WO1999060485A1 - Authentication card system - Google Patents

Abstract

Biological feature data, such as handwriting or sound spectrogram, for identifying the user (8) is acquired, and then a user authentication voucher (7) on which at least part of the biological feature data is recorded is issued. By comparing the contents recorded on the user authentication voucher (7) read by an authentication voucher reader (41) with the user's biological feature data inputted into an authentication acquisition device, an authentication use office (4) authenticates the user directly. Authentication stations (2, 3) are installed to record part of the biological feature of the user in each authentication station. In response to an inquiry of the authentication use office (4), additional authentication is made to improve the reliability of authentication. An authentication IC card used in this system includes a CPU, an authentication file where authentication information is stored, and application files sorted according to the depth of authentication.

Description

 Detail sound

Authentication Card System Technical Field

 The second invention is a user authentication system for performing personal authentication in electronic information exchange and electronic commerce, a user authentication form and a user authentication device used for the second step, and a specific person who has been authorized in advance by applying the same. Lock control system that allows opening and closing only to the user; Background art

 In recent years, the types of information accessed via communication networks have become extremely diverse.Electronic transactions such as the purchase and sale of goods and credit settlement, as well as online diagnosis in medical care, personal medical records, and browsing and certification of registered items at government offices Increasingly, the number of applications, such as the issuance of certificates, is increasing, and usage is increasing.

 In many cases, such personal information must not be disclosed if there is a risk of leaking to other people due to privacy. In order to build a more convenient information society by incorporating the development of electronic information communication networks, a highly reliable user authentication method that can distinguish individuals is required.

 In addition, the mechanism that correctly authenticates individuals can be used to improve the security of electronic money, such as locking devices that restrict access to non-qualified persons at research laboratories, offices, and houses.

 Traditionally, passwords have been used most often for user authentication. Although passwords are simple, they do not eliminate anyone impersonating themselves by stealing someone else's passcode. Therefore, use reasonable passwords, such as using a long password, choosing a password that is difficult to guess, and changing the password occasionally, to ensure security. Also, in order to ensure the security of the communication process, it is common practice to keep communication contents secret using encryption technology so that even if data is leaked, the contents will not be easily known to others. Have been done.

Nevertheless, even if the eavesdropping of the communication, the decryption of the ciphertext and the eavesdropping, etc. It can be stolen and cannot be completely secure. Another disadvantage is that the more complicated the password in consideration of security, the more difficult it is for the user to memorize it correctly. In essence, even the most complex passwords can be copied by some means from the moment they are stored as digital data.

 In order to prevent impersonation and reliably authenticate the user, a method of authenticating the user using information indicating a so-called biological characteristic such as a fingerprint or a voiceprint is being studied. However, since biological feature data generally has a large amount of information, an enormous amount of communication must be exchanged between a site that requires authentication and a certification authority that stores user biological information. Therefore, it was difficult to put it to practical use except in a special environment because of the long time of the communication channel and the length of communication time, and there was a problem in the place and method of managing the data.

 In recent years, in order to ensure security, the number of people who can enter and exit specific places, such as research laboratories, offices, laboratories, data storage rooms, and residences, has been limited, and only those who have passed certification with a card issued to a qualified person have been opened. Locking management systems for locking are often used. Accurately authenticate users only when they should be allowed to do business, such as e-commerce such as product sales and credit settlement, online medical consultations, personal medical records and registrations at government offices, and issuance of certificates. There is a need. In addition, in such a case, the opportunity to access information using a communication network, instead of conducting face-to-face transactions, is increasing and diversifying.

 In such a transaction, it must be determined whether or not the person is a genuine trader, and in some cases, it must be possible to accurately determine whether or not the person is the person without face-to-face negotiations. In these cases, reliability can be improved by performing personal authentication using the card as an intermediary.

In addition, the required level of security differs depending on the type of transaction, so the required depth of authentication is different. For example, when selling small-priced products, you can be satisfied if you can guarantee the genuineness of the card, but if you use it for issuing medical charts, you can definitely prove that you are who you are. It is preferable to use the information together. A key card used for lock management and entrance / exit management is usually issued for each lock and is owned or managed by a qualified person. Therefore, if a large number of rooms are subject to entry / exit management, a highly qualified person must have a large number of key cards, and management becomes complicated. In addition, one key card is often shared and used by a qualified person, but in this case, unauthorized stealing of unauthorized persons is required unless the security code and key code are strictly managed. Forgiveness would make it more difficult to maintain security.

 Transaction cards are also issued under an agreement between the parties involved in each transaction, and the number of transaction cards owned by individuals may become enormous.

 Although there are systems that use cards as keys even for lockers for lending, etc., the key is prepared and lent for each key, so opening and closing the mouth locker even if a person different from the original user uses the key The security is not sufficient because the stored items may be stolen by others.

 Some safes, such as safes, provide higher levels of protection so that the key provided when lending the safe and the key of the administrator can be unlocked for the first time, but the administrator must be present. Using a stolen or duplicated key can be unlocked and not secure enough:

 There is also a safe that has a dial key board to enter the lock, so that the lock can be unlocked unless the same code is entered and the same code is entered. These safes require carrying a key. It is simple and highly secure because it is unlocked based on the encryption set by the user each time it is used, but there is a possibility that the encryption will be unlocked by prying eyes or deciphering by inference or trial. Remains.

In addition, there are lock control systems such as laboratories, data storage rooms, and drug storage rooms that limit the people who can enter and exit to ensure security, and unlock only when they have passed authentication with a card issued to a qualified person. However, in this system, if the management of the card is poor, there is a fear that an unqualified person can use the card to enter and leave freely. Since the required degree of security differs depending on the lock to be accessed, it is inevitable to require users to perform complicated procedures in pursuit of high security. For example, to open shelves to control toxicants: Although a certificate is required, a simple confirmation is sufficient to take out enough ordinary medicine by controlling the amount taken out.

 The level of security assurance differs between a safe deposit box when storing valuables and expensive goods that cannot be changed, and when storing any amount of items that can be obtained.

 On the other hand, in recent years, cards incorporating a CPU and a storage device, such as an IC card, have been used for credit card electronic money.

 IC cards are capable of performing complex calculations associated with high-level authentication and are easy to rewrite the recorded contents, and are suitable for use as electronic money, such as cards that can record the history of transactions sequentially. I have.

 In addition, as the storage capacity built into an IC card or the like has increased, it has become possible to record various types of personal information on the card itself and carry it. Personal information that is convenient to carry with you at all times, such as your insurance card number, credit user number, employee ID number, company history, electronic money balance, family register contents, medical history, and address book. In some cases, confidentiality from others must be ensured.

 Such an authentication IC card performs personal authentication based on the information recorded on the card, and thus, security of force is a major problem.

 Therefore, the present invention provides a user authentication system for performing personal authentication in electronic information exchange and electronic commerce, which is highly secure and can quickly obtain a result, and a user authentication slip and a user authentication device used for the system. The purpose is to provide.

 Another object of the present invention is to provide an authentication IC card in which an authentication card issued for each object is integrated as a qualified person authentication in order to improve the security of transactions and locking systems. The purpose is to provide an authentication IC that guarantees the security of access to stored information and secures privacy protection.

Another object of the present invention is to provide a lock management system with high security by strictly determining qualified persons and to provide a lock management system capable of setting the depth of qualified person authentication as necessary. I do. Disclosure of the invention

 The user authentication system of the present invention includes at least one certification authority including a registration office, an authentication ticket issuing office, and an authentication utilization office. The registry is equipped with an information capture device that acquires biological characteristic data that distinguishes individual users, and the certificate issuing office records at least a part of the biological characteristic data for the user. The user office issues a user authentication card, and the authentication office is equipped with an authentication card reader that reads the information on the user authentication card and a personal identification card that acquires the biological characteristics data of the user. In addition, the certification authority is connected to the certification use center via an information communication channel, and records the parts of the user's biological characteristic data obtained at the registration center that are not recorded in the user certification form. Then, the user authentication is performed by comparing the recorded contents of the user authentication slip read by the authentication slip reader at the authentication use center with the biological characteristic data of the user obtained by the personal ID obtaining device, and further advanced authentication. When necessary, the certification authority responds to inquiries from the certification authority, compares the missing biological feature data in the user authentication form, sends the result of authentication to the certification authority, and performs authentication. It is characterized by performing.

 In this specification, a characteristic unique to an individual that cannot be completely controlled by human will and can be distinguished from others is called a biological characteristic. Such biological features include not only natural ones such as finger prints, palm prints, iris and retina patterns, and DNA information, but also some that are formed by habits such as handwriting and voice prints. Biological features that are easily recognizable may be found.

