and password, in order to perform biometric authentication, the user needs to input the user ID and password, and the authentication procedure becomes complicated.

本發明是鑒於這樣的情況而完成的,提供一種以簡單的手續進行本人認證的認證系統。 [解決問題的手段]The present invention has been completed in view of such circumstances, and provides an authentication system that performs personal authentication with simple procedures. [Means to solve the problem]

根據本發明,提供一種認證系統,其具備認證終端及生物體認證伺服器,所述認證終端具有認證用光源、圖像獲取部、生物體認證數據生成部、以及數據發送部,其中,所述認證用光源將包含可見光區域波長的光照射於終端使用者人體的一部分,所述圖像獲取部獲取由認證用光源照射並在終端使用者身體的一部分反射的光所生成的反射圖像,所述生物體認證數據生成部從獲取的所述反射圖像分別抽出在所述人體的一部分的特徵形狀和靜脈形狀,生成生物體認證數據,所述數據發送部將生成的所述生物體認證數據發送至所述生物體認證伺服器,所述生物體認證伺服器具備儲存部、認證部、以及認證後處理部,所述儲存部以相對應的方式儲存用於唯一地識別多個登錄使用者的識別信息與所述多個登錄使用者的生物體認證數據,所述認證部基於從所述數據發送部收到的生物體認證數據,認證所述終端使用者是否為登錄使用者,所述認證後處理部當認證所述終端使用者為登錄使用者時進行預定的認證後處理。According to the present invention, there is provided an authentication system including an authentication terminal and a biometric authentication server, the authentication terminal having an authentication light source, an image acquisition unit, a biometric authentication data generation unit, and a data transmission unit, wherein the The authentication light source irradiates a part of the end user's human body with light including a wavelength in the visible light region, and the image acquisition unit acquires a reflection image generated by the light irradiated by the authentication light source and reflected on the part of the end user's body, so The biometric authentication data generation unit extracts the characteristic shape and the vein shape of a part of the human body from the acquired reflection image to generate biometric authentication data, and the data transmission unit converts the generated biometric authentication data Sent to the biometric authentication server, the biometric authentication server having a storage unit, an authentication unit, and a post-authentication processing unit, and the storage unit stores in a corresponding manner for uniquely identifying multiple login users And the biometric authentication data of the plurality of logged-in users, the authenticating unit authenticates whether the terminal user is a logged-in user based on the biometric authentication data received from the data transmitting unit, the The post-authentication processing unit performs predetermined post-authentication processing when authenticating the terminal user as a logged-in user.

通過這樣的構成,基於認證終端的圖像獲取部所獲取的圖像生成認證數據,基於認證數據進行本人認證,從而使用者無須輸入使用者ID及密碼,能夠以簡單的手續進行認證。With such a configuration, authentication data is generated based on the image acquired by the image acquisition unit of the authentication terminal, and identity authentication is performed based on the authentication data. Therefore, the user does not need to input a user ID and password, and can perform authentication through simple procedures.

以下,例示本發明的各種實施方式。以下示出的實施方式可以相互組合。並且,各個特徵形狀獨立地構成發明。Hereinafter, various embodiments of the present invention are illustrated. The embodiments shown below can be combined with each other. Moreover, each characteristic shape constitutes an invention independently.

優選所述人體的一部分為手掌,所述生物體認證數據生成部從獲取的所述反射圖像分別抽出所述手掌的掌紋形狀和靜脈形狀,並生成生物體認證數據。        優選進一步具備結算系統,所述數據發送部將所述生物體認證數據及商品購買數據發送至所述生物體認證伺服器,所述識別信息進一步綁定有關登錄使用者的結算手段的信息,所述認證後處理部將所述商品購買數據及有關結算手段的信息發送至所述結算系統。        優選所述儲存部進一步存儲與所述登錄使用者綁定的預定信息作為登錄信息儲存,所述認證後處理部將所述終端使用者的認證結果及登錄信息中的至少一者發送至所述認證終端。        優選進一步具備登錄信息伺服器,所述登錄信息伺服器用於將與所述登錄用戶綁定的預定的信息作為登錄信息儲存,所述認證後處理部將所述終端使用者的認證結果及登錄信息中的至少一者發送至所述認證終端。Preferably, a part of the human body is a palm, and the biometric authentication data generating unit extracts the palm print shape and vein shape of the palm from the acquired reflection image, and generates biometric authentication data. Preferably, a settlement system is further provided, the data sending unit sends the biometric authentication data and product purchase data to the biometric authentication server, and the identification information is further bound with information about the settlement means of the logged-in user, and The post-authentication processing unit sends the commodity purchase data and information about settlement means to the settlement system. Preferably, the storage unit further stores predetermined information bound to the login user as login information, and the post-authentication processing unit sends at least one of the authentication result and login information of the terminal user to the Authentication terminal. Preferably, there is a log-in information server for storing predetermined information bound to the log-in user as log-in information, and the post-authentication processing unit stores the authentication result and log-in of the terminal user At least one of the information is sent to the authentication terminal.

<1.  第1實施方式> (1. 1.  認證系統100) 參照圖1說明第1實施方式的認證系統100。認證系統100以諸如進行信用卡本人認證及結算的認證系統為例。認證系統100具備信用卡的加盟店所具有的認證終端10、數據中心所具有的生物體認證伺服器20、以及結算運營商所具有的信用卡的結算系統30。<1. First embodiment> (1.1. Authentication system 100) The authentication system 100 of the first embodiment will be described with reference to FIG. 1. The authentication system 100 uses, for example, an authentication system that performs credit card authentication and settlement. The authentication system 100 includes an authentication terminal 10 of a credit card affiliated store, a biometric authentication server 20 of a data center, and a credit card settlement system 30 of a settlement company.

信用卡的使用者(相當於專利請求範圍的“終端使用者”)在加盟店購買商品時,利用認證終端10拍攝手掌的圖像。認證終端10基於所拍攝的圖像生成生物體認證數據,並將商品購買數據(例如結算金額)和生物體認證數據發送至生物體認證伺服器20。The user of the credit card (equivalent to the “end user” in the scope of the patent request) uses the authentication terminal 10 to take an image of the palm of the hand when purchasing a product at the affiliate store. The authentication terminal 10 generates biometric authentication data based on the captured image, and transmits commodity purchase data (for example, a settlement amount) and biometric authentication data to the biometric authentication server 20.

生物體認證伺服器20中,以綁定唯一地識別信用卡的登錄使用者的會員ID的方式,登錄有生物體認證數據以及有關結算手段的信息(例如卡號及有效期限)。生物體認證伺服器20基於接收到的認證數據,對該使用者是否是作為信用卡的會員而預先登錄的登錄用戶進行認證。In the biometric authentication server 20, biometric authentication data and information about settlement means (for example, card number and expiration date) are registered in a manner of binding a member ID that uniquely identifies the registered user of the credit card. Based on the received authentication data, the biometric authentication server 20 authenticates whether the user is a registered user who has previously registered as a member of a credit card.

當認證該終端使用者為登錄使用者時,生物體認證伺服器20將有關結算手段的信息及結算金額(以下,也稱為結算信息)發送至結算系統30。在結算系統30中,首先,基於收到的結算信息,對該使用者進行授權處理。当授權處理被承認時,開始結算處理。When the terminal user is authenticated as a logged-in user, the biometric authentication server 20 transmits information about the settlement means and the settlement amount (hereinafter also referred to as settlement information) to the settlement system 30. In the settlement system 30, first, based on the received settlement information, the user is authorized. When the authorization process is approved, the settlement process is started.

如上所述,在本實施方式的認證系統100中,信用卡的使用者無須使用信用卡,並且也無須輸入卡號、有效期限等信息,只需拍攝手掌就能夠購買商品。以下,說明實現認證系統100的功能構成以及處理的流程。As described above, in the authentication system 100 of the present embodiment, the user of the credit card does not need to use a credit card, and does not need to input information such as the card number and expiration date, and can purchase goods only by photographing the palm. Hereinafter, the functional configuration and processing flow for realizing the authentication system 100 will be described.

(1. 2.  認證系統100的功能構成) 參照圖2,說明認證系統100的功能構成。認證系統100具備認證終端10、生物體認證伺服器20、結算系統30。(1.2. Functional structure of the authentication system 100) With reference to Fig. 2, the functional structure of the authentication system 100 will be described. The authentication system 100 includes an authentication terminal 10, a biometric authentication server 20, and a settlement system 30.

