US20090189736A1 - Authentication System - Google Patents

Authentication System Download PDF

Info

Publication number
US20090189736A1
US20090189736A1 US11/886,749 US88674906A US2009189736A1 US 20090189736 A1 US20090189736 A1 US 20090189736A1 US 88674906 A US88674906 A US 88674906A US 2009189736 A1 US2009189736 A1 US 2009189736A1
Authority
US
United States
Prior art keywords
information
individual
authentication system
side terminal
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/886,749
Other languages
English (en)
Inventor
Hitoshi Hayashi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
IHC Corp
Original Assignee
IHC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by IHC Corp filed Critical IHC Corp
Assigned to IHC CORPORATION reassignment IHC CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HAYASHI, HITOSHI
Publication of US20090189736A1 publication Critical patent/US20090189736A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B15/00Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/08With time considerations, e.g. temporary activation, valid time window or time limitations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals

Definitions

  • the present invention relates to an authentication system, in particular to an authentication system for performing collation of individual information of a user and thereby performing authentication.
  • the electronic information is easily tampered, leaked out and stolen, and in particular, in the case of authentication via internet, since it is difficult to check up the other side, the vulnerability of the authentication has been undeniable.
  • This biometrics information means peculiar information inhered to a person biometrically, including fingerprint and vocal print and the like, and since it is the information peculiar to the person that others cannot be have, it has been thought difficult to tamper the biometrics information.
  • Patent Document 1 As one of authentication by such electronic information with reinforced security, a crime prevention system using biometrics authentication technology disclosed in Patent Document 1 has been proposed.
  • Patent Document 1 Japanese Unexamined Patent Application Publication No. 2005-32051
  • the biometrics information is converted into electronic information, and sent and received in the same manner as in the prior art, and accordingly, it has been difficult to completely prevent the electronic information from being tampered, leaked out and stolen.
  • the present invention has been made in consideration of the above problems in the prior art, and accordingly, the object of the present invention is to provide an authentication system for improving authentication accuracy of existence of a registered person and easily find an unauthorized act to improve the security in a system by performing authentication using match/mismatch of biometrics information and temporal/spatial authentication when performing individual authentication via a network by using electronic information that is easily tampered, easily leaks out, and is easily stolen.
  • an authentication system including a plurality of servers each equipped with a database for managing individual information on registered people to be authenticated, and a plurality of information input devices to be operated by the registered people connected to the servers via a communication line network, wherein the information input devices send movement information including information input by the registered people to the servers, and the servers, on receiving the movement information from the information input devices, on the basis of the received movement information, and the individual information in the database, perform authentication of the existence of the registered people.
  • an authentication system wherein the servers collate the received movement information, and the individual information in the database, and at match of the above, send permission information to permit the information input devices to perform a specified action, to the information input devices, and the information input devices, on receiving the permission information, perform the specified action.
  • an authentication system wherein the movement information includes position information showing the installation position of the information input device of the movement information sending source, temporal information showing the time at which information is input by registered people, and individual identification IDs peculiar to the registered people, and the servers, on receiving a plurality of movement information including identical individual identification IDs, on the basis of the information input place and time of the registered people that the received movement information shows, perform continuous authentication of the existence of the registered people.
  • an authentication system wherein the servers and the information input devices send the movement information on the basis of transfer routes of the registered people.
  • an authentication system wherein the information input devices are equipped with a database for managing individual information, and when information is input by the registered people, collate the input information, and the individual information in the database, and at match of the above, perform a specified action.
  • an authentication system wherein the servers include a management server for managing the information input devices collectively in unit of building structure, transfer means, facility, region or organization, and an authentication server equipped with a database for totally managing the information in the database of the management server.
  • an authentication system wherein the authentication system has a plurality of units including at least one authentication server and a communication line network for connecting information input devices and terminals, and the authentication server controls rejection of the specified action by the information input devices, in unit of the units.
  • an authentication system wherein the authentication server, on receiving the movement information from the information input device, sends control information for limiting or prohibiting the specified action of the information input device, to the information input devices installed in other units than the unit to which the information input device belongs.
  • an authentication system wherein the authentication server, after receiving the movement information from the information input device, on receiving the movement information including identical individual identification IDs, sent from the information input devices in other units than the unit to which the information input device belongs, sends control information for limiting or prohibiting the specified action by the information input device to the registered people specified by the individual identification IDs, to the information input device.
  • an authentication system wherein the authentication server, on receiving the movement information from the information input device, sends control information for deleting the movement information, to the information input devices and the management servers in other units than the unit to which the information input device belongs, to the information input device.
  • an authentication system wherein the authentication server, on receiving the movement information from the information input device, sends control information for limiting or prohibiting the specified action by the information input device, to the information input devices installed in the unit to which the information input device belongs.
  • an authentication system wherein the authentication server accumulates the received movement information, and on receiving the movement information from the information input device, on the basis of the installation positions of those skilled in the art information input devices of the sending source, and the accumulated movement information, forecasts the transfer route of the registered people, and sends control information for performing an execution preparation of a specified action, to the information input devices installed on the forecasted transfer route.
  • an authentication system wherein the authentication server, on receiving movement information including information showing destination of transfer means that the registered people use, and receiving the movement information from the information input devices related to the transfer means, sends control information for performing an execution preparation of a specified action, to the information input devices related to the destination.
  • an authentication system wherein the authentication server, on receiving the movement information sent from the information input device installed out of the forecasted transfer route, sends control information for limiting or prohibiting the specified action by the information input device, to the information input device.
  • an authentication system wherein the servers and the information input devices have preset order of sending destinations of received or input information, and at failure of sending the received or input information, send the received or input information to the sending destination of the next order of the failed sending destination.
  • an authentication system wherein the authentication action, by collation of the biometrics information of registered people included in the movement information, and the biometrics information managed by the database, authenticates the existence of the registered people.
  • an authentication system wherein the servers convert local identification IDs, and individual identification IDs used in a limited organization.
  • an authentication system wherein the authentication system is managed by a financial organization, and the servers, on receiving the movement information from the information input device, perform authentication on the basis of the received movement information, and at success of the authentication, send permission information to permit the execution of financial transaction or settlement transaction, to the information input device.
  • an authentication system wherein the servers, on receiving the movement information from the information input device, perform authentication on the basis of the received movement information, and at success of the authentication, send information to recognize that a public identification card has been presented, to the information input device.
  • an authentication system wherein in the case of a temporal disconnection of network in the authentication system, the information input devices send a signal to check whether connection is available at present to the servers and other information input devices that have been connectable with own device, and establish network with the servers or other information input devices with which connection is available.
  • an authentication system wherein the information input devices store list information showing the servers and other information input devices that are connectable with own device, and on the list information shows connection priority order, and the information input devices, in the case of a temporal disconnection of network in the authentication system, send a signal to check in accordance with the priority order and establish network.
  • any combination of the above structural elements, and any structural element and expression of the present invention may be replaced mutually among method, apparatus, authentication system, computer program, recording medium storing computer program and the like, as effective aspects of the present invention.
  • the authentication system is a system that has a plurality of terminals, and on the basis of individual information of registered people input via the terminals, performs authentication of registered people, wherein in response to physical transfer of registered people, the storage positions of individual information of registered people transfer in the authentication system, and it is difficult for other third party than registered people to identify storage positions of individual information of the registered person, and accordingly, it is possible to prevent the individual information of registered people from being tampered, leaked out and stolen by such a third party, and easily find an unauthorized act to improve the security in a system by performing authentication.
  • FIG. 1 is a figure showing the basic structural principle of an authentication system according to an embodiment of the present invention.
  • the authentication system is structured to have an authentication server 1 , management servers 2 , and individual information input devices 3 .
  • the authentication server 1 a database for managing individual information of registered people to be authenticated is installed. And, this authentication server 1 is connected to a plurality of management servers via a communication line network, and collates the individual information transmitted from the individual information input devices 3 via management servers 2 with the individual information in the database, thereby authenticates the existence of the registered people.
  • the management server 2 is an information processor that manages the individual information input devices 3 collectively in unit of specified building structure, organization or region, such as for example home of the registered person, school, Tokyo and the like, and is connected via communication line network with the plurality of individual information input devices 3 collected in the unit.
  • the management server 2 also has the above database of individual information is installed, and collates the individual information received from the individual information input devices 3 with the individual information in the database, thereby authenticates the existence of the registered people.
  • the individual information input device 3 is a device installed everywhere in living space of registered people, such as a door, road, or station ticket wicket and the like, and inputs (reads) individual information of registered people such as biometrics information and the like, and sends this individual information to the management server 2 .
  • the individual information input device 3 When the registered person touches the individual information input device 3 to input (make the device read) biometrics information such as fingerprint and the like, the individual information input device 3 sends this input biometrics information to the authentication server 1 and the management servers 2 , and the authentication server 1 and the management servers 2 collate the transmitted biometrics information, with the biometrics information in the data bases premanaged respectively.
  • the individual information input device 3 reads the biometrics information of the registered person, it sends the read biometrics information together with the installation place of own device and information of reading time to the management servers 2 and the authentication server 1 .
  • the authentication server 1 and the management servers 2 stores information showing the place and the time at which the biometrics information of the registered person is read to own databases respectively, and use the information for the authentication of the existence of the registered person thereafter.
  • biometrics information of the same registered person is read by the individual information input device 3 at the position 100 km away from the home, and is sent to the management servers 2 and the authentication server 1 , the authentication server 1 and the management servers 2 supposes that this biometrics information may have been read illegally, and thereafter, send control information for limiting or prohibiting the actions of opening the door key and the like by the biometrics information of the registered person to the individual information input device 3 .
  • the individual information input device 3 may collate the biometrics information in the database, with the input biometrics information, and perform the individual authentication of the registered person by itself.
  • the authentication system performs temporal/spatial authentication, in addition to the match/mismatch of biometrics information, and thereby it is possible to improve the authenticity precision of existence of a registered person.
  • FIG. 2 is a block diagram showing the skeleton framework of the authentication system according to the embodiment of the present invention.
  • the authentication system is structured to have an authentication system server 10 that manages history information of the registered person, a building structure side terminal 110 that totally manages terminals installed in a building structure such as an apartment and the like, an organization side terminal 120 that totally manages terminals installed in an organization such as an administrative organ and the like, an area management side terminal 130 that totally manages terminals installed in an area such as 1-chome, somewhat-cho, a relay side terminal 140 that totally manages terminals not totally controlled by these respective terminals 110 , 120 , 130 in a mutually complementary manner, an aggregation side terminal 150 that totally manages these respective terminals 110 , 120 , 130 , 140 , an end side terminal 160 that is installed in activity range of the registered person and performs authentication of the registered person, and an external organization server 300 that is a backup server of the authentication system server 10 , which are connected via a communication line network 200 .
  • an authentication system server 10 that manages history information of the registered person
  • a building structure side terminal 110 that totally manages terminals installed in a building
  • the authentication system server 10 is a server device that is managed and operated by a management organization for managing individual information of users.
  • This authentication system server 10 has a function to perform authentication of the registered person on the history information, and a database (DB) 11 for recording and managing individual history information of respective users. Details of the management structure in this comprehensive DB 11 are described later herein.
  • the external organization server 300 is a server device that is managed and operated by other organization than the management organization for managing the authentication system server 10 .
  • This external organization server 300 has a function to act for the function of the authentication system server 10 , and perform authentication of the registered person, on the basis of the history information, and has a database (DB) 311 for recording and managing or backup storing the history information of each individual. Details of the management structure in this DB 311 are described later herein.
  • the aggregation side terminal 150 is connected to these servers 10 , 300 , via a communication line network 200 as the network of internet, line communication line network, radio communication line network, terrestrial digital wave, infrared ray and the like.
  • a communication line network 200 as the network of internet, line communication line network, radio communication line network, terrestrial digital wave, infrared ray and the like.
  • This aggregation side terminal 150 is a sub server device installed to connect the authentication system servers 10 , 300 , the building structure side terminal 100 , the organization side terminal 120 , the area management side terminal 130 and the relay side terminal 140 , via the communication line network 200 .
  • This aggregation side terminal 150 has a function to act for the function of the authentication system server 10 , and perform authentication of the user, on the basis of the history information, and has a database (DB) 151 for recording and managing or backup storing the history information of each user. Details of the management structure of this DB 151 are described later herein.
  • a plurality of aggregation side terminals 150 may be installed between the authentication system server 10 and the building structure side terminal 110 , the organization side terminal 120 , the area management side terminal 130 , the relay side terminal 140 .
  • terminals directly connected to the authentication system server 10 are made upper level terminals.
  • terminal device for totally managing the end side terminals 160 is connected via the communication line network 200 .
  • this aggregation side terminal 150 As the terminals devices connected to this aggregation side terminal 150 , according to the unit of the total management, there are the building structure side terminal 110 , the organization side terminal 120 , the area management side terminal 130 , and the relay side terminal 140 .
  • the building structure side terminal 110 is a sub server device installed for totally managing the end side terminals 160 installed in the building structure inside or at the peripheral thereof per building structure.
  • This building structure side terminal 110 has a function to act for the function of the authentication system server 10 or the aggregation side terminal 150 , and perform authentication of the user, on the basis of the history information, and has a total database (DB) 111 for recording and managing the history information of each individual. Details of the management structure in this comprehensive DB 111 are described later herein.
  • the total management unit of the end side terminals 160 by the building structure side terminal 110 may be divided in building structure, and may be structured in unit of school room, independent division unit of apartment, in unit of persons in building group, floor.
  • management organizations of school, apartment, building, hospital, airport, station and the like may be listed up.
  • the organization side terminal 120 is a sub server device installed for totally managing the end side terminals 160 used by school, company, public organs or optional group and the like using database.
  • This organization side terminal 120 has a function to act for the function of the authentication system server 10 or the aggregation side terminal 150 , and perform authentication of the registered person, on the basis of the history information, and has a database (DB) 121 for recording and managing the history information of each individual. Details of the management structure in this DB 121 are described later herein.
  • the end side terminals 160 are used in business actions made by various management groups, various transactions or free/charged services, per those various actions, respective transactions or respective services, the end side terminals 160 used therein are divided into groups, and per group, the organization side terminal 120 may totally manage the end side terminals 160 .
  • the organization side terminal 120 that totally manages the end side terminals 160 used in credit services, stores individual information of the registered person concerning the credit services, in each unit of card kinds in credit card issuing company, customer card kinds in shops and the like.
  • the area management side terminal 130 is a sub server device installed for totally managing the end side terminals 160 installed per government unit of prefecture, city or town and the like.
  • This area management side terminal 130 has a function to act for the function of the authentication system server 10 or the aggregation side terminal 150 , and perform authentication of the registered person, on the basis of the history information, and has a database (DB) 131 for recording and managing the history information of each individual. Details of the management structure in this DB 131 are described later herein.
  • this area management side terminal 130 totally manages the end side terminals 160 installed in specified areas as shown below.
  • the relay side terminal 140 is a sub server device installed for controlling and managing the end side terminals 160 that are not connected directly with the building side terminal 110 , the organization side terminal 120 or the area management side terminal 130 .
  • This relay side terminal 140 has a function to act for the function of the authentication system server 10 or the aggregation side terminal 150 , and perform authentication of the registered person, on the basis of the history information, and has a database (DB) 141 for recording and managing the history information of each individual. Details of the management structure in this DB 141 are described later herein.
  • the authentication system server 10 and the building side terminal 110 , the organization side terminal 120 , the area management side terminal 130 , and the relay side terminal 140 may be connected directly, without intervention of the aggregation side terminal 150 in some cases.
  • the end side terminal 160 is an information processor installed in daily activity range of registered person and the like, and building, organization and area where people gather and depart, and has a function to read biometrics information of the registered individuals and information of certificates such as passport and driver's certificate and the like, and perform authentication of rightfulness of the registered person. Accordingly, the end side terminal 160 has also the function as an information input device.
  • the end side terminal 160 has a function to judge whether certificate is real or false (presence or absence of counterfeit) in reading certificate such as for example passport.
  • This end side terminal 160 when authentication of individual information of registered person succeeds, provides various services including use permission of electronic money, opening of key, lighting the illumination, issuing of documents or provision of information and the like.
  • to use terminal for the registered person to receive various services from this end side terminal 160 and the like is referred to as “to use terminal”.
  • the end side terminal 160 registers the history information showing that this authentication has been made to its own terminal.
  • the registered person can register its own individual information by use of this end side terminal 160 , and can browse the registered individual information and the above history information. Furthermore, the end side terminal 160 has a function to send and receive these registered individual information and history information with other terminals and servers. Moreover, the end side terminal 160 has a function to perform authentication of the registered person on the basis of the history information.
  • the end side terminal 160 has a database (comprehensive DB 161 ) for recording and managing the history information of respective individuals. Details of the management structure in this DB 161 are described later herein.
  • the authentication system server 10 , the building structure side terminal 110 , the organization side terminal 120 , the area management side terminal 130 , the relay side terminal 140 , and the aggregation side terminal 150 may not necessarily store the history information received from this end side terminal 160 to the comprehensive DBs 11 , 111 , 121 , 131 , 141 or 151 , but may store the history information input from input devices such as a keyboard or a scanner or the like directly to the comprehensive DBs 11 , 111 , 121 , 131 , 141 or 151 .
  • FIG. 3 is a block diagram showing the simplified structure of the authentication system according to the present embodiment.
  • the definitions of the upper level terminal and the lower level terminal in the authentication system are explained.
  • an aggregation side terminal 150 B is connected, and an aggregation side terminal 150 A is connected to the aggregation side terminal 150 B. Further, to this aggregation side terminal 150 A, the building structure side terminal 110 and the organization side terminal 120 are connected. Furthermore, to the building structure side terminal 110 and the organization side terminal 120 , a plurality of end side terminals 160 are connected respectively.
  • the authentication system server 10 is made the most upper level terminal, and the end side terminal 160 is made the most lower level terminal.
  • terminals connected to line network connected to the authentication system server 10 side are upper level terminals, and terminals connected to line network connected to the end side terminal 160 side are lower level terminals.
  • the authentication system server 10 is the most upper level terminal, and the end side terminal 160 is the most lower level terminal. Further, with the aggregation side terminal 150 A at center, the aggregation side terminal 150 B is the upper level terminal, and the building structure side terminal 110 and the organization side terminal 120 are lower level terminals.
  • the external organization server 300 is positioned at the upper level of the aggregation side terminal 150 , in the same manner as the authentication system server 10 .
  • the authentication system may be structured to have, in addition to the above structural components, a user terminal 20 for the registered person to browse its own individual information and the like, a browse request side terminal 30 for other people than the registered person to browse the individual information of the registered person, a registration request side terminal 40 for other people than the registered person to register the individual information of the registered person, an existence judgment request side terminal 50 for the person who judges the existence of the registered person by itself to ask for grounds necessary for the judgment to the management organization side, an existence authentication request side terminal 60 to be operated by the person who asks for authentication of existence of the registered person individual to the management organization, an information rightfulness authentication request side terminal 70 to be operated by the person who asks for the judgment of rightfulness of the individual information presented from the registered person to the management organization side, and a confirmation destination side terminal 80 to be operated by issuing organization of identification certificate of the registered person and the like.
  • the authentication system according to the embodiment of the present invention is structured of the above structural components, however, in the respective embodiments described later herein, the authentication system is selectively structured by the structural components thereof.
  • the building structure side terminal 110 the organization side terminal 120 , the area management side terminal 130 , and the relay side terminal 140 are collectively referred to as sub servers hereinafter.
  • Each terminal has a database to store spatial information of its own terminal installation and information of peculiar identification of own terminal (hereinafter, own spatial information DB 401 ), and a database to store spatial information of other terminal installation with close relation with own terminal and peculiar identification of other terminals (hereinafter, related spatial information DB 402 ).
  • FIG. 4 is a block diagram of skeleton framework showing an example of the database in the building structure terminal 110 .
  • the building structure side terminal 110 manages the comprehensive DB 111 , the own spatial information DB 401 , and the related spatial information DB 402 .
  • the comprehensive DB 111 stores individual information handled by the terminal concerned. While on the other hand, the own spatial information DB 401 stores information showing the installation place of the building structure side terminal 110 , and the related spatial information DB 402 stores information showing the installation place of terminals connected to the building structure side terminal 110 via network respectively.
  • the own spatial information DB 401 and the related spatial information DB 402 may be integrated and an authentication system may be structured.
  • FIG. 5 is a figure showing an example of information stored in the own spatial information DB 401 and the related spatial information DB 402 in the building structure side terminal 110 .
  • identification information of all the terminals and servers installed in a space (place) is corresponded mutually and is structured integrally.
  • identification information of this building structure side terminal 110 and identification information of upper level and lower level terminals where information is sent and received with the building structure side terminal 110 are corresponded mutually and managed.
  • this related spatial information DB 402 detailed information may be stored in structure according to the own spatial information DB 401 .
  • Each terminal has a function to send the individual information of the registered person, the authentication result information of individual authentication of the registered person, and the authentication information of the registered person, to the authentication system server 10 and other terminals.