 Further, the second user authentication system of the present invention includes a registration office, an authentication ticket issuing office, and an authentication use office, has an arithmetic function in the user authentication ticket, acquires biological characteristic data at the authentication use office, and performs user authentication. When the user enters the form, the user's authentication form is used to compare the biological characteristic data recorded on the user authentication form with the biological characteristic data of the user acquired by the personal identification card acquisition apparatus, and further, It is characterized by authenticating that the user is a valid owner of the user authentication slip by integrating the authentication results of the certification authority.

The user authentication system according to the present invention further includes at least one certificate authority connected to the authentication use center via an information communication path, and includes, in the user authentication ticket, the biological characteristic data of the user acquired at the registration center. Record all but the part that is not recorded in the user certificate, and record it in each certification authority. It is preferable to compare and authenticate the part of the biological characteristic data that is missing in the voucher.

 Further, the user authentication system may include a certificate authority provided with a storage device for recording the user's biological characteristic data obtained at the registry.

 The user authentication system of the present invention uses a user authentication card that records at least a part of biological characteristic data for distinguishing an individual user, and when authentication is necessary, a biological characteristic input by a user. Since the user is authenticated by comparing the data with the biological characteristic data of the user authentication slip, the impersonation can be prevented because the authentication test can be passed only by the user himself.

 In addition, it is extremely difficult to restore the original biological feature data from the digitalized biological feature data, and even if it can be restored, it is impossible for others to copy the biological features. Since it is not possible, the reliability of user authentication is extremely high. In particular, since the biological characteristic data for inquiry is recorded on the user authentication card, even if the user is not authenticated by a remote certificate authority, the user is authenticated at an authentication center that requires authentication. You can directly confirm that. Therefore, it is not necessary to spend much time and money on communication with the certificate authority.

 In addition, when a calculation function such as CPU or RAM is provided in the user authentication form, biological characteristic data obtained from the user who intends to use the user authentication form is entered and compared with the recorded information. Can reduce the burden on the authentication user site, reduce the equipment cost, and make the system easier to use.Also, complete the information processing within the user authentication slip and leak the authentication data to the outside of the authentication slip Can be prevented and safety can be improved.

 Furthermore, when the biological characteristic data is divided and recorded in the user authentication form and the certificate authority, the necessary information is divided, and for example, the biological characteristic data is restored from the data recorded in the certification form. Even if the authentication system cannot be breached, the data used for authentication cannot be duplicated from the user authentication slip, so it is safe. Since the information in the bureau is preserved, impersonation of others can be eliminated.

In addition, the method of the present invention collects the divided data in one place, reintegrates and determines W

 7 Unlike the conventional division method, the certification authority and the certification authority use the results of certification based on the biological characteristic data at hand, and the entire original data is reproduced The security of the data is extremely high because the data is kept secret.

 Alternatively, even if the certificate authority is attacked, the information on the user authentication slip owned by the user cannot be falsified, which is safe.

 In addition, when using multiple certificate authorities, in addition to user authentication based on the information in the user certificate, authentication is performed in response to inquiries from the certificate authority or other certificate authorities for each certificate authority. For example, the reliability of user authentication can be further improved by acquiring user authentication of certificate authorities that are hierarchically organized in stages.

 In addition, in the user authentication system of the present invention, according to the required level of authentication reliability, it is possible to select whether or not to make a pass / fail decision based on the information recorded in the user authentication slip by authenticating only the authentication use place. It is also possible to select more reliable judgment by adding authentication at a certification authority that takes into account information not recorded in the user authentication slip.

 The authentication level, such as (2), may be determined in advance depending on the authentication use place or the transaction object, or may be set at the authentication use place for each transaction. Furthermore, it can be automatically selected and set according to the transaction price.

 In addition, according to this information division method, even when user authentication is performed using all of the biological characteristic data, the information in the user authentication slip is used for most of the authentication, and authentication is performed at the authentication use place. If this is done, the amount of information exchanged via the communication circuit will be a small part, the capacity of the communication circuit may be small, and the time required for inquiry will be short. In addition, dividing information has the effect of suppressing the demand for processing capacity and storage capacity of the certificate authority, since information must be accumulated for many users and many queries must be processed.

In addition, the user authentication system is provided with an accredited registration authority provided with a storage device for recording the user's biological characteristic data obtained at the registry, and the user's biological characteristic data acquired at the registry is obtained. By recording the entire information, it can be used to determine where any unauthorized use or abnormality has occurred, to reissue the certificate when the certificate is damaged, or to repair the data of a lower-level certificate authority. Even if the user does not carry the certificate, the certificate can be relied on to a certain degree based on the records of the certificate authority. You can get a testimony. For example, in the event of a theft, a user who has been authenticated based on data from a certificate authority can stop using the stolen certificate and request a reissue.

 Also, if the storage medium storing the biological characteristic data at the accredited registration authority can be separated from the information communication path of the user authentication system and connected and used only when necessary, hackers can For example, personal information can be prevented from being leaked or falsified. Note that it is extremely effective to ensure security by recording only partial biological feature data in the user certificate and lower-level certificate authorities, and not keeping complete records.

 Handwriting in consideration of the input process may be used as the biological feature data used in the user authentication system of the invention. Handwriting has the advantage that it is a good representation of the biological characteristics of the individual, makes it difficult for others to impersonate, and that the input and analysis equipment is relatively easy to obtain. Characters and figures written to identify the user may be appropriate, but it is needless to say that a sign representing the user's name has good reproducibility. Although the written handwriting can be imitated by others, the biological characteristics of the individual appear by taking into account the input process such as the stroke order and brushstroke, making it impossible for others to imitate. Therefore, highly reliable authentication can be performed by using an online input device to make a judgment in consideration of the information being input.

 In addition, available biological feature data include fingerprints, palm prints, voice prints, iris and retina patterns, and DNA information. In the future, more reliable and easily recognizable biological features may be found.

 When the biological characteristic data is divided and recorded by the user certificate and the certificate authority, the information data is physically divided and the first half is recorded in the user certificate and the second half is recorded in the certificate authority. The information may be divided hierarchically, such as by recording the handwriting shape information on a user certificate and recording the pen pressure information and stroke order information at a certificate authority. May be used.

Furthermore, it is possible to improve reliability by recording multiple biological feature data such as signatures and voiceprints separately and making judgments based on different types of information. It should be noted that a plurality of biological characteristic data may be registered and different transactions may be performed according to the input data.

 If information with special meaning is used in combination with regular biological characteristic data, for example, a situation may occur in which a person is threatened by another and must sign against his / her will. If a hidden sign is added somewhere in the sign, the coercion can be made to appear to the coercion as if he / she was obediently signing, and in fact, it could be reported to the security guard.

 In order to ensure personal safety in such a case, it is possible to make the system appear to be a normal transaction, such as opening and closing doors and withdrawing cash, as a choice in system construction. is there. The biological feature data used for such purpose may be of the same type as the formal one, or may be of a different type, such as adding voice data to a signature. Conversely, data obtained by adding specific code data to pseudo data may be used as formal authentication data.

 The user authentication ticket used in the user authentication system of the present invention is a storage having a readable storage area that records at least a part of a signal for identifying an identification tag and at least part of biological characteristic data for distinguishing an individual user. It is characterized by being composed of a medium.

 A read-only storage medium such as ROM or CD-ROM may be used as the storage medium, but since the recorded content is information indicating the biological characteristics of the user, there is little risk of tampering, and the transaction details It is also possible to adopt a storage medium that can be written and read and can record additional information.

 In particular, it is preferable to use an IC card that has a high anti-counterfeit function and a large data capacity, and has a high security function equipped with an intelligent function and an encryption system.

 If an IC card with a CPU or RAM is used, the biological characteristic data obtained from the user must be imported into the card and compared with the internally stored inquiry data to perform user authentication. If this is the case, the burden on the certification use center can be reduced and the equipment cost can be reduced. Also, the security can be improved by preventing the authentication data of the user authentication slip from being read from outside.

In addition, the use of an IC card enables the installation of multiple functions and advanced identity authentication. It can be a multipurpose card having functions. The IC card used here may be a complex IC card that combines a contact type that reads and writes with an external terminal and a non-contact type that reads and writes without a contact regardless of the external terminal.

 In particular, when information is used in a distributed manner, tampering with the recorded contents of the user authentication tag is useless, so an economical and simple floppy disk may be used for the user identification tag. Also, various writable recording media such as CD-ROM, DVD, recording tape and MD can be used.

 An authentication IC card that uses an IC card to perform personal authentication is an authentication IC card that includes an authentication file that stores CPU and personal identification information and an application file that is classified according to the authentication depth. Therefore, when there is a request to present the information recorded in the application file from outside, the authentication depth is compared by comparing the personal identification information entered from outside with the personal identification information stored in the authentication file. It is characterized by presenting the information of the application file via the CPU for the first time when it is confirmed and passed.