(1. 2. 1.  認證終端10) 用於實現認證終端10的技術是依據日本專利5509459號公報所揭示的技術,因此本說明書中不詳細說明該內容。(1. 2. 1. Authentication terminal 10) The technology used to realize the authentication terminal 10 is based on the technology disclosed in Japanese Patent No. 5509459, so this content is not described in detail in this specification.

認證終端10具備認證用光源11、圖像獲取部13、顯示部14、生物體認證數據生成部15、數據發送部17。認證用光源11將包含可見光區域波長的光朝向終端使用者的人體的一部分(本實施方式中為手掌)進行照射。The authentication terminal 10 includes an authentication light source 11, an image acquisition unit 13, a display unit 14, a biometric authentication data generation unit 15, and a data transmission unit 17. The authentication light source 11 irradiates light including a wavelength in the visible light region toward a part of the human body of the end user (the palm in this embodiment).

圖像獲取部13獲取(即拍攝)反射圖像,所述圖像通過由認證用光源11照射,於終端使用者的人體的一部分反射的光而生成。顯示部14將各種信息顯示於認證終端10所具備的顯示器。生物體認證數據生成部15從所獲取的反射圖像中分別抽出人體的一部的特徵形狀和靜脈形狀,生成生物體認證數據。數據發送部17將生成的生物體認證數據和結算金額發送至生物體認證伺服器20。The image acquisition unit 13 acquires (ie captures) a reflection image, which is generated by light that is irradiated by the authentication light source 11 and reflected on a part of the end user's human body. The display unit 14 displays various types of information on a display included in the authentication terminal 10. The biometric authentication data generating unit 15 extracts the characteristic shape and vein shape of a part of the human body from the acquired reflection image, and generates biometric authentication data. The data transmission unit 17 transmits the generated biometric authentication data and the settlement amount to the biometric authentication server 20.

如上所述,在認證終端10,利用包含可見光區域波長的光,拍攝終端使用者的人體的一部分,生成生物體認證數據。如此,通過利用可見光拍攝,在現有的智慧手機或平板電腦等安裝軟體,從而能夠容易地實現。As described above, in the authentication terminal 10, a part of the human body of the terminal user is photographed using light including a wavelength in the visible light region to generate biometric authentication data. In this way, it can be easily realized by using visible light shooting and installing software on existing smart phones or tablet computers.

認證終端10可以具備多個圖像獲取部13,但在將人體的一部的特徵形狀與靜脈形狀從共同的人體區域抽出時(例如,抽出同一手掌的掌紋形狀和靜脈形狀時),認證終端10也可以只具備1個圖像獲取部13。當認證終端10只具備1個圖像獲取部13時,也可以獲取多數張的反射圖像,從各個反射圖像中分別抽出人體的一部分的特徵形狀和靜脈形狀,但也可以從1張反射圖像抽出人體的一部的特徵形狀和靜脈形狀。當從1張反射圖像抽出人體的一部分的特徵形狀和靜脈形狀時,1張反射圖像可以將多張反射圖像合成而獲取,也可以為原始的(即為合成的)反射圖像。The authentication terminal 10 may have a plurality of image acquisition units 13, but when the characteristic shape and vein shape of a part of the human body are extracted from the common human body region (for example, when the palmprint shape and vein shape of the same palm are extracted), the authentication terminal 10 may include only one image acquisition unit 13. When the authentication terminal 10 has only one image acquisition unit 13, it is also possible to acquire a plurality of reflected images, and extract the characteristic shape and vein shape of a part of the human body from each reflected image, but it can also reflect from one image. The image extracts the characteristic shape and vein shape of a part of the human body. When the characteristic shape and vein shape of a part of the human body are extracted from one reflected image, one reflected image may be obtained by combining multiple reflected images, or may be an original (ie, synthesized) reflected image.

當從上述反射圖像抽出掌紋形狀和靜脈形狀時,由於生物體認證數據生成部15也可以從通過包含紅色光(580~750μm波長的光)的可見光區域的光得到的掌的反射圖像中抽出掌紋形狀和靜脈形狀,因此若是這樣的構成,則也可以從內置於紅外線濾波器的相機和裝載有閃光燈的智能手機中抽出掌紋形狀和靜脈形狀。When extracting the palm print shape and the vein shape from the above-mentioned reflected image, the biometric authentication data generating unit 15 may also obtain from the palm reflected image obtained by light in the visible light region containing red light (light with a wavelength of 580 to 750 μm) The palmprint shape and vein shape are extracted. Therefore, if it is such a configuration, the palmprint shape and vein shape can also be extracted from a camera with built-in infrared filter and a smart phone equipped with a flash.

(1. 2. 2.  生物體認證伺服器20) 生物體認證伺服器20具備認證部21、儲存部23、認證後處理部25。儲存部23以對應的方式儲存用於唯一地識別多個登錄使用者的識別信息的會員ID與多個登錄使用者的生物體認證數據。存儲部23還存儲與會員ID綁定的卡號和有效期,作為關於登錄使用者的支付裝置的信息。(1. 2. 2. Biometric authentication server 20) The biometric authentication server 20 includes an authentication unit 21, a storage unit 23, and a post-authentication processing unit 25. The storage unit 23 stores the member ID of the identification information for uniquely identifying the plurality of login users and the biometric authentication data of the plurality of login users in a corresponding manner. The storage unit 23 also stores the card number and validity period bound to the member ID as information about the payment device of the logged-in user.

認證部21基於從由認證終端10的數據發送部17發送的生物體認證數據,認證終端使用者是否是作為信用卡的會員預先登錄的登錄用戶。當認證終端使用者是登錄使用者時(即在成功認證時),認證後處理部25將結算金額、卡號、有效期限發送至結算系統30。並且,當認證終端使用者不是登錄使用者時(即沒有成功認證)時,認證後處理部25將認證結果發送至認證終端10的顯示部14。The authentication unit 21 authenticates based on the biometric authentication data transmitted from the data transmission unit 17 of the authentication terminal 10 whether the terminal user is a logged-in user who has previously logged in as a member of the credit card. When the authenticated terminal user is a logged-in user (that is, when the authentication is successful), the post-authentication processing unit 25 sends the settlement amount, card number, and expiration date to the settlement system 30. In addition, when the authentication terminal user is not a logged-in user (that is, the authentication is not successful), the post-authentication processing unit 25 sends the authentication result to the display unit 14 of the authentication terminal 10.

上述的構成要素可以通過適當安裝於認證終端10或生物體認證伺服器20的軟體(包含所謂應用程式(application))實現,也可以通過硬體實現。通過軟體實現時,CPU執行構成軟體的程式而實現各種功能。The above-mentioned constituent elements may be implemented by software (including so-called applications) appropriately installed in the authentication terminal 10 or the biometric authentication server 20, or may be implemented by hardware. When realized by software, the CPU executes the programs that constitute the software to realize various functions.

程式可以儲存在內置於認證終端10或生物體認證伺服器20的儲存裝置(包含儲存部23,是指儲存器、HDD或SDD等),也可以儲存在電腦可讀的非暫時性記錄介質。並且,也可以讀出儲存在外部的儲存部的程式,通過所謂雲計算實現。當通過硬體實現時,由ASIC、FPGA、或DRP等各種電路實現。The program can be stored in a storage device (including the storage unit 23, which refers to a storage, HDD or SDD, etc.) built into the authentication terminal 10 or the biometric authentication server 20, or can be stored in a computer-readable non-transitory recording medium. In addition, it is also possible to read programs stored in an external storage unit, and realize it through so-called cloud computing. When implemented by hardware, it is implemented by various circuits such as ASIC, FPGA, or DRP.

(1. 2. 3.  結算系統30) 結算系統30基於從生物體認證伺服器20接收的結算金額、卡號、有效期限,進行授權處理(卡會員的信用額度的確認處理)。通過授權處理承認該結算時,結算系統30開始結算處理。(1. 2. 3. Settlement system 30) The settlement system 30 performs authorization processing (confirmation processing of the credit limit of the card member) based on the settlement amount, card number, and expiration date received from the biometric authentication server 20. When the settlement is approved through the authorization process, the settlement system 30 starts the settlement process.