  • each terminal related the sent information to the above own terminal installation position information and terminal identification ID and sends the information.
  • the sent information of the installation position information and terminal identification ID may be used as internet address for easily sending and receiving information.
  • each terminal may have other multiple functions, and may be applied to a plurality of use purposes.
  • FIG. 6 is a figure showing an image where in the embodiment of the present invention, the building structure side terminal 110 and the end side terminal 160 are installed in a building structure.
  • the building structure side terminal 110 is installed in a specified position in the building structure, and the end side terminal 160 A, 160 B, 160 C are installed in respective portions of the building structure.
  • the end side terminal 160 C is installed in an illumination apparatus, and has a function to manage turning ON/OFF the illumination.
  • end side terminal 160 A is installed in a door knob out of the entrance
  • end side terminal 160 B is installed in the position of a door knob inside of the entrance.
  • These end side terminals 160 A, 160 B are equipped with a function to manage to lock and unlock the key of the installed door, biometrics information function, and a function to send information to instruct the end side terminal 160 C to turn ON/OFF the illumination.
  • FIG. 7 is a figure showing an example of installation purposes and concrete action of each terminal as the embodiment of the present invention.
  • the end side terminal 160 A is installed in a door knob outside of the entrance, and when the registered person enters the building structure and grips the door knob outside of the entrance, it performs authentication, and judges whether to unlock the door key and permit the person to enter the room.
  • ON instruction information may be sent to the end side terminal 160 C by action of “at home”, action to automatically turn on the room light may be additionally set. Furthermore, as other effect, it may be used for showing that the person is at home or around home at reading time, so-called alibi proof.
  • each terminal purposes for using the terminal, and the existence meaning of the terminal are defined. Thereby, it is easily made to concretely determine people whose are thought to use the terminal and the number of people.
  • databases of different use purposes like the database for managing electronic money, and the database for managing opening/closing of the door.
  • the structures, data formats and capacities are different.
  • terminal use purposes it is possible to make easy the examinations on the method and capacity of databases installed inside and outside of these terminals, and further, it is possible to make easy the examinations of the installation place of each terminal, installation device, safety management and purposes and the like.
  • Each terminal stores installation position information showing the position where the own terminal is installed.
  • This installation position information may be 2-dimensional or 3-dimensional information of the position where the information terminal is actually installed, or may show the name of installation position.
  • This 2-dimensional information is expressed by degrees of latitude and degrees of longitude
  • the 3-dimensional information means spatial recognition information expressed by in addition of the degrees of latitude and the degrees of longitude, height from the ground or depth in the ground.
  • the installation position information is shows as “right door of passengers of airplane with airframe number 123 of type XX manufactured by XX possessed XX Airline”.
  • the installation position information may be expressed by information formats specified in those position information identification authentication systems.
  • the height from the ground and the depth in the ground are not necessarily expressed in the metric system.
  • height levels such as the second floor, third floor, the first basement level of the building structure and the like may be recognized too.
  • the height from the ground and the depth in the ground may be ones measured from the ground surface at the ground point.
  • the expression of the height above sea level may be used.
  • each terminal stores information showing its own installation position in itself, meanwhile, a device that can recognize the present position such as GPS or the like may be installed in the information terminal, and the device may recognize the present position (2-dimensional/3-dimensional information or circumstances of the installation position).
  • a device that can recognize the present position such as GPS or the like may be installed in the information terminal, and the device may recognize the present position (2-dimensional/3-dimensional information or circumstances of the installation position).
  • each terminal Moreover, to each terminal, peculiar identification information to specify the terminal itself is allotted, and each terminal stores its own terminal identification ID.
  • This identification information may be a character string of several digits like a general identification ID or identification number. Further, it is preferable that to this identification information, in addition, names of installation places and concrete explanations are given. In particular, in the case of a terminal installed at one point expressed by same degrees of latitude and degrees of longitude, it is preferable that identification information is added to installation height degree and installation purposes, and clear terminal specification is made.
  • FIG. 8 is a figure showing an example of the setting method of terminal identification ID in the embodiment of the present invention, and (a) shows the setting method when to show details of the terminal identification ID, and (b) shows the setting method when to show the terminal identification ID briefly.
  • terminal identification IDs are replaced with other numeric values or characters, and thereby terminal identification IDs of the respective terminals are set.
  • this replacement portion is made back to original or additional information processing to recognize replaced information and the like are carried out, and thereby an authorization system condition for every terminal to recognize is secured.
  • u-code (ubiquitous ID) issued by for example ubiquitous ID center
  • the u-code (ubiquitous ID) may be used as peculiar identification information.
  • the management place of identification number and installation position information and the like of the terminal may be made u-code solution database installed in u-code solution server managed by ubiquitous ID center.
  • each terminal stores traffic organization information showing the conditions of traffic organizations around the installation positions. For example, as those registered as traffic organization information, there are the followings.
  • Each main terminal stores information showing the distance between main terminals. Further, the end side terminals 160 other than the main terminals store information showing the distance to these main terminals.
  • each terminal stores installation management information including date and time of installation of the terminal or date and time of operation start, and information to specify the installer or manager.
  • the installer or manager herein includes not only corporate or individuals that own terminal formally, but also workers who are in charge of real installation work and install the terminal at specified space. Meanwhile, in the case where plural people carry out the installation process, information to specify all the plural people is recorded as installation management information.
  • information to grasp related people such as person who has developed the terminal, person who has manufactured it or person who has transferred it and the like may be stored.
  • Each terminal stores terminal reliance information in consideration of degree of existence of the installer and manager, and social reliance of belonging or related group.
  • the social reliance of belonging or related group herein is rating at a certain rate of numeric values calculated by points allotted to items of capital, sales, business category, listed or not, government or not and the like.
  • FIG. 9 is a figure showing examples of respective basic information stored in the above respective terminals, and in (a) to (c), their concrete examples are shown.
  • the information is stored in the respective terminals, and sent to other terminals and servers at the moment of authentication of the registered person and the like.
  • the terminals related to the person can be grasped at instance, and the unauthorized portion of the terminal can be corrected, and measures necessary to make damage minimum can be taken rapidly.
  • each terminal stores individual identification ID issued to the person whose existence is proved by the organization, or information for linking to database storing information of the person whose existence is proved.
  • each terminal stores individual identification IDs of the installer and manager, and information for linking to the comprehensive DB 11 .
  • FIG. 10 is a figure showing the structure example of a first database of authentication system according to the embodiment of the present invention.
  • schematic structures of comprehensive DBs 11 , 111 , 121 , 131 , 141 , 151 , 161 installed in respective terminals are shown.
  • the comprehensive DB 11 is structured of a history information DB 12 , a validation information DB 13 , a basic information DB 14 , and an availability information DB 15 .
  • information in the database that the authentication system 10 can manage is referred to as individual information.
  • the history information DB 12 is a database to store information concerning individual history.
  • the validation information DB 13 is a database to store information concerning processes on validation of existence of individual or rightfulness of individual information, execution contents, evidence, witness and the like.
  • the basic information DB 14 is a database to store basic information of individual information.
  • the availability information DB 15 is a database to store information to determine the condition of action progress after authentication on the basis of authentication result of the registered person.
  • the comprehensive DB 111 is structured of a history information DB 112 , a validation information DB 113 , a basic information DB 114 , and an availability information DB 115 .
  • the comprehensive DB 121 is structured of a history information DB 122 , a validation information DB 123 , a basic information DB 124 , and an availability information DB 125 .
  • the comprehensive DB 131 is structured of a history information DB 132 , a validation information DB 133 , a basic information DB 134 , and an availability information DB 135 .
  • the comprehensive DB 141 is structured of a history information DB 142 , a validation information DB 143 , a basic information DB 144 , and an availability information DB 145 .
  • the comprehensive DB 151 is structured of a history information DB 152 , a validation information DB 153 , a basic information DB 154 , and an availability information DB 155 .
  • the comprehensive DB 161 is structured of a history information DB 162 , a validation information DB 163 , a basic information DB 164 , and an availability information DB 165 .
  • the history information DB, the validation information DB, the basic information DB and the availability information DB manage the information of the registered person by information folder per individual. Meanwhile, when there is no information to be stored into the respective comprehensive DBs, the information DB may not be installed in the terminal.
  • the comprehensive DBs 11 , 111 , 121 , 131 , 141 , 151 , 161 in the case when information to be registered or used is in common or limited among the registered people, without arranging individual folder, the structure itself of DB may be simplified so that one common DB is used.
  • the history information DBs 12 , 112 , 122 , 132 , 142 , 152 , 162 have a specified column to store all of activity data registered by the registered person individual, money data, education history, job history, activity history, biometrics information and the like.
  • the validation information DBs 13 , 113 , 123 , 133 , 143 , 153 or 163 replace video/audio of the authorization system server 10 of the management organization used for verifying the existence of registered person individual, the activity records of related people, conversation contents with related organization, evidence, witness and the like into electronic information and store it.
  • FIG. 11 is a figure showing an example of information installed and stored in the basic information DB 14 .
  • the basic information DB 14 is information that has been judged to be latest information or base of individual information of registered person individual, among information stored in the history information DBs 12 , 112 , 122 , 132 , 142 , 152 , 162 and the validation information DBs 13 , 113 , 123 , 133 , 143 , 153 , 163 , extracted from the respective databases to store.
  • extracted information general standard information of registered person of address, name, date of birth and the like, and main items such as present company information or latest qualification list and the like extracted as topics.
  • the basic information DB 114 is information that has been judged to be latest information or base of individual information of registered person individual, among information stored in the history information DBs 12 , 152 , 112 , 162 and the validation information DBs 13 , 153 , 113 , 163 , extracted from the respective databases to store.
  • the basic information DB 124 is information of main items extracted as topics from the history information DBs 12 , 152 , 122 , 162 and the validation information DBs 13 , 153 , 123 , 163 .
  • the basic information DB 134 is information of main items extracted as topics from the history information DBs 12 , 152 , 132 , 162 and the validation information DBs 13 , 153 , 133 , 143 , 163 .
  • the basic information DB 144 is information of main items extracted as topics from the history information DBs 12 , 152 , 142 , 162 and the validation information DBs 13 , 153 , 143 , 163 .
  • the basic information DB 154 is information of main items extracted as topics from the history information DBs 12 , 152 , 112 , 122 , 142 , 162 and the validation information DBs 13 , 153 , 113 , 123 , 133 , 163 .
  • the basic information DB 164 is information of main items extracted as topics from the history information DBs 12 , 152 , 112 , 122 , 132 , 142 , 162 and the validation information DBs 13 , 153 , 113 , 123 , 133 , 143 , 163 .
  • the topic information managed by the basic information DB 14 are linked to detailed information managed by the history information DBs 12 , 112 , 122 , 132 , 142 , 152 , 162 or the validation information DBs 13 , 113 , 123 , 133 , 143 , 153 , 163 .
  • the topic information is displayed on the display of terminal, browse requester and the like click the topic to easily browse the detailed information corresponding to the topic.
  • the topic information managed by the basic information DB 114 are linked to detailed item managed by the history information DBs 12 , 152 , 112 or the validation information DBs 13 , 153 , 113 , 163 .
  • the topic information managed by the basic information DB 124 are linked to detailed item managed by the history information DBs 12 , 152 , 122 , 162 and the validation information DBs 13 , 153 , 123 , 163 .
  • the topic information managed by the basic information DB 134 are linked to detailed item managed by the history information DBs 12 , 152 , 132 , 162 and the validation information DBs 13 , 153 , 133 , 163 .
  • the topic information managed by the basic information DB 144 are linked to detailed item managed by the history information DBs 12 , 152 , 142 , 162 and the validation information DBs 13 , 153 , 143 , 163 .
  • the topic information managed by the basic information DB 154 are linked to detailed item managed by the history information DBs 12 , 152 , 112 , 122 , 132 , 142 , 162 and the validation information DBs 13 , 153 , 113 , 123 , 133 , 143 , 163 .
  • the topic information managed by the basic information DB 164 are linked to detailed item managed by the history information DBs 12 , 152 , 112 , 122 , 132 , 142 , 162 and the validation information DBs 13 , 153 , 113 , 123 , 133 , 143 , 163 .
  • the availability information DBs 15 , 115 , 125 , 135 , 145 , 155 , 165 manage information to determine, instruct, control the action progress after authentication, on the basis of the authentication result of the registered person individual.
  • FIG. 12 is a figure showing an example of information stored in the availability information DB as the embodiment of the present invention.
  • the authentication result is classified into the following three main topics.
  • history information registered to the above history information DB there are the following (1) to (20). Meanwhile, in principle, to all information, temporal information showing the date and time of occurrence of the information.
  • the personal data is registered at user's own responsibility, and its main items are individual data including name, address, telephone number, cell phone number, mail address, date of birth and the like. Further, as its sub items, there are various optional items such as nearest station, hobby, religion, family structure, kindred, friends, blood type, profile and the like. Further, this personal data may one to show contents of passport, driver's certificate or basic resident register card and the like.
  • graduate certificates and education record certificates in kindergarten, nursery school, primary school, junior high school, senior high school, university, career college, graduate school and the like may be registered. Meanwhile, these graduate certificates and education record certificates as certificates of the education history data may be registered by use of scanner function.
  • qualification data data such as acquisition year, acquisition number or registration number from national examination to public qualification may be registered.
  • job history data there are working company (address, belonging department and section, business category, capital, number of employees and the like), period, employment type, employ conditions, job contents (success story, failure story, acquired technology, level, post position and the like), and as sub items, detailed items such as company culture, human network (superior, inferior, transaction companies and the like), reasons for getting into job, quitting job, and changing jobs, comments (company, business field), future aims and the like.
  • biometrics information there are fingerprint, iris, voiceprint, retina, vein, gene, face outline and the like, and all concerning human biometrics information may be registered.
  • Video, images, audio recording individual activities or combination information of these may be registered as data. This includes not only data recorded for specified individual, but also, for example, group photos of travels and documentary video of festivals, which is information to supplement the existence of registered person individual.
  • authentication judgment materials such as key opening and closing, switch ON/OFF, acceptance and rejection of entrance and exit (entering room and exiting room), acceptance and rejection of process progress, acceptance and rejection of service start and the like
  • Information of daily activity of registered person information collected by the organization side terminal 120 , the area management side terminal 130 , the relay side terminal 140 , the aggregation side terminal 150 and the like, and the history information thereof
  • Medical chart information dosage information, inspection information, physical information, and the history information thereof
  • Temporal information of period of authentication, or temporal information showing period of read/input of individual information (biometrics information)
  • the present authentication system is mainly for supporting entire human living affairs, the range of data is not limited to listed items.
  • FIG. 13 is a figure showing a data structure example in comprehensive DB inside the embodiment of the present invention.
  • the history information is updated continuously, and updated old information may be moved periodically or at optional period to upper level server or database of terminal, and in the building structure side terminal 110 , the organization side terminal 120 , the area management side terminal 130 , the relay side terminal 140 , the aggregation side terminal 150 and the end side terminal 160 , only the latest information may be displayed or managed.
  • FIG. 14 is a figure showing respective data structure examples of databases installed in two different terminals according to the embodiment of the present invention.
  • Each terminal has functions corresponding to its use purposes, and stores information of contents corresponding to its use purposes.
  • the history information DB 114 A is installed at the building structure side terminal 110 A installed at home of the registered person individual
  • the history information DB 114 B is installed at the building structure side terminal 110 B installed at the building structure of working place of the registered person individual.
  • peculiar information data to be stored in these building structure side terminals 114 A, 114 B shows biometrics information registered for operating the authentication system for opening and closing the key of entrance and exit of home or working place.
  • the peculiar information data stored to the history information DBs 114 A, 114 B is not necessarily same biometrics information, and, the basic information is not necessarily in common.
  • FIG. 15 is a figure showing respective data structure examples of databases installed in three different terminals according to the embodiment of the present invention.
  • the history information DB 114 is the database installed in the building structure side terminal 110 installed in building of school to which the registered person individual goes, and the peculiar information data stored in this history information DB 114 shows biometrics information registered for operating the authentication system for opening and closing the key of entrance and exit of school building.
  • history information DB 124 is the database installed in the organization side terminal 120 installed in any place in the school to which the registered person individual goes, and the peculiar information stored in this history information DB 124 shows information registered for using as school register.
  • FIG. 16 is a figure showing the structure example of a second database of authentication system according to the embodiment of the present invention. In this figure, a structure example of database that the authentication server 10 manages is shown.
  • DB 11 is structured of a history information DB 12 , a validation information DB 13 , a basic information DB 14 , and an availability information DB 15 .
  • the history information DB 12 , the validation information DB 13 , the basic information DB 14 and the availability information DB 15 manage the information of the registered person by information folder per individual.
  • the availability information used in specified server and the end side terminal, by the result of identical person authentication may common in plural registered people.
  • the availability information after authentication is entrance permission (opening the door) or entrance non permission (remaining the door closed), and common to all employees.
  • the authentication system server 10 is equipped with a comprehensive DB 11 , an availability information DB 15 and a search information DB 16 in parallel.
  • the comprehensive DB 11 is the database for recording and managing the history information of each individual, and is structured of a history information DB 12 , a validation information DB 13 , and a basic information DB 14 .
  • the availability information DB 15 performs authentication of the registered person individual, in terminals positioned at the lower level viewed from this authentication system server 10 , it stores and manages information to determine, instruct or control the action progress after the authentication on the basis of the authentication result, and also stores availability information common among plural registered people.
  • the search information DB 16 stores list information of all registered people extracted for simplifying the search of registered people, from all individual information registered in the authentication system server 10 or the terminals positioned at the lower level viewed from this authentication system server 10 . Furthermore, in the search information DB 16 , this list information is linked to individual folder in the comprehensive DB 11 and managed therein.
  • the authentication system server 10 in performing individual authentication of registered person, searches whether data read or input from terminal positioned at the lower level exists in the list information of the search information DB 16 .
  • the authentication system server 10 when data corresponding to the search information DB 16 exists, refers to information in individual folder of link destination in the comprehensive DB 11 , and performs authentication process.
  • the authentication system server 10 sends the read or input information to the aggregation side terminal 150 , and authenticates the registered person individual or searches for the corresponding data, and request the authentication/search result to be sent. Moreover, when the corresponding data does not exist, the authentication system server 10 may send an answer of authentication unavailability to the terminal that reads or inputs information of the registered person.
  • the building structure side terminal is equipped with a comprehensive DB 11 , an availability information DB 115 , and a search information DB 116 in parallel.
  • the organization side terminal 110 is equipped with a comprehensive DB 121 , an availability information DB 125 , and a search information DB 126 in parallel.
  • the area management side terminal 130 is equipped with a comprehensive DB 131 , an availability information DB 135 , a search information DB 136 in parallel.
  • the relay side terminal 140 is equipped with a comprehensive DB 141 , an availability information DB 145 , and a search information DB 146 in parallel.
  • the aggregation side terminal 150 is equipped with a comprehensive DB 151 , an availability information DB 155 , and a search information DB 156 in parallel.
  • the end side terminal 160 is equipped with a comprehensive DB 161 , an availability information DB 165 , and a search information DB 166 in parallel.
  • FIG. 17 ( a ) is a figure showing a structure example where end side terminals 160 A, 160 B, 160 C are connected in parallel at the lower level of the building structure side terminal 110 .
  • FIG. 17 ( b ) is a figure showing a data structure example of the search information DB 116 that the building structure side terminal 110 manages in this structure example.
  • end side terminal 160 A is installed at the front entrance
  • the end side terminal 160 B is installed at the service entrance
  • the end side terminal 160 C is installed at the vault.
  • search information DB 116 information of respective items as shown in (b) in FIG. 17 is extracted from individual folder of the building structure side terminal 110 and terminals positioned at the lower level of the building structure side terminal 110 , and classified and stored.
  • FIG. 18 is a figure showing the structure example of a third database of authentication system according to the embodiment of the present invention.
  • a structure example of database that the building structure side terminal 110 manages is shown.
  • the building structure side terminal 110 is equipped with a comprehensive DB 111 , and a temporary storage DB 117 that temporarily stores individual information read (input) by this building structure side terminal 110 or individual information received from other terminal in parallel.
  • the authentication system server 10 is equipped therein with a comprehensive DB 11 , and a temporary storage DB 17 in parallel.
  • the organization side terminal 120 is equipped with a comprehensive DB 121 , and a temporary storage DB 127 in parallel.
  • the area management side terminal 130 is equipped with a comprehensive DB 131 , and a temporary storage DB 137 in parallel.
  • the relay side terminal 140 is equipped with a comprehensive DB 141 , and a temporary storage DB 147 in parallel.
  • the aggregation side terminal 150 is equipped with a comprehensive DB 151 , and a temporary storage DB 157 in parallel.
  • the end side terminal 160 is equipped with a comprehensive DB 161 , and a temporary storage DB 167 in parallel.
  • FIG. 19 is a figure showing the structure example of a fourth database of authentication system according to the embodiment of the present invention.
  • a structure example of database that the authentication server 10 manages is shown.
  • the availability information DB and the search information DB are installed in other terminal and server, the same structure is made.
  • Temporary storage DBs 17 , 117 , 127 , 137 , 147 , 157 , 167 are databases that temporarily store individual information read or input by each terminal, and individual information received from other terminal until they are processed.
  • each terminal in reading or inputting individual information of registered people, may copy the individual information and automatically stores it in the temporary storage DB of its own. Further, each terminal, from viewpoint of information leakage prevention, without copying individual information, may store it to the temporary storage DB, and via this temporary storage DB, may transfer the individual information to database or software and the like of terminal and server that requires the individual information.
  • the above temporary storage DBs 17 , 117 , 127 , 137 , 147 , 157 , 167 may be set so that stored individual information is deleted automatically from the DB concerned, after lapse of a specified time from storing information into the DB concerned.
  • the temporary storage DB is not an eternal storage place of information. Further, it is not preferable that information with unclear purpose is left for a long time from viewpoint of the load to the information processing by the authentication system and information leakage risk. Therefore, it is preferable that time is calculated in consideration of average time and processing steps and the like of any process in the terminal concerned or in terminal connected to the terminal concerned, time setting where deletion is made automatically from temporary storage DB, and temporary storage DB itself is all deleted at a specified time.
  • the authentication system has the above basic structure, and in concrete it performs individual authentication action of the registered person as shown below.
  • FIG. 20 is a sequence chart showing the flow of individual authentication action of the registered person by the authentication system according to the embodiment of the present invention.
  • the end side terminal 160 reads biometrics information, and the building structure side terminal 110 performs individual authentication action of the registered person on the basis of the read biometrics information.
  • the end side terminal 160 reads the individual information (biometrics information) of the registered person (step S 1 ).
  • the end side terminal 160 sends the read biometrics information to the building structure side terminal 110 (step S 2 ).
  • the building structure side terminal 110 sends the information to the basic information DB 114 of the comprehensive DB 111 installed it own, and performs search whether information corresponding to information sent by the end side terminal 160 is managed (step S 3 ).
  • the building side terminal 110 When the information concerned does not exist in the basic information DB 114 , the building side terminal 110 further searches for the history information DB 112 (step S 4 ).
  • the building structure side terminal 110 collates it with the information received from the end side terminal 160 , and judges authentication (step S 5 ).
  • the building structure side terminal 110 sends this collation result to the end side terminal 160 (step S 6 ).
  • FIG. 21 is a sequence chart showing other flow of the individual authentication process of registered person by the authentication system according to the embodiment of the present invention.