 In the past, independent cards were issued for each occasion where authentication was required. This is because the system is simple and easy to use, and it is difficult to cooperate with various traders. In addition, the level of authentication required by the transaction is different and cannot be handled with uniform personal identification information, and if multiple transactions can be performed with one card, eligibility that the owner does not want to be granted to the owner is This was because there were technical obstacles such as the possibility of giving.

 According to the authentication IC card of the present invention, the application files in the card are classified for each file according to the authentication depth corresponding to the confidentiality, and the information recorded in the file from the outside can be obtained. When there is a presentation request, the CPU checks the input personal identification information and checks the information of the target application file via the CPU only when the authentication corresponding to the predetermined depth of the file is obtained. It is to be presented.

Verification of personal identification information entered by the card carrier with personal identification information recorded inside the card must be performed by an external device using personal identification information provided from the card or personal identification information stored in advance. Can also. By utilizing the capabilities of external devices, Because it can handle complicated image processing and information processing, it is effective when there is a shortage of CPU and memory capacity of the authentication IC. In addition, highly reliable authentication can be performed by using the divided and stored personal identification information. Note that the personal identification information stored in the authentication file can include biological information for distinguishing the individual of the authentic owner of the IC card.

 Also, application files classified according to the level of certification may record IDs used for various transactions. Such an ID is effective when there is a need to verify whether the card carrier is qualified to access the transaction information, for example, when external transaction information exists.

 In addition, the personal information of the owner may be recorded in the application file: Authentication of the present invention The authentication ability of the IC card is high and the personal information of the card cannot be accessed without the authorization of the individual, so that privacy is not secured. Protection is thorough.

 Alternatively, access qualifications may be registered in advance for each application file, and only authorized qualifications may be allowed to access the file. Since files can be arranged two-dimensionally in combination with the authentication level, it is possible to meet more complex requirements.

 When using the authentication IC card of the present invention, first store the occupant license, the bank ID, etc. in the application file in the authentication IC card, and specify the authentication method required by each. . On the other hand, personal identification information required for authentication is stored in the authentication file.

 For example, admission to a building does not require special authentication and it is sufficient to have an appropriate authentication IC card.When entering an office, a PIN is required to confirm the authenticity of the holder together with the authentication IC card. In addition, it is assumed that stricter authentication is required when entering the data room, and each person's fingerprint is verified.

 In such a case, the authentication file records information indicating that the card is a genuine card, a PIN and fingerprint information of the holder, and requests each application file to open the building entrance door. The encrypted signal and the encrypted signal required to open the office and the encrypted signal to open the data room door are stored.

The person carrying the force reads the authentication IC force using the card reader attached to the building door. When the card is read, the card reader acquires the force information, confirms that the force is authentic and the code matches, and when the inspection passes, the door opens and you can enter.

 A card reader attached to the office door is provided with a key board, and those who intend to enter the room need to read the authentication IC card and enter their PIN. When the authentication code is authentic and the password matches the password recorded in the authentication file of the authentication IC, the encryption signal required for opening the door is sent to the card reader via the CPU, If this is correct, entry is allowed.

 In addition, a card reader equipped with a fingerprint reader is provided on the door of the reference room, and those who intend to enter the room can read the authentic authentication IC card with the card reader and use the designated finger. It must be pressed against a fingerprint reader. When the fingerprint corresponds to the fingerprint information recorded in the authentication file, a code for instructing to open the door is supplied to the card reader via the CPU, and the encrypted signal is determined to be authentic by the card reader. The door opens and you can enter the room for the first time.

 The same mechanism can be used in financial systems.

 Even in the case of using credit settlement, requiring a signature input for each purchase of a low-priced product is too complicated and reduces the utility value. On the other hand, expensive transactions such as jewelry require strict identity authentication. Although the authentication level required for outputting a user authentication number for credit settlement from the application file is different, the authentication IC card of the present invention can support these different levels of authentication.

 In addition, access qualifications are registered in advance for each application file, and only authorized persons are allowed to access the file, restricting information access from the card reader to the necessary parts and adding extra privacy. Disclosure can be avoided.

 For example, the only information that can be requested by the unlocking system is personal identification information and the signal for unlocking, and access to the file storing the medical chart is excluded by the CPU. In some cases, when an unauthorized access request is made, the entire information exchange can be shut off to prevent information theft or tampering.

In the authentication IC card of the present invention, an encryption signal for authorizing the transaction is recorded on the authentication IC card possessed by a person who has been licensed for each service or transaction, and the transaction is performed. This is a mechanism for confirming that the carrier of the authentication IC card is a genuine holder when conducting the transaction and accepting the transaction.

 Therefore, the information that the service provider should receive from the authentication IC card is recorded as the credential that the carrier of the authentication IC card is the genuine owner of the card and proof of eligibility to use the authentication IC card. That is. Also authentication

What the IC card authenticates is that the reader is correct and that the carrier is the genuine owner.

 With the authentication IC card of the present invention, the eligibility for entering a building or entering a certain data room, bank account, credit ownership, family register, history, credit balance when using as electronic money, etc. By storing the attributes of the holder, including the attributes of the holder in the authentication IC card, the authentication of all transactions that have been licensed can be integrated into one card.

 That is, since the authentication IC force of the present invention does not give the transaction qualification to the card but to the individual owner of the force, the operation is performed in accordance with the original trust purpose compared with the conventional card system. be able to. Therefore, there is no need to carry a large number of cards provided for each service as in the past, and the card itself is strictly managed so that other people do not use the card itself like the unlocking card shared by many people in the past. There is no need.

 In the authentication IC card of the present invention, authentication can be performed based only on information recorded in the IC card and information input by the card holder himself. Therefore, the security of the card is more important than ever, so it is important to use the authentic transaction information such as signatures, voice prints, fingerprints, palm prints, irises, etc. Advanced security measures are in place to prevent anyone other than the genuine transaction target from using the authentication card, and authentication ICs acquired by others who are not authorized users through theft, discovery, etc. The card cannot be used directly or tampered with.

However, it is necessary to provide a means to teach the recorded personal identification information to the person in case the personal identification information is forgotten, and to allow the personal identification information to be rewritten for his own reasons. A person other than the person himself edits or collaborates with the staff There is a possibility that fraudulently obtained personal identification information may be misused.

 Also, it is impossible to completely prevent criminal acts such as rewriting an IC card using fraudulently obtained personal identification information or forging an authentication card of another person using a new IC card.

 In this way, even with an authenticated IC card with improved security, it was difficult to prevent anyone who has become familiar with the system in use or an insider from falsifying or falsifying it with malicious intent. Therefore, the authentication IC card of the present invention further comprises a CPU, an authentication file storing personal identification information or personal identification information and authentication information, and an application storing job programs and data classified according to the authentication depth. An authentication IC card that has a file and that, when there is a request for access to the application file from outside, the access is granted based on the result of authenticity determination based on the personal identification information or authentication information of the authentication file. In the file, personal identification information of the second person or authentication information of the subject is stored in addition to the personal identification information of the authorized user, and a job or data requiring authentication of the second person or the subject is specified in advance. When there is a request to execute or present such a job or data, Characterized in that the certified Mel so the presentation of execution and data specified job via the C P U when the information and authentication information passes authentication in comparison with human card information and authentication information of the authentication Fairu.

 According to the authentication IC card of the present invention, in order to access the specified job or data, in addition to the authorized user of the authentication IC force, a second person or an entity having a specific authority (hereinafter, referred to as a subject) Witness) is required, so if you specify a job where it is important to check the validity of the authentication IC card itself and the validity of the user, etc. Can be secured. The witness's approval becomes effective only when the person is authenticated based on personal identification information or authentication information stored in the IC card.

For example, when issuing an authentication IC card, one or more witnesses must be present to record and use personal identification information and authentication information of this person on the authentication IC card. Can be. Using such a card, even if requested by the user, the personal identification information once entered is checked again unless approved by the witness. To prevent rewriting of personal identification information and authentication information: The witness is a person designated by the person in charge of the card issuance, even if the user is a trusted third party. There may be. In addition, it may be a subject such as an issuer as a mechanism or an organization.

 In such a system, the identity of the witness must be approved and authenticated, or both the witness and the witness must pass the authentication. Not only can it prevent theft of an authentication IC card, but also prevent a person in charge of internal information from rewriting personal ID information by colluding.

 In addition, certification I C force! Based on the reliability of ^, it is possible to set high security for authentication, so even if there is no special security system at the issuing office that issues the authentication IC card, the security of the authentication IC can be secured. Sex is not threatened. Also, the personal data stored on the card may be stored in the authentication IC card, and need not be kept at the authentication IC card issuing office.

 Therefore, it is possible to more easily build a card issuing system with a high credit level.

 It should be noted that the determination of the pass / fail of the authentication may be performed by the CPU in the authentication IC card or by an external device. When an external device is used, the personal identification information or authentication information stored in the authentication file is output to the external device via the CPU, and the external device determines whether or not the authentication is successful. Access to the application file via if.