(1. 3.  使用者登錄處理的流程) 參照圖3,說明認證系統100的使用者登錄處理。在步驟S101中,終端使用者將本人確認信息、卡號、有效期限等有關結算的信息輸入到認證終端10,進行手掌的拍攝。在步驟S102中,將輸入的信息和拍攝的手掌的圖像登錄到認證終端10。(1. 3. Flow of user registration processing) Referring to FIG. 3, the user registration processing of the authentication system 100 will be described. In step S101, the terminal user inputs information related to settlement, such as identity verification information, card number, and expiration date, into the authentication terminal 10, and takes a palm image. In step S102, the input information and the photographed palm image are registered in the authentication terminal 10.

若認證終端10獲取在步驟S103中終端使用者所輸入的信息和所拍攝的手掌的圖像,則在步驟S104中將本人確認信息發送至本人確認伺服器50。If the authentication terminal 10 acquires the information input by the terminal user in step S103 and the image of the palm taken, it sends the identity verification information to the identity verification server 50 in step S104.

本人確認伺服器50基於步驟S105~步驟S107中收到的本人確認信息,確認終端使用者是否是預先登錄的卡會員本人,並將該結果發送至認證終端10。The identity verification server 50 confirms whether the terminal user is a pre-registered card member based on the identity verification information received in step S105 to step S107, and sends the result to the authentication terminal 10.

如此,在用戶登錄處理中,通過利用本人確認伺服器50進行本人確認,從而能夠防止信用卡的契約者以外的第三者冒充契約者進行用戶登錄。In this manner, in the user registration process, the identity verification server 50 uses the identity verification server 50 to prevent a third party other than the credit card contractor from pretending to be a contractor to perform user registration.

若認證終端10在步驟S108中收到本人確認結果,則在步驟S109中生成生物體認證數據,在步驟S110中將生物體認證數據發送至生物體認證伺服器20。If the authentication terminal 10 receives the identity verification result in step S108, it generates biometric authentication data in step S109, and sends the biometric authentication data to the biometric authentication server 20 in step S110.

若生物體認證伺服器20在步驟S111中收到生物體認證數據,則在步驟S112中與用於唯一識別登錄使用者的識別信息對應地將生物體認證數據登錄到儲存部23,在步驟S113中將登錄結果發送至認證終端10。If the biometric authentication server 20 receives the biometric authentication data in step S111, in step S112 the biometric authentication data is registered in the storage unit 23 in correspondence with the identification information for uniquely identifying the registered user, and in step S113 Send the login result to the authentication terminal 10.

若認證終端10在步驟S114中收到登錄結果,則在步驟S115中顯示登錄結果。終端使用者在步驟S116中確認登錄結果。If the authentication terminal 10 receives the login result in step S114, it displays the login result in step S115. The terminal user confirms the login result in step S116.

(1. 5.  結算處理的流程) 參照圖4,說明認證系統100的使用者認證及結算處理的流程。在步驟S121中,終端使用者將結算金額輸入到認證終端10,進行手掌的拍攝。在步驟S122中,將輸入的結算金額和拍攝的手掌的圖像登錄到認證終端10。(1. 5. Flow of settlement processing) Referring to Fig. 4, the flow of user authentication and settlement processing of the authentication system 100 will be described. In step S121, the terminal user inputs the settlement amount into the authentication terminal 10 and takes a palm shot. In step S122, the input settlement amount and the photographed palm image are registered in the authentication terminal 10.

認證終端10在步驟S123中獲取終端使用者所輸入的結算金額和所拍攝的手掌的圖像,在步驟S124中生成生物體認證數據。認證終端10在步驟S125中將生物體認證數據發送至生物體認證伺服器20。In step S123, the authentication terminal 10 acquires the settlement amount input by the terminal user and the captured image of the palm, and generates biometric authentication data in step S124. The authentication terminal 10 transmits the biometric authentication data to the biometric authentication server 20 in step S125.

生物體認證伺服器20在步驟S126中接收生物體認證數據,在步驟S127中進行儲存部23中是否登錄有所收到的生物體認證數據的認證處理。The biometric authentication server 20 receives the biometric authentication data in step S126, and in step S127 performs an authentication process of whether the received biometric authentication data is registered in the storage unit 23.

當收到的生物體認證數據未登錄在儲存部23時,生物體認證伺服器20在步驟S128a中認證為失敗,將該結果發送至認證終端10。When the received biometric authentication data is not registered in the storage unit 23, the biometric authentication server 20 fails the authentication in step S128a, and sends the result to the authentication terminal 10.

若認證終端10在步驟S129中收到認證失敗的結果,則在步驟S130顯示認證失敗的結果。終端使用者在步驟S131中確認認證失敗。If the authentication terminal 10 receives the result of authentication failure in step S129, it displays the result of authentication failure in step S130. The terminal user confirms that the authentication has failed in step S131.

另一方面,當所收到的生物體認證數據登錄在儲存部23時,生物體認證伺服器20在步驟S128b中將結算信息發送至結算系統30。On the other hand, when the received biometric authentication data is registered in the storage unit 23, the biometric authentication server 20 transmits the settlement information to the settlement system 30 in step S128b.

若結算系統30在步驟S132中收到結算信息,則在步驟S133中進行授權處理,在步驟S134中將授權結果發送至認證終端10。If the settlement system 30 receives the settlement information in step S132, it performs authorization processing in step S133, and sends the authorization result to the authentication terminal 10 in step S134.

若認證終端10在步驟S135中收到授權結果,則在步驟S136中顯示授權結果。終端使用者在步驟S137中確認授權結果。If the authentication terminal 10 receives the authorization result in step S135, the authorization result is displayed in step S136. The end user confirms the authorization result in step S137.

當通過授權處理(步驟S133)承認該卡結算時,結算系統30還會在步驟S138開始結算處理。When the card settlement is approved through the authorization process (step S133), the settlement system 30 will also start the settlement process in step S138.

如上所述,本實施方式所涉及的認證系統100具備認證終端10、生物體認證伺服器20、以及結算系統30。認證終端10向人體的一部分照射可見光進行拍攝,基於該拍攝圖像生成生物體認證數據。另外,生物體認證伺服器20僅基於該生物體認證數據,進行終端使用者的認證處理。當終端使用者被認證為登錄使用者時,結算系統30進行信用卡的結算處理。As described above, the authentication system 100 according to this embodiment includes the authentication terminal 10, the biometric authentication server 20, and the settlement system 30. The authentication terminal 10 irradiates a part of the human body with visible light to photograph, and generates biometric authentication data based on the photographed image. In addition, the biometric authentication server 20 performs end user authentication processing based only on the biometric authentication data. When the terminal user is authenticated as a logged-in user, the settlement system 30 performs credit card settlement processing.

通過這樣的構成,終端使用者無須使用信用卡,並且無須輸入任何卡號等有關結算手段的信息、以及特定本人的本人確認信息,也能夠進行信用卡的結算處理。從而能夠以簡單的構成進行本人認證。With this configuration, the terminal user does not need to use a credit card, and does not need to enter any card number and other information related to the settlement means, as well as identity verification information that specifies the person, and can also perform the credit card settlement process. Therefore, it is possible to perform personal authentication with a simple configuration.

<2.  第2實施方式> (2. 1.  認證系統200的概要) 參照圖5,說明第2實施方式所涉及的認證系統200。應予說明,在以下的說明中,對與第1實施方式相同的構成賦予相同的符號,不重複說明。<2. The second embodiment> (2.1. Overview of the authentication system 200) With reference to FIG. 5, the authentication system 200 according to the second embodiment will be described. It should be noted that in the following description, the same reference numerals are given to the same configurations as those of the first embodiment, and the description will not be repeated.

如圖5所示,作為一個例子,第2實施方式所涉及的認證系統200作為管理終端使用者的工作地點設施等的出入認證系統而實現。認證系統200具備工作地點設施所具有的認證終端10、數據中心所具有的生物體認證伺服器20、以及用於工作地點設施的設施管理伺服器60。設施管理伺服器60可以進行設施入口的鎖定以及解鎖。As shown in FIG. 5, as an example, the authentication system 200 according to the second embodiment is implemented as an entry and exit authentication system that manages a terminal user's work place facility or the like. The authentication system 200 includes an authentication terminal 10 provided in a workplace facility, a biometric authentication server 20 provided in a data center, and a facility management server 60 for the workplace facility. The facility management server 60 can lock and unlock the facility entrance.

當終端使用者進入或退出設施時,利用認證終端10拍攝手掌的圖像。認證終端10基於所拍攝的圖像生成生物體認證數據,將生物體認證數據發送至生物體認證伺服器20。When the end user enters or exits the facility, the authentication terminal 10 is used to take an image of the palm of the hand. The authentication terminal 10 generates biometric authentication data based on the captured image, and transmits the biometric authentication data to the biometric authentication server 20.