  • the end side terminal 160 reads biometrics information, and the building structure side terminal 110 performs the individual authentication of registered person on the basis of the read biometrics information.
  • the end side terminal 160 reads the biometrics information of the registered person (step S 11 ).
  • the end side terminal 160 sends the read biometrics information to the building structure side terminal 110 (step S 12 ).
  • the building structure side terminal 110 sends the information to the search information DB 116 installed it own, and performs search whether information corresponding to information sent by the end side terminal 160 is managed in the search information DB 116 (step S 13 ).
  • the building structure side terminal 110 refers to the information in the comprehensive DB 111 linked to the information concerned in the search information DB 116 (step S 14 ), and judges authentication (step S 15 ).
  • the building structure side terminal 110 sends this collation result to the end side terminal 160 (step S 16 ).
  • each terminal or server has the search information DB that manages only information necessary for individual authentication of registered person, thereby it is possible to improve the efficiency of information search and reduce the authentication system load, and easily process a large amount of information at one time.
  • each terminal and server in the authentication system performs authentication of registered person by use of input or read information, or information received from other terminal and server.
  • movement information The information sent and received among terminals and servers at the moment of authentication of registered person is referred to movement information, and for example, this movement information includes the following information.
  • Temporal information of period of performing authentication, or temporal information showing period of read/input of individual information (biometrics information)
  • terminals and servers start authentication process by use of the availability information DB, at the moment when they receive all the information items of the above 1 to 4. Thereby, it is possible to prevent authentication from being made by only insufficient information and unreliable authentication result from coming out.
  • the present authentication system links various information used in authentication made in terminal and server and the result to each registered person, and creates and manages a flow of information concerning the registered person individual, that is, activity history.
  • the movement information always includes 1. Spatial information and 3. Temporal information, among the above information items 1 to 4.
  • FIG. 22 is a sequence chart showing an action example of the authentication system when a person to be registered registers its own history information for the first time to the end side terminal 160 and sub servers, in a first embodiment of the present invention.
  • the end side terminal 160 and sub servers (the building structure side terminal 110 , the organization side terminal 120 , the area management side terminal 130 and the relay side terminal 140 ) are explained as one unit.
  • the registered person individual uses the biometrics information reading function loaded in the end side terminal 160 , and makes the biometrics information of the registered person read (step S 21 ).
  • This biometrics information must be one necessary to use, or one efficient to use the end side terminal 160 or sub servers connected to the end side terminal 160 .
  • the ends side terminal 160 to read the biometrics information is installed at door knob of building structure or the like, by making the biometrics information fingerprint, reading thereof can be made easily.
  • the registered person inputs basic information such as name or address or history information necessary to specify the registered person individual by the end side terminal 160 (step S 22 ).
  • the basic resident register number of the registered person individual may be input.
  • substitutional number such as passport number, driver certificate number or basic resident register card number and the like may be input.
  • processing may be made by upper level sub servers connected to the end side terminal 160 concerned, or other end side terminal 160 connected to the sub servers.
  • the end side terminal 160 searches the comprehensive DB 161 , the search information DB 166 , the temporary storage DB 167 , and judges whether read or input information exists in its own (step S 23 ).
  • the end side terminal 160 When the end side terminal 160 confirms that read or input information does not exist in its own, it stores the read or input information to the temporary storage DB 167 in its own (step S 24 ).
  • this end side terminal 160 does not have the temporary storage DB 167 , this information is stored so that it can be judged that it is the information first read or input by the end side terminal 160 .
  • the end side terminal 160 sends the read or input information via a communication line network 200 , to sub servers to become the upper level terminals of the end side terminal 160 concerned (step S 25 ).
  • the sub servers that have received information search whether individual information of registered person exists, by the comprehensive DB or the search information DB and the like (step S 26 ). Meanwhile, this search processing is shown in FIG. 20 or FIG. 21 .
  • the sub servers confirms that there is not individual information of registered person received in its own as the search result, that is, that the registered person individual is not yet registered in the unit concerned, they create individual folder to store individual information of registered person individual (step S 27 ).
  • the sub servers give “temporary individual identification ID” used until official individual identification ID is given to the registered person individual.
  • the temporary individual identification ID may be simply set as identification ID of the terminal concerned with addition of date or date and time of registration.
  • the sub servers store, and register received information together with “temporary individual identification ID” to the individual folder (step S 28 ). Further, those having the search information DB among the sub servers copy and store necessary information from individual folder to the search information DB. At this moment, the sub servers set link between the individual folder and the search information DB (step S 29 ).
  • the sub servers send information that read/input information has been registered to sub servers and the “temporary individual identification ID” via the communication line network 200 , to the end side terminal 160 of information sending source (step S 30 ).
  • the end side terminal 160 on receiving the information of registration processing complete and the “temporary individual identification ID” in the upper level terminal, create individual folder to store the individual information of the registered person individual.
  • the end side terminal 160 stores and registers the read/input information together with the “temporary individual identification ID” to the individual folder (step S 31 ). At this moment, the end side terminal 160 registers only information that the comprehensive DB 161 requires or only information that can be stored to the individual folder of the comprehensive DB 161 , and deletes unnecessary information (step S 32 ).
  • the end side terminal 160 has the search information DB 166 , it copies and stores information necessary to the search information DB 166 from the individual folder. At this moment, link is made between the individual folder and the search folder DB 166 (step S 33 ).
  • steps S 21 to S 33 are an example of the initial registration processing, and without via the end side terminal 160 , individual information may be read, or input directly to the sub servers, and registration processing may be carried out.
  • FIG. 23 is a sequence chart showing an action example at the moment when name identification processing is carried out in the present authentication system, after completion of the initial registration of the sub servers in the first embodiment of the present invention.
  • the name identification processing is a process where registration conditions in terminals and servers in the authentication system are confirmed, and if plural different “individual identification IDs” or “temporary individual identification IDs” are allotted to one registered person, individual identification IDs are unified to one for the same registered person, and managed.
  • the registered person individual could be confirmed to be not yet registered in the unit concerned, but there is a possibility that it has been already registered in the entire authentication system.
  • this name identification processing it is possible to avoid duplicated registration of registered person individual, and improve the execution efficiency of search and authentication process.
  • the sub servers extract items common to individual from individual information that the registered person registers, for simplifying the search (step S 41 ).
  • common items are information items managed in common in terminals and servers of the authentication system, such as name, date of birth, various certificate numbers (basic resident register notification number, passport number or driver's certificate number and the like).
  • the sub servers After completion of extraction, the sub servers make the extracted information, and information to request search for name identification, recognizable by the aggregation side terminal 150 as upper level terminal, and then send them to the aggregation side terminal 150 (step S 42 ).
  • the aggregation side terminal 150 that has received information performs search to the comprehensive DB 151 or the search information DB 156 and the like, whether individual information of registered person exists (step S 43 ). Meanwhile, details of this processing is same as the action shown in FIG. 20 or FIG. 21 .
  • the aggregation side terminal 150 when information exists (step S 44 Yes), sends the information that registration has been already made, and official individual identification ID, to the sub servers (step S 45 ).
  • the sub servers replace the current temporary individual identification ID with the received individual identification ID (step S 46 ).
  • the sub servers send official individual identification ID to the end side terminal 160 concerning the information concerned, and change individual identification ID in the same manner (step S 47 ).
  • the aggregation side terminal 150 confirms that there is not the received individual information of the registered person in its own as the search result (step S 44 No), and creates individual folder to store individual information of registered person individual (step S 48 ).
  • the aggregation side terminal 150 stores, and registers the received information together with the “temporary individual identification ID” to the individual folder (step S 49 ). Further, when the aggregation side terminal 150 has the search information DB 156 , it copies and stores information necessary for the search information DB 156 from the individual folder. At this moment, a link is set between the individual folder and the search information DB 156 (step S 50 ).
  • the aggregation side terminal 150 in the same manner as the action at the step S 41 , extracts items common to individual from registered individual information. After completion of extraction, the aggregation side terminal 150 makes the extracted information, and information to request search for name identification, recognizable by the authentication system server 10 as upper level terminal, and then sends then to the authentication system server 10 (step S 51 ).
  • the authentication system server 10 that has received information refers to the comprehensive DB 11 or the search information DB 16 and the like, and judges whether individual information of registered person exists (step S 52 ). Meanwhile, details of this processing is same as the action shown in FIG. 20 or FIG. 21 .
  • the authentication system server 10 when information exists (step S 53 Yes), sends the information that registration has been already made, and official individual identification ID, to the aggregation side terminal 150 (step S 54 ).
  • the aggregation side terminal 150 replaces the received individual identification ID with the temporary individual identification ID.
  • the authentication system server 10 when there is not the received individual information of the registered person in its own as the search result (step S 53 No), creates individual folder to store individual information of registered person individual (step S 55 ).
  • the authentication system server 10 gives the official individual identification ID to the registered person individual on the basis of the received individual information of registered person (step S 56 ).
  • the authentication system server 10 stores, and registers the received information together with the “individual identification ID” to the individual folder (step S 57 ). Further, in the when it has the search information DB 16 , it copies and stores information necessary for the search information DB 16 from the individual folder. At this moment, a link is set between the individual folder and the search information DB 16 .
  • the authentication system server 10 sends official individual identification ID to the aggregation side terminal 150 that has sent the individual information concerned to the authentication system server 10 (step S 58 ).
  • the aggregation side terminal 150 replaces the received individual identification ID with the temporary individual identification ID.
  • the registered person individual is a person registered for the first time in the authentication system, and the existence validation is required.
  • the aggregation side terminal 150 that has received from the authentication system server 10 , and sends the official individual identification ID and the validation process information to the sub servers and the end side terminal 160 concerning the registration this time, in the same manner, and makes them change the individual identification ID in the same manner (step S 59 ).
  • the sub servers and the end side terminal 160 concerning the registration this time replace the temporary individual identification ID used so far, with the received individual identification ID.
  • the sub servers send, and notify to the terminal (PC or portable terminal) that the registered person replace to the individual identification ID, the new individual identification ID, and message information that this individual identification ID is indispensable in using the present authentication system hereafter (step S 60 ).
  • FIG. 24 is a sequence chart showing an action example at validation processing where in the first embodiment of the present invention, after the registered person registers its own individual information for the first time, whether the registered person individual is an existing person, and whether the registered information is true are verified.
  • existence validation processing of the registered person individual is executed from the initial registration to specified time lapse.
  • the aggregation side terminal 150 carries out the validation of existence of the registered person.
  • the aggregation side terminal 150 replaces the temporary individual identification ID with the individual identification ID (step S 61 ), and then sends information to instruct the sub servers or the end side terminal 160 to send the basic information such as name and address necessary for specifying registered person individual and the history information to the aggregation side terminal 150 , and information showing that the validation processing this time is executed by the aggregation side terminal 150 and the sub servers and the end side terminal 160 do not have to perform the processing (step S 62 ).
  • the sub servers and the end side terminal 160 send the individual identification ID, and instructed information, to the aggregation side terminal 150 (step S 63 ).
  • the aggregation side terminal 150 confirms that the presented evidential matter is true (not counterfeited, altered, or fabricated) by use of the eye of operator of the aggregation side terminal 150 , software in terminal or tester (step S 64 ). When it is confirmed to be true, to specified columns of the history information DB 152 and the validation information DB 153 , date and time, collation result, and collator information are stored.
  • the aggregation side terminal 150 performs collation processing on whether the information that is judged true is right or not, to confirmation destination side terminal 80 according to properties of the information (step S 65 ).
  • the aggregation side terminal 150 asks for an answer whether the information that is judged true is true information at the confirmation destination side terminal 80 side, or one based on true evidential matter.
  • the aggregation side terminal 150 asks the confirmation destination side terminal 80 to add information to specify answerer at answering (step S 66 ).
  • management side of authentication system has acquired from the registered person individual the consent to make public electronic image, electronic video, electronic audio and the like, to issue organization or related people of the evidential matter (images, video and the like of certificate of compliance, certificate of eligibility, certificate and the like) that the registered person individual presented, and to ask for an answer of truth of evidential matter and existence confirmation of the registered person individual.
  • public certificate it is supposed that by inputting information of identification ID of registered person and secret number and the like from servers and terminals, conditions can be easily confirmed.
  • the confirmation destination side terminal 80 compares the information contents stored in its own, and the information contents received from the aggregation side terminal 150 , and judges whether the received information contents are true or not (step S 67 ).
  • information to be compared for example, electronic information such as images, video of certificate of compliance, certificate of eligibility, certificate and the like of registered person individual sent from the aggregation side terminal 150 , the history information of registered person individual already stored in the confirmation destination side terminal 80 , evidential matter or verbal evidence of people related to the registered person may be listed up.
  • the confirmation destination side terminal 80 judges the information contents from the aggregation side terminal 150 are true or present, it sends answer information of “true” or “present”, and information showing the answerer related to this judgment to the aggregation side terminal 150 (step S 68 ).
  • the confirmation destination side terminal 80 judges the evidential matter is untrue or absent, it sends answer information of “untrue” or “absent”, and information showing the answerer related to this judgment to the aggregation side terminal 150 (step S 68 ).
  • the confirmation destination side terminal 80 performs answer information of “cannot judge” and answerer specification to the aggregation side terminal 150 (step S 68 ).
  • the aggregation side terminal 150 on receiving answer information from the confirmation destination side terminal 80 , registers it to the validation information DB 153 (step S 69 ).
  • validation degree information showing results, for example, “validation confirmation, true” or “validation not yet made” is stored to information.
  • the aggregation side terminal 150 totally judges the existence of the registered person, and registers the judgment result at the registration to the basic information FB 154 (step S 70 ).
  • the aggregation side terminal 150 sends the result to the sub servers or the end side terminal 160 , and sends the contents of the validation information DB 153 to the authentication system server 10 .
  • the aggregation side terminal 150 when the registered person refuses authentication or does not provide information necessary for validation, register the fact to the basic information DB 154 and the validation information DB 153 . Further, when information is incomplete and validation process is delayed, or validation processing must be carried out once again, the aggregation side terminal 150 displays the message information in the same manner.
  • the information validation request source is the aggregation side terminal 150 , but it may be each terminal or server structuring the authentication system.
  • the confirmation destination side terminal 80 performs validation at request, however, other terminal and server structuring the authentication system may perform the validation processing, so long as they have function to execute the validation processing.
  • the validation of existence to a user of the authentication system is not carried out by only one special organization, and the validation processing of existence can be performed on the basis of judgment by all individuals related to this authentication system.
  • existence is authenticated on the basis of the registered individual information, or the registered individual information of the identical person is digitized and evaluated by existence points, existence rate or existence rating, and authentication degree is externalized, and thereby to all the registered people who use the authentication system or companies, schools, organizations and the like to which registered people belong, services of high security can be provided.
  • FIG. 25 is a figure showing an example of calculation method of existence points in the authentication system according to the first embodiment of the present invention.
  • This existence point is the index showing the reliability to existence of registered person who registered its own individual information to the authentication system. Meanwhile, this “existence” means that the person (registered person) is not a virtual person but an actually existing person.
  • This existence point is calculated on the basis of those used for identification and certification of existence used when the registered person used in registering its own individual information to the authentication system, and the more those used in the identification is of reliable kind, or the more those used in identification are, or the higher the peculiarity of those used in the identification is, the existence point becomes a higher value, and the reliability is judged to be highly reliable.
  • those used in this identification are identification certificates such as driver's certificate, passport and the like, or information peculiar to the registered person such as biometrics information.
  • this existence point is also calculated on the basis of those that the registered person, after the registration of its individual information, presents to the system side for authentication, when using the authentication system.
  • those used in this identification are biometrics information or information portable items (IC card, ubiquitous communicator or cell phone and the like) to be described later herein.
  • registered information those used in the above identification and those presented at authentication are referred to collectively as registered information.
  • the authentication system server 10 converts the kind of registered information of registered person individual into points.
  • the authentication system server 10 multiplies this points by point allocation given to registration temporal information, validation result information, effective period information and information showing lapse time from the validation work execution period (hereinafter, referred to as validation lapse temporal information) respectively, and calculates attained points per registered information.
  • the authentication system server 10 calculates this attained points, individually, per kind of registered information concerning the registered person.
  • the authentication system server 10 totalizes the attained points calculated per registered information per the registered person individual, and calculates existence points.
  • the authentication system server 10 calculates risk rate consideration points, as index reflecting possible risk elements to the above existence points.
  • FIG. 26 is a figure showing an example of the calculation method of the risk rate consideration points by the authentication system according to the first embodiment of the present invention.
  • the risk rate consideration points are calculated by multiplying the above existence points by (1-risk rate).
  • This risk rates are various risks shown below expressed by 0 to 1 (1 when the risk is highest, 0 when the risk is lowest).
  • indexes to show the reliability degree of validation result of existence there are witness (person or group), trust evaluation degree, and matching rate of previous action pattern.
  • This trust evaluation degree is the trust degree of person or group that certificates existence of registered person, or issue organization of identification certificate used for existence certification and the like expressed by 0 to 1 (1 when the trust degree is highest, 0 when the trust degree is lowest).
  • this trust evaluation degree may be determined higher, as the name recognition and social position of the person is higher. Further, the trust evaluation degree may be determined according to whether the person can evaluate the registered person objectively or not, for example, it may be set low when the person is the family member of the registered person, and it may be set high when the person is unrelated third party of the registered person.
  • the trust evaluation degree may be determined according to whether the group is public or private, or the capital, establishment year, social influence of company and the like. For example, it may be set higher for public group than private group, and it may be set higher for group with higher capital, group with older establishment year, group with higher social influence.
  • the matching rate of previous action pattern is the index to show how much the latest action pattern of the same registered person matches the past action pattern of registered person.
  • the authentication system server 10 on the basis of the history information and movement information (time, place) of a registered person, stored in database in its own, detects action pattern for where, at what time zone, in what order, the registered person goes, and calculates the matching rate as the matching rate of action pattern.
  • the authentication system server 10 calculates the existence rate as the index to show the degree of truth of existence of registered person by any of the following equations 1 to 5.
  • the risk rate consideration point is calculated as below.
  • the attained point used in calculating the existence point is multiplied by the existence rate calculated on the basis of the above risk probability and the basic point is calculated, and these basic points are totalized for the registered person and the risk rate consideration point is calculated.
  • the existence point is calculated as the total of attained point of at least 2 or higher.
  • FIG. 27 is a figure showing a calculation example of the basic point by this equation 2.
  • the basic point in the equation 2 is calculated by multiplying the attained point by the information arising risk, validation arising risk, and other risk.
  • FIG. 28 is a figure showing the calculation method of this trust evaluation consideration point.
  • the existence point is calculated as the total of attained point of at least 2 or higher
  • the trust evaluation consideration point is calculated as the total of trust evaluation consideration point of at least 2 or higher.
  • FIG. 29 is a figure showing a calculation example of the trust evaluation consideration point by this equation 3.
  • the trust evaluation consideration point is calculated by multiplying the basic point by the trust evaluation degree determined according to the person and group (lawyer, teacher, large company, friend and the like) that has certified existence of registered person.
  • action pattern that the registered person repeats daily is classified into time zone or place and registered to the authentication system server 10 beforehand.
  • the authentication system server 10 on extracting actual action pattern of registered person, compares the extracted action pattern and the above registered action pattern, and when the matching arte is high, the existence rate (%) becomes a high value, and it is evaluated that the existence of the registered person is high.
  • the authentication system server 10 extracts and classifies the action pattern of registered person on the basis of time zone and place, in a certain period (for example, condition setting as past one year), and counts the number of times of these classified respective action patterns in the certain period and registers the result to its own.
  • a certain period for example, condition setting as past one year
  • the authentication system server 10 extracts and classifies action pattern on the basis of time zone and place, in the latest certain period (for example, condition setting as the latest one week), and counts the number of times of the respective action patterns.
  • the authentication system server 10 calculates mining rate per these classified respective action pattern. This mining rate is calculated by the following equations.
  • Validation base mining rate number of times in a certain period/number of days in the certain period
  • Objective destination mining rate number of times in the latest certain period/number of days in the latest certain period
  • Mining rate(%) objective destination mining rate/validation base mining rate
  • the authentication system server 10 totalizes at least two mining rates or more and calculates the mining point.
  • the authentication system server 10 calculates the existence rate (%) with this mining point as numerator, and the number of added mining rates as denominator.
  • FIG. 30 is a figure showing a calculation example of this equation 4.
  • action pattern ( 1 ) shows a registered person moves among respective units in the order “ 150 A”->“ 150 E”->“ 150 H”->“ 150 P”. This action pattern ( 1 ) is repeated by the registered person 120 times in 6 months, and repeated 32 times in the latest 45 days.
  • the mining rate of the action pattern ( 2 ) is calculated 0.65
  • the mining rate of the action pattern ( 3 ) is calculated 1.17.
  • FIG. 31 is a figure showing an example of collation between the existence rate and the authentication system use functions in the first embodiment of the present invention.
  • Respective terminals and servers structuring the authentication system store information showing the collation as shown in this figure, and limit the use of this authentication system, on the basis of existence of person who uses this authentication system.
  • function matrix the relation among the existence rate expressing in point assurance of existence of registered person, existence rating, existence point and the like, and usable functions.
  • terminals and servers performs validation (authentication) of existence of the person whether the registered/user individual is an existing person or not, and whether the individual information of the registered/user individual matches the information already registered in the authentication system or not, and store the validation result to validation information DBs 13 , 113 , 123 , 133 , 143 , 153 , 163 .
  • Respective terminals and servers in the authentication system may calculate the trust degree of existence of registered person in point, and may store information of trust degree of existence into databases per registered person.
  • This information of trust degree of existence may be used as materials of authentication of registered person.
  • terminals and servers may confirm and authenticate whether the person who receives the authentication is a person with existence confirmed, many existence points, and high existence rate, on the basis of the trust degree of the existence at use of the authentication system.
  • FIG. 32 is a figure showing an example of combinations of existence rate and individual identification ID, in the first embodiment of the present invention.
  • the authentication system server 10 when calculating existence rate, automatically adds certain codes and character information according to the calculated existence rate, to individual identification ID of the person who calculated the existence rate.
  • terminals and servers refer to individual identification ID information at receiving and sending shown in the figure, and can easily judge at what level the existence rate of the registered person is.