 In the case where the pass / fail of the authentication is performed by the CPU in the authentication IC card, the equipment on the side of the IC card reading device can be simplified and improved, and the equipment cost at the place of use can be reduced.

 In addition, when using an external device, the performance of the IC card can be simplified. In addition, compatibility with a system that further improves security by sharing part of personal identification information in storage devices other than the authentication IC card is further improved.

It is preferable that the personal identification information includes biological information for distinguishing the individual of the authentic owner of the authentication IC card. Biological information includes signatures, voiceprints, fingerprints, palms There are crests and irises. However, it goes without saying that a password with a high degree of freedom can be used in addition to biological information.

 Also. Further, it is preferable that a log of matters using the witness's authentication be recorded in the authentication IC card.

 This is because it helps to understand the situation and estimate the cause when an accident occurs.

 In addition, a user authentication device for performing authentication using a user authentication ticket of the present invention includes an authentication tag reading device that reads information recorded in a user authentication ticket, and a personal identification card acquiring device that acquires biological characteristic data of a user. A determination device for comparing the biological characteristic data recorded in the user authentication form read by the authentication form reading apparatus with the biological characteristic data of the user acquired by the personal identification acquisition apparatus to determine whether the result is acceptable or not. And a display device for outputting the determination result.

 According to the user authentication device of the present invention, the user authentication slip is applied to the authentication slip reading device, and the user who is required to be authenticated is the same kind of organism as that recorded on the user authentication slip via the personal identification obtaining device. When the biological characteristic data is input, the judgment device displays the result of the pass / fail judgment by comparing the biological characteristic data recorded on the user authentication card with the biological characteristic data acquired by the personal identification card acquisition device. Since it is displayed on the device, it is possible to immediately recognize whether or not the user is the genuine owner of the user authentication card without communicating with the outside.

 In addition, the user authentication device needs to be equipped with a personal identification acquisition device of the same type as the biological characteristic data input device installed at the user registration center. A personal identification card acquisition device that has a function for capturing handwritten figures can be used: If a predetermined handwritten figure such as a signature is input as digital data using the function for capturing handwritten figures, a user authentication slip can be obtained. It can be easily compared with biological characteristic data.

Further, the user authentication device of the present invention includes a communication device capable of communicating with an external certificate authority, and transmits at least a part of the user's biological characteristic data input to the personal certificate acquisition device to the external certificate authority to determine whether to pass or fail. It is preferable that the judgment result is received and the judgment result is displayed via a display device. W /

 17 By connecting to an external certificate authority and handling authentication data hierarchically, it is possible to prevent access and tampering by malicious invaders, and to provide more secure authentication capability.

 The user authentication system of the present invention can be applied to a lock management system. The lock management system of the present invention uses an IC card that records user authentication data as a key, compares input personal identification data with personal authentication data recorded on the IC card, and passes the authentication. It is characterized by unlocking.

 In the lock management system of the present invention, the user authentication card in which the personal authentication data of the person who has authorized the use of the lock is stored in the IC card is given to the user as a key card: When the lock is unlocked, the key card is presented. And input personal identification data. The second personal identification data is compared with the data recorded on the key card, and the lock is opened only when it is within the allowable range.

 If the personal identification data of the person trying to access does not match the recorded personal data, the lock cannot be opened, so the lock can only be unlocked by the authorized person.

 Such a system empowers an authorized individual to unlock and authenticates the identity of the individual with a keystroke, and a key card is a part of the key function. It only carries:

 Therefore, even if another person can pick up the key card, steal or copy and use it, the lock cannot be opened unless the person is the person himself, and the lock is extremely safe. Also, since the personal information is stored on the key card, it is not necessary to provide the lock device with a large database that stores information on all prospective users, and it is not necessary to obtain it from the host device by high-speed communication.

 However, it goes without saying that higher security can be ensured by storing part of the personal information in the storage device on the lock side and using both together. By using biometric information data owned by the user or information data created by the user as the personal authentication data recorded on the key card, the safety of the lock is further improved.

In addition, there are several types of personal authentication data that can be recorded on the key card. You can record it.

 Even if someone tries to steal the key IC car ',' if fingerprints, voiceprints, signatures, encryption, etc. are used, it is not possible to identify the type of authentication data handled by Keysight. Stealing a card is useless if you do not know it, and theft damage is reduced.

 In addition, a means for inputting personal identification data corresponding to a plurality of types of personal authentication data may be set up at the place where the lock is used, so that the user can select one. If multiple authentication data types are available in this way, the thief needs to know which type of authentication data is being used, and a highly secure lock can be obtained. Of course, a combination of a plurality of information may be used so that the lock cannot be unlocked unless all of them pass. It should be noted that there may be a plurality of locks that can be unlocked with one key card, and the type of the authentication data to be applied to each lock may be selected. This reduces costs compared to issuing a key card for each lock, reduces the number of cards carried by the user, and eliminates the hassle of selecting and presenting a corresponding card for each lock.

 Such a key card is also useful, for example, when a lock at the entrance and a lock at the journal shelf in the store are shared in the store. When installing cabinets for ordinary medicine and cabinets with different management levels in the vault, it is possible to prevent the doors of the cabinet from being opened only by the authority to open the cabinet door. HR information and accounting information are both stored in the vault, but it can be used in cases where only relevant persons can access each.

 In such a situation, if a function is provided to alert an access other than a qualified person, safety will be improved. For this reason, a sensor that detects human access can be provided on the cabinet in the cabinet. Since the sensor does not need to be activated when a qualified person accesses it, the alarm output should be prohibited for the sensor circuit in the management section that passed the certification.

 When an unqualified person accesses, a warning may be given to the control room, and the storage door may be closed to prevent the access person from escaping.

In the lock management system of the present invention, a person who has accessed the lock is recognized as an individual. Since it has the function of storing information, it is possible to automatically create a record of the usage status of the storage by accumulating the information.

 The lock management system of the present invention can be provided in a safe for storing valuables to ensure safety. In particular, by using it as a safe box, it will be safe enough for safe boxes without the attendance of the administrator. It is also possible for the user of the safe deposit box to decide the security depth according to the value of the stored items and use it accordingly. BRIEF DESCRIPTION OF THE FIGURES

 FIG. 1 is a block diagram showing a user authentication system according to an embodiment of the present invention, FIG. 2 is a perspective view showing an example of a user authentication device used in this embodiment, and FIG. 3 is a user authentication in this embodiment. Fig. 4 is a block diagram showing the first and second configuration examples of the user authentication slip used in this embodiment. Fig. 5 is an example of the procedure for issuing a user authentication slip in this embodiment. FIG. 6 is a flow chart showing an example of an authentication procedure in a use place in this embodiment. FIG. 7 is a block diagram showing a configuration of a third embodiment of the authentication IC card of the present invention. Is a block diagram showing a file configuration of the authentication IC card of the third embodiment, FIG. 9 is a block diagram showing an example of use of the authentication IC card of the third embodiment, and FIG. 10 is an authentication IC of the third embodiment. Flow chart showing an example of using a card. FIG. 11 shows an authentication IC car of the present invention. 12 is a block diagram showing the configuration of the fourth embodiment of the present invention, FIG. 12 is a flowchart showing the procedure for issuing an authentication IC card of the fourth embodiment, and FIG. 13 is recorded on the authentication IC card of the fourth embodiment. 14 is a flowchart showing the procedure for reading the personal identification information, FIG. 14 is a flowchart showing the procedure for rewriting the personal identification information of the authentication IC card of the fourth embodiment, and FIG. 15 is the first embodiment of the lock management system of the present invention. FIG. 16 is a block diagram showing an example of a lock management system according to a second embodiment of the present invention. BEST MODE FOR CARRYING OUT THE INVENTION

 An embodiment of the present invention will be described with reference to the accompanying drawings.

 As shown in FIG. 1, the user authentication system of the present invention has a hierarchical structure including an accredited registration authority, a certification authority, and an authentication use place.

The Certified Registration Authority (PRA) 1 oversees the entire certification network, A certificate is issued that gives some authority to multiple Intermediate Certificate Authorities (PCAs) 2 as a central authority, and the authorized Intermediate Certificate Authorities (CAs) 3 communicate to multiple Terminal Certificate Authorities (CAs) 3 as sublicensees. Issue a certificate that gives some authority.

 The terminal certificate authority (CA) 3 acts as an intermediary between the authentication use office (TM) 4 that is a client that uses user authentication and the user 8 who wants to use the service of the client. In the following description, the use of various services may be referred to as transactions.

 The accredited registration authority (PRA) 1 has a storage device 1 1 that can be separated from the device, and the intermediate certificate authority (PCA) 2 and the terminal certificate authority (CA) 3 are storage devices 2 1 that are always connected to the device. , With 3 1.

 These institutions are connected by dedicated lines and public lines, and can exchange information as needed. In addition, connection using an intranet network or an internet network may be used. When exchanging information using these communication lines, it is preferable to ensure security by performing encryption processing using a public key or a common key.