生物體認證伺服器20中登錄有生物體認證數據,所述生物體認證數據與用於唯一識別工作地點設施的員工的識別信息(例如員工ID)對應。生物體認證伺服器20基於接收的生物體認證數據,進行終端使用者是否是作為員工預先登錄的登錄用戶的認證。The biometric authentication data is registered in the biometric authentication server 20, and the biometric authentication data corresponds to identification information (for example, an employee ID) for uniquely identifying an employee of a workplace facility. Based on the received biometric authentication data, the biometric authentication server 20 authenticates whether the end user is a registered user who has previously registered as an employee.

生物體認證伺服器20將認證結果發送至認證終端10。當收到認證結果的認證終端10認證該終端使用者為登錄使用者時,將解鎖指示發送至設施管理伺服器60。設施管理伺服器進行設施入口的解鎖,從而使終端使用者能夠進入設施。The biometric authentication server 20 transmits the authentication result to the authentication terminal 10. When the authentication terminal 10 that has received the authentication result authenticates the terminal user as a logged-in user, it sends an unlocking instruction to the facility management server 60. The facility management server unlocks the facility entrance so that end users can enter the facility.

如上所述,利用本實施方式中的認證系統200,終端使用者無須利用ID卡等,並且,無須輸入員工ID或密碼等信息,只需拍攝手掌也能夠進行出入的認證。以下,說明實現認證系統200的功能構成以及處理的流程。As described above, with the authentication system 200 in the present embodiment, the end user does not need to use an ID card or the like, and does not need to input information such as an employee ID or password, and only needs to photograph the palm to perform access authentication. Hereinafter, the functional configuration and processing flow for realizing the authentication system 200 will be described.

(2. 2.  認證系統200的功能構成) 參照圖6,說明認證系統200的功能構成。認證系統200具備認證終端10、生物體認證伺服器20、設施管理伺服器60。(2. 2. Functional structure of the authentication system 200) With reference to Fig. 6, the functional structure of the authentication system 200 will be described. The authentication system 200 includes an authentication terminal 10, a biometric authentication server 20, and a facility management server 60.

(2. 2. 1.  認證終端10) 除了上述的構成,認證終端10還具備解鎖指示部18。解鎖指示部18基於從生物體認證伺服器20的認證後處理部25接收的認證結果,當在生物體認證伺服器20的認證成功時,向設施管理伺服器60指示解鎖。(2. 2. 1. Authentication terminal 10) In addition to the above configuration, the authentication terminal 10 further includes an unlocking instruction unit 18. Based on the authentication result received from the post-authentication processing unit 25 of the biometric authentication server 20, the unlock instruction unit 18 instructs the facility management server 60 to unlock when the authentication in the biometric authentication server 20 succeeds.

(2. 2. 2.  生物體認證伺服器20) 儲存部23以對應的方式儲存多個登錄使用者的員工ID與生物體認證數據。認證部21基於由認證終端10的數據發送部17發送的生物體認證數據,認證終端使用者是否是登錄使用者。認證後處理部25將認證終端10認證結果發送至解鎖指示部18。(2. 2. 2. Biometric authentication server 20) The storage unit 23 stores the employee IDs and biometric authentication data of multiple login users in a corresponding manner. The authentication unit 21 authenticates whether the terminal user is a logged-in user based on the biometric authentication data sent from the data transmission unit 17 of the authentication terminal 10. The post-authentication processing unit 25 sends the authentication result of the authentication terminal 10 to the unlock instruction unit 18.

(2. 3.  認證處理的流程) 參照圖7,說明認證系統200的使用者認證處理的流程。終端使用者在步驟S201中利用認證終端10進行手掌的拍攝,在步驟S202中將所拍攝的圖像登錄到認證終端10。(2. 3. Flow of authentication processing) Referring to FIG. 7, the flow of user authentication processing of the authentication system 200 will be described. The terminal user uses the authentication terminal 10 to photograph the palm in step S201, and registers the photographed image in the authentication terminal 10 in step S202.

認證終端10在步驟S203中獲取終端使用者所拍攝的圖像,在步驟S204生成生物體認證數據。認證終端10在步驟S205中將生物體認證數據發送至生物體認證伺服器20。The authentication terminal 10 acquires the image taken by the terminal user in step S203, and generates biometric authentication data in step S204. The authentication terminal 10 transmits the biometric authentication data to the biometric authentication server 20 in step S205.

生物體認證伺服器20在步驟S206中接收生物體認證數據,在步驟S207中進行收到的生物體認證數據是否登錄在儲存部23。生物體認證伺服器20在步驟S208中將認證結果發送至認證終端10。The biometric authentication server 20 receives the biometric authentication data in step S206, and checks whether the received biometric authentication data is registered in the storage unit 23 in step S207. The biometric authentication server 20 transmits the authentication result to the authentication terminal 10 in step S208.

認證終端10在步驟S209中接收認證結果。這裡,當認證結果為失敗時,認證終端10在步驟S210a顯示認證失敗。終端使用者在步驟S140確認認證失敗。另一方面,當認證結果為成功時,認證終端10在步驟S210b向設施管理伺服器60發送解鎖指示。The authentication terminal 10 receives the authentication result in step S209. Here, when the authentication result is failure, the authentication terminal 10 displays authentication failure in step S210a. The terminal user confirms that the authentication has failed in step S140. On the other hand, when the authentication result is successful, the authentication terminal 10 sends an unlocking instruction to the facility management server 60 in step S210b.

設施管理伺服器60在步驟S212中接收解鎖指示,在步驟S213中對設施入口進行解鎖。The facility management server 60 receives the unlocking instruction in step S212, and unlocks the facility entrance in step S213.

如此,本實施方式所涉及的認證系統200具備認證終端10、生物體認證伺服器20、以及設施管理伺服器60。當終端使用者被認證為登錄使用者時,認證終端10向設施管理伺服器60指示解鎖。In this way, the authentication system 200 according to this embodiment includes an authentication terminal 10, a biometric authentication server 20, and a facility management server 60. When the terminal user is authenticated as a logged-in user, the authentication terminal 10 instructs the facility management server 60 to unlock.

通過這樣的構成,終端使用者無須利用ID卡等,並且,無須輸入員工ID或密碼等信息,只需拍攝手掌就能夠進行出入的認證。即,能夠以簡單的構成進行本人認證。With such a configuration, the end user does not need to use an ID card, etc., and does not need to enter information such as an employee ID or password, and can perform entry and exit authentication only by photographing the palm of the hand. That is, it is possible to perform personal authentication with a simple configuration.

<3.  第3實施方式> (3. 1.  認證系統300的概要) 參照圖8A及圖8B,說明第3實施方式所涉及的認證系統300。<3. The third embodiment> (3.1. Overview of the authentication system 300) With reference to FIGS. 8A and 8B, the authentication system 300 according to the third embodiment will be described.

如圖8A所示,第3實施方式所涉及的認證系統300是以管理活動會場等的入場的認證系統為例。認證系統300具備活動會場所具有的認證終端10、數據中心所具有的生物體認證伺服器20、以及票務公司所具有的登錄信息伺服器70。登錄信息伺服器70中登錄有用於唯一識別購票者的信息(圖8所示的例子中為地址及姓名)、以及門票信息。As shown in FIG. 8A, the authentication system 300 according to the third embodiment is an authentication system that manages the admission of event venues and the like as an example. The authentication system 300 includes an authentication terminal 10 provided in an event venue, a biometric authentication server 20 provided in a data center, and a registration information server 70 provided in a ticket company. In the registration information server 70, information for uniquely identifying the ticket purchaser (address and name in the example shown in FIG. 8) and ticket information are registered.

活動會場的入場者在進入會場內時,利用認證終端10拍攝手掌的圖像。認證終端10基於所拍攝的圖像生成生物體認證數據,將生物體認證數據發送至生物體認證伺服器20。When an attendee of the event venue enters the venue, the authentication terminal 10 takes an image of the palm of the hand. The authentication terminal 10 generates biometric authentication data based on the captured image, and transmits the biometric authentication data to the biometric authentication server 20.

生物體認證伺服器20中以對應的方式登錄有生物體認證數據與用於唯一識別預先登錄的登錄用戶的地址及姓名。生物體認證伺服器20基於接收的生物體認證數據,進行終端使用者是否是登錄使用者的認證。In the biometric authentication server 20, the biometric authentication data and the address and name for uniquely identifying the registered user registered in advance are registered in a corresponding manner. The biometric authentication server 20 verifies whether the end user is a logged-in user based on the received biometric authentication data.