  • terminals and servers without searching all registered information of registered person, refer to segment information showing range of existence, corresponded to individual identification ID, and can easily send availability information and easily perform approval of certain action and the like.
  • terminal identification ID is corresponded to individual information sent and received in the authentication system, therefore, it is needless to mention that it is possible to easily specify the sending source of the information.
  • the authentication system according to the present embodiment is characterized by its high public use, and wide general purpose. Further, this authentication system may be configured in not a building structure or a specified area, but for example, in a wide area such as all over Japan, or all over the world.
  • This authentication system exchanges information around individual information ID, and when there occurs unexpected accident in the authentication system, it is possible to easily specify the source person.
  • FIG. 33 is a sequence chart showing an action example of the authentication system when the registered person registers its own history information for the first time to other end side terminal than the terminal to which the registered person registered once, in the second embodiment of the present invention.
  • the end side terminal 160 inputs/reads the individual information of the registered person, and when the input/read individual information is not yet registered in the databases 161 , 166 , 167 , it stores the individual information to the temporary storage DB 167 (steps S 71 to S 74 ).
  • the end side terminal 160 sends the individual information to the sub servers (step S 75 ).
  • the sub servers that have received the individual information search their own comprehensive DBs and search information DB, and judge whether the individual information is already registered in these databases or not (step S 76 ).
  • the sub servers When the sub servers confirm that the received individual information of the registered person is in their own as the search result, they store and register the individual information of the registered person received this time to specified DB (step S 77 ).
  • the sub servers if they have the search information DB, they copy and store necessary information from individual folder to the search information DB. At this moment, the sub servers set link between the individual folder and the search information DB (step S 78 ).
  • the sub servers send information that the individual information received from the end side terminal 160 has been registered to sub servers, and the individual identification ID via the communication line network 200 , to the end side terminal 160 (step S 79 ).
  • the end side terminal 160 on receiving the information of registration processing complete and the individual identification ID in the upper level terminal, create individual folder to store the individual information of the registered person individual.
  • the end side terminal 160 stores and registers the information together with the individual identification ID to the individual folder (step S 80 ).
  • step S 81 deletes unnecessary information
  • step S 82 registers to the search information DB 167
  • a unit means a structure rate unit including one upper level terminal and one lower level terminal or more managed by the terminal.
  • terminals of the same unit means terminals under management of the same terminal
  • terminals of other unit means terminals under management of respectively different terminals.
  • use a unit means for registered person to receive various services such as opening and closing the key and the like from any terminal structuring the unit.
  • FIG. 34 is a sequence chart showing an action example of the authentication system when the registered person registers its own history information for the first time to an end side terminal structuring other unit than the unit to which the registered person registered, in the third embodiment.
  • registered person registers its individual information once again to a terminal of the same unit. While on the other hand, in the present embodiment, the case when the registered person registers individual information once again to a terminal of other unit is explained.
  • steps S 91 to S 104 are same as the processes (steps S 41 to S 54 ) of the first embodiment.
  • the aggregation side terminal 150 that received from the authentication system server 10 changes its own “temporary individual identification ID” with official individual identification ID (step S 105 ).
  • the aggregation side terminal 150 sends individual identification ID to the sub servers concerning the registration this time and the end side terminal 160 (step S 106 ), and makes it change individual identification ID in the same manner (step S 107 ). Meanwhile, the steps after this are same as those in the first embodiment.
  • the registered person at the repeated registration, the registered person itself does not recognize its own individual identification ID, but in the present embodiment, the registered person has already recognized it.
  • FIG. 35 is a sequence chart showing an action example of the authentication system when the registered person registers its own history information for the first time to an end side terminal structuring other unit than the unit to which the registered person registered, and the registered person individual recognizes its individual identification ID, in the fourth embodiment of the present invention.
  • the end side terminal 160 displays a message to ask whether the registered person registers individual information to the authentication system for the first time or not.
  • the registered person inputs the individual identification ID allotted before to the end side terminal 160 .
  • the end side terminal 160 judges whether the read/input individual information is stored or not in at least one of the comprehensive DB 161 of its own, the search information DB 166 and the temporary storage DB 167 (step S 111 ).
  • the end side terminal 160 When the end side terminal 160 confirms that the read/input individual information is not stored in its own, it stores the read/input individual information into the temporary storage DB 167 in its own. When it does not have the temporary storage DB 167 , it stores to the search information DB 166 and the comprehensive DB 161 so that the end side terminal 160 can judge that it is first information recognition.
  • the end side terminal 160 corresponds the individual information to ID and stores it.
  • the end side terminal 160 sends basic information such as name and address or history information necessary to specify registered person individual via the communication line network, to sub servers to become upper level terminals of the end side terminal 160 concerned (step S 112 ).
  • Sub servers search database in its own in the same manner (step S 113 ), and when it confirms that the received information is not in database in its own (step S 114 No), it sends basic information such as name and address or history information necessary to specify individual identification ID and registered person individual via the communication line network 200 , to the aggregation side terminal 150 to become upper level terminal of the sub servers concerned (step S 115 ).
  • the aggregation side terminal executes the same steps as the above steps S 113 to S 115 (steps S 116 to S 118 ).
  • the authentication system server 10 searches database in its own (step S 119 ), and confirms that the received information is in its own (step S 120 Yes), it validates whether the registered person of the received individual identification ID is identical to the person registered in database in its own, and exists (step S 121 ).
  • the authentication system server 10 may compare and validate individual information in database of its own, and received individual information, or may collate to the confirmation destination side terminal 80 , and may received the validation result from the confirmation destination side terminal 80 .
  • the authentication system server 10 judges that registered person is identical to the person registered in database in its own, and exists (step S 122 ) as the result of validation, it sends information that the validation result and the individual identification ID should be used to the aggregation side terminal 50 (step S 123 ).
  • the information is sent to sub servers, and the end side terminal 160 (steps S 124 , S 125 ).
  • FIG. 36 is a sequence chart showing an action example to perform validation processing whether registered person individual is an existing person in optional time of use of the authentication system, and whether registered information is true or not, in a fifth embodiment of the present invention.
  • Sub servers accept registration of new individual information to validate existence of registered person (step S 131 ).
  • Sub servers may directly input/read individual information, or may receive it from the end side terminal 160 .
  • Sub servers send information to request to perform existence validation of registered person individual in addition, individual identification ID, and newly registered information, to the aggregation side terminal 150 (step S 132 ). At this moment, it is preferable that in automatic connection with the sending process this time, caution information “validation processing now under its way in the aggregation side terminal” is displayed by sub servers. Thereby, it is possible to prevent double processing in terminals.
  • the aggregation side terminal 150 confirms that the presented evidential matter is true (not counterfeited, altered, or fabricated) by use of the eye of operator of the aggregation side terminal 150 , software in terminal or tester (step S 133 ).
  • steps S 134 to S 139 after this are same as the processes (steps S 65 to S 70 ) in the first embodiment.
  • the aggregation side terminal 150 sends the result to the related sub servers, and sends the contents of the validation information DB 153 to the authentication system server 10 (step S 140 ).
  • the authentication system server 10 on receiving new existence validation result from the aggregation side terminal 150 , stores and registers the received validation result into the validation information DB 13 of its own.
  • the authentication system server 10 when existing information of the same kind as that of basic information or history information of registered person received this time exists in database of its own, may compare, examine and collate the received information and the existing information. This is because although it does not exist in the aggregation side terminal 150 , it may have been registered to the authentication system server 10 via other aggregation side terminal 150 .
  • the authentication system server 10 make the new existence validation result into conventional existence data in point and executes necessary calculation (step S 141 ).
  • step S 142 the data concerned in the authentication system server 10 is changed.
  • upper level terminal can perform validation processing by use of individual information sent from various terminals and stored intensively.
  • upper level terminal and server always repeat individual existence validation, and judge comprehensively, thereby the precision thereof increases, and accordingly it is difficult for a third party to do spoofing or become a virtual person. Further, it is natural that there is an effect to reduce validation processing of lower level terminal.
  • the authentication system concretely performs the following two processes.
  • terminals and servers judge whether existing individual information stored in database of authentication system, and the read or input information are identical, or they are in threshold value, and thereby validate existence of registered person.
  • terminals and servers judge whether newly read/input information, and existing individual information stored in databases of the authentication system or information existing in other terminal in the authentication system are consistent in two points of temporal information and spatial information, and thereby validate existence of registered person.
  • terminals and servers on the basis of read/input periods and position of individual information (biometrics information and the like) for specifying individual, validate presence or absence of unauthorized use by registered person in the authentication system, and further accumulate existence meaning and use purpose and the like of terminals and servers, and validate them.
  • individual information biometrics information and the like
  • Terminals and servers of the authentication system store information showing installation places, and traffic organization information (information of station and bus stop positions, time table and the like) around the installation places, and accordingly can calculate time required for movement among terminals.
  • terminals and servers calculate the time required for movement from terminals to the peripheral stations, on terminals of the previous and latest movement places.
  • This station movement required time is calculated by, for example, multiplying the distance from the installation position of terminal to the nearest station, by a specified numeric value (for example, value obtained by converting the world record of 100-meter running race into kilometers per hour).
  • end side terminal 160 In the examples explained above, individual information read by the end side terminal 160 is authenticated by upper level terminal, meanwhile in the present embodiment, the end side terminal 160 itself performs authentication process of individual information.
  • FIG. 37 is a sequence chart showing an action example of execution of authentication process where terminal to which individual information is input compares information in its own, and read or input information, and judges whether registered person individual is an existing person, or whether registered information is true, in a sixth embodiment of the present invention.
  • the action of the end side terminal 160 reads biometrics information of registered person and performs authentication is explained.
  • the end side terminal 160 by use of attached scanner, reads or input biometrics information of registered person, and sends and stores information to database installed in its own (step S 151 ).
  • the end side terminal 160 compares the read or input biometrics information, and previous registration biometric information in the search information DB 166 in its own. As the result of comparative collation, when the read or input biometrics information, and previous registration biometric information match, the end side terminal 160 specifies individual identification ID of the person whose biometrics information is input/read (step S 152 ).
  • the end side terminal 160 extracts corresponding information from individual folder of specified individual identification ID in the comprehensive DB 161 on the basis of specified individual identification ID (step S 153 ), and compares and collates the extracted information and the read or input biometrics information (step S 154 ), and performs authentication judgment whether it is identical person or not (step S 155 ).
  • the end side terminal 160 when the person is authenticated as identical person, the end side terminal 160 , by use of the availability information DB 165 , performs sending process of the above authentication result to other terminals and servers (step S 156 ).
  • the end side terminal 160 stores and registers biometrics information read or input this time, authentication result information, and temporal information showing period of the authentication, to respective specified columns of the comprehensive DB 161 (step S 157 ).
  • the end side terminal 160 may replace the information read or input this time and the like with existing information in the search information DB 166 (step S 158 ).
  • the authentication system not only the authentication system server 10 , but also terminals and servers perform authentication processing, and thereby it is possible to avoid the efficiency of processing and the overconcentration.
  • terminals and servers have authentication function respectively, and thereby, for example, even when communications with upper level terminals including the authentication server 10 is not available due to emergency situations such as power failure and line disconnection at disaster, failure with related upper level terminals and the like, it is possible for registered person to perform existence confirmation more strictly than identical person confirmation by evidential matters such as certificate and key.
  • FIG. 38 is a sequence chart showing an action example of process execution of authentication where terminal to which individual information is input compares read or input information, existing information in its own, and information that other terminal in the authentication system has and judges whether registered person individual is an existing person, or whether registered information is true, and whether there is continuity of individual information and existence, in a seventh embodiment of the present invention.
  • the end side terminal 160 by use of attached scanner, reads or inputs biometrics information of registered person, and sends and stores information to database installed in its own (step S 161 ).
  • the end side terminal 160 compares the read or input biometrics information, and previous registration biometric information in the search information DB 166 in its own. As the result of comparative collation, when the read or input biometrics information, and previous registration biometric information match, the end side terminal 160 specifies individual identification ID of the person whose biometrics information is input/read (step S 162 ).
  • the end side terminal 160 sends specified individual identification ID, temporal information of read or input biometrics information, and request for existence validation information, and identification ID of its own to the sub servers as upper level terminals (step S 163 ).
  • the end side terminal 160 may send read or input biometrics information itself to sub servers too.
  • Sub servers on the basis of individual identification ID received from the end side terminal 160 , search the search information DB or the comprehensive DB in its own (step S 166 ).
  • sub servers extract the latest existence information (information showing that existence of registered person has been confirmed) and the validation information related therewith or the validation result information from the information, and send them to the end side terminal 160 (step S 168 ).
  • step S 167 No when information concerning the individual identification ID concerned does not exits (step S 167 No), sub servers sends information showing “no corresponding information” to the end side terminal 160 (step S 168 ).
  • sub servers sends the information received from the end side terminal 160 , and necessary information in its own (the latest existence information and the validation information related therewith or the validation result information) to the aggregation side terminal 150 as upper level terminal (step S 169 ).
  • the aggregation side terminal 160 performs the same processes as the above steps S 166 to S 169 (steps S 170 to S 173 ). Further, at step S 172 , the aggregation side terminal 150 sends information to sub servers and the end side terminal 160 , and at step S 173 , it sends information to the authentication system server 10 .
  • the authentication system server 10 on the basis of the individual identification ID received from the aggregation side terminal 150 thereof, searches the search DB 16 or the comprehensive DB 11 in its own (step S 174 ).
  • the authentication system server 10 extracts the latest existence information and the validation information related therewith or the validation result information from the information, and sends them to the end side terminal 160 , sub servers and the aggregation side terminal 150 (step S 176 ).
  • the authentication system server 10 compares and collates biometrics information stored in its own, sub servers, the aggregation side terminal 150 and the authentication system server 10 and the like, and read or input biometrics information (step S 177 ), and performs authentication judgment whether the registered person exists or not (step S 178 ).
  • the end side terminal 160 may compare and collate the latest existence information stored in its own, sub servers, the aggregation side terminal 150 and the authentication system server 10 and the like, temporal information and spatial information of read/input individual information (biometrics information).
  • the end side terminal 160 when registered person is authenticated as identical person, the end side terminal 160 , by use of the availability information DB 165 that the terminal has, permits or proceeds various services provided by the end side terminal concerned (step S 179 ).
  • the end side terminal 160 stores and registers biometrics information read or input this time, authentication result information, and temporal information showing period of the authentication, to respective specified columns of the comprehensive DB 161 (step S 180 ).
  • the end side terminal 160 may replace the information read or input this time and the like with existing information in the search information DB 166 (step S 181 ).
  • the comparison of temporal information and spatial information as the feature of the present authentication system is carried out on the basis of consistency of the entire authentication system, and accordingly it is possible to improve the security of the authentication system further more than operation only by the history information existing in database of the terminal concerned from and to which individual information is read/input this time.
  • biometrics information, temporal information and spatial information are combined and thereby registered person individual is validated comprehensively and widely, and thereby, it is possible to continuously specify registered person temporally, and exclude “spoofing” and “virtual name”.
  • terminals and servers structuring the authentication system are connected via network, it is possible to perform processes such as authentication and the like, with databases of terminals and servers as a database, and eliminate geographical isolation and temporal isolation even in physically separated space, and easily compare existence authentication information.
  • FIG. 39 is a sequence chart showing an action example where in an eighth embodiment of the present invention, reader of biometrics information reads biometrics information, but since it does not have a database, information is collated with database outside of the device, and information that registered person is identical person is sent, in an eighth embodiment of the present invention.
  • authentication software is packaged that compares biometrics information to specify individual, the information concerned and newly read or input biometrics information, and calculates consistency rate and “threshold value” and the like and thereby performs individual authentication, and biometrics information read by biometrics information reader is compared and collated in the IC card.
  • Registered person inserts the IC card storing biometrics information to specify individual to the information reader. And, by a scanner attached to the information reader, registered person reads biometrics information (step S 191 ), and sends read information (input information) to the inserted IC card (step S 192 ).
  • the IC card converts read information data so that the received biometrics information should match the authentication software in its own (step S 193 ).
  • the IC card compares the converted read information, and data stored beforehand in its own, and calculates consistency rate and “threshold value” and the like (step S 194 ), and judges whether the read information is of registered person itself or not (step S 195 ).
  • step S 195 Yes the IC card sends information that the read information and identical person name and data match to the end side terminal 160 (step S 196 ).
  • the IC card in addition to biometrics information to specify individual, individual identification ID is stored, and in the case with the individual identification ID, the IC card sends the information concerned to the end side terminal 160 .
  • the IC card may send the above information to the end side terminal 160 in radio and non contact manner, or may contact the end side terminal 160 and send it.
  • the end side terminal 160 compares individual identification IC received from the IC card, and previous registered information in the search information DB 166 . As the result of comparative collation, when individual identification ID matches previous registered information, individual identification ID is specified (step S 197 ).
  • the end side terminal 160 compares and collates information stored in the comprehensive DB 161 in individual folder of the specified individual identification ID, and information sent from the IC card, and performs authentication judgment whether registered person is identical person or not (step S 198 ).
  • steps S 199 to S 291 processes after this (steps S 199 to S 291 ) are same as processes (steps S 156 to S 158 ) in the first embodiment.
  • the IC card stores basic information necessary for individual identification, and, has software for authentication that performs individual authentication by the information.
  • a function of conventional cell phone may be added, or description contents of certificates such as driver's certificate and basic resident register card and the like may be stored, and functions and purposes of such cell phone and certificates may be stored compositively.
  • individual authentication of registered person is carried out by collation of read individual information of registered person, and individual information in database. Meanwhile in the present embodiment, in addition to the collation of the individual information itself, when plural information items are collated, individual authentication is performed in consideration of whether the input sequence of individual information by registered person is right or not.
  • FIG. 40 is a sequence chart showing an action example of individual authentication where when terminal to which individual information is input collates information in its own, and read or input information and judges whether the registered person is an existing person, and whether registered information is true, in addition to collation of individual information, it is judged whether read or input sequence of one or plural information items registered beforehand to terminal is proper or not, in a ninth embodiment of the present invention.
  • the end side terminal 160 by use of attached scanner, reads or inputs one or more biometrics information of registered person, and stores it to database of its own (step S 211 ).
  • authentication may be made invalid when it does not complete in a certain time. For example, when to read fingerprint in the sequence of thumb->annular finger->index finger, fingers to be exposed to the scanner can be changed at once, and if it takes 2 seconds or more in changing fingers, authentication may be made unavailable.
  • the end side terminal 160 compares read or input biometrics information, and previous registered biometrics information in the search information DB 166 in its own. As the result of comparative collation, when read or input biometrics information matches previous registered biometrics information in the search information DB 166 , individual identification ID is specified (step S 212 ).
  • the end side terminal 160 extracts corresponding information from individual folder of the specified individual identification ID 8 step S 213 ), and compares and collates the extracted information and the read or input information (step S 214 ), and performs authentication judgment whether registered person is identical person or not (step S 215 ).
  • the end side terminal 160 compares the read/input sequence of biometrics information and sequence registered information in the search information DB 166 (step S 216 ).
  • step S 217 Yes when the read/input sequence of biometrics information matches the registered sequence in the search information DB 166 (step S 217 Yes), it is judged that the existence of registered person individual has been authenticated.
  • steps S 218 to S 220 are same as the steps S 156 to S 158 in the sixth embodiment.
  • plural individual information and read sequences are registered to terminals and servers of the authentication system, and authentication is performed according to matching conditions thereof, and accordingly, even in the case where a malicious third party uses the same terminal as the terminals that the registered person normally uses, or the same kind of individual information as that of the registered person, it is possible to easily prevent “spoofing” by the third party, and improve the precision of authentication of existence.
  • Read or input information may be changed at necessity or optionally.
  • Read or input sequence setting of information may be changed at necessity or optionally.
  • FIG. 41 is a sequence chart showing the flow of the above data transfer processing, in the authentication system according to a tenth embodiment of the present invention.
  • the number of information items or information amount to be stored in the database is set beforehand.
  • the building structure side terminal 110 when individual information is input newly from registered person, or on receiving individual information of registered person from the end side terminal 160 (step S 221 ), confirms registration remaining number of items or remaining amount in specified column of the comprehensive DB 111 (step S 222 , S 223 ).
  • step S 224 Yes When the data amount of individual information input/read this time is within the storable range of the comprehensive DB 111 (step S 224 Yes), it registers the received individual information.
  • the building structure side terminal 110 extracts a certain amount of individual information, among individual information already stored in the specified column of the comprehensive DB 111 (step S 225 ), and sends the extracted individual information to the aggregation side terminal 150 (step S 226 ).
  • the building structure side terminal 110 is to delete individual information sent to the aggregation side terminal 150 , in order to newly register individual information received/input this time, and the individual information to be deleted is selected according to sequence of old registration period of individual information, or sequence of low priority of use in the sub server (preset).
  • the aggregation side terminal 150 on receiving individual information from the building structure side terminal 110 , registers the received individual information to the comprehensive DB 151 (step S 227 ). After registration processing, the aggregation side terminal 150 confirms that information registration is complete (step S 228 ), and sends information that the registration of individual information received from the building structure side terminal 110 is complete to the building structure side terminal 110 (step S 229 ).
  • the building structure side terminal 110 on receiving information of completion of registration from the aggregation side terminal 150 , carries out a process to delete information sent at the step S 226 (step S 230 ).
  • the building structure side terminal 110 registers newly received or input individual information, to empty storage area of the comprehensive DB 111 that has been made as the result (step S 231 ).
  • the building structure side terminal 110 receives request information of the deletion processing, its action is controlled to automatically carry out the deletion processing according to the required information.
  • each terminal at every time when a certain amount of individual information is registered to its own, sends part of individual information registered before, to upper level terminals and servers used for the registration, and deletes the sent individual information, and thereby, it is possible to reduce concentration of processes to one terminal, in the authentication system.
  • FIG. 42 is a sequence chart showing an action example where transfer process is carried out to transfer individual information that each terminal stores to its upper level terminal for backup in an eleventh embodiment of the embodiment.
  • the action where the building structure side terminal 110 transfers individual information to the aggregation side terminal 150 for backup of individual information is explained.
  • date and time of backup execution, and terminal identification ID of terminal having backup individual information are stored to database in association with the individual information.