 The Intermediate Certification Authority (PCA) can be omitted when building a user authentication system. Conversely, multiple levels of Intermediate Certificate Authorities (PCAs) may be provided and the depth of the hierarchy may be greater than three levels:

 It goes without saying that the functions such as the accredited registration authority (PRA), intermediate certification authority (PCA) and terminal certification authority (CA) may be performed by mutually integrated organizations.

 In general, the terminal certification authority (CA) has authority over a limited area, such as an administrative agency, a medical institution, a specific company, an apartment complex, or a shopping mall (mall). Awarded by the PCA.

 The terminal certificate authority (CA) 3 is connected to a certification use center (TM) 4 that belongs to the area having this authority and uses user authentication.

Recognized User Centers (TM) 4 include offices at government offices, receptions at departments and pharmacies at hospitals, doors to research laboratories and departments, information devices that access databases that require protection, and entrances to apartments. And private room doors, indoor utility remote control devices, There are various types of facilities, such as membership club facilities, payment counters at large retail stores such as mall stores and department stores, counters at financial institutions such as banks, and ATMs.

 In particular, user authentication in direct marketing will become an even more important issue in the future, and it is conceivable that authentication users 4 will be installed at the home of each user 8.

 The terminal certification authority (CA) 3 gives the user registration office (RG) 5 the authority to accept registrations for users 8 who intend to use the certification office (TM) 4, 6) Authorize 6 to issue user authentication slip 7.

 The user registry (RG) 5 is provided with an input device 51 for acquiring biological characteristics. In this embodiment, an online handwritten figure input device composed of a tablet and a pen is used. When handwriting is input from an online handwritten figure input device, the information of the writing process can be taken together and the figure can be recognized.For example, even when characters are input, information on the direction of each stroke and the order in which the strokes were written can be obtained. Can be easily obtained.

 When a voiceprint is used as a means for capturing biological characteristics, a microphone 52 is provided to input voice. In addition, a device for capturing a fingerprint or a palm print, or a device for capturing the iris or retinal pattern by observing the pupil may be provided.

 By using a plurality of these personal identification means together, it is possible to further secure the personal identification.

 At the certificate issuance office (IS) 6, a certificate issuance device 61 is installed. The authentication ticket issuing device 61 writes the information used for settlement in the user authentication ticket 7 and supplies it to the user 8. In the user authentication system according to the present embodiment, the user authentication form is configured with an IC card. However, any recording medium that can be written and read, such as a magnetic recording medium such as a CD-ROM, a floppy disk, or a magnetic force, or Other electronic recording media, such as magneto-optical recording media, can also be used.

 The authentication use place (TM) 4 is provided with a user authentication device 41 that checks the authenticity of the user authentication slip 7 of the user 8 and authenticates the user 8.

 2 and 3 are views showing one configuration example of the user authentication device 41. FIG.

On the upper surface of the user authentication device 41, there is a slot for inserting the authentication ticket 7, and an input / output device 401 for exchanging information with the storage area of the inserted authentication ticket 7, and for requesting a transaction. Authentication level designation device 402 that specifies the authentication depth to be authenticated, personal identification device 4003 that acquires the biological characteristic data of the user, and authentication display device 40 that displays the authentication result. 4 are located.

 Note that the personal identification input device 400 is the same as the biological feature input device 51 used in the user registry (RG) 5. Therefore, when a voice print is used for user authentication, it is needless to say that the microphone 42 must also be attached to the user authentication device 41 of the authentication use center (TM) 4. Thus, the personal identification input device 403 is provided with an input device adapted to acquire the biological information data of the user to be used in accordance with the type.

 Further, an electronic circuit 410 for performing user authentication by organically combining these devices is built in the user authentication device 41.

 The electronic circuit 410 comprises an authentication slip read / write control device 411, a personal identification information conversion device 4 12, a judgment device 4 13, and a communication device 4 14.

 The authentication card read / write control device 411 has the function of reading the contents of the authentication card via the input / output device 401, decrypting the encrypted digital data, and storing the transaction result in the authentication card. ing.

 In addition, the personal identification information conversion device 4 1 2 converts the biological characteristic data captured by the personal identification input device 4 3 into digital data.

 Judgment device 4 13 takes in the output information of authentication slip read / write control device 4 11 1, personal identification information conversion device 4 1 2 and authentication level designation device 4 2 2, and communication device according to the required authentication level. The personal authentication of the user is performed by taking into account the information exchanged with the certificate authority via 414, and the result is displayed on the authentication display device 404.

 When the user is authenticated and the transaction is completed, the transaction result is input from the transaction content input device 420 and the content is displayed on the transaction display device 420, so that the user 8 can also confirm this. . The details of the transaction are recorded in the storage device 422. The determination device 4 13 may automatically send the user authentication result to the transaction content input device 4 20 so that the transaction can be accepted or rejected.

Further, transaction information may be input from the transaction content input device 420 to record transaction content and transaction history in the user authentication slip 7. For example, when the user authentication slip 7 is used in the settlement field, if the transaction item, the name of the purchased product and the price are recorded, it is easy to confirm the comparison when making payment. In addition, in the authentication form for administrative services, a certificate such as a health insurance card, a driver's license, medical information, or a basic resident register can be received and stored in the user authentication form 7. In addition, by using user authentication as a condition when browsing the contents recorded in the user authentication slip 7, access by anyone other than the user can be excluded, and personal privacy can be protected.

 In addition to the biological characteristic data used for correct authentication, information having a special meaning may be combined and used. For example, if a burglary or threatening person threatens to sign you against your will, if you casually add a hidden sign to a legitimate sign, you can open and close doors, withdraw cash, etc. The transaction is concluded, but the security company is also notified at the same time, and has a mechanism to take appropriate measures, such as arresting the offender when the safety of the user is secured. You can do something like

 Biological characteristic data used for such purposes may be used in combination of different types, such as, for example, coughing twice lightly when signed.

 FIG. 4 is a block diagram showing the internal configuration of a user authentication slip using an IC card.

 The user authentication slip 7 used in the present embodiment is a contact type that transmits an electric signal via the connection terminal 71 in consideration of the convenience for a plurality of issuers to jointly set up a shared terminal and mutually release the shared terminal. And a non-contact IC that communicates by electrostatic coupling, electromagnetic induction, etc. without contact between the electrode 73 in the force and the electrode in the authentication slip read / write control device. However, any one of these methods may be installed.

 A connection circuit 72 is connected to the connection terminal 71, and a communication control circuit 74 is connected to the non-contact electrode 73, which is connected to a built-in memory.

The user authentication card 7 consists of a random access memory RAM 76 and a read-only memory ROM 77 and an electrically writable programmable read-only memory PR OM 78 and an electrically erasable programmable read-only memory EEPR From OM 7 9 And a CPU 75, which are connected by a bus. The connection circuit 72, the communication control circuit 74, the CPU 75 and the memory can be accommodated in one IC chip.

When the user authentication card 7 is inserted, the authentication card reading / writing control device 410 performs user authentication via the connection terminal 71 via the connection circuit 72 or from the non-contact electrode 73 via the communication control circuit 74. Can access the memory of vote 7 _c

 The PROM 7.8 stores card authentication data used to check the authenticity of the authentication card and an ID that identifies the issuer who issued the user authentication card after receiving the certification. Can not do.

 The EEPROM79 stores biological characteristic data used for user authentication and a record of transactions using the authentication tag. The ROM 77 also stores a program that controls the CPU 75 to perform encryption / decryption, control of data input / output, and authenticity check of the user authentication device 41. The RAM 76 has a function of temporarily storing data to be taken in from the outside and data required in the operation process.

The user certification form 7 is distributed to each certification form issuing office 6 with the correct card certification information written in the PROM 78, which can guarantee that the certification registration authority 1 is a proper card used for the certification system. Therefore, the certificate voucher office 6 only needs to write a part of the user's biological characteristic data into the EEPROM 79 based on the instruction from the accredited registration authority 1. for, the authentication ticket issuing apparatus may be configured not provided with a function of rewriting PR OM7 8 _c

 However, the memory allocation of the authentication ticket in the present embodiment is not limited to the above, and for example, the biological characteristic data for performing the personal authentication may be recorded in the PROM 78 or the RAM 76.

 An example of a procedure for issuing a user authentication slip will be described with reference to FIG.

The user registration place 5 receives a registration application from the user 8 who wants to receive the service of the authentication use place 4 in the jurisdiction area (S11). At this time, the user registry 5 listens to information used for the qualification examination of the user 8 as necessary, and acquires information representing the biological characteristics of the user 8 (S12). The biological characteristics used here are specific to the individual user, and others impersonate the user by imitation or disguise. Those having properties that can be detected even if they are tried are selected.