當該終端使用者被認證為登錄用戶時,生物體認證伺服器20將用於唯一地識別登錄使用者的識別信息發送至登錄信息伺服器70。登錄信息伺服器70將與收到的識別信息綁定的登錄信息(在該例子中為門票信息)發送至生物體認證伺服器20。When the terminal user is authenticated as a logged-in user, the biometric authentication server 20 sends identification information for uniquely identifying the logged-in user to the login information server 70. The login information server 70 sends the login information (ticket information in this example) bound to the received identification information to the biometric authentication server 20.

生物體認證伺服器20將收到的門票信息發送至認證終端10。認證終端10顯示收到的門票信息,從而能夠使終端使用者進入到活動會場內。The biometric authentication server 20 sends the received ticket information to the authentication terminal 10. The authentication terminal 10 displays the received ticket information, so that the terminal user can enter the event venue.

並且,如圖8B所示,認證系統300也可以作為在獲取醫院的體檢結果時利用的認證系統實現。認證系統300具備終端使用者所具有的認證終端10、數據中心所具有的生物體認證伺服器20、設置於病院內的登錄信息伺服器70。登錄信息伺服器70中登錄有唯一地識別被體檢者的識別信息、以及體檢結果。In addition, as shown in FIG. 8B, the authentication system 300 may also be realized as an authentication system used when obtaining a medical examination result of a hospital. The authentication system 300 includes an authentication terminal 10 possessed by the end user, a biometric authentication server 20 possessed by the data center, and a registration information server 70 installed in the hospital. The registration information server 70 is registered with identification information that uniquely identifies the subject and the result of the medical examination.

確認體檢結果的人利用認證終端10的拍攝手掌圖像。認證終端10基於拍攝的圖像生成生物體認證數據,將生物體認證數據發送至生物體認證伺服器20。The person who confirms the result of the medical examination uses the photographed palm image of the authentication terminal 10. The authentication terminal 10 generates biometric authentication data based on the captured image, and transmits the biometric authentication data to the biometric authentication server 20.

生物體認證伺服器20基於收到的生物體認證數據,進行終端使用者是否是預先登錄到認證伺服器的登錄用戶。當認證終端使用者為登錄使用者時,將用於唯一地識別登錄使用者的識別信息發送至登錄信息伺服器70。Based on the received biometric authentication data, the biometric authentication server 20 determines whether the end user is a registered user who has previously logged in to the authentication server. When the authenticated terminal user is a logged-in user, identification information for uniquely identifying the logged-in user is sent to the log-in information server 70.

登錄信息伺服器70將與識別信息綁定的登錄信息(在該例子中為體檢結果)發送至生物體認證伺服器20。生物體認證伺服器20將收到的體檢結果發送至認證終端10。認證終端10顯示收到的體檢結果,從而能夠使終端使用者確認其內容。The login information server 70 sends the login information (in this example, the result of the medical examination) bound to the identification information to the biometric authentication server 20. The biometric authentication server 20 sends the received medical examination result to the authentication terminal 10. The authentication terminal 10 displays the received medical examination result, thereby enabling the terminal user to confirm the content.

如此,利用本實施方式的認證系統300,終端使用者無須利用諸如特定個人的信息或購票履歷或體檢履歷的履歷信息,只需拍攝手掌就能得到需要的信息。以下,說明實現認證系統300的功能構成及處理流程。In this way, with the authentication system 300 of this embodiment, the end user does not need to use history information such as specific personal information or ticket purchase history or medical examination history, and only needs to take a palm to obtain the required information. Hereinafter, the functional configuration and processing flow of the authentication system 300 will be described.

(3. 2.  認證系統300的功能構成) 參照圖9,說明認證系統300的功能構成。認證系統300具備認證終端10、生物體認證伺服器20、登錄信息伺服器70。 (3. 2. 1.  認證終端10) 認證終端10所具備的顯示部14顯示從生物體認證伺服器20的認證後處理部25收到的登錄信息。(3.2. Functional composition of the authentication system 300) With reference to FIG. 9, the functional composition of the authentication system 300 will be described. The authentication system 300 includes an authentication terminal 10, a biometric authentication server 20, and a login information server 70. (3.2. 1. Authentication terminal 10) The display unit 14 included in the authentication terminal 10 displays the login information received from the post-authentication processing unit 25 of the biometric authentication server 20.

(3. 2. 2.  生物體認證伺服器20) 生物體認證伺服器20所具備的儲存部23以對應的方式儲存作為用於唯一地識別多個登錄使用者的識別信息的位址及姓名與多個登錄使用者的生物體認證數據。認證部21基於從認證終端10的數據發送部17收到的生物體認證數據,認證終端使用者是否是登錄使用者。當認證成功時,認證後處理部25將儲存在儲存部23的識別信息發送至登錄信息伺服器70。認證後處理部25還將從登錄信息伺服器70收到的登錄信息發送至認證終端10的顯示部14。(3.2. 2. Biometric authentication server 20) The storage unit 23 included in the biometric authentication server 20 correspondingly stores addresses and names as identification information for uniquely identifying multiple registered users Biometric authentication data with multiple registered users. The authentication unit 21 authenticates whether the terminal user is a logged-in user based on the biometric authentication data received from the data transmission unit 17 of the authentication terminal 10. When the authentication is successful, the post-authentication processing unit 25 sends the identification information stored in the storage unit 23 to the login information server 70. The post-authentication processing unit 25 also sends the login information received from the login information server 70 to the display unit 14 of the authentication terminal 10.

(3. 2. 3.  登錄信息伺服器70) 登錄信息伺服器70具備儲存有識別信息、以及預先登錄的登錄信息的儲存部71。登錄信息伺服器70將與從認證後處理部25收到的識別信息綁定的登錄信息發送至認證後處理部25。(3.2. 3. Log-in information server 70) The log-in information server 70 includes a storage unit 71 that stores identification information and pre-registered log-in information. The login information server 70 sends the login information bound to the identification information received from the post-authentication processing unit 25 to the post-authentication processing unit 25.

(3. 3.  認證處理的流程) 參照圖10,說明認證系統300的使用者的認證處理的流程。終端使用者在步驟S301中利用認證終端10進行手掌的拍攝,在步驟S302中所拍攝的圖像登錄到認證終端10。(3. 3. Flow of authentication processing) Referring to FIG. 10, the flow of authentication processing of the user of the authentication system 300 will be described. The terminal user uses the authentication terminal 10 to capture the palm of the hand in step S301, and the image captured in step S302 is registered in the authentication terminal 10.

認證終端10在步驟S303中獲取終端使用者所拍攝的圖像,在步驟S304中生成物體認證數據。認證終端10在步驟S305中將生物體認證數據發送至生物體認證伺服器20。The authentication terminal 10 acquires the image taken by the terminal user in step S303, and generates object authentication data in step S304. The authentication terminal 10 transmits the biometric authentication data to the biometric authentication server 20 in step S305.

生物體認證伺服器20在步驟S306中接收生物體認證數據,在步驟S307中進行收到的物體認證數據是否登錄在儲存部23的認證處理。當認證處理成功時,生物體認證伺服器20在步驟S308中將識別號碼發送至登錄信息伺服器70。應予說明,當認證處理失敗時,由於進行與實施方式1同樣的處理(圖4的步驟S128a~步驟S131)而省略其說明。The biometric authentication server 20 receives the biometric authentication data in step S306, and performs an authentication process of whether the received object authentication data is registered in the storage unit 23 in step S307. When the authentication process is successful, the biometric authentication server 20 transmits the identification number to the registration information server 70 in step S308. In addition, when the authentication process fails, since the same process as that of Embodiment 1 (step S128a to step S131 in FIG. 4) is performed, the description is abbreviate|omitted.

登錄信息伺服器70在步驟S309中接收識別號碼,在步驟S310中將儲存在儲存部71的與識別號碼綁定的登錄信息發送至生物體認證伺服器20。The registration information server 70 receives the identification number in step S309, and sends the registration information bound to the identification number stored in the storage unit 71 to the biometric authentication server 20 in step S310.

生物體認證伺服器20在步驟S311接收登錄録信息,在步驟S312將登錄信息發送至認證終端10。The biometric authentication server 20 receives the registration information in step S311, and sends the registration information to the authentication terminal 10 in step S312.