  • the building structure side terminal 110 confirms the backup condition of individual information stored to specified column of the comprehensive DB 111 . And, the building structure side terminal 110 extracts individual information with backup processing not yet made, from information stored in the specified column (step S 241 ), and sends information to the aggregation side terminal 150 (step S 242 ).
  • the aggregation side terminal 150 on receiving individual information from the building structure side terminal 110 , performs registration processing to the comprehensive DB 151 and the search information DB 156 (steps S 243 , S 244 ). At this moment, the aggregation side terminal 150 performs validation processing whether individual information to be backed up causes double registration with individual information already stored in the comprehensive DB 151 and the search information DB 156 , and stores the information.
  • the aggregation side terminal 150 confirms that information registration is complete (step S 245 ), and sends the information that the backup registration of individual information received from the building structure side terminal 110 is complete to the building structure side terminal 110 (step S 246 ).
  • the building structure side terminal 110 on receiving the information of registration completion from the aggregation side terminal 150 , performs a process to add information showing that the backup is complete, and the date and time thereof, and terminal of storage destination of backup respectively (step S 247 ).
  • registration completion information sent from the aggregation side terminal 150 in the step S 246 includes information to ask for execution process to add various information concerning the above backup to the building structure side terminal 110 , and when the building structure side terminal 110 receives the request information of the addition process, the addition process of various information concerning backup is automatically performed according to the request information.
  • backup process may be executed automatically per certain number of items, certain amount or certain date and time.
  • active information All individual information is stored in terminal and server that directly uses the information (hereinafter, this information is referred to as active information).
  • the building structure side terminal 110 registers registered information to the aggregation side terminal 150 as its upper level terminal for backup.
  • the aggregation side terminal 150 registers registered information to the authentication system server 10 for backup.
  • FIG. 43 is a sequence chart showing an action example where transfer process is carried out to transfer individual information that each terminal stores to the authentication system server 10 in a twelfth embodiment of the embodiment.
  • step S 251 to S 257 where the building structure side terminal 110 extracts individual information, and performs backup process to the aggregation side terminal 150 , and the building structure side terminal 110 registers the execution condition are same as the processes (steps S 241 to S 247 ) in the above eleventh embodiment.
  • the aggregation side terminal 150 judges whether the individual information stored in specified column of the comprehensive DB 151 is registered in the authentication system server 10 or not (step S 258 ).
  • the aggregation side terminal 150 extracts information not registered in the authentication system server 10 , from the individual information stored in the comprehensive DB 151 , and sends the extracted individual information to the authentication system server 10 (step S 259 ).
  • the authentication system server 10 on receiving individual information from the aggregation side terminal 150 , registers the received individual information to the comprehensive DB 11 (step S 260 ).
  • the authentication system server 10 performs validation processing whether the received individual information causes double registration with individual information already stored in the comprehensive DB 11 , and stores the information.
  • backup process may be executed automatically per certain number of items, certain amount or certain date and time.
  • the authentication system server 10 after backup processing, confirms that individual information registration is complete (step S 261 ), and sends the information that the backup registration of individual information received from the aggregation side terminal 150 is complete to the aggregation side terminal 150 (step S 262 ).
  • the aggregation side terminal 150 on receiving the information of registration completion from the authentication system server 10 , and sends information that it has transferred part or whole of individual information backup registered by receiving from the building structure side terminal 110 to the authentication system server 10 , to the building structure side terminal 110 (step S 263 ).
  • the aggregation side terminal 150 deletes individual information sent at the step S 259 (step S 264 ).
  • step S 265 When the building structure side terminal 110 receives information of registration completion from the aggregation side terminal 150 to the authentication system server 10 , changes various information added to information sent at the step S 259 in the comprehensive DB 111 , into information showing the transfer to the authentication system server 10 , and the date and time thereof (step S 265 ).
  • registration completion information of individual information sent from the aggregation side terminal 150 includes information to ask for execution process to add various information concerning the above change process of various information to the building structure side terminal 110 , and when the building structure side terminal 110 receives the request information of the addition process, it automatically performs the change process of various information concerning backup is according to the request information.
  • connection/connection release actions by the authentication system server 10 with other devices at the backup process of registered information are explained.
  • FIG. 44 is a sequence chart showing an action example where individual information that each terminal stores is transferred to the authentication system server 10 , and further transferred to the external organization server 300 in a thirteenth embodiment of the embodiment.
  • the aggregation side terminal 150 extracts the external organization server 300 information not registered in the authentication system server 10 , from the individual information stored in the comprehensive DB 151 (step S 271 ), and sends the extracted individual information to the authentication system server 10 (step S 272 ).
  • the authentication system server 10 on receiving individual information from the aggregation side terminal 150 , sends information to release connection between its own and the external organization server 300 , to the external organization server 300 (step S 273 ), and releases the connection with the external organization server 300 .
  • the authentication system server 10 registers individual information received from the aggregation side terminal 150 to the comprehensive DB 11 and the search information DB 16 (steps S 274 , S 275 ).
  • the authentication system server 10 confirms that individual information registration is complete (step S 276 ), and sends the information that the backup registration of individual information received from the aggregation side terminal 150 is complete to the aggregation side terminal 150 (step S 277 ).
  • the authentication system server 10 judges whether the individual information stored in the specified column of the comprehensive DB 11 is registered in the external organization server 300 or not. And, it judges from information stored in the specified column, whether there is information not yet backed up in the external organization server 300 , and there is need to execute backup process or not (step S 279 ).
  • the authentication system server 10 judges that the backup process is necessary, it extracts individual information to be backed up from the comprehensive DB 11 and the like (step S 279 ).
  • the authentication system server 10 sends information to release the connection between its own and the aggregation side terminal 150 to the aggregation side terminal 150 (step S 280 ), and releases the connection with the aggregation side terminal 150 .
  • the authentication system server 10 connects to the external organization server 300 again, and sends the extracted individual information to be backed up to the external organization server 300 (step S 281 ).
  • the external organization server 300 registers the individual information received from the authentication system server 10 in its own for the purpose of backup (step S 282 ).
  • the external organization server 300 on confirming that the backup registration of the individual information is complete (step S 283 ), sends information that the backup registration of the individual information received the authentication system server 10 is complete to the authentication system server 10 (step S 284 ).
  • FIG. 45 ( a ) and FIG. 45 ( b ) are figures showing connection conditions between terminals and servers in the thirteenth embodiment, In the figures, the solid line means now in connection, and the dot line means connection released.
  • the authentication system server 10 is connected to the external organization server 300 , and is not connected to lower level terminals.
  • the authentication system server 10 is connected to lower level terminals, and is not connected to the external organization server 300 .
  • each terminal if the terminal is connected to the upper level terminals thereof, it may be not connected to the lower level terminals thereof, meanwhile, if the terminal is connected to the lower level terminals thereof, it may be not connected to the upper level terminals thereof.
  • the network in the authentication system, as part of security countermeasures against hacker attacks and virus infection and the like, the network is not always connected. Therefore, there occurs a dead end street in the authentication system, and at occurrence of a problem, its spread to other terminals can be prevented.
  • the basic important information of registered person such as name, date of birth, address information and the like, among individual information, and the biometrics information registered for authenticating the existence of registered person individual are backed up bay databases at two or more portions, in order to prevent these information from being deleted, altered or the like.
  • FIG. 46 is a sequence chart showing an action example where individual information that the authentication system server 10 is transferred to two external organization servers at the same time in a fourteenth embodiment of the embodiment.
  • these two external organization servers are external organization servers 300 A, 300 B respectively.
  • the authentication system server 10 confirms whether the individual information stored to the specified column of the comprehensive DB 11 is registered in the external organization servers 300 A, 300 B or not.
  • the authentication system server 10 extracts individual information not yet registered to the external organization servers 300 A, 300 B, from the information stored in the specified column of the comprehensive DB 11 (step S 291 ), and sends the extracted individual information to the external organization servers 300 A, 300 B respectively at the same time (step S 292 ).
  • the external organization servers 300 A, 300 B on receiving the individual information from the authentication system server 10 , performs registration process to the comprehensive DBs 311 A, 311 B installed in its own (steps S 293 , S 294 ).
  • the external organization servers 300 A, 300 B perform validation processing whether individual information received here causes double registration with individual information already stored in the comprehensive DBs 311 A, 311 B, and store the information. And at this moment, in the external organization servers 300 A, 300 B, even with the same kind of information, if dates and times of information are different, it is stored as other information, and it is not written in principle.
  • the external organization servers 300 A, 300 B confirm that information registration is complete (steps S 295 , S 296 ), and send the information that the backup registration of individual information received from the authentication system server 10 is complete to the authentication system server 10 (step S 297 ).
  • the authentication system server 10 performs comparison and collation processing of stored information to the information in the comprehensive DB 311 A, and the information in the comprehensive DB 311 B, at necessity, per certain number of items, certain amount or certain date and time (step S 298 ).
  • the external organization server 300 A is in Okinawa, and the external organization server 300 B in Hokkaido, and they are apart geographically, or another case where the external organization server 300 A is under jurisdiction of the Ministry of Foreign Affairs, and the external organization server 300 B under jurisdiction of the Bank of Japan, and they are apart in organizations.
  • the comprehensive DBs 311 A, 311 B in principle store identical individual information.
  • the authentication system server 10 collates individual information stored in the comprehensive DBs 311 A, 311 B respectively, and performs collation processing, and if there is mismatch in data, it judges that there is a possibility of troubles such as data alteration or the authentication system failure or the like.
  • the continuity and unchangeability of individual information of registered person are made the authentication criterion, and accordingly, mismatch in data is considered to be a fault in individual information, and warning information is sent to the person concerned, and at the same time, use functions are limited.
  • the authentication system server 10 on receiving information that the individual information stored in its own has been backup registered to databases of two or more external organization servers, it may delete the individual information stored in its own in some cases.
  • FIG. 47 is a sequence chart showing an action example where the authentication system server 10 alternately or separately backs up individual information stored in its own, to two external organization servers in a fifteenth embodiment of the embodiment.
  • these two external organization servers are external organization servers 300 A, 300 B respectively.
  • the authentication system server 10 confirms whether the individual information stored to the specified column of the comprehensive DB 11 is registered in the external organization servers 300 A, 300 B respectively or not.
  • the authentication system server 10 extracts individual information not yet registered to the external organization servers 300 A, 300 B, from the information stored in the specified column of the comprehensive DB 11 (step S 301 ).
  • the authentication system server 10 confirms the present connection conditions between its own and the external organization server 300 B, and when it is connected to the external organization server 300 B, it sends information to stop connection to the external organization server 300 B (step S 302 ), and releases the connection between its own and the external organization server 300 B.
  • the authentication system server 10 sends individual information to be backed up to the external organization server 300 A (step S 303 ).
  • the external organization server 300 A on receiving individual information from the authentication system server 10 , performs registration processing to the comprehensive DB 311 A installed in its own (step S 304 ).
  • the external organization server 300 A performs validation processing whether individual information received here causes double registration with individual information already stored in the comprehensive DB 311 A, and stores the information. Further, in the external organization server 300 A, even with the same kind of information, if dates and times of information are different, it is stored as other information, and it is not written in principle.
  • the external organization server 300 A After registration process of individual information, the external organization server 300 A confirms that information registration is complete (step S 305 ), and sends the information that the backup registration of individual information received from the authentication system server 10 is complete to the authentication system server 10 (step S 306 ).
  • the authentication system server 10 sends information to stop connection, to the external organization server 300 A (step S 307 ), and releases the connection between its own and the external organization server 300 A.
  • the authentication system server 10 sends information to start connection, to the external organization server 300 B (step S 308 ), and restarts the connection between its own and the external organization server 300 B.
  • the authentication system server 10 performs the backup processing (steps S 309 to S 312 ) with the external organization server 300 B, in the same manner as in the processing (steps S 304 to S 306 ) with the external organization server 300 A.
  • the authentication system server 10 compares stored information of the comprehensive DBs 311 A, 311 B, and performs collation processing, and if there is mismatch in data, it judges that there is a possibility of troubles such as data alteration or the authentication system failure or the like (step S 312 ).
  • the continuity and unchangeability of individual information of registered person are made the authentication criterion, and accordingly, mismatch in data is considered to be a fault in individual information, and warning information is sent to the person concerned, and at the same time, use functions are limited.
  • the authentication system server 10 performs backup of individual information separately to the external organization servers 300 A, 300 B. Therefore, in the external organization servers 300 A, 300 B, it is possible to dispersed individual information according to extraction period and information kinds and the like and stores it.
  • identical individual information is stored to the comprehensive DBs 311 A, 311 B, meanwhile in the present embodiment, individual information stored in the comprehensive DBs 311 A, 311 B is not necessarily identical.
  • the external organization server 300 A accumulates and backs up data concerning the building structure side terminal 110
  • the external organization server 300 B accumulates and backs up data concerning the organization side terminal 120 .
  • individual information concerning the building structure side terminal 110 may be accumulated and backed up to the external organization server 300 A, and in the afternoon, data concerning the organization side terminal 120 may be accumulated and backed up to the external organization server 300 B.
  • backup processing is dispersed to optimal external organization server to store the information.
  • the authentication system server 10 may perform transfer processing alternately or separately according to the format of read information, and sort information to databases of backup destination.
  • FIG. 48 is a sequence chart showing an action example where individual information stored in the authentication system server 10 is transferred alternately or separately to three external organization servers in a sixteenth embodiment of the embodiment.
  • these two external organization servers are external organization servers 300 A, 300 B, 300 C respectively.
  • the authentication system server 10 sorts its backup destinations, according to registration time (period) of individual information.
  • the external organization server 300 A stores data whose temporal information is from 0:00 to 9:00.
  • the external organization server 300 B stores data whose temporal information is from 8:00 to 17:00.
  • the external organization server 300 C stores data whose temporal information is from 16:00 to 1:00 next day.
  • the authentication system server 10 confirms whether individual information stored in the specified column of the comprehensive DB 11 is stored in the external organization servers 300 A, 300 B, 300 C respectively or not.
  • the authentication system server 10 extracts individual information not yet registered to the external organization servers 300 A, 300 B, 300 C from the information stored in the specified column of the comprehensive DB 11 (step S 321 ).
  • the authentication system server 10 confirms the present connection conditions between its own and the external organization server 300 B, 300 C, and when it is connected to the external organization server 300 B, 300 C, it sends information to stop connection to the external organization servers now in connection (step S 322 ), and releases the connection between its own and the external organization servers now in connection.
  • the authentication system server 10 sends individual information to be backed up to the external organization server 300 A (step S 323 ).
  • the authentication system server 10 extracts individual information to be backed up (step S 324 ), and restarts the connection with the external organization server 300 B, and sends the extracted individual information to both the external organization servers 300 A, 300 B (step S 325 ).
  • the external organization server 300 A on receiving individual information from the authentication system server 10 , performs registration processing to the comprehensive DB 311 A installed in its own (step S 326 ).
  • the external organization server 300 A performs validation processing whether individual information received here causes double registration with individual information already stored in the comprehensive DB 311 A, and stores the information. Further, in the external organization server 300 A, even with the same kind of information, if dates and times of information are different, it is stored as other information, and it is not written in principle.
  • the external organization server 300 A After registration process of individual information, the external organization server 300 A confirms that information registration is complete (step S 327 ), and sends the information that the backup registration of individual information received from the authentication system server 10 is complete to the authentication system server 10 (step S 328 ).
  • the authentication system server 10 sends information to stop connection, to the external organization server 300 A (step S 329 ), and releases the connection between its own and the external organization server 300 A.
  • the authentication system server 10 performs the processing (steps S 330 to S 341 ) with the external organization server 300 B, 300 C in the same manner as in the processing (steps S 324 to S 329 ) with the external organization server 300 A.
  • the authentication system server 10 performs comparison and collation processing of stored information to the information in the comprehensive DB 311 A, and the information in the comprehensive DB 311 B, and the information in the comprehensive DB 311 C at necessity, per certain number of items, certain amount or certain date and time (step S 342 ).
  • the authentication system registers individual information and authenticates registered person and the like, information is sent and received among terminals and servers configuring the system.
  • terminals and servers make connections with other terminals and servers according to preset priority order in order to send and receive information.
  • the aggregation side terminal 150 W has a structure to manage lower level building structure side terminals 110 A, 110 C, organization side terminal 120 A.
  • FIG. 49 is a figure showing terminal of connection objective of the building structure side terminal 110 C in a seventeenth embodiment.
  • Each terminal of the authentication system stores information showing priority order of terminals for connection of its own as shown in the figure, at authentication processing of registered person and the like.
  • the building structure side terminal 110 C first tries to connect the building structure side terminal 110 A with priority, and if the connection is not carried out normally, then it tries to connect the organization side terminal 120 A, the aggregation side terminal 150 D, the aggregation side terminal 150 B, and so on in this order with priority.
  • the building structure side terminal 110 C tries to connect the aggregations side terminal 150 W.
  • FIG. 50 is a sequence chart showing an action example when the building structure side terminal 110 C makes connection with other terminal, in the seventeenth embodiment.
  • Each terminal in sending information, makes access on the basis of terminal information for priority connection stored in its own.
  • the terminal to which it is connected with priority in ordinary operation is the building structure side terminal 110 A.
  • the building structure side terminal 110 C extracts specified individual information from its own comprehensive DB 111 C (step S 351 ), and sends the extracted individual information to the building structure side terminal 110 A set with highest priority (step S 352 ).
  • the building structure side terminal 110 C is not connected to other terminal.
  • step S 354 when the building structure side terminal 110 C detects condition of no connection with the building structure side terminal 110 A (sent information does not arrive the building structure side terminal 110 A) (step S 354 ), the building structure side terminal 110 C sends the above extracted individual information to the building structure side terminal 110 A with the next priority (step S 355 ).
  • the building structure side terminal 110 C tries connection (steps S 356 to S 359 ).
  • the building structure side terminal 110 C makes connection to emergency connection terminal (aggregation side terminal 150 W).
  • the building structure side terminal 110 C fails in access to terminal of sending destination of individual information once or for specified times, access is changed to terminal of the next priority order.
  • each terminal information of terminal of connection with highest priority, terminal of connection in the case of non connection with the highest priority terminal, or terminal of connection at emergency is set.
  • the opportunity to use the building structure side terminal 110 installed in other's building along the road, or the organization side terminal 120 of management unit of other family and company organization is extremely small.
  • each individual information of registered person is closely related with history information showing action history of each registered person, and try sending only to terminals that are considered to be related the registered person individual.
  • communication line network is generally made public, and accordingly, there are malicious people on communication line network, and they easily commit unauthorized browsing and unauthorized acquisition and unauthorized alteration.
  • terminals close at hand use communication line technology of limited range such as extremely weak radio communication and infrared ray and the like, and when operation ends between the end side terminal 160 and sub servers, public line network may not be used.
  • terminals of mutual communication are made clear, and terminal identification ID of the terminal and connection terminal list information are compared and collated. As a result, it is possible to prevent unauthorized access by double security.
  • the terminal to be used is connected to other working terminal, and it is possible to perform data comparison for individual existence authentication and provision of authentication data and the like.
  • the authentication system server 10 As access destinations at emergency, there are the authentication system server 10 , the external organization server 300 or the aggregation side terminal 150 or the like, and they store all or necessary part of individual information stored in destination terminals designated by the connection information terminal list of terminal that registered person uses as backup or original.
  • the access places at emergency should be coped with in mutual association of governing organs in Japan, and in mutual association of Japan and countries all over the world. Further, in order to minimize unnecessary leakage or alteration of information, it is preferable that addresses of route places of information and managers should be judged clearly, and the route places are set to public places without unauthorized acts, governing organs, financial organs, communication providers, hospitals and the like.
  • each terminal in principle sends individual information to one upper level terminal. While on the other hand, in the present embodiment, each terminal sends information to two designated partner terminals.
  • FIG. 51 is a figure showing terminals to be connected with the building structure side terminal 110 C, in an eighteenth embodiment.
  • Each terminal of the authentication system stores information showing the priority order of terminals to which its own makes connection as shown in the figures. Further, in connection destination terminals with this priority (hereinafter, referred to as main route terminal), other destination terminals that send information at the same time when information is sent to them (hereinafter, referred to as reflection terminals) are set per terminal.
  • FIG. 52 is a sequence chart showing an action example where the building structure side terminal 110 C connect communications to other terminals, in the eighteenth embodiment.
  • each terminal has a function to automatically send information to plural portions.
  • the end side terminal 160 reads biometrics information (step S 401 ), and sends the read biometrics information and movement information to the building structure side terminals 110 A, 110 B (step S 402 ).
  • the building structure side terminal 110 A is the highest priority connection terminal (main route terminal) designated in the connection information terminal list, and the building structure side terminal 110 B is terminal sent secondarily (reflection terminal).
  • the building structure side terminals 110 B stores received information from the end side terminal 160 , to the temporary storage DB installed in its own (step S 403 ), and waits for further instruction.
  • step S 405 When the end side terminal 160 detects condition of no connection with the building structure side terminal 110 A for some reason (step S 405 ), it makes connection with the terminal of the next priority order in the connection information terminal list.
  • step S 404 Available when the connection between the end side terminal 160 and the building structure side terminal 110 A succeeds (step S 404 Available), the building structure side terminal 110 A sends information to show that individual information has been received from the end side terminal 160 , to the end side terminal 160 (step S 406 ).
  • the end side terminal 160 on receiving the information to show that individual information has been received from the building structure side terminal 110 A, sends information to request for deletion of individual information stored in the temporary storage DB of the building structure side terminal 110 B (step S 407 ).
  • the building structure side terminal 110 B on receiving the deletion request information from the end side terminal 160 , deletes information stored in the temporary storage DB of its own (step S 408 ).
  • the authentication system according to the present embodiment is to secure place (reflection terminal) to store individual information in the present authentication system, so as to back up individual information, even in the case when terminal of sending source of individual information and terminal of receiving destination.
  • This reflection terminal is different from access place at emergency, and does not store all individual information of the individual concerned, but it holds information temporarily. Further, it is preferable that according to functions of end side terminal and the like of information read place, same products of readers and different place installation terminals of same manufacturer are made reflection terminal from viewpoint of compatibility of information.
  • the building structure side terminal 110 B (reflection terminal), on receiving deletion request information, deletes information stored in the temporary storage DB of its own, and in addition, it may automatically delete information after lapse of a certain time.
  • FIG. 53 is an image figure showing a network configuration of authentication system servers 10 , in the authentication system according to a nineteenth embodiment of the present invention.