 In the present embodiment, identification is performed using handwriting. The figure to be entered may be arbitrary, but it is inconvenient for authentication to be different every time the user 8 enters, so it is usually necessary to input a sign representing the user's name in order to guarantee reproducibility. I like it. Note that the use of multiple biological features improves the security of authentication, so a voiceprint can also be obtained using the microphone phone 42 in an auxiliary manner.

 The applicant's credentials and biological characteristic data collected at the user registry 5 are transmitted to the accredited registry 1 (S13).

 The Certification Authority 1 conducts qualification screening based on the information received from the user registration office 5, and permits the successful applicants to issue a certificate (S14): The qualification conditions are based on the target for using the certification. Since it will be decided, it may be possible to conduct the screening at the end certificate authority 3 that actually accepts the user.

 The accredited registration authority 1 divides the biological characteristic data of the registered user 8 hierarchically according to a predetermined ratio, determines the user authentication form 7 and the parts to be distributed to the certification authorities 2 and 3 in each stage, and Distribute (S15).

 The biological characteristic data distributed to each location by the accredited registration authority 1 is accessed based on the authentication accuracy required by the authentication site 4, and if the lowest reliability is sufficient, the authentication site 4 Authenticator 4 Enables authentication only with the result compared with 1, and when medium reliability is required, user authentication is performed by taking into account the information stored in the terminal certificate authority 3, and the highest level of assurance is required. In such a case, all biological characteristic data stored in a distributed manner should be integrated and determined.

 In the user authentication system according to the present invention, the biological characteristic data is first checked at the authentication use place 4 for authenticity, and only when the authentication is successful, the authentication of the higher-level organization can be requested. A higher-level certification organization performs authentication using information of a part not included in the user authentication slip. Therefore, information that can be determined to be a genuine user with a certain degree of accuracy by comparison with biological characteristic data input by the user 8 must be allocated to the user authentication slip 7 at a minimum.

In the present embodiment, about 60% of the information is distributed to the user authentication slip 7, 30% of the information is distributed to the terminal certificate authority 3, and the remaining 10% of the information is distributed to the intermediate certificate authority 2. like this By reducing the amount of information exponentially, it is possible to save the storage capacity of higher-ranking organizations where more authentication requests are collected, and to reduce the time load required for authentication, thereby improving the information protection performance of the entire system. Improvement can be achieved.

 It is preferable that the ratio of the biological characteristic data held in the user authentication slip 7 be as large as possible so that the information to be transmitted to a higher-level institution when a higher assurance is requested is not excessive.

 However, if the ratio of information given to the user authentication slip 7 becomes excessive, the reliability of the user authentication decreases.

 Therefore, when distributing the biological characteristic data, it is necessary to determine the appropriate division ratio that matches the actual conditions, taking into account the number of connected users and the required security of authentication.

 The method of dividing information may be a method of physically dividing the digitized data at a predetermined ratio, but also information on the shape that has been drawn like a handwriting and information on the penalty in the middle of drawing Alternatively, the information may be divided as step-by-step information such as information on the stroke order. For example, any of the biological characteristics can be appropriately divided and used, such as dividing a voiceprint into frequency bands or dividing a fingerprint for each finger and recording and using each.

 Note that multiple features such as handwriting and voiceprint may be acquired and divided into different types for use:

 The Certification Authority 1 records and saves the certificate and information about the user in a large-capacity storage means 11 that can be separated from the device, such as a magnetic tape, CD-ROM, magneto-optical disk, DVD, or removable hard disk. (S16) When a request is received from a subordinate organization, the attendant attaches to the playback device to refer to the registered information.

 The certification / registration authority 1 uses the removable recording device 11 to keep the information recording medium 11 separated from the external communication network when not needed, so that external invasion and tampering can be prevented.

The individual's biological characteristic data distributed to the certificate authorities 2 and 3 are stored in the storage devices 21 and 31 attached to each, and are read out and used as needed. The certificate issuance office 6 records the biological characteristics data of the registration applicant distributed from the accredited registration authority 1 in the user certificate 7 in which the card authentication code determined for each certificate is recorded. To the user 8 (S17).

 In addition, one terminal certificate authority (CA) 3 may include a plurality of user registration points (RG) 5 and a certificate ticket issuing point (IS) 6.

 User 8 must appear at user registry 5 and actually enter his or her biological characteristics, so certificate voucher 6 that receives the issued user certificate 7 is the same as user registry 5. It is preferable to be installed at a location for the convenience of the user 8. It is also possible to set a condition that a trusted person is present for the assignment of the user 8: However, it is necessary to use any mechanism to completely eliminate the case of impersonating another person from the beginning. Is also difficult.

 To confirm the fact declared by the registered user, instead of issuing a certificate at the same time as the registration procedure, a method of mailing the address to the address later may be adopted.

 Note that the accredited registration authority (PRA) 1 may have a user registration office (R G) 5 and a certification ticket issuing office (IS) 6.

 Further, it is possible for an issuer having a portable terminal having the functions of a user registration office (RG) 5 and an authentication ticket issue office (IS) 6 to perform a registration and issuance procedure at an arbitrary location. The use of such portable terminals must be approved only by those who have obtained a formal qualification from the accredited registration authority (PRA). Is configured.

 Next, an example of a procedure for performing user authentication using the user authentication slip 7 at the authentication use place 4 will be described with reference to FIG.

 When the user 8 submits the user authentication slip 7 and proposes a transaction to the authentication use place 4, the authentication use place 4 inserts the authentication form 7 into the card slot (input / output device) 410 of the authentication device 41. And read the information for authentication. The information for authentication includes information for confirming the authenticity of the card and biological characteristic data for user authentication.

The authentication use place 4 first authenticates the card (S21). The authentication of the card is to confirm that the user authentication slip 7 is genuine and applicable to the user authentication system used by the authentication use place 4 and who is a valid holder. Use an unsupported certificate If it is used, it will not accept transactions from the beginning.

 Conversely, in order to confirm that the user authentication slip 7 has not been accessed illegally, the program in the user authentication slip 7 verifies whether the authentication device 41 corresponds to its own authentication slip. Then, it may be possible to provide a mechanism for rejecting the disclosure of the stored contents if the authentication device is correct.

 When the card authentication is successful, the same biological characteristics as those used when the user authentication ticket 7 was obtained, such as having the user 8 write a signature on a tablet (personal identification input device) 4003, are displayed. (S22).

 Then, the biological characteristic data input from the tablet 4003 is compared with, for example, 60% of the biological characteristic data recorded in the user authentication ticket 7, and the oral user 8 It is determined whether or not the person is a genuine holder (S23). The result of the authentication is displayed on the display device 404 (S24).

The procedure differs depending on whether the user authentication at the authentication use center 4 is successful or not (S25). When the user authentication is denied, the authentication site 4 rejects the transaction (S33). When the user authentication is passed, it is checked whether or not a higher-level certification organization should be requested for online authentication (S26). If you do not require online authentication, you may accept the offer to trade immediately (S32) _c

The presence / absence of online authentication request and the degree of request for depth can be manually set by the operator or user 8 from the authentication level designation device 402 for each transaction, but automatically based on the nature of the transaction and the amount of the transaction amount. May be set to _c

 If online authentication is required, the information of the user authentication slip 7 and the personal identification information acquired by the personal identification input device 400 together with the request for the authentication level are sent to the terminal certification authority 3 (S27). The personal identification information to be sent may be, for example, 40% of the portion excluding the portion used at the authentication site 4, so the amount of information exchanged between the authentication site 4 and the terminal certificate authority 3 can be reduced. it can.

The necessity of online certification depends on the required level of security for certification according to the nature of the transaction. More secure authentication is required for transactions of highly cashable or high-priced products and disclosure of personal confidential information, so user authentication of higher-level institutions is required. In addition, the nature of the certification center 4 may determine the depth of online certification: In some cases, such as hospital counters, advanced authentication is required to protect privacy and ensure correct treatment. Many. Note that it is preferable to request user authentication from a higher-level certificate authority in order to ensure that the data is the identity of the individual in home medical care using a communication line.

 The terminal certification authority 3 checks the personal identification information unique to the user 8 recorded in the storage device 31 (S28), and forwards the authentication result to the authentication use place 4 (S29).

 Since only 30% of the personal identification information of the user is recorded in the terminal certificate authority 3, if the user authentication alone is not sufficient, the upper intermediate certificate authority 2 is requested for user authentication. Since the intermediate certification authority 2 records 10% of biological characteristic data for each user, the portion of the personal identification information obtained at the certification center 4 used by the intermediate certification authority 2 is 10%. Therefore, the amount of information to be sent from the terminal certification authority 3 to the intermediate certification authority 2 is further reduced.

 The result of user authentication performed by the intermediate certificate authority 2 is returned to the authentication use center 4 via the terminal certificate authority 3.