認證終端10在步驟S313中接收登錄信息,在步驟S314中顯示登錄信息。終端使用者在步驟S315中確認登錄信息。The authentication terminal 10 receives the login information in step S313, and displays the login information in step S314. The terminal user confirms the login information in step S315.

如此,本實施方式所涉及的認證系統300具備認證終端10、生物體認證伺服器20、登錄信息伺服器70。當終端使用者被認證為登錄用戶時,認證後處理部25獲取預先登錄在登錄信息伺服器70的登錄信息,並發送到認證終端10。In this way, the authentication system 300 according to this embodiment includes an authentication terminal 10, a biometric authentication server 20, and a registration information server 70. When the terminal user is authenticated as a login user, the post-authentication processing unit 25 acquires the login information previously registered in the login information server 70 and sends it to the authentication terminal 10.

通過這樣的構成,終端使用者無須利用諸如特定個人的信息或購票履歷或體檢履歷的履歷信息,只需拍攝手掌也能夠得到需要的信息。即,能夠以簡單的構成進行本人認證。With such a configuration, the end user does not need to use history information such as specific personal information or ticket purchase history or medical examination history, and can obtain required information only by photographing the palm of the hand. That is, it is possible to perform personal authentication with a simple configuration.

<4.  變形例> 以下,說明上述實施方式的變形例。以下所述的變形例也適用於上述任一個實施方式。<4. Variations> Hereinafter, variations of the above-mentioned embodiment will be described. The modifications described below are also applicable to any of the above-mentioned embodiments.

(4. 1.  變形例的概要) 利用變形例所涉及的認證系統400,用於進行登錄用戶的登錄處理時的本人確認的本人確認伺服器80中預先登錄有登錄使用者的識別信息,獲取該登錄的識別信息,登錄到生物體認證伺服器20。(4. 1. Overview of the modified example) Using the authentication system 400 according to the modified example, the identity verification server 80 used to confirm the identity of the logged-in user during the log-in process is pre-registered with the identification information of the logged-in user and obtains The registered identification information is registered in the biometric authentication server 20.

終端使用者將用於進行本人確認的ID及密碼輸入到認證終端10。認證終端10將ID及密碼發送到本人確認伺服器80,在本人確認伺服器80中進行終端使用者的本人確認。當本人確認成功時,本人確認伺服器80將與終端使用者綁定的識別信息發送至認證終端10。認證終端10將所獲取的識別信息發送至生物體認證伺服器20,利用該識別信息進行在生物體認證伺服器20中的登錄處理。The terminal user inputs the ID and password for identity verification into the authentication terminal 10. The authentication terminal 10 transmits the ID and password to the identity verification server 80, and the identity verification of the terminal user is performed in the identity verification server 80. When the identity confirmation is successful, the identity confirmation server 80 sends the identification information bound to the terminal user to the authentication terminal 10. The authentication terminal 10 transmits the acquired identification information to the biometric authentication server 20, and uses the identification information to perform registration processing in the biometric authentication server 20.

通過這樣的構成,終端使用者在向生物體認證伺服器20的登錄處理中,可以利用預先登錄到本人確認伺服器80的識別信息,因此節省輸入的工夫,提高使用者的便利性。With this configuration, the terminal user can use the identification information previously registered in the identity verification server 80 in the registration process to the biometric authentication server 20, thus saving input time and improving user convenience.

利用這樣的認證系統400,如表1所示,根據登錄在本人確認伺服器80的識別信息(即,登錄在生物體認證伺服器20的識別信息)的可靠性,能夠設定可利用的認證服務。於表1,表示安全等級的數位越大,需要更高的安全性。Using such an authentication system 400, as shown in Table 1, based on the reliability of the identification information registered in the identity verification server 80 (ie, the identification information registered in the biometric authentication server 20), it is possible to set available authentication services . As shown in Table 1, the larger the number indicating the security level, the higher the security is required.

[表1]   安全等級     識別信息 可利用的認證服務 卡結算 登錄信息獲取 進出管理 等級4 駕駛證號碼 等級3 信用卡或銀行帳戶號碼 等級2 社員ID或電話號碼 × × × 等級1 SNS帳戶ID 或電子郵寄地址 × × × [Table 1] Security Level Identification information Available authentication services Card settlement Login information acquisition Access management Level 4 Driver's license number Level 3 Credit card or bank account number Level 2 Member ID or phone number × × × Grade 1 SNS account ID or email address × × ×

例如,當符合等級2的員工ID(或電話號碼)登錄在本人確認伺服器80時,可以只利用出入管理的認證服務(相當於實施方式2)。另一方面,當符合等級4的駕駛證號碼登錄在本人確認伺服器80時,或者符合等級3的信用卡號碼(或者銀行帳戶號碼)登錄在本人確認伺服器80時,可以利用卡結算(相當於實施方式1)、登錄信息獲取(相當於實施方式3)、以及出入管理的所有認證服務。For example, when an employee ID (or phone number) corresponding to level 2 is registered in the identity verification server 80, only the authentication service of access management (equivalent to Embodiment 2) can be used. On the other hand, when a driver’s license number conforming to level 4 is registered in the identity verification server 80, or a credit card number (or bank account number) conforming to level 3 is registered in the identity verification server 80, card settlement (equivalent to Embodiment 1), login information acquisition (equivalent to Embodiment 3), and all authentication services for access management.

如此,根據預先登錄在本人確認伺服器80的識別信息的可靠性,能夠設定登錄用戶的可利用的認證服務,能夠提供多樣的認證服務,且能夠確保各個認證服務的安全性。In this way, based on the reliability of the identification information registered in advance in the identity verification server 80, it is possible to set the authentication services available to the logged-in user, to provide various authentication services, and to ensure the security of each authentication service.

應予說明,上述表1的安全等級、識別信息、以及可利用的認證服務的設定只是一個例子。例如,也可以使安全等級為1~4以外的設定。並且,識別信息可以將上述表1的數據任意組合,也可以利用未記載於表1的數據。It should be noted that the settings of the security level, identification information, and available authentication service in Table 1 are just examples. For example, the security level may be set to other than 1 to 4. In addition, the identification information may be any combination of the data in Table 1 above, or data not described in Table 1 may be used.

參照圖11及圖12,說明認證系統400的使用者的認證處理的流程。應予說明,對於由生物體認證伺服器20的認證處理失敗時的情況,進行與實施方式1同樣地處理(圖4的步驟S128a~步驟S131),因此省略其說明。11 and 12, the flow of the authentication process of the user of the authentication system 400 will be described. It should be noted that when the authentication process by the biometric authentication server 20 fails, the same process as in Embodiment 1 is performed (step S128a to step S131 in FIG. 4), so the description is omitted.

如圖11所示,在步驟S401~步驟S406中,終端使用者所輸入的ID及密碼被發送到本人確認伺服器80,進行本人確認處理。當本人確認處理(步驟S406)成功時,本人確認伺服器80在步驟S407a中將登陸在本人確認伺服器80的識別信息發送至認證終端10。As shown in FIG. 11, in steps S401 to S406, the ID and password input by the end user are sent to the identity verification server 80, and identity verification processing is performed. When the identity verification process (step S406) is successful, the identity verification server 80 transmits the identification information registered in the identity verification server 80 to the authentication terminal 10 in step S407a.

認證終端10在步驟S412~步驟S415中基於終端使用者所拍攝的手掌的圖像,生成生物體認證數據。認證終端10在步驟S416中將從本人確認伺服器80獲取的識別信息及生物體認證數據發送至生物體認證伺服器20。生物體認證伺服器20在步驟S417中接收識別信息和生物體認證數據,在步驟S418中進行登錄處理。The authentication terminal 10 generates biometric authentication data based on the palm image taken by the terminal user in steps S412 to S415. The authentication terminal 10 transmits the identification information and the biometric authentication data acquired from the identity verification server 80 to the biometric authentication server 20 in step S416. The biometric authentication server 20 receives the identification information and the biometric authentication data in step S417, and performs registration processing in step S418.

另一方面,當本人確認處理(步驟S406)失敗時,本人確認伺服器80在步驟S407a中將本人確認失敗的結果發送至認證終端10。認證終端10在步驟S410顯示本人確認的失敗。On the other hand, when the identity verification process (step S406) fails, the identity verification server 80 transmits the result of the identity verification failure to the authentication terminal 10 in step S407a. The authentication terminal 10 displays the failure of the identity verification in step S410.