  • the authentication system server 10 may be installed, for example, per governing unit like prefecture unit or city unit.
  • each area is divided into a certain range, and the authentication system server 10 is installed per certain range, and the capacity of individual folders that the authentication system server 10 owns is dispersed, and accordingly it is possible to disperse load of the authentication system into several portions, more effectively than operation of wide range such as country unit by one authentication system server 10 .
  • the authentication system server 10 registers registered information of its own to the external organization server 300 , and performs backup.
  • registered information in the authentication system server 10 , and registered information in the external organization server 300 are compared and collated to check whether registered information is tampered.
  • FIG. 54 is a sequence chart showing an action example where the authentication system server 10 and the external organization server 300 perform comparison collation processing of stored information at optional time, in a 20th embodiment.
  • the comprehensive DB 11 of the authentication system server 10 , and the comprehensive DB 311 of the external organization server 300 at necessity, perform comparison collation processing of stored information at a certain number of items, a certain capacity or a certain date and time.
  • both the authentication system server 10 and the external organization server 300 can start this collation processing.
  • the external organization server 300 starts this collation processing.
  • the external organization server 300 extracts individual information of the portion where collation is performed (step S 411 ). In extracting, there is no need to compare all information stored, but in consideration of past collation conditions, range may be limited to previous existence validation information and history information.
  • the external organization server 300 sends the extracted information, and information to request for execution of comparison collation with information stored in the authentication system server 10 , to the authentication system server 10 (step S 412 ).
  • the authentication system server 10 on receiving the extracted information and the collation request information, on the basis of the individual identification ID of registered person included in the extracted information, extracts individual information of the corresponding registered person from the basic information DB 14 of its own, and compares to see whether the contents of the information in the basic information DB 14 , and the contents of received information match (step S 413 ).
  • the authentication system server 10 performs emergency warning notice to registered person individual via electronic mail and the like, and restricts the authentication system use of the registered person concerned at once.
  • the authentication system server 10 compares to see whether the contents of the history information DB 12 , and the contents of information stored in the validation information DB 13 and the like match (steps S 414 , S 415 ).
  • the authentication system server 10 confirms that information contents match in DBs 12 to 14 and in some case (step S 416 ), it sends information of “execution complete, no problem” to the external organization server 300 (step S 417 ).
  • the authentication system server 10 after sending answer information to the external organization server 300 , inputs date and time of comparison processing execution, operator of execution and judge, and sets these input information to compared and collated information and stores it (step S 418 ).
  • the authentication system server 10 deletes individual information received from the external organization server 300 (step S 419 ).
  • the external organization server 300 after receiving answer information, sets date and time of comparison processing execution, operator of execution and judge, to the extracted information and stores it (step S 420 ).
  • the external organization server 300 ends the extraction processing (step S 421 ).
  • This validation processing is also carried out in the same manner, between the authentication system server 10 and the aggregation side terminal 150 , and between the sub servers and the end side terminal 160 and the like.
  • the condition where people is surrounded by some “things” means the condition where people are surrounded by buildings such as home, working place and shops and hospital or structural things such as building structures and the like, and people exist in movement means such as electric train and airplane and vehicle and ships.
  • the condition where people are released from the “things” means the condition where people exists out of “things” of building structures and movement means, like the condition where people are walking on road, the condition where people spend exercising outdoors.
  • That a person exists means that the person exists physically in a specified place at a specified time. Therefore, individual existence information is information peculiar to the person, and must be in close relation with the individual existence.
  • information to be used in individual living deriving from the individual existence information (for example, use of electronic money information of the individual concerned, door open and close information permitted to the individual concerned and the like) is closely related with that the individual actually exists in some space.
  • the building side terminal 110 or the end side terminals 160 A, 160 B, 160 C recognize that registered person individual “is” in the condition surrounded by “things” such as building structures and the like (building, structural things such as building structures, room, airplane, vehicle, cars, automobiles, trunks, boxes, tent, capsule, locker and the like), the building structure side terminal 110 has a function to limit the use of individual information of registered person surrounded by this “thing” to terminals of this unit, or to stop the movement of usable unit of individual information.
  • things such as building structures and the like (building, structural things such as building structures, room, airplane, vehicle, cars, automobiles, trunks, boxes, tent, capsule, locker and the like)
  • the building structure side terminal 110 has a function to limit the use of individual information of registered person surrounded by this “thing” to terminals of this unit, or to stop the movement of usable unit of individual information.
  • the building side terminal 110 recognizes that registered person individual is in the condition surrounded by “things”, it sends control signal to forcibly stop the use of the individual information to terminals and the like outside of the unit, and information that it is abnormal for the individual information of the registered person to be used outside of the unit via communication line network.
  • the building side terminal 110 recognizes that the individual information is used outside of the unit, it sends warning information to terminals and servers in the authentication system via communication line network.
  • the building side terminal 110 or the end side terminals 160 A, 160 B, 160 C recognize that registered person individual “is” in the condition released from “things” such as building structures and the like, the building structure side terminal 110 has a function to limit the use of individual information of registered person released from this “thing” to terminals outside of this unit, or to enable the movement of usable unit of individual information.
  • the building side terminal 110 recognizes that registered person individual is in the condition released from “things”, it sends control signal to permit the use of the individual information to terminals and the like outside of the unit, and information that it is normal for the individual information of the registered person to be used outside of the unit via communication line network.
  • the end side terminal 160 A is installed at the knob of the outside of the door.
  • the person grips the outside door knob, and therefore, when this end side terminal 160 A reads biometrics information, it shows that the person enters the building structure.
  • the end side terminal 160 B is installed at the knob of the inside of the door.
  • the person grips the inside door knob, and therefore, when this end side terminal 160 B reads biometrics information, it shows that the person goes out of the building structure.
  • the authentication system makes at 19:00 and after, the system unusable for a person who “calls himself the registered person” or “spoofs”.
  • a person can establish both the freedom of its activity and the secrecy thereof, and the existent of the person may be covered with a “veil”. However, since individual information has become valuable toady, and there may be spoofing or virtual story by making wrong use of this “veil of existence of person”.
  • an authentication system may be made up with a structure where the building structure side terminal 110 is made upper level terminal, and various readers and sensors are made end side terminals 160 .
  • FIG. 55 is a figure showing an image around building structure.
  • the figure shows a virtual house map, and as shown therein, the building structure side terminal 110 exists in every house, and the structure may be made independently per house.
  • FIG. 56 is a figure of the image of FIG. 55 converted into one of terminal configuration of the present authentication system.
  • the aggregation side terminal 150 is installed in themselves.
  • the aggregation side terminal 150 is installed in each block association.
  • a patient makes the terminal in the building structure side terminal 110 Y read its own individual information, and at necessity, the patient inputs information of its name, age, hospital history and the like, and thereby it is recognized for the patient to come to the hospital.
  • the building structure side terminal 110 Y on collecting these individual information, sends the collected individual information to the aggregation side terminal 150 C as its upper level terminal.
  • the aggregation side terminal 150 C sends the individual information received from the building structure side terminal 110 Y, and information necessary for medical examination, dosage such as medical record browsing, insurance card number and the like stored in the comprehensive DB 151 of the aggregation side terminal 150 C, to the organization side terminal 120 G.
  • the organization side terminal 120 G on receiving these individual information necessary for medical examination, gets ready to execute medical examination preparation and medical record preparation for the patient in the hospital where its own unit is installed.
  • the unit around the building structure in the living space of the registered person individual, as the main unit of the registered person concerned, is made the base point where information use permission information generates. Further, when information network is structured so that the use permission information of individual information of the registered person moves from the main unit to other unit along with movement of the registered person, along movement route and is transmitted sequentially, it is possible for the registered person to enjoy various services by use of its own individual information.
  • the use permission (or stop) information of individual information of the registered person moves via terminals around the movement positions.
  • FIG. 57 is an image figure showing this concept.
  • information has been stored into “things (recording media)” such as a cell phone, ubiquitous communicator, IC chip or magnetic card and the like. And with the “things” as media, information is used. This has isolated the relation between people as authentication objectives and information.
  • the registered person when registered person moves the use permission places of its own individual information, first, at registration of the individual information, by use of the end side terminal 160 and the like, the registered person inputs terminal identification ID of the building structure side terminal 110 closely related to the registered person individual concerned. Meanwhile, plural terminal identification IDs of the building structure side terminal 110 that is the base point of the registered person may be registered.
  • the building structure side terminal 110 A installed in a building structure in which registered person individual lives is made “main terminal”, and a structure unit made of one or more lower level terminals managed by the building structure side terminal 110 A is made “main unit”, and the aggregation side terminal 150 A having the building structure side terminal 110 A as its lower level terminal is made “main server”.
  • the building structure side terminal 110 B additionally installed in building structures such as school and company is made “sub terminal”, and a structure unit made of one or more lower level terminals managed by the building structure side terminal 110 B is made “sub unit”, and the aggregation side terminal 150 B having the building structure side terminal 110 B as its lower level terminal is made “sub server”.
  • the building structure side terminal 110 A or the aggregation side terminal 150 A the building structure side terminal 110 B or the aggregation side terminal 150 B is made “main unit”
  • FIG. 58 is a figure showing a structure example of authentication system in daily activity range of the registered person, according to the present embodiment.
  • terminals and servers connected by line are directly connected via network, and among these, the movement route of individual identification information of the registered person at the time point when the registered person gets out of its home is shown by solid line.
  • FIG. 59 is a sequence chart showing an action example when information use permission information is transferred from the building structure side terminal 110 A to other terminal, in a 23rd embodiment of the present invention.
  • the registered person grips the door knob installed in room inside, among door knobs of its home door, and opens the door knob for going out.
  • the end side terminal 160 B attached to the door knob reads the biometrics information (for example, fingerprint information) of the registered person (step S 431 ), and sends the read biometrics information and movement information to the building structure side terminal 110 A (step S 432 ).
  • the building structure side terminal 110 A compares and collates the individual information of registered person stored beforehand in its own, and the received information from the end side terminal 160 B (step S 433 ), and performs registered person existence confirmation (step S 434 ), and at the same time stores necessary information from the information received this time newly to its own (step S 435 ).
  • the use purpose of the end side terminal 160 B is to “get out from a building structure”.
  • the building structure side terminal 110 A on receiving the biometrics information and the movement information from the end side terminal 160 B, recognizes that the registered person has got out, creates information with information showing the unit that requests for individual authentication and individual information use permission and provision of services by the authentication system changes from the current unit, added to the movement information (hereinafter, referred to as movement start information) (step S 436 ).
  • the building structure side terminal 110 A stores this movement start information to the temporary storage DB 117 A of its own.
  • movement start information or movement stop information (information with information showing the unit that requests for individual authentication and individual information use permission and provision of services by the authentication system stops moving or information showing existence information, added to the movement information) and the like, in order to be totally recognized in any terminal of the present authentication system, they may be shown by simple numeric values, for example, “001” for movement start, and “999” for stop.
  • the building structure side terminal 110 A from the registered person going out, recognizes that the registered person does not exist in the unit configured of the building structure side terminal 110 A and the end side terminals 160 A, 160 B under its management (step S 437 ).
  • the building structure side terminal 110 A in the unit, creates information showing stop command of use of the authentication system by the identification ID of the registered person, and sends it to the end side terminals 160 A, 160 B under its management (step S 438 ).
  • the building structure side terminal 110 A judges that the request for use is abnormal, and sends information to issue a warning or recognize it as an abnormal value, and forcibly stop the use, to the terminal that has requested for the use.
  • the end side terminal 160 B reads the biometrics information of registered person, and also, on receiving instruction information to lock the door key, from the building structure side terminal 110 A, locks the key.
  • the building structure side terminal 110 A recognizes that the registered person has got out of its home, and the home key has been locked.
  • the building structure side terminal 110 A can also manage security such as locking the home key.
  • the building structure side terminal 110 A sends the above movement start information to the aggregation side terminal 150 D as the upper level terminal that manages its own (step S 439 ).
  • the aggregation side terminal 150 D on receiving the movement start information from the building structure side terminal 110 A, stores this received information to the temporary storage DB 157 D of its own (step S 440 ), and recognizes that the movement of the units where the individual information of the registered person is used has started (step S 441 ).
  • the aggregation side terminal 150 D relates information showing that its own has recognized the movement start information, to the above received information, and sends it to the authentication system server 10 A that manages its own (step S 442 ).
  • the authentication system server 10 A on receiving the information from the aggregation side terminal 150 D, stores these received information to the temporary storage DB 17 A of its own (step S 443 ), and recognizes that the movement of the units where the individual information of the registered person is used has started (step S 444 ).
  • FIG. 60 ( a ) is a figure showing a structure example of authentication system in daily activity range of the registered person, according to the present embodiment.
  • FIG. 60 ( b ) is a figure showing an installation example of building structure side terminal 110 W and end side terminals 160 C, 160 D, 160 Cc, 160 Dd in the station premises.
  • end side terminals 160 Cc, 160 Dd are installed at the north ticket gate of the station, and the end side terminals 160 C, 160 D are installed at the south ticket gate.
  • FIG. 61 and FIG. 62 are each a sequence chart showing an action example when information use permission information is transferred from the building structure side terminal 110 A to the building structure side terminal 110 W, in a 24th embodiment of the present invention.
  • the building structure side terminal 110 W compares and collates the information of registered person stored beforehand in its own, and the received information from the end side terminal 160 D (step S 453 ), and performs registered person existence confirmation (step S 454 ), and at the same time stores necessary information from the information received this time newly to its own (step S 455 ).
  • the building structure side terminal 110 W confirms that the movement stop information to the effect that the registered person exists in its own unit is not stored in its own, and confirms that movement prior notice information (information of information to notify that there is a possibility that the unit that requests for individual authentication and individual information use permission may move to its own unit) is not stored in its own (step S 456 ).
  • the movement start information is the information to show the history of actual movement of the registered person, meanwhile, this movement prior notice information is the information to show the future movement schedule of the registered person.
  • This movement prior notice information in concrete, includes any information of the following 1 to 5.
  • terminal identification ID Special information added to the terminal that is scheduled to be used by the person to be authenticated (registered person) (terminal identification ID, identification number)
  • Terminal identification ID identification number of the terminal that manages scheduled unit to become the start point of action, or the main unit of the registered person individual
  • movement related information the case where the movement prior notice information, movement start information, movement stop information of the registered person (hereinafter, referred to as movement related information) is described later.
  • the building structure side terminal 110 W refers to the use purposes of respective terminals stored in its own, and reads the biometrics information by the end side terminal 160 D, and recognizes that “the registered person wants a riding as movement means” (step S 457 ), and creates the movement stop information to show that the registered person has completed the movement to the installation range of its own unit (step S 458 ).
  • the building structure side terminal 110 W stores the created movement stop information to the temporary storage DB 117 W of its own.
  • the building structure side terminal 110 W recognizes that the registered person does not exist at the outside of its own unit, by the movement stop information, and at the outside of its unit, creates information to show stop command of use of the authentication system by the identification ID of the registered person, and prepares to send it to the aggregation side terminal 150 A.
  • the building structure side terminal 110 W recognizes that the registered person exists in the installation range in its own unit, and creates information to show that there is a possibility that the registered person individual may use the present authentication system for the movement information (hereinafter, referred to as use prior notice information), and sends it with individual identification ID and the like of the registered person to respective end side terminals (step S 459 ).
  • each terminal of the unit that receives the use prior notice information refers to the search DB and the temporary storage DB and the like, and searches for the registered person, and can be prepared for authentication processing and the like after that. Thereafter, when individual information of registered person is read in the terminal concerned, it is possible to perform comparison and collation, and execute efficient authentication system operation.
  • the building structure side terminal 110 W sends the movement stop information to show movement into its own unit, and information to command the use stop in the outside of its own unit, to the aggregation side terminal 150 A as upper level terminal (step S 461 ).
  • the building structure side terminal 110 W judges the request for use as abnormal, and sends information to issue a warning or recognize it as an abnormal value, and forcibly stop the use, to the terminal that has requested for the use.
  • the aggregation side terminal 150 A on receiving the movement stop information and the like of registered person individual from the building structure side terminal 110 W, stores the received information concerned to the temporary storage DB 157 A of its own (step S 462 ).
  • the aggregation side terminal 150 A recognizes from the received information, that the unit that requests for use permission information of individual authentication and individual information has completed its movement to the unit of the building structure side terminal 110 W (step S 463 ).
  • the aggregation side terminal 150 A searches whether movement related information of registered person has been received from terminals and servers of the following 1 to 4 (step S 464 ).
  • Authentication system server 10 A that manages the aggregation side terminal 150 A
  • the aggregation side terminal 150 A confirms that it has not received the movement prior notice information and the like of registered person from the terminals and servers of the above 1 to 4, as the result of search, and sends the movement stop information to show the movement into its own unit, and information to command use stop in the outside of its own unit, to the authentication system server 10 A that manages its own (step S 465 ).
  • the authentication system server 10 A on receiving the movement stop information and the like of the registered person individual from the aggregation side terminal 150 A, stores the received information concerned to the temporary storage DB 17 A of its own (step S 466 ).
  • the authentication system server 10 A recognizes from the received information, that the unit that requests for individual authentication and individual information use permission has completed movement to the unit of the building structure side terminal 110 W (step S 467 ).
  • the authentication system server 10 A searches whether it has received the movement prior notice information and the like of registered person, from other than the aggregation side terminal 150 A and other lower level terminal in the unit that the aggregation side terminal 150 A manages (step S 468 ).
  • step S 469 No in the case when the authentication system server 10 has not received the movement prior notice information and the like from other than terminal in the unit of the aggregation side terminal 150 A (step S 469 No), it validates whether the contents of individual information of registered person stored in its own, and the contents of individual information received from the aggregation side terminal 150 A match or not from viewpoints of place and time (steps 3470 , S 471 ).
  • This validation process is same as the process in the fifth embodiment.
  • step S 472 judges that the existence of the registered person can be proved, and the input history of the individual information is matching specially and temporally (step S 472 Yes), it sends information to show that “validation of existence continuity has been completed” to the aggregation side terminal 150 A (step S 473 ).
  • This sending information is also the information to permit services and authentication system action that the registered person wants to use, in the unit that the aggregation side terminal 150 A manages.
  • the aggregation side terminal 150 A on receiving the permission information from the authentication system server 10 A, adds the received information concerned to the registered person movement stop information in the temporary storage DB 157 A of its own and stores it (step S 474 ).
  • the aggregation side terminal 150 A sends this permission information to the building structure side terminal 110 W (step S 475 ).
  • the building structure side terminal 110 W on receiving the permission information from the aggregation side terminal 150 A, adds the received information concerned to the registered person movement stop information in the temporary storage DB 117 A of its own and stores it (step S 476 ).
  • the building structure side terminal 110 W on the basis of this permission information, sends information to permit use service of the present authentication system that the registered person requests, in the present embodiment, for the registered person to enter the station premises to get on a train, to the end side terminal 160 D (step S 477 ).
  • the end side terminal 160 D on receiving the permission information from the building structure side terminal 110 W, opens the connected ticket gate door, and permits the registered person individual to enter the station premises (step S 478 ).
  • terminal installation purpose that this is an action to permit the registered person to get on a train too.
  • the authentication system server 10 sends other unit movement completion information (information of information to show that the use unit has moved to other unit, added to the movement information), to the aggregation side terminal 150 D (step S 479 ).
  • This other unit movement completion information is also the information to delete the movement related information of registered person, existing in the unit that the aggregation side terminal 150 D manages.
  • the authentication system server 10 when temporarily storing the movement related information in their own, on receiving the movement stop information to identical registered person, perform continuity matching validation of information between the movement start information and the movement stop information.
  • the movement start information may be converted into other unit movement completion information, and may be sent back to the sending source of the movement start information.
  • the aggregation side terminal 150 D on receiving the other unit movement completion information from the authentication system server 10 A, on the basis of information in the temporary storage DB 157 D of its own, extracts information to show terminal of sending source of the movement start information sent previously to the authentication system server 10 .
  • the aggregation side terminal 150 D after the extraction, specifies the building structure side terminal 110 A that has become the sending source of the movement start information. And, it sends the other unit movement completion information received this time to the building structure side terminal 110 A of the sending source (step S 480 ).
  • the aggregation side terminal 150 D deletes the movement start information of the registered person concerned, in the temporary storage DB 157 D of its own (step S 481 ).
  • the building structure side terminal 110 A on receiving the other unit movement completion information from the aggregation side terminal 150 D, on the basis of the individual identification ID included in the information concerned, searches the temporary storage DB 117 D of its own, and extracts and deletes the movement start information of the registered person concerned (step S 482 ).
  • step S 472 No judges that the existence of the registered person cannot be proved, or the input history of the individual information is not matching specially and temporally (step S 472 No), it sends information to show “no existence” or information to prompt existence validation once again, to the aggregation side terminal 150 A (step S 483 ).
  • This sending information is also the information not to permit (to prohibit) services and authentication system operation that registered person individual wants to use, in the unit that the aggregation side terminal 150 A manages.
  • the aggregation side terminal 150 A on receiving the non permission information from the authentication system server 10 A, adds the received information concerned to the registered person movement stop information in the temporary storage DB 157 A of its own and stores it (step S 484 ).
  • the aggregation side terminal 150 A sends this non permission information, and created use limit/stop information to the building structure side terminal 110 W (step S 485 ).
  • the building structure side terminal 110 W on receiving the non permission information from the aggregation side terminal 150 A, adds the received information concerned to the registered person movement stop information in the temporary storage DB 117 A of its own and stores it (step S 486 ).
  • the building structure side terminal 110 W creates use limit/stop information.
  • the building structure side terminal 110 W sends this non permission information, and created use limit/stop information to the end side terminal 160 D (step S 487 ).
  • the end side terminal 160 D on receiving those information from the building structure side terminal 110 W, displays to the registered person individual, a message to request to read the individual information once again, and message information to deny entrance (ride) (step S 488 ).
  • FIG. 63 is a figure showing an installation example of authentication systems around home and working place of registered person in the present embodiment.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Human Computer Interaction (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Telephonic Communication Services (AREA)
US11/886,749 2005-03-23 2006-03-23 Authentication System Abandoned US20090189736A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2005-083936 2005-03-23
JP2005083936 2005-03-23
PCT/JP2006/305826 WO2006101169A1 (ja) 2005-03-23 2006-03-23 認証システム