 The results of user authentication at various places are integrated at the authentication use place 4 and displayed on the authentication display device 404 of the user authentication device 41. If the user authentication is successful, the transaction is accepted (S32); if the user authentication is not successful, the transaction is rejected (S33):

 In addition, if the user authentication is denied, there is a possibility of some kind of fraud such as falsification or spoofing. Therefore, it is preferable to send the information to the accredited registration office 1 to confirm the location of the problem and analyze the cause. .

 Since the accredited registration authority 1 stores records that are difficult to intrude or falsify from the outside, by comparing it with the input data at the authentication use site 4, whether the abnormality is in the user authentication slip 7 It is clear whether the certificate is located at the end certificate authority 3 or the intermediate certificate authority 2.

 If there is any inconsistency between the contents of the user authentication ticket 7 and the information entered by the user 8, the user authentication ticket is used by an unauthorized user due to theft or discovery. It is possible that it has been rewritten.

Next, a second embodiment of the user authentication system of the present invention will be described. The difference between the user authentication system of the present embodiment and the first embodiment is that the biological characteristic data recorded on the user authentication slip by the logical operation device installed at the authentication usage center and the user input by the personal identification acquisition device are Instead of performing the comparison with the biological characteristic data, only the point that the arithmetic function in the user authentication ticket is used to compare the biological characteristic data of the user with the recorded personal identification information, In the following, only parts different from the first embodiment will be described with reference to the drawings used in the description of the first embodiment.

 The IC card used as the user authentication slip 7 can be provided with a certain arithmetic function by mounting a CPU 75 or a RAM 76, for example.

 In the system of this embodiment, when the user 8 who intends to use the service at the authentication use place 4 inputs the biological information data of the user using the user authentication device 41, the biological information data is The data is converted into a form that can be easily processed by digital processing and sent to the user authentication slip 7.

 The user authentication form 7 temporarily stores the input information data in the RAM 76, and reads out this information data and the biological information data of the valid user recorded in the EEPROM 79 by the CPU 75, and then reads both information. Compare and compare. As a result, if both persons are similar within the permissible range and the person who intends to use the service can be authenticated as the proper owner of the user authentication ticket 7, the user is notified to the certification use place 4 If you do not pass the certification, you will be notified of the rejection.

 If the user 4 is satisfied with the result of the user authentication on the user authentication slip 7, the authentication user center 4 provides the user 8 with the desired service. If more careful user authentication is required, the terminal certificate authority 3 and the intermediate certificate authority 2 are queried, and the judgment is made according to the result. It goes without saying that the certification use center 4 may also serve as the terminal certification authority 3.

 The ratio of distributing biological information data to various places is arbitrary, but as shown in the first embodiment, the larger the ratio used for lower-level authentication is, the lighter the burden on communication is, which is advantageous for system operation. It is preferable that the ratio in the user authentication slip 7 be 60% or more.

In this embodiment, the use of the user authentication form 7 composed of a high-performance IC card can reduce the computational burden of the user authentication device 41 and reduce the cost of the device. The cost required to adjust the functionality of the Barriers to participating in the system are lower and more accessible.

 In addition, since information processing is completed within the user authentication tag, an unreadable area that cannot be accessed from the outside is provided in the memory of the authentication tag, and important information such as authentication data is recorded here to prevent leakage. Safety can be further improved.

 The third embodiment of the user authentication form used in the user authentication system of the present invention is an authentication IC card using an IC card as shown in FIG. The information stored in the IC card is provided for use. Authentication IC card: This authentication information may be stored at 100% so that a higher-order certificate authority is not used.

 The authentication IC card of the embodiment has a CPU 101 for executing information processing, a ROM 102 for storing information processing programs, a RAM I 03 for storing arithmetic data, and data for which information can be written and read. It comprises a storage device 104, an interface 105 for an abbreviated program, a connection circuit 106 for external connection, and an external connection terminal 107.

 As shown in FIG. 8, the files in the data storage device 104 include an authentication file 110 storing authentication data and an application file 120 storing information to be exchanged with the outside. .

 The external connection terminal 107 is used for signal transmission and power supply, but may be a non-contact type electrode or antenna. In addition, both contact type and non-contact type connection terminals may be provided to support various card reading devices. The applet interface 105 is used when a small program (abbreviated) is received from the outside and the CPU is operated according to the program, and a function for recognizing that the received applet is harmless to the authentication IC card. It is an interface provided with.

For security reasons, the authentication IC card may be configured not to accept the applet, and such an authentication IC card does not require the use of the interface interface 105. The authentication file 110 stores personal identification information for authenticating the authentic owner of the authentication IC card in addition to data for ensuring that the authentication IC card is authentic. Certifications can be simple to those that can provide a high level of assurance A plurality of items are recorded following steps i, π, m,. The personal identification information is preferably something that only the person knows, such as a password, a fingerprint, a voiceprint, a face photograph, and a signature, and that cannot be reproduced by anyone other than the person.

 The application files 120 are classified according to a first classification regarding the type of information to be stored and a second classification regarding authentication. That is, the first category a, b, c,... Is a category that is usually used to distinguish service institutions that use authentication, such as information for housing management, medical information, financial information, and communication information. The second category Π, ΙΠ.… Is a category according to the required degree of authentication. Access from simple authentication is accepted, but access is only made after passing advanced authentication such as confirmation by fingerprint. Are classified according to the certification depth up to those that recognize

 For example, the information provided by the building management company is stored in Class 1 b, the encryption code for admission to the residential building is in Class 2 I file, and the closet opening code is Class 2 Π. The file and the code for opening the door of your room are recorded in the file of Class 2 m.

 It is also possible to put encryption keys and digital certificates in these files.

 A card reader is installed at the entrance of the residential building, and when the resident reads the authentication IC force into the reader, the card and the reader check each other: if they pass the two authenticity, The door opens and you can enter the residential building. Since each room in the residential building has strict doors, entry to the residential building is permitted with simple authentication simply by confirming that the authentication IC card is authentic.

 The function of the authentication IC card to confirm that the card reader is genuine is that the information stored on the authentication IC card is stolen or rewritten by an unauthorized card reader. This is because it is necessary to prevent FIG. 9 is a block diagram illustrating a typical example of the use of the authentication IC card, which is used for managing a house.

The door 30 of each room is provided with a door opening / closing control device 131, so that the door 130 cannot be normally opened by hand. An authentication control device 1 3 2 is connected to the door opening and closing control device 1 3 1 so that the door can be opened and closed according to the control signal generated from this. Will be A personal identification information input device 133 and a card reader 134 are connected to the authentication control device 132.

 Hereinafter, the information processing procedure when using the authentication IC card will be described with reference to the flowchart of FIG.

 When the user entering the room enters the authentication IC card 135 into the card reader 134 (S41), the authentication controller 1332 sends the reader ID to the authentication IC card 135 and Inquire about the ID of the authentication IC (S42). The authentication IC card 135 checks the reader ID against the information in the authentication file, and when it is confirmed that its own card is good (S43), it is recorded in the authentication file. The ID of the card being read is returned to the card reader 134 (S44). All of these exchanges take place via the CPU and the card reader 134 cannot directly access the storage of the authenticated IC card:

 The authentication control device 132 determines whether the ID of the authentication IC card is genuine or not (S45), and if not, ejects the card and rejects it (S50). If it conforms, it prompts for the input of a personal ID, for example, a fingerprint determined based on the authentication level, and reads the information input by the user from the personal ID input device 133 (S46). Create personal identification information by extracting the input information (S47) Determine whether the personal identification information is authentic or not on the IC side or on the door opening / closing controller (S48) If the authentication is to be performed using the authentication IC card 135, the personal identification information is transmitted to the authentication IC card 135, and a door-opening code for opening the door is requested (S49).

 The authentication IC card 135 compares the received personal identification information with the personal identification information stored in the authentication file (S50), and if both match, it is determined that a predetermined application file (for example, bm file) is sent to the authentication control device 132 via the card reader 134 (S51).

When the door opening / closing control device confirms whether or not the personal identification information is authentic, the personal identification information recorded is requested to the authentication IC card 135 (S52), and the authentication IC force 1 35 responded (S 53). The personal identification information was checked against the previously acquired card user's personal identification information (S 54). An open-door encryption is requested (S55). The authentication IC card 135 sends the door-opening code recorded in the predetermined abridgement file to the authentication control device 132 when requested (S51).

 If the received door-opening code is authentic (S56), a door-opening instruction signal is given to the door opening / closing control device 131 (S57) and the door 130 is unlocked (S5). 8), Authentication IC card holders can enter the room (S59),

 In addition, personal identification information can be divided and distributed to the authentication IC card 135 and the authentication control device 132 in order to reduce the use area of the data storage device 104 of the authentication IC card 135. . In this case, the door is opened by comparing the personal identification information input from the personal identification input device with the personal identification information divided and stored in the authentication IC card 135 and the authentication control unit 132. Issue a cipher. Dividing personal identification information into the authentication IC card 13 5 and the authentication control device 13 2 in this way not only saves memory space, but also temporarily stolen personal identification information from the authentication IC card authentication file. Even if this is not the case, it is not possible to perform matching, which has an effect on security.