或者,在變形例的認證系統400中,如圖12所示,也可以利用進行生物體認證處理的應用程式10a和進行本人確認處理的應用程式10b的不同的應用程式來實現認證終端10的功能。通過這樣的構成,能夠沿用進行本人確認處理的現有的應用程式,安裝認證系統500。Alternatively, in the authentication system 400 of the modified example, as shown in FIG. 12, the functions of the authentication terminal 10 may be realized by using different applications of the application 10a for performing the biometric authentication processing and the application 10b for performing the identity verification processing . With such a configuration, it is possible to install the authentication system 500 by using existing applications that perform the identity verification processing.

<5.  其他實施方式> 以上,說明了本申請的實施方式及其變形例,但本說明書的適用不限於上述內容。例如,在上述實施方式中,認證終端10所具有的圖像獲取部13獲取人體的一部分的手掌的圖像,但不限於該例子,例如,也可以獲取人體的面部、指紋、眼紅膜、視網膜或耳朵的圖像。例如,獲取面部的圖像時,生物體認證數據生成部15基於面部的特徵形狀和靜脈形狀生成生物體認證數據。<5. Other embodiments> The embodiments of this application and its modifications have been described above, but the application of this specification is not limited to the above. For example, in the above-mentioned embodiment, the image acquisition unit 13 included in the authentication terminal 10 acquires an image of the palm of a part of the human body. However, it is not limited to this example. For example, the human face, fingerprints, eye red membrane, and retina Or the image of the ear. For example, when acquiring an image of a face, the biometric authentication data generating unit 15 generates biometric authentication data based on the characteristic shape and vein shape of the face.

並且,在上述實施方式中,例如信用卡的加盟店具有認證終端10,但不限於此。例如,在信用卡的使用者所具有的移動終端(所謂智慧手機等)安裝用於實現認證終端10功能的應用程式。此時,例如在家的網路購物中也可以實施本發明。Moreover, in the above-mentioned embodiment, for example, the affiliated store of a credit card has the authentication terminal 10, but it is not limited to this. For example, an application for realizing the function of the authentication terminal 10 is installed on a mobile terminal (so-called smart phone, etc.) possessed by the user of the credit card. At this time, the present invention can also be implemented in online shopping at home, for example.

並且,在上述實施方式中,作為結算系統30,記載了結算運營商所具有的信用卡的結算系統,但不限於該例子。例如,除了信用卡,也可以對於借記卡、預付卡等其他結算卡,適用本發明。In addition, in the above-mentioned embodiment, as the settlement system 30, the settlement system of the credit card owned by the settlement company is described, but it is not limited to this example. For example, in addition to credit cards, the present invention can also be applied to other settlement cards such as debit cards and prepaid cards.

並且,在上述實施方式中,終端使用者無須輸入會員ID等特定個人的信息,就能進行利用生物體認證數據的本人認證,也可以構成為以縮選關鍵字的方式輸入識別號碼的一部分或全部。此時,能夠基於輸入的信息,縮小進行核對生物體信息時的核對物件,從而能夠提高認證精度和速度。In addition, in the above-mentioned embodiment, the terminal user does not need to input specific personal information such as a member ID, and can perform personal authentication using biometric authentication data. It can also be configured to input a part or part of the identification number by shortening the keyword. All. In this case, based on the input information, it is possible to reduce the collation object when collating the biometric information, so that the authentication accuracy and speed can be improved.

並且,在變形例中,本人確認伺服器80將本人確認結果發送至認證終端10,但不限於該例子。例如,也可以認證終端10將本人確認數據和生物體認證數據發送至本人確認伺服器80,當本人確認成功時,本人確認伺服器80將生物體認證數據發送至生物體認證伺服器20的構成。In addition, in the modified example, the identity verification server 80 transmits the identity verification result to the authentication terminal 10, but it is not limited to this example. For example, the authentication terminal 10 may send the identity verification data and the biometric authentication data to the identity verification server 80, and when the identity verification is successful, the identity verification server 80 transmits the biometric authentication data to the biometric authentication server 20. .

另外,本發明為了實現上述的系統,也可以作為使認證終端10及生物體認證伺服器20發揮作用的程式實現。In addition, in order to realize the above-mentioned system, the present invention can also be realized as a program that makes the authentication terminal 10 and the biometric authentication server 20 function.

另外,本發明也可以作為儲存有上述程式的電腦可讀的非暫時性記錄介質實現。In addition, the present invention can also be implemented as a computer-readable non-transitory recording medium storing the above-mentioned program.

說本發明所涉及的各種實施方式,但這些只是例示,並不限定本發明的範圍。本發明也可以以其他的方式實施,在不脫離本發明的大意的範圍內,可以進行各種省略、代替、變更。這些實施方式或變更也應視為本發明的保護範圍或與其同等的範圍。Various embodiments according to the present invention are mentioned, but these are only examples and do not limit the scope of the present invention. The present invention can also be implemented in other forms, and various omissions, substitutions, and changes can be made without departing from the scope of the present invention. These embodiments or changes should also be regarded as the protection scope of the present invention or its equivalent scope.

10:認證終端 10a,10b:應用程式 11:認證用光源 13:圖像獲取部 14:顯示部 15:生物體認證數據生成部 17:數據發送部 18:解鎖指示部20:生物體認證伺服器 21:認證部 23:儲存部 25:認證後處理部 30:結算系統 50:本人確認伺服器 60:設施管理伺服器 70:登錄信息伺服器 71:儲存部 80:本人確認伺服器 100、200、300、400:認證系統 10: Authentication terminal 10a, 10b: application 11: Light source for certification 13: Image acquisition department 14: Display 15: Biometric authentication data generation department 17: Data Transmission Department 18: Unlock instruction part 20: Biometric authentication server 21: Certification Department 23: Storage Department 25: Post-certification processing department 30: settlement system 50: Identity verification server 60: Facility Management Server 70: Login Information Server 71: Storage Department 80: Identity verification server 100, 200, 300, 400: authentication system

圖1是說明本發明的實施方式1所涉及的認證系統100的概要的圖。 圖2是認證系統100的功能框圖。 圖3是說明認證系統100的使用者登錄處理的流程的圖。 圖4是說明認證系統100的結算處理的流程的圖。 圖5是實施方式2所涉及的認證系統200的概要的圖。 圖6是認證系統200的功能框圖。 圖7是認證系統200的認證處理的流程的圖。 圖8中,圖8A是說明實施方式3所涉及的認證系統300的一個例子的概要的圖。圖8B是說明實施方式3所涉及的認證系統300的別的例子的概要的圖。 圖9是認證系統300的功能框圖。 圖10是說明認證系統300的認證處理的流程的圖。 圖11是變形例的認證處理的流程的一個例子的圖。 圖12是變形例的認證處理的流程的別的例子的圖。FIG. 1 is a diagram illustrating the outline of an authentication system 100 according to Embodiment 1 of the present invention. FIG. 2 is a functional block diagram of the authentication system 100. FIG. 3 is a diagram illustrating the flow of user registration processing of the authentication system 100. FIG. 4 is a diagram illustrating the flow of settlement processing of the authentication system 100. FIG. 5 is a diagram of the outline of the authentication system 200 according to the second embodiment. FIG. 6 is a functional block diagram of the authentication system 200. FIG. 7 is a diagram of the flow of authentication processing of the authentication system 200. In FIG. 8, FIG. 8A is a diagram illustrating the outline of an example of the authentication system 300 according to the third embodiment. FIG. 8B is a diagram illustrating the outline of another example of the authentication system 300 according to the third embodiment. FIG. 9 is a functional block diagram of the authentication system 300. FIG. 10 is a diagram illustrating the flow of authentication processing of the authentication system 300. FIG. 11 is a diagram of an example of the flow of authentication processing in a modification example. FIG. 12 is a diagram of another example of the flow of the authentication process of the modification.