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2006/305826 A-371-Of-International WO2006101169A1 (ja) 2005-03-23 2006-03-23 認証システム

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/492,122 Division US8866586B2 (en) 2005-03-23 2012-06-08 Authentication system

Publications (1)

Publication Number Publication Date
US20090189736A1 true US20090189736A1 (en) 2009-07-30

Family

ID=37023826

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/886,749 Abandoned US20090189736A1 (en) 2005-03-23 2006-03-23 Authentication System
US13/492,122 Active US8866586B2 (en) 2005-03-23 2012-06-08 Authentication system

Family Applications After (1)

Application Number Title Priority Date Filing Date
US13/492,122 Active US8866586B2 (en) 2005-03-23 2012-06-08 Authentication system

Country Status (5)

Country Link
US (2) US20090189736A1 (ja)
EP (1) EP1868132A4 (ja)
JP (1) JP3946243B2 (ja)
CN (1) CN101167080B (ja)
WO (1) WO2006101169A1 (ja)

Cited By (87)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070250441A1 (en) * 2006-04-25 2007-10-25 Uc Group Limited Systems and methods for determining regulations governing financial transactions conducted over a network
US20080320571A1 (en) * 2007-06-25 2008-12-25 Connell Ii Thomas W Emergency responder credentialing system and method
US20090116700A1 (en) * 2007-11-06 2009-05-07 Mitsubishi Electric Corporation Entering and leaving management system
US20100004818A1 (en) * 2008-07-02 2010-01-07 Michael Phelan Driver authentication system and method for monitoring and controlling vehicle usage
US20100180127A1 (en) * 2009-01-14 2010-07-15 Motorola, Inc. Biometric authentication based upon usage history
US20100301993A1 (en) * 2009-05-28 2010-12-02 International Business Machines Corporation Pattern based security authorization
US20100306350A1 (en) * 2007-05-11 2010-12-02 Patrik Salmela HIP Node Reachability
US20110032074A1 (en) * 2009-08-07 2011-02-10 At&T Intellectual Property I, L.P. Enhanced Biometric Authentication
US20110238237A1 (en) * 2007-04-30 2011-09-29 Ford Motor Company System and method for updating vehicle computing platform configuration information
US20110316703A1 (en) * 2010-04-29 2011-12-29 Andy Butler System and Method for Ensuring Sanitation Procedures in Restrooms
US20120102559A1 (en) * 2009-06-15 2012-04-26 Akitoshi Yoshida Information processing system, terminal device, and server
US20120158602A1 (en) * 2010-12-16 2012-06-21 Aginfolink Holdings, Inc., A Bvi Corporation Intra-enterprise ingredient specification compliance
US20120197516A1 (en) * 2010-06-16 2012-08-02 Airbus Engineering Centre India System and method for aircraft taxi gate selection based on passenger connecting flight information
US20120278251A1 (en) * 2011-04-26 2012-11-01 Michael Pinsker System and method for compliant integrated paperless workflow
US20120300994A1 (en) * 2010-01-27 2012-11-29 Digital Interactive Co. Method and System for Managing Working Hours Using Post-Factum Fingerprint Registration
US20120311684A1 (en) * 2011-06-03 2012-12-06 Uc Group Limited Systems and methods for registering a user across multiple websites
US20130069763A1 (en) * 2007-09-21 2013-03-21 Sony Corporation Biological information storing apparatus, biological authentication apparatus, data structure for biological authentication, and biological authentication method
US20130214901A1 (en) * 2010-12-02 2013-08-22 Viscount Systems Inc. System, station and method for mustering
US20130218752A1 (en) * 2011-09-22 2013-08-22 Paul Pawlusiak System and method of expedited credit and loan processing
US20130326229A1 (en) * 2011-03-18 2013-12-05 Fujitsu Frontech Limited Verification apparatus, verification program, and verification method
US8660322B2 (en) 2011-08-25 2014-02-25 King Saud University Passive continuous authentication method
US20140152819A1 (en) * 2008-04-28 2014-06-05 Inventio Ag Method and system for operating electrical consumers in a building
US20140172703A1 (en) * 2012-12-19 2014-06-19 Ncr Corporation Customer verification
US20140282896A1 (en) * 2013-03-15 2014-09-18 Telmate Llc Communications system for residents of secure facility
US20140303837A1 (en) * 2013-04-09 2014-10-09 Navteq Method and apparatus for authorizing access and utilization of a vehicle
US20140303836A1 (en) * 2008-07-02 2014-10-09 Michael Phelan Driver authentication system and method for monitoring and controlling vehicle usage
US20140321719A1 (en) * 2008-02-05 2014-10-30 Bank Of America Corporation Authentication systems, operations, processing, and interactions
US20140358376A1 (en) * 2008-07-02 2014-12-04 Michael Phelan Driver authentication system and method for monitoring and controlling vehicle usage
US20140358967A1 (en) * 2012-03-28 2014-12-04 Fujitsu Limited Service search method and server device in distributed processing
US20150039527A1 (en) * 2011-01-26 2015-02-05 Eyelock Inc. Method for Confirming the Identity of an Individual While Shielding that Individual's Personal Data
US20150248798A1 (en) * 2014-02-28 2015-09-03 Honeywell International Inc. System and method having biometric identification intrusion and access control
US20150256528A1 (en) * 2010-11-29 2015-09-10 Biocatch Ltd. Method, device, and system of differentiating among users based on responses to interferences
US20160026700A1 (en) * 2014-07-26 2016-01-28 International Business Machines Corporation Updating and synchronizing existing case instances in response to solution design changes
US20160246954A1 (en) * 2013-10-15 2016-08-25 Jung Taek Kim Security card having fingerprint authentication, processing system and processing method therefor
US20160335427A1 (en) * 2015-05-14 2016-11-17 Alclear, Llc Physical token-less security screening using biometrics
US20170076089A1 (en) * 2010-11-29 2017-03-16 Biocatch Ltd. Method, system, and device of differentiating among users based on responses to interferences
US20170323151A1 (en) * 2008-07-21 2017-11-09 Facefirst, Inc. Biometric notification system
CN107426237A (zh) * 2017-08-10 2017-12-01 汪清翼嘉电子商务有限公司 一种用户个人信息的大数据网络验证系统和方法
US20180165935A1 (en) * 2016-12-13 2018-06-14 Lenovo (Singapore) Pte. Ltd. Identifying an individual based on an electronic signature
US10032010B2 (en) 2010-11-29 2018-07-24 Biocatch Ltd. System, device, and method of visual login and stochastic cryptography
US10037421B2 (en) 2010-11-29 2018-07-31 Biocatch Ltd. Device, system, and method of three-dimensional spatial user authentication
US10049209B2 (en) 2010-11-29 2018-08-14 Biocatch Ltd. Device, method, and system of differentiating between virtual machine and non-virtualized device
US10055560B2 (en) 2010-11-29 2018-08-21 Biocatch Ltd. Device, method, and system of detecting multiple users accessing the same account
US10069852B2 (en) 2010-11-29 2018-09-04 Biocatch Ltd. Detection of computerized bots and automated cyber-attack modules
US10069837B2 (en) 2015-07-09 2018-09-04 Biocatch Ltd. Detection of proxy server
US10083439B2 (en) 2010-11-29 2018-09-25 Biocatch Ltd. Device, system, and method of differentiating over multiple accounts between legitimate user and cyber-attacker
US10164985B2 (en) 2010-11-29 2018-12-25 Biocatch Ltd. Device, system, and method of recovery and resetting of user authentication factor
US10198122B2 (en) 2016-09-30 2019-02-05 Biocatch Ltd. System, device, and method of estimating force applied to a touch surface
US10262324B2 (en) 2010-11-29 2019-04-16 Biocatch Ltd. System, device, and method of differentiating among users based on user-specific page navigation sequence
US20190122006A1 (en) * 2017-10-24 2019-04-25 Merck Sharp & Dohme Corp. Adaptive model for database security and processing
US10275587B2 (en) * 2015-05-14 2019-04-30 Alclear, Llc Biometric ticketing
US10298614B2 (en) * 2010-11-29 2019-05-21 Biocatch Ltd. System, device, and method of generating and managing behavioral biometric cookies
US10346602B2 (en) * 2015-10-20 2019-07-09 Grg Banking Equipment Co., Ltd. Method and device for authenticating identify by means of fusion of multiple biological characteristics
US10397262B2 (en) 2017-07-20 2019-08-27 Biocatch Ltd. Device, system, and method of detecting overlay malware
US10395018B2 (en) 2010-11-29 2019-08-27 Biocatch Ltd. System, method, and device of detecting identity of a user and authenticating a user
US10404729B2 (en) 2010-11-29 2019-09-03 Biocatch Ltd. Device, method, and system of generating fraud-alerts for cyber-attacks
US10454939B1 (en) * 2016-06-30 2019-10-22 EMC IP Holding Company LLC Method, apparatus and computer program product for identifying excessive access rights granted to users
US10474815B2 (en) 2010-11-29 2019-11-12 Biocatch Ltd. System, device, and method of detecting malicious automatic script and code injection
US10476873B2 (en) 2010-11-29 2019-11-12 Biocatch Ltd. Device, system, and method of password-less user authentication and password-less detection of user identity
US10579784B2 (en) 2016-11-02 2020-03-03 Biocatch Ltd. System, device, and method of secure utilization of fingerprints for user authentication
US10586036B2 (en) 2010-11-29 2020-03-10 Biocatch Ltd. System, device, and method of recovery and resetting of user authentication factor
US10621585B2 (en) 2010-11-29 2020-04-14 Biocatch Ltd. Contextual mapping of web-pages, and generation of fraud-relatedness score-values
US10685355B2 (en) 2016-12-04 2020-06-16 Biocatch Ltd. Method, device, and system of detecting mule accounts and accounts used for money laundering
US10719765B2 (en) 2015-06-25 2020-07-21 Biocatch Ltd. Conditional behavioral biometrics
US10728761B2 (en) 2010-11-29 2020-07-28 Biocatch Ltd. Method, device, and system of detecting a lie of a user who inputs data
US10747305B2 (en) 2010-11-29 2020-08-18 Biocatch Ltd. Method, system, and device of authenticating identity of a user of an electronic device
US10756808B1 (en) * 2019-05-14 2020-08-25 The Boeing Company Methods and systems for transmitting terrestrial aircraft data using biometrically authenticated broadband over power line communication channels
US10776476B2 (en) 2010-11-29 2020-09-15 Biocatch Ltd. System, device, and method of visual login
US10834590B2 (en) 2010-11-29 2020-11-10 Biocatch Ltd. Method, device, and system of differentiating between a cyber-attacker and a legitimate user
US10897482B2 (en) 2010-11-29 2021-01-19 Biocatch Ltd. Method, device, and system of back-coloring, forward-coloring, and fraud detection
US10917431B2 (en) 2010-11-29 2021-02-09 Biocatch Ltd. System, method, and device of authenticating a user based on selfie image or selfie video
US10949514B2 (en) 2010-11-29 2021-03-16 Biocatch Ltd. Device, system, and method of differentiating among users based on detection of hardware components
US10949757B2 (en) 2010-11-29 2021-03-16 Biocatch Ltd. System, device, and method of detecting user identity based on motor-control loop model
US10970394B2 (en) 2017-11-21 2021-04-06 Biocatch Ltd. System, device, and method of detecting vishing attacks
US11055395B2 (en) 2016-07-08 2021-07-06 Biocatch Ltd. Step-up authentication
US11106406B2 (en) * 2019-09-20 2021-08-31 Brother Kogyo Kabushiki Kaisha Printing device and communication processing system
CN113519013A (zh) * 2019-03-04 2021-10-19 松下知识产权经营株式会社 面部认证系统以及面部认证方法
US20210329030A1 (en) * 2010-11-29 2021-10-21 Biocatch Ltd. Device, System, and Method of Detecting Vishing Attacks
US11210674B2 (en) 2010-11-29 2021-12-28 Biocatch Ltd. Method, device, and system of detecting mule accounts and accounts used for money laundering
US11223619B2 (en) 2010-11-29 2022-01-11 Biocatch Ltd. Device, system, and method of user authentication based on user-specific characteristics of task performance
US11228601B2 (en) * 2018-03-20 2022-01-18 Intel Corporation Surveillance-based relay attack prevention
US11269977B2 (en) 2010-11-29 2022-03-08 Biocatch Ltd. System, apparatus, and method of collecting and processing data in electronic devices
US11470082B2 (en) * 2020-03-31 2022-10-11 Konica Minolta Business Solutions U.S.A., Inc. Authentication server and method that provide authentication information upon interruption of power supply
US20230015789A1 (en) * 2021-07-08 2023-01-19 Vmware, Inc. Aggregation of user authorizations from different providers in a hybrid cloud environment
US11587023B2 (en) * 2010-10-12 2023-02-21 International Business Machines Corporation Tracking movement of an item
US11606353B2 (en) 2021-07-22 2023-03-14 Biocatch Ltd. System, device, and method of generating and utilizing one-time passwords
US11954188B1 (en) * 2016-11-09 2024-04-09 Wells Fargo Bank, N.A. Systems and methods for dynamic bio-behavioral authentication

Families Citing this family (70)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1868132A4 (en) 2005-03-23 2014-06-18 Ihc Corp AUTHENTICATION SYSTEM
JP5007886B2 (ja) * 2006-10-24 2012-08-22 株式会社Ihc 個人認証システム
JP4963225B2 (ja) * 2006-12-12 2012-06-27 三菱電機株式会社 個人認証システム
JP4728939B2 (ja) * 2006-12-13 2011-07-20 Necシステムテクノロジー株式会社 個人認証装置
JP5090003B2 (ja) * 2007-01-31 2012-12-05 株式会社三共 利用状況管理装置および電子マネーシステム
JP5111879B2 (ja) * 2007-01-31 2013-01-09 株式会社三共 利用状況管理装置および電子マネーシステム
JP5141102B2 (ja) * 2007-06-15 2013-02-13 沖電気工業株式会社 自動取引装置及び自動取引システム
JP5147593B2 (ja) * 2008-08-08 2013-02-20 アズビル株式会社 入退室管理システム、入退室管理方法、および受付装置
US20110153193A1 (en) * 2009-12-22 2011-06-23 General Electric Company Navigation systems and methods for users having different physical classifications
JP5334226B2 (ja) * 2010-08-23 2013-11-06 株式会社日立製作所 スケジュール管理方法及びスケジュール管理サーバ
JP5508223B2 (ja) * 2010-10-20 2014-05-28 株式会社日立製作所 個人識別システム及び方法
JP5656583B2 (ja) * 2010-11-25 2015-01-21 株式会社日本総合研究所 与信審査システム、与信審査方法、携帯型情報処理装置、及びコンピュータプログラム
US8572683B2 (en) 2011-08-15 2013-10-29 Bank Of America Corporation Method and apparatus for token-based re-authentication
US8726361B2 (en) * 2011-08-15 2014-05-13 Bank Of America Corporation Method and apparatus for token-based attribute abstraction
US9253197B2 (en) 2011-08-15 2016-02-02 Bank Of America Corporation Method and apparatus for token-based real-time risk updating
US8789143B2 (en) * 2011-08-15 2014-07-22 Bank Of America Corporation Method and apparatus for token-based conditioning
US9055053B2 (en) 2011-08-15 2015-06-09 Bank Of America Corporation Method and apparatus for token-based combining of risk ratings
US8950002B2 (en) 2011-08-15 2015-02-03 Bank Of America Corporation Method and apparatus for token-based access of related resources
US8752124B2 (en) 2011-08-15 2014-06-10 Bank Of America Corporation Apparatus and method for performing real-time authentication using subject token combinations
US8539558B2 (en) 2011-08-15 2013-09-17 Bank Of America Corporation Method and apparatus for token-based token termination
US8910290B2 (en) * 2011-08-15 2014-12-09 Bank Of America Corporation Method and apparatus for token-based transaction tagging
US8806602B2 (en) 2011-08-15 2014-08-12 Bank Of America Corporation Apparatus and method for performing end-to-end encryption
CN103810596A (zh) * 2012-02-29 2014-05-21 汪风珍 预留验证信息识别
CN103389694B (zh) * 2012-05-11 2016-04-27 北京北方微电子基地设备工艺研究中心有限责任公司 工厂自动化验证系统及方法
KR101378319B1 (ko) * 2012-05-21 2014-04-04 (주)싸이버원 보안처리시스템 및 방법
US8756085B1 (en) * 2013-03-15 2014-06-17 State Farm Mutual Automobile Insurance Company Systems and methods for assessing property damage
US9721086B2 (en) 2013-03-15 2017-08-01 Advanced Elemental Technologies, Inc. Methods and systems for secure and reliable identity-based computing
US9378065B2 (en) 2013-03-15 2016-06-28 Advanced Elemental Technologies, Inc. Purposeful computing
US9430624B1 (en) * 2013-04-30 2016-08-30 United Services Automobile Association (Usaa) Efficient logon
US9509676B1 (en) 2013-04-30 2016-11-29 United Services Automobile Association (Usaa) Efficient startup and logon
JP5930218B2 (ja) 2013-10-30 2016-06-08 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation ユーザの操作を制限する機能を有する情報処理装置、方法、及び、プログラム
WO2015071980A1 (ja) * 2013-11-13 2015-05-21 楽天株式会社 監視支援装置
US9264539B2 (en) * 2014-01-02 2016-02-16 Chung-Yu Lin Authentication method and system for screening network caller ID spoofs and malicious phone calls
WO2015191844A2 (en) * 2014-06-11 2015-12-17 Defensory, Inc. Improved alarm system
JP6397728B2 (ja) * 2014-11-07 2018-09-26 株式会社日立製作所 交通カード処理システムおよび交通カード処理システム
CN104680131B (zh) * 2015-01-29 2019-01-11 深圳云天励飞技术有限公司 基于身份证件信息和人脸多重特征识别的身份验证方法
WO2016154944A1 (en) * 2015-03-31 2016-10-06 SZ DJI Technology Co., Ltd. Systems and methods for tracking uav activity
WO2016154949A1 (en) 2015-03-31 2016-10-06 SZ DJI Technology Co., Ltd. Authentication systems and methods for generating flight regulations
JP6459014B2 (ja) 2015-03-31 2019-01-30 エスゼット ディージェイアイ テクノロジー カンパニー リミテッドSz Dji Technology Co.,Ltd ジオフェンシング装置
US11531737B1 (en) 2015-07-30 2022-12-20 The Government of the United States of America, as represented by the Secretary of Homeland Security Biometric identity disambiguation
JP6381861B2 (ja) * 2016-05-27 2018-08-29 三菱電機株式会社 登録先決定装置、登録装置、秘匿検索システム、登録先決定方法及び登録先決定プログラム
CN107978034B (zh) * 2016-10-25 2020-05-22 杭州海康威视数字技术股份有限公司 一种门禁控制方法及系统、控制器及终端
CN107452166B (zh) * 2017-06-27 2023-08-22 长江大学 一种基于声纹识别的图书馆借书方法及装置
CN107403114B (zh) * 2017-07-25 2020-09-22 苏州浪潮智能科技有限公司 一种锁定输入的结构及方法
JP6838211B2 (ja) * 2017-07-31 2021-03-03 日立Astemo株式会社 自律運転制御装置、自律移動車及び自律移動車制御システム
TWI636355B (zh) * 2017-08-01 2018-09-21 群光電能科技股份有限公司 電子印章
CN109325325B (zh) 2017-08-01 2022-04-12 群光电能科技股份有限公司 数字认证系统
US10997807B2 (en) * 2017-08-18 2021-05-04 Carrier Corporation Method to create a building path for building occupants based on historic information
TWI646474B (zh) * 2017-08-28 2019-01-01 關楗股份有限公司 用於身分核實系統中的造假生物特徵過濾裝置
CN109426713B (zh) 2017-08-28 2022-05-24 关楗股份有限公司 用于身份核实系统中的造假生物特征过滤装置
KR101915602B1 (ko) * 2017-12-28 2018-11-07 주식회사 신화시스템 출입통제시스템에 대한 출입권한 관리방법 및 그 방법을 수행하는 프로그램을 기록한 컴퓨터 판독 가능한 기록매체
CN108182765A (zh) * 2018-02-02 2018-06-19 深圳爱影科技有限公司 用于实现vr眼镜共享的智能柜系统
GB2573262B (en) * 2018-03-08 2022-04-13 Benefit Vantage Ltd Mobile identification method based on SIM card and device-related parameters
CN112424773B (zh) * 2018-07-24 2023-11-14 三菱电机楼宇解决方案株式会社 内容发布装置、内容发布方法和存储介质
US11127013B1 (en) 2018-10-05 2021-09-21 The Government of the United States of America, as represented by the Secretary of Homeland Security System and method for disambiguated biometric identification
US11743723B2 (en) 2019-09-16 2023-08-29 Microstrategy Incorporated Predictively providing access to resources
CN110825924B (zh) * 2019-11-01 2022-12-06 深圳市卡牛科技有限公司 一种数据检测方法、装置及存储介质
KR102614345B1 (ko) * 2020-02-14 2023-12-18 에코스솔루션(주) 대형건물 미세먼지 알림 시스템의 구동방법
JP7452622B2 (ja) 2020-03-02 2024-03-19 日本電気株式会社 提示制御装置、システム、方法及びプログラム
CN111461018B (zh) * 2020-04-01 2023-07-07 北京金和网络股份有限公司 特种设备监测方法及装置
CN112861170B (zh) * 2020-08-03 2023-03-31 德能森智能科技(成都)有限公司 一种保护隐私的智慧园区管理系统
US11797946B2 (en) 2020-11-10 2023-10-24 International Business Machines Corporation Transportation boarding time notification
DE102020214914A1 (de) 2020-11-27 2022-06-02 Sivantos Pte. Ltd. Verfahren zur Unterstützung eines Nutzers eines Hörgerätes, Hörgerät und Computerprogrammprodukt
CN112968775B (zh) * 2021-02-01 2022-06-24 杭州齐令信息科技有限公司 人员生物特征识别系统
CN112883349B (zh) * 2021-04-29 2021-07-20 深圳市科力锐科技有限公司 数据还原方法、装置、设备及存储介质
CN113593082B (zh) * 2021-05-14 2023-05-23 国家电网有限公司技术学院分公司 一种基于区块链的五防锁具管理方法及系统
KR102533108B1 (ko) * 2021-05-28 2023-05-16 주식회사 아이피나우 특허 관리서버 및 이를 포함하는 특허 관리시스템
JP2022187268A (ja) * 2021-06-07 2022-12-19 東芝テック株式会社 情報処理システム、情報処理装置及びその制御プログラム
CN113850945B (zh) * 2021-09-27 2023-02-17 杭州海康威视数字技术股份有限公司 一种门禁控制方法和多门禁主机反潜回系统
CN113677001B (zh) * 2021-10-25 2022-02-08 山东开创电气有限公司 具有自动智能补偿uwb定位精度装置及方法

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5229764A (en) * 1991-06-20 1993-07-20 Matchett Noel D Continuous biometric authentication matrix
US5719918A (en) * 1995-07-06 1998-02-17 Newnet, Inc. Short message transaction handling system
US6040783A (en) * 1995-05-08 2000-03-21 Image Data, Llc System and method for remote, wireless positive identity verification
US6233588B1 (en) * 1998-12-02 2001-05-15 Lenel Systems International, Inc. System for security access control in multiple regions
US20020098851A1 (en) * 2001-01-24 2002-07-25 Motorola Inc. Method and system for validating a mobile station location fix
US20020163882A1 (en) * 2001-03-01 2002-11-07 Akamai Technologies, Inc. Optimal route selection in a content delivery network

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5268670A (en) * 1991-10-04 1993-12-07 Senior Technologies, Inc. Alert condition system usable for personnel monitoring
US6218945B1 (en) * 1997-09-10 2001-04-17 John E Taylor, Jr. Augmented monitoring system
JP2000040064A (ja) * 1998-07-24 2000-02-08 Ntt Data Corp ネットワークアクセスの認証方式
JP3797523B2 (ja) * 1998-08-12 2006-07-19 富士通サポートアンドサービス株式会社 指紋による個人認証システム
JP2000092567A (ja) 1998-09-07 2000-03-31 Toyota Motor Corp 端末装置の認証装置
JP2000090567A (ja) * 1998-09-09 2000-03-31 Sony Corp ディジタル信号の伝送装置、ディジタル信号の伝送方法及びディジタル信号の記録媒体
WO2000069111A2 (en) * 1999-05-10 2000-11-16 Rienzo Andrew L Di Authentication
JP2002064861A (ja) * 2000-08-14 2002-02-28 Pioneer Electronic Corp 本人認証システム
US20030070100A1 (en) * 2001-10-05 2003-04-10 Winkler Marvin J. Computer network activity access apparatus incorporating user authentication and positioning system
JP2004086560A (ja) 2002-08-27 2004-03-18 Yamaha Corp 情報配信システム及び方法、並びに、情報配信制御装置、方法及びプログラム
JP2004204629A (ja) * 2002-12-26 2004-07-22 Yamatake Corp 入退室管理システムおよび方法
JP4776170B2 (ja) * 2003-01-29 2011-09-21 技研商事インターナショナル株式会社 ロケーション証明システム
JP4312523B2 (ja) * 2003-07-04 2009-08-12 ソフトバンクモバイル株式会社 ドア施錠解錠システム
JP4507520B2 (ja) * 2003-07-18 2010-07-21 株式会社日立製作所 ナビゲーションシステム
EP1868132A4 (en) 2005-03-23 2014-06-18 Ihc Corp AUTHENTICATION SYSTEM

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5229764A (en) * 1991-06-20 1993-07-20 Matchett Noel D Continuous biometric authentication matrix
US6040783A (en) * 1995-05-08 2000-03-21 Image Data, Llc System and method for remote, wireless positive identity verification
US5719918A (en) * 1995-07-06 1998-02-17 Newnet, Inc. Short message transaction handling system
US6233588B1 (en) * 1998-12-02 2001-05-15 Lenel Systems International, Inc. System for security access control in multiple regions
US20020098851A1 (en) * 2001-01-24 2002-07-25 Motorola Inc. Method and system for validating a mobile station location fix
US20020163882A1 (en) * 2001-03-01 2002-11-07 Akamai Technologies, Inc. Optimal route selection in a content delivery network