 Also, in the above example, three levels are used as personal identification information stored in the authentication file, but the number of levels may be set to any number. Personal identification information can be as simple as proving authenticity based solely on the ID number entered by the card issuer, from a password determined by the card owner, the owner's fingerprint, iris, Biometric information such as a face photograph, dynamic information such as a signature entered by the owner, and more sophisticated combined information combining these can be used.

 In addition, biological information can be obtained by copying force information, which is difficult to imitate with the biological possession of the genuine holder's body. On the other hand, if dynamic information that accompanies the user's actions in the field is used, it becomes difficult to disguise the information, and authentication with higher reliability can be performed.

 The personal identification information input device includes a graphic input device when requesting sign input, a keyboard when using a personal identification number, a fingerprint acquisition device when using a fingerprint, and a camera that images the pupil when using an iris. A device for acquiring such information, such as a judgment device, must be prepared according to the personal identification information to be used.

Also, when accessing personal information recorded on an IC card, or at a hospital It may be preferable for the holder to specify the depth of authentication, such as when disclosing telemetry. For example, if you want to change the authentication depth between obtaining a certificate of residence and obtaining a tax payment certificate, specify the authentication depth of the abbreviated file that stores the encryption number used when requesting each certificate. Can be changed:

 It is clear that the importance of personal authentication is different between when paying for medical treatment and when receiving home medical treatment using a communication network, but the authentication IC card of the present invention can accurately cope with such cases. be able to.

 In addition, one authentication IC card can be used as a membership card or employee ID card, or as a personal identification card at an administrative counter, a commuter pass for transportation, a hybrid card, a credit card, a telephone card, a shopping card, or a credit balance. It can also be used as electronic money that can be rewritten.

 Temporary use is also possible, such as storing the code that opens and closes the room door at the time of check-in at a hotel or the like in a file of the authentication IC force and deleting it at the time of check-out.

 A fourth embodiment of the user authentication form used in the user authentication system of the present invention is the first embodiment.

The feature is that the certification IC of the guarantor and witness is added to the certification IC card as shown in Fig. 1.

 The authentication IC card of the present embodiment, like the authentication IC card of the third embodiment, stores a CPU 201 for executing arithmetic processing, a ROM 202 containing an arithmetic processing program, and data being processed. RAM 203, a data storage device 204 that can write and read data, an interface 205 for an ablet program, a connection circuit 206 for external connection, and an external connection terminal 207 is provided.

 The files in the data storage device 204 include an authentication file 210 storing authentication data, and an application file 220 storing job programs for executing a specific job and various data.

The authentication file 210 stores data for ensuring that the authentication IC card is genuine and personal identification information of the genuine owner. The authentication information is not limited to one type, and many types can be stored and used alone or in combination. The authentication file 210 contains a first personal identification file 211 storing personal identification information of the genuine owner authenticated by the authentication IC, and a second personal identification file such as a guarantor, a witness, or an issuer. A second personal identification file 221 for storing personal identification information about the person and authentication information about the subject is included. The witnesses such as the second person and the subject may be two or more persons and the subject as required in the system.

 The application file 222 stores a first work file 221 storing a part for handling information on the authenticity of the authentication IC, and a part for executing based on the authentication result. Includes second working file 222.

 The second work file 222 stores information required for each service organization that uses authentication, categorized according to the required degree of authentication. In addition, an encryption key and an electronic certificate can be stored. Also, programs such as a job for issuing an unlock instruction may be stored.

 In addition, the first work file 221 includes a job for writing personal identification information, a job for reading / writing / rewriting personal identification information, or a job for reading / erasing logs, etc. Stores related jobs and information.

 Jobs and information stored in the first work file 22 1 need only be authenticated by the owner based on the required level of confidentiality, and only the second person needs to be authenticated. It is possible to separate both people into those that have to be authenticated:

 Next, an example of use of the authentication IC car ',' of this embodiment will be described with reference to FIGS. 12 to 14.

 FIG. 12 illustrates a procedure for issuing an authentication IC card. When there is a request to issue a certification IC card (S111), the card issuer performs a credit check on the person to be certified on the certification card (S112), passes the examination, and the person to be certified If it can be determined that the person who can use the certification power is valid, the person who can guarantee the person to be certified or the person whom the person to be certified trusts is designated as a witness (S11)

3).

When issuing an authentication IC card, all parties involved gather at the designated force issuing office (S114) to check whether the authentication IC card and the card issuing device are genuine to each other. After confirming (S115) and authorizing the issuance of the authentication IC card (S116), each person enters personal identification information (S115):

 In order for the authentication IC card to have a function to confirm that the card reader is genuine, it is necessary to prevent information stored on the authentication IC card from being stolen or rewritten. Because.

 The cardholder will be required to deal with the different credits required for the transaction when trading based on the card, and will be required to provide a PIN, unique sign, signature, fingerprint, voiceprint, iris, palm print, etc. Enter your personal identification information. Multiple personal identification information may be entered for the witness, but there are few cases where witness authentication is required, so there is no necessity to use multiple personal identification information. The subject may be an organization or an organization. In this case, authentication may be performed using authentication information such as an electronic signature instead of biological information.

 In addition, the certification IC force may be used to confirm various authorities in the company.In such a case, for example, the person in charge of issuance, such as the human resources department in charge of issuance, or the person in charge of issuance, You may be made to be authenticated as a card issuer or a witness. Alternatively, the person in charge of the department holding the card may be authorized:

The entered personal identification information of the owner is stored in the first personal identification mail file 211 of the authentication IC card, and personal identification information and authentication information of the witnesses are stored in the second personal identification file 211. You. In addition, when an authentication is performed, an electronic certificate stating the reliability and basis of the authentication may be required, but such an electronic certificate issued by an authentication IC card is subject to various types of transactions. The data is stored in the second work file 222 in the application file 220 together with the application data used for (S118). The program for displaying and rewriting personal identification information recorded on the authentication IC card is stored in the first work file 221. You must satisfy the required certification. As described above, the authentication IC card with the necessary information written is an appropriate test to confirm the completeness of the product, such as performing an appropriate operation when the person to be authenticated enters the appropriate personal identification information. (S1 19), and if it passes, it will be issued to the owner (S120). If it does not pass, for example, the authentication information writing step (S118) is re-executed to obtain a proper authentication IC card, and then the card is issued.

 If the issuer's examination (S111) determines that the person to be authenticated with the card is not suitable for using the authentication system with the card, the issuance of the authentication IC card will be rejected (S 1 2 1).

For authentication IC cards such as the one above, for each service or transaction (representatively called a transaction), an encryption signal for authorizing the transaction is recorded on the authentication IC card possessed by the person who has been licensed for use. It can be used in a mechanism to confirm that the carrier of the IC card is a genuine holder when conducting a transaction and to permit the transaction _c

 In this case, the information that the trader should receive from the authentication IC card is a cryptographic signal that proves that the carrier of the authentication IC card is the genuine owner of the force and that the authentication IC card is eligible for use. Is recorded. In addition, the authentication by the authentication IC card is that the reader is proper and that the carrier is the genuine holder.

 This authentication IC card includes so-called entry qualifications for entering a building or a certain reference room, bank account, ownership of credit, family register, history, and credit balance when used as electronic money. By storing the attributes of the holder in the authentication IC card, the authentication of all transactions for which use has been granted can be integrated into one card.

 Such an authentication IC card can be used for entry control of a house, etc., just like in the third embodiment, and a highly reliable authentication that is difficult for others to disguise can be performed.

 The second authentication IC card uses various types of personal identification information in some cases. Therefore, even the genuine owner often forgets the personal identification information that he should use. In such a case, it would be inconvenient if the card could no longer be used, so it would be usual to be able to display the recorded personal identification information.

Also, it is preferable that the owner's personal information can be changed at the necessity of the owner, such as when it is likely to be stolen and leaked by others, or when it is changed regularly to enhance security. . Therefore, a person who can handle the authentication IC card in detail and can freely operate the device can extract the information stored in the authentication IC card with malicious intent to falsify the card or create a fake authentication IC card. It is not easy to prevent this from happening.

 However, since the authentication IC card of the present embodiment can require the witness authentication for a predetermined job, it is required to request the approval of the witness when accessing the authentication information of the authentication IC card. In other words, even those who are familiar with internal circumstances cannot steal personal information and use it, or rewrite personal information.

 FIG. 13 is a flowchart showing a procedure required when a genuine person to be authenticated confirms his / her personal identification information;

 If you want to read the personal identification information of an authentication IC card (S 13 1), the person to be authenticated by the card, the witness at the time of issuing the card, the person in charge of the card issuing office, or