10:認證終端 10: Authentication terminal

11:認證用光源 11: Light source for certification

13:圖像獲取部 13: Image acquisition department

14:顯示部 14: Display

15:生物體認證數據生成部 15: Biometric authentication data generation department

17:數據發送部 17: Data Transmission Department

20:生物體認證伺服器 20: Biometric authentication server

21:認證部 21: Certification Department

23:儲存部 23: Storage Department

25:認證後處理部 25: Post-certification processing department

30:結算系統 30: settlement system

100:認證系統 100: authentication system

Claims (5)

一種認證系統,其具備認證終端及生物體認證伺服器,              所述認證終端具有認證用光源、圖像獲取部、生物體認證數據生成部、以及數據發送部,              所述認證用光源將包含可見光區域波長的光照射於終端使用者的人體的一部分,              所述圖像獲取部獲取反射圖像,所述反射圖像由從認證用光源照射並在終端使用者的人體的一部分反射後的光生成,              所述生物體認證數據生成部從獲取的所述反射圖像分別抽出所述人體的一部分的特徵形狀和靜脈形狀,生成生物體認證數據,              所述數據發送部將生成的所述生物體認證數據發送至所述生物體認證伺服器,              所述生物體認證伺服器具備儲存部、認證部、以及認證後處理部,              所述儲存部以相對應的方式儲存用於唯一地識別多個登錄使用者的識別信息與所述多個登錄使用者的生物體認證數據,              所述認證部基於從所述數據發送部收到的生物體認證數據,認證所述終端使用者是否為登錄使用者,              所述認證後處理部,在認證所述終端使用者為登錄使用者時,進行預定的認證後處理。An authentication system that has an authentication terminal and a biometric authentication server. The authentication terminal has an authentication light source, an image acquisition unit, a biometric authentication data generation unit, and a data transmission unit. The authentication light source will include a visible light area. The light of the wavelength irradiates a part of the human body of the end user, the image acquisition unit acquires a reflection image, and the reflection image is generated by light that is irradiated from the authentication light source and reflected on a part of the human body of the end user, The biometric authentication data generating unit extracts the characteristic shape and vein shape of a part of the human body from the acquired reflection image, respectively, to generate biometric authentication data, and the biometric authentication data to be generated by the data transmission unit Sent to the biometric authentication server, the biometric authentication server has a storage unit, an authentication unit, and a post-authentication processing unit, and the storage unit stores in a corresponding manner to uniquely identify multiple login users The identification information and the biometric authentication data of the multiple logged-in users, the authentication unit authenticates whether the terminal user is a logged-in user based on the biometric authentication data received from the data transmission unit, The post-authentication processing unit performs predetermined post-authentication processing when authenticating the terminal user as a logged-in user. 根據請求項1所述的認證系統,其中,              所述人體的一部分為手掌,              所述生物體認證數據生成部從獲取的所述反射圖像分別抽出所述手掌的掌紋形狀和靜脈形狀,並生成生物體認證數據。The authentication system according to claim 1, wherein, a part of the human body is a palm, and the biometric authentication data generation unit extracts the palm print shape and vein shape of the palm from the acquired reflection image, and generates Biometric authentication data. 根據請求項1或2所述的認證系統,其中,              還具備結算系統,              所述數據發送部將所述生物體認證數據及商品購買數據發送至所述生物體認證伺服器,              所述識別信息還綁定有與登錄用戶的結算手段相關的信息,              所述認證後處理部將所述商品購買數據及有關結算手段的信息發送至所述結算系統。According to the authentication system described in claim 1 or 2, wherein, it also has a settlement system, the data sending unit sends the biometric authentication data and product purchase data to the biometric authentication server, and the identification information is also Information related to the settlement means of the logged-in user is bound, and the post-authentication processing unit sends the commodity purchase data and information about the settlement means to the settlement system. 根據請求項1或2所述的認證系統,其中,              所述儲存部還將與所述登錄使用者綁定的預定信息作為登錄信息進行儲存,              所述認證後處理部將所述終端使用者的認證結果及登錄信息中的至少一方發送至所述認證終端。The authentication system according to claim 1 or 2, wherein, the storage unit also stores the predetermined information bound to the logged-in user as login information, and the post-authentication processing unit stores the end user’s At least one of the authentication result and the login information is sent to the authentication terminal. 根據請求項1或2所述的認證系統,其中,              還具備登錄信息伺服器,所述登錄信息伺服器用於將與所述登錄用戶綁定的預定的信息作為登錄信息儲存,              所述認證後處理部將所述終端使用者的認證結果及登錄信息中的至少一方發送至所述認證終端。The authentication system according to claim 1 or 2, wherein, it also has a log-in information server, and the log-in information server is used to store predetermined information bound to the logged-in user as log-in information. After the authentication, The processing unit sends at least one of the authentication result and login information of the terminal user to the authentication terminal.
TW107147850A 2018-12-28 2018-12-28 authentication system TWI797227B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
WOPCT/JP2018/48527 2018-12-28
PCT/JP2018/048527 WO2020136883A1 (en) 2018-12-28 2018-12-28 Authentication system

Publications (2)

Publication Number Publication Date
TW202026981A true TW202026981A (en) 2020-07-16
TWI797227B TWI797227B (en) 2023-04-01

Family

ID=71128872

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107147850A TWI797227B (en) 2018-12-28 2018-12-28 authentication system

Country Status (3)

Country Link
JP (1) JP6924899B2 (en)
TW (1) TWI797227B (en)
WO (1) WO2020136883A1 (en)

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS546826A (en) * 1977-06-20 1979-01-19 Matsushita Electronics Corp Apparatus for metallizing bulbes
JP2009211357A (en) * 2008-03-04 2009-09-17 Fujitsu Ltd Method and apparatus for biometrics authentication information registration and method and apparatus for biometrics authentication
WO2013136553A1 (en) * 2012-03-16 2013-09-19 ユニバーサルロボット株式会社 Personal authentication method and personal authentication device
JP6160148B2 (en) * 2013-03-19 2017-07-12 富士通株式会社 Biological information input device, biometric information input program, and biometric information input method
WO2015004803A1 (en) * 2013-07-12 2015-01-15 株式会社日立システムズ Payment terminal device and payment system
JP6774170B2 (en) * 2015-07-13 2020-10-21 株式会社電通グループ Dynamic payment processing system
JP2018018481A (en) * 2015-11-03 2018-02-01 バンクガード株式会社 Server system for electronic authentication, program, electronic authentication method and electronic authentication system
JP6759015B2 (en) * 2016-09-06 2020-09-23 株式会社日立製作所 Payment system and payment method
TWI645308B (en) * 2016-10-18 2018-12-21 富邦綜合證券股份有限公司 Electronic transaction authentication method and system using mobile device application
CH713061B1 (en) * 2016-10-19 2021-03-31 Smart Secure Id Ag System and method for contactless biometric authentication.
JP6806586B2 (en) * 2017-02-17 2021-01-06 株式会社日本総合研究所 Payment reception device, computer system, payment reception method and payment reception program
JP6434561B2 (en) * 2017-04-13 2018-12-05 株式会社日立製作所 Payment support system for travelers and payment support method for travelers

Also Published As

Publication number Publication date
WO2020136883A1 (en) 2020-07-02
TWI797227B (en) 2023-04-01
JPWO2020136883A1 (en) 2021-02-18
JP6924899B2 (en) 2021-08-25

Similar Documents

Publication Publication Date Title
CA2636825C (en) Multi-mode credential authentication
US20180189583A1 (en) Trusted mobile biometric enrollment
US20020112177A1 (en) Anonymous biometric authentication
US11843599B2 (en) Systems, methods, and non-transitory computer-readable media for secure biometrically-enhanced data exchanges and data storage
US11062002B2 (en) Secure data entry device
US11496471B2 (en) Mobile enrollment using a known biometric
EP3669513A1 (en) Digital identity system
JP2007094989A (en) Service providing method
KR101052936B1 (en) A network-based biometric authentication system using a biometric authentication medium having a biometric information storage unit and a method for preventing forgery of biometric information
JP7364057B2 (en) Information processing device, system, face image update method and program
KR20120013881A (en) Loaning method using kiosk system
TWI797227B (en) authentication system
WO2022024281A1 (en) Authentication server, authentication system, authentication request processing method, and storage medium
JP2007328616A (en) Contract system
WO2023170899A1 (en) Terminal, system, method for controlling terminal, and storage medium
KR102639356B1 (en) Identity Authentication System and Method Using Face Recognition
WO2024057457A1 (en) Authentication terminal, system, control method of authentication terminal, and recording medium
JP7158793B1 (en) Authentication devices, vending systems, transit systems, and automated teller machines
WO2023007768A1 (en) Information processing system, information processing method, and computer-readable storage medium
JP2019159555A (en) Information processing apparatus and recognition method
JP2023054831A (en) Personal authentication system
CA3193781A1 (en) Systems and methods for authentication and validation based on user credential and biometric data
AU2011204915A1 (en) Multi-mode credential authentication