Cited By (159)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070250441A1 (en) * 2006-04-25 2007-10-25 Uc Group Limited Systems and methods for determining regulations governing financial transactions conducted over a network
US8751104B2 (en) * 2007-04-30 2014-06-10 Ford Motor Company System and method for updating vehicle computing platform configuration information
US20110238237A1 (en) * 2007-04-30 2011-09-29 Ford Motor Company System and method for updating vehicle computing platform configuration information
US20100306350A1 (en) * 2007-05-11 2010-12-02 Patrik Salmela HIP Node Reachability
US8788629B2 (en) * 2007-05-11 2014-07-22 Optis Wireless Technology, Llc HIP node reachability
US8068007B2 (en) * 2007-06-25 2011-11-29 WidePoint Corporation Emergency responder credentialing system and method
US20080317218A1 (en) * 2007-06-25 2008-12-25 Connell Ii Thomas W Emergency responder credentialing system and method
US8063737B2 (en) * 2007-06-25 2011-11-22 WidePoint Corporation Emergency responder credentialing system and method
US8068008B2 (en) * 2007-06-25 2011-11-29 WidePoint Corporation Emergency responder credentialing system and method
US20080320572A1 (en) * 2007-06-25 2008-12-25 Connell Ii Thomas W Emergency responder credentialing system and method
US20080320571A1 (en) * 2007-06-25 2008-12-25 Connell Ii Thomas W Emergency responder credentialing system and method
US9715775B2 (en) * 2007-09-21 2017-07-25 Sony Corporation Biological information storing apparatus, biological authentication apparatus, data structure for biological authentication, and biological authentication method
US20130069763A1 (en) * 2007-09-21 2013-03-21 Sony Corporation Biological information storing apparatus, biological authentication apparatus, data structure for biological authentication, and biological authentication method
US20090116700A1 (en) * 2007-11-06 2009-05-07 Mitsubishi Electric Corporation Entering and leaving management system
US8209264B2 (en) 2007-11-06 2012-06-26 Mitsubishi Electric Corporation Entering and leaving management system
US20140321719A1 (en) * 2008-02-05 2014-10-30 Bank Of America Corporation Authentication systems, operations, processing, and interactions
US9607456B2 (en) * 2008-04-28 2017-03-28 Inventio Ag Method and system for operating electrical consumers in a building
US20140152819A1 (en) * 2008-04-28 2014-06-05 Inventio Ag Method and system for operating electrical consumers in a building
US9908508B2 (en) * 2008-07-02 2018-03-06 Michael Phelan Driver authentication system and method for monitoring and controlling vehicle usage
US10259470B2 (en) * 2008-07-02 2019-04-16 The Phelan Group, Llc Driver authentication system and method for monitoring and controlling vehicle usage
US20150314755A1 (en) * 2008-07-02 2015-11-05 Michael Phelan Driver authentication system and method for monitoring and controlling vehicle usage
US11352020B2 (en) * 2008-07-02 2022-06-07 Michael Phelan Driver authentication system and method for monitoring and controlling vehicle usage
US9493149B2 (en) * 2008-07-02 2016-11-15 Michael Phelan Driver authentication system and method for monitoring and controlling vehicle usage
US20140358376A1 (en) * 2008-07-02 2014-12-04 Michael Phelan Driver authentication system and method for monitoring and controlling vehicle usage
US8417415B2 (en) * 2008-07-02 2013-04-09 Michael Phelan Driver authentication system and method for monitoring and controlling vehicle usage
US9045101B2 (en) * 2008-07-02 2015-06-02 Michael Phelan Driver authentication system and method for monitoring and controlling vehicle usage
US10259465B2 (en) * 2008-07-02 2019-04-16 The Phelan Group, Llc Driver authentication system and method for monitoring and controlling vehicle usage
US20100004818A1 (en) * 2008-07-02 2010-01-07 Michael Phelan Driver authentication system and method for monitoring and controlling vehicle usage
US20140303836A1 (en) * 2008-07-02 2014-10-09 Michael Phelan Driver authentication system and method for monitoring and controlling vehicle usage
US11472427B2 (en) * 2008-07-02 2022-10-18 Michael Phelan Driver authentication system and method for monitoring and controlling vehicle usage
US10043060B2 (en) * 2008-07-21 2018-08-07 Facefirst, Inc. Biometric notification system
US20170323151A1 (en) * 2008-07-21 2017-11-09 Facefirst, Inc. Biometric notification system
US20100180127A1 (en) * 2009-01-14 2010-07-15 Motorola, Inc. Biometric authentication based upon usage history
US20100301993A1 (en) * 2009-05-28 2010-12-02 International Business Machines Corporation Pattern based security authorization
US20120102559A1 (en) * 2009-06-15 2012-04-26 Akitoshi Yoshida Information processing system, terminal device, and server
US8621588B2 (en) * 2009-06-15 2013-12-31 National University Corporation Asahikawa Medical University Information processing system, terminal device, and server
US20110032074A1 (en) * 2009-08-07 2011-02-10 At&T Intellectual Property I, L.P. Enhanced Biometric Authentication
US8384514B2 (en) * 2009-08-07 2013-02-26 At&T Intellectual Property I, L.P. Enhanced biometric authentication
US9491168B2 (en) 2009-08-07 2016-11-08 At&T Intellectual Property I, L.P. Methods, systems, devices, and products for authenticating users
US8912882B2 (en) 2009-08-07 2014-12-16 At&T Intellectual Property I, L.P. Methods, systems, devices, and products for authenticating users
US20120300994A1 (en) * 2010-01-27 2012-11-29 Digital Interactive Co. Method and System for Managing Working Hours Using Post-Factum Fingerprint Registration
US20110316703A1 (en) * 2010-04-29 2011-12-29 Andy Butler System and Method for Ensuring Sanitation Procedures in Restrooms
US8548720B2 (en) * 2010-06-16 2013-10-01 Arbus Engineering Centre India System and method for aircraft taxi gate selection based on passenger connecting flight information
US20120197516A1 (en) * 2010-06-16 2012-08-02 Airbus Engineering Centre India System and method for aircraft taxi gate selection based on passenger connecting flight information
US11587023B2 (en) * 2010-10-12 2023-02-21 International Business Machines Corporation Tracking movement of an item
US10055560B2 (en) 2010-11-29 2018-08-21 Biocatch Ltd. Device, method, and system of detecting multiple users accessing the same account
US10949757B2 (en) 2010-11-29 2021-03-16 Biocatch Ltd. System, device, and method of detecting user identity based on motor-control loop model
US11838118B2 (en) * 2010-11-29 2023-12-05 Biocatch Ltd. Device, system, and method of detecting vishing attacks
US11741476B2 (en) * 2010-11-29 2023-08-29 Biocatch Ltd. Method, device, and system of detecting mule accounts and accounts used for money laundering
US20150256528A1 (en) * 2010-11-29 2015-09-10 Biocatch Ltd. Method, device, and system of differentiating among users based on responses to interferences
US20230153820A1 (en) * 2010-11-29 2023-05-18 Biocatch Ltd. Method, Device, and System of Detecting Mule Accounts and Accounts used for Money Laundering
US10262324B2 (en) 2010-11-29 2019-04-16 Biocatch Ltd. System, device, and method of differentiating among users based on user-specific page navigation sequence
US11580553B2 (en) * 2010-11-29 2023-02-14 Biocatch Ltd. Method, device, and system of detecting mule accounts and accounts used for money laundering
US11425563B2 (en) 2010-11-29 2022-08-23 Biocatch Ltd. Method, device, and system of differentiating between a cyber-attacker and a legitimate user
US11330012B2 (en) * 2010-11-29 2022-05-10 Biocatch Ltd. System, method, and device of authenticating a user based on selfie image or selfie video
US10395018B2 (en) 2010-11-29 2019-08-27 Biocatch Ltd. System, method, and device of detecting identity of a user and authenticating a user
US11314849B2 (en) 2010-11-29 2022-04-26 Biocatch Ltd. Method, device, and system of detecting a lie of a user who inputs data
US20220108319A1 (en) * 2010-11-29 2022-04-07 Biocatch Ltd. Method, Device, and System of Detecting Mule Accounts and Accounts used for Money Laundering
US11269977B2 (en) 2010-11-29 2022-03-08 Biocatch Ltd. System, apparatus, and method of collecting and processing data in electronic devices
US9531701B2 (en) * 2010-11-29 2016-12-27 Biocatch Ltd. Method, device, and system of differentiating among users based on responses to interferences
US20170076089A1 (en) * 2010-11-29 2017-03-16 Biocatch Ltd. Method, system, and device of differentiating among users based on responses to interferences
US11250435B2 (en) 2010-11-29 2022-02-15 Biocatch Ltd. Contextual mapping of web-pages, and generation of fraud-relatedness score-values
US11223619B2 (en) 2010-11-29 2022-01-11 Biocatch Ltd. Device, system, and method of user authentication based on user-specific characteristics of task performance
US11210674B2 (en) 2010-11-29 2021-12-28 Biocatch Ltd. Method, device, and system of detecting mule accounts and accounts used for money laundering
US20210329030A1 (en) * 2010-11-29 2021-10-21 Biocatch Ltd. Device, System, and Method of Detecting Vishing Attacks
US9747436B2 (en) * 2010-11-29 2017-08-29 Biocatch Ltd. Method, system, and device of differentiating among users based on responses to interferences
US10298614B2 (en) * 2010-11-29 2019-05-21 Biocatch Ltd. System, device, and method of generating and managing behavioral biometric cookies
US10949514B2 (en) 2010-11-29 2021-03-16 Biocatch Ltd. Device, system, and method of differentiating among users based on detection of hardware components
US10917431B2 (en) 2010-11-29 2021-02-09 Biocatch Ltd. System, method, and device of authenticating a user based on selfie image or selfie video
US10897482B2 (en) 2010-11-29 2021-01-19 Biocatch Ltd. Method, device, and system of back-coloring, forward-coloring, and fraud detection
US10834590B2 (en) 2010-11-29 2020-11-10 Biocatch Ltd. Method, device, and system of differentiating between a cyber-attacker and a legitimate user
US10776476B2 (en) 2010-11-29 2020-09-15 Biocatch Ltd. System, device, and method of visual login
US10032010B2 (en) 2010-11-29 2018-07-24 Biocatch Ltd. System, device, and method of visual login and stochastic cryptography
US10037421B2 (en) 2010-11-29 2018-07-31 Biocatch Ltd. Device, system, and method of three-dimensional spatial user authentication
US10747305B2 (en) 2010-11-29 2020-08-18 Biocatch Ltd. Method, system, and device of authenticating identity of a user of an electronic device
US10728761B2 (en) 2010-11-29 2020-07-28 Biocatch Ltd. Method, device, and system of detecting a lie of a user who inputs data
US10621585B2 (en) 2010-11-29 2020-04-14 Biocatch Ltd. Contextual mapping of web-pages, and generation of fraud-relatedness score-values
US10049209B2 (en) 2010-11-29 2018-08-14 Biocatch Ltd. Device, method, and system of differentiating between virtual machine and non-virtualized device
US10586036B2 (en) 2010-11-29 2020-03-10 Biocatch Ltd. System, device, and method of recovery and resetting of user authentication factor
US10069852B2 (en) 2010-11-29 2018-09-04 Biocatch Ltd. Detection of computerized bots and automated cyber-attack modules
US10476873B2 (en) 2010-11-29 2019-11-12 Biocatch Ltd. Device, system, and method of password-less user authentication and password-less detection of user identity
US10083439B2 (en) 2010-11-29 2018-09-25 Biocatch Ltd. Device, system, and method of differentiating over multiple accounts between legitimate user and cyber-attacker
US10474815B2 (en) 2010-11-29 2019-11-12 Biocatch Ltd. System, device, and method of detecting malicious automatic script and code injection
US10164985B2 (en) 2010-11-29 2018-12-25 Biocatch Ltd. Device, system, and method of recovery and resetting of user authentication factor
US10404729B2 (en) 2010-11-29 2019-09-03 Biocatch Ltd. Device, method, and system of generating fraud-alerts for cyber-attacks
US8907763B2 (en) * 2010-12-02 2014-12-09 Viscount Security Systems Inc. System, station and method for mustering
US20130214901A1 (en) * 2010-12-02 2013-08-22 Viscount Systems Inc. System, station and method for mustering
US20120158602A1 (en) * 2010-12-16 2012-06-21 Aginfolink Holdings, Inc., A Bvi Corporation Intra-enterprise ingredient specification compliance
US10043229B2 (en) * 2011-01-26 2018-08-07 Eyelock Llc Method for confirming the identity of an individual while shielding that individual's personal data
US20150039527A1 (en) * 2011-01-26 2015-02-05 Eyelock Inc. Method for Confirming the Identity of an Individual While Shielding that Individual's Personal Data
US9197416B2 (en) * 2011-03-18 2015-11-24 Fujitsu Frontech Limited Verification apparatus, verification program, and verification method
US20130326229A1 (en) * 2011-03-18 2013-12-05 Fujitsu Frontech Limited Verification apparatus, verification program, and verification method
US20120278251A1 (en) * 2011-04-26 2012-11-01 Michael Pinsker System and method for compliant integrated paperless workflow
US8832809B2 (en) * 2011-06-03 2014-09-09 Uc Group Limited Systems and methods for registering a user across multiple websites
US20120311684A1 (en) * 2011-06-03 2012-12-06 Uc Group Limited Systems and methods for registering a user across multiple websites
US8660322B2 (en) 2011-08-25 2014-02-25 King Saud University Passive continuous authentication method
US20150161726A1 (en) * 2011-09-22 2015-06-11 Paul Pawlusiak System and method of expedited credit and loan processing
US8909551B2 (en) * 2011-09-22 2014-12-09 Paul Pawlusiak System and method of expedited credit and loan processing
US20130218752A1 (en) * 2011-09-22 2013-08-22 Paul Pawlusiak System and method of expedited credit and loan processing
US20140358967A1 (en) * 2012-03-28 2014-12-04 Fujitsu Limited Service search method and server device in distributed processing
US20140172703A1 (en) * 2012-12-19 2014-06-19 Ncr Corporation Customer verification
US10650378B2 (en) * 2012-12-19 2020-05-12 Ncr Corporation Customer verification
US9516030B2 (en) 2013-03-15 2016-12-06 Intelmate Llc Communications system for residents of secure facility
US9231954B2 (en) * 2013-03-15 2016-01-05 Telmate, Llc Communications system for residents of secure facility
US20140282896A1 (en) * 2013-03-15 2014-09-18 Telmate Llc Communications system for residents of secure facility
US20140303837A1 (en) * 2013-04-09 2014-10-09 Navteq Method and apparatus for authorizing access and utilization of a vehicle
US10140439B2 (en) * 2013-10-15 2018-11-27 Jung Taek Kim Security card having fingerprint authentication, processing system and processing method therefor
US20160246954A1 (en) * 2013-10-15 2016-08-25 Jung Taek Kim Security card having fingerprint authentication, processing system and processing method therefor
US9652915B2 (en) * 2014-02-28 2017-05-16 Honeywell International Inc. System and method having biometric identification intrusion and access control
US20150248798A1 (en) * 2014-02-28 2015-09-03 Honeywell International Inc. System and method having biometric identification intrusion and access control
US20160026700A1 (en) * 2014-07-26 2016-01-28 International Business Machines Corporation Updating and synchronizing existing case instances in response to solution design changes
US10552597B2 (en) * 2015-05-14 2020-02-04 Alclear, Llc Biometric ticketing
US10489573B2 (en) * 2015-05-14 2019-11-26 Alclear, Llc Physical token-less security screening using biometrics
US10268813B2 (en) * 2015-05-14 2019-04-23 Alclear, Llc Physical token-less security screening using biometrics
US11687637B2 (en) * 2015-05-14 2023-06-27 Alclear. Llc Biometric ticketing
US11687638B2 (en) * 2015-05-14 2023-06-27 Alclear, Llc Biometric ticketing
US10049201B2 (en) * 2015-05-14 2018-08-14 Alclear, Llc Physical token-less security screening using biometrics
US20220237278A1 (en) * 2015-05-14 2022-07-28 Alclear, Llc Biometric ticketing
US20180032713A1 (en) * 2015-05-14 2018-02-01 Alclear, Llc Physical token-less security screening using biometrics
US20220237279A1 (en) * 2015-05-14 2022-07-28 Alclear, Llc Biometric ticketing
US9870459B2 (en) * 2015-05-14 2018-01-16 Alclear, Llc Physical token-less security screening using biometrics
US11620369B2 (en) * 2015-05-14 2023-04-04 Alclear, Llc Biometric ticketing
US11232183B2 (en) * 2015-05-14 2022-01-25 Alclear, Llc Biometric ticketing
US10275587B2 (en) * 2015-05-14 2019-04-30 Alclear, Llc Biometric ticketing
US20160335427A1 (en) * 2015-05-14 2016-11-17 Alclear, Llc Physical token-less security screening using biometrics
US20210240811A1 (en) * 2015-05-14 2021-08-05 Alclear, Llc Biometric ticketing
US11841934B2 (en) * 2015-05-14 2023-12-12 Alclear, Llc Biometric ticketing
US10515202B2 (en) * 2015-05-14 2019-12-24 Alclear, Llc Physical token-less security screening using biometrics
US9721081B2 (en) * 2015-05-14 2017-08-01 Alclear, Llc Physical token-less security screening using biometrics
US10268812B2 (en) * 2015-05-14 2019-04-23 Alclear, Llc Physical token-less security screening using biometrics
US10528716B2 (en) * 2015-05-14 2020-01-07 Alclear, Llc Biometric ticketing
US20220012320A1 (en) * 2015-05-14 2022-01-13 Alclear, Llc Biometric ticketing
US10719765B2 (en) 2015-06-25 2020-07-21 Biocatch Ltd. Conditional behavioral biometrics
US11238349B2 (en) 2015-06-25 2022-02-01 Biocatch Ltd. Conditional behavioural biometrics
US11323451B2 (en) * 2015-07-09 2022-05-03 Biocatch Ltd. System, device, and method for detection of proxy server
US10834090B2 (en) * 2015-07-09 2020-11-10 Biocatch Ltd. System, device, and method for detection of proxy server
US10523680B2 (en) * 2015-07-09 2019-12-31 Biocatch Ltd. System, device, and method for detecting a proxy server
US10069837B2 (en) 2015-07-09 2018-09-04 Biocatch Ltd. Detection of proxy server
US10346602B2 (en) * 2015-10-20 2019-07-09 Grg Banking Equipment Co., Ltd. Method and device for authenticating identify by means of fusion of multiple biological characteristics
US10454939B1 (en) * 2016-06-30 2019-10-22 EMC IP Holding Company LLC Method, apparatus and computer program product for identifying excessive access rights granted to users
US11055395B2 (en) 2016-07-08 2021-07-06 Biocatch Ltd. Step-up authentication
US10198122B2 (en) 2016-09-30 2019-02-05 Biocatch Ltd. System, device, and method of estimating force applied to a touch surface
US10579784B2 (en) 2016-11-02 2020-03-03 Biocatch Ltd. System, device, and method of secure utilization of fingerprints for user authentication
US11954188B1 (en) * 2016-11-09 2024-04-09 Wells Fargo Bank, N.A. Systems and methods for dynamic bio-behavioral authentication
US10685355B2 (en) 2016-12-04 2020-06-16 Biocatch Ltd. Method, device, and system of detecting mule accounts and accounts used for money laundering
US20180165935A1 (en) * 2016-12-13 2018-06-14 Lenovo (Singapore) Pte. Ltd. Identifying an individual based on an electronic signature
US10339777B2 (en) * 2016-12-13 2019-07-02 Lenovo (Singapore) Pte. Ltd. Identifying an individual based on an electronic signature
US10397262B2 (en) 2017-07-20 2019-08-27 Biocatch Ltd. Device, system, and method of detecting overlay malware
CN107426237A (zh) * 2017-08-10 2017-12-01 汪清翼嘉电子商务有限公司 一种用户个人信息的大数据网络验证系统和方法
US10909266B2 (en) * 2017-10-24 2021-02-02 Merck Sharp & Dohme Corp. Adaptive model for database security and processing
US20190122006A1 (en) * 2017-10-24 2019-04-25 Merck Sharp & Dohme Corp. Adaptive model for database security and processing
US10970394B2 (en) 2017-11-21 2021-04-06 Biocatch Ltd. System, device, and method of detecting vishing attacks
US11228601B2 (en) * 2018-03-20 2022-01-18 Intel Corporation Surveillance-based relay attack prevention
CN113519013A (zh) * 2019-03-04 2021-10-19 松下知识产权经营株式会社 面部认证系统以及面部认证方法
US10756808B1 (en) * 2019-05-14 2020-08-25 The Boeing Company Methods and systems for transmitting terrestrial aircraft data using biometrically authenticated broadband over power line communication channels
US11106406B2 (en) * 2019-09-20 2021-08-31 Brother Kogyo Kabushiki Kaisha Printing device and communication processing system
US11470082B2 (en) * 2020-03-31 2022-10-11 Konica Minolta Business Solutions U.S.A., Inc. Authentication server and method that provide authentication information upon interruption of power supply
US20230015789A1 (en) * 2021-07-08 2023-01-19 Vmware, Inc. Aggregation of user authorizations from different providers in a hybrid cloud environment
US11606353B2 (en) 2021-07-22 2023-03-14 Biocatch Ltd. System, device, and method of generating and utilizing one-time passwords

Also Published As

Publication number Publication date
CN101167080B (zh) 2012-01-04
US8866586B2 (en) 2014-10-21
EP1868132A4 (en) 2014-06-18
WO2006101169A1 (ja) 2006-09-28
EP1868132A1 (en) 2007-12-19
JPWO2006101169A1 (ja) 2008-09-04
CN101167080A (zh) 2008-04-23
JP3946243B2 (ja) 2007-07-18
US20120256725A1 (en) 2012-10-11

Similar Documents

Publication Publication Date Title
US8866586B2 (en) Authentication system
US10810518B2 (en) Automated internet based interactive travel planning and management system
JP5007886B2 (ja) 個人認証システム
US7334259B2 (en) National identification card system and biometric identity verification method for negotiating transactions
WO2005109365A1 (ja) 行動管理システム
US20060102717A1 (en) Enhancing security for facilities and authorizing providers
Sobel The Demeaning of Identity and Personhood in National Indentification Systems
US10142836B2 (en) Secure mobile device
US20030086594A1 (en) Providing identity and security information
AU2002340091A1 (en) National identification card system and biometric identity verification method for negotiating transactions
Islam et al. Variations in COVID strategies: Determinants and lessons
Koslowski et al. International cooperation on travel document security in the developed world
WO2022176042A1 (ja) サーバ装置、システム、生体認証方法及び記憶媒体
Eaton The privacy card: A low cost strategy to combat terrorism
Jain et al. Novel Approach to Improve Security Systems
AU2004201042B2 (en) Entry system
Meyers et al. CERIAS tech report 2005-22—Extended version: Are biometric technologies the wave of the future in hospitality & tourism
Balogun et al. CITIZENSHIP INFORMATION MANAGEMENT CARD SYSTEM FOR EFFECTIVE USAGE

Legal Events

Date Code Title Description
AS Assignment

Owner name: IHC CORPORATION, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HAYASHI, HITOSHI;REEL/FRAME:021946/0290

Effective date: 20081113

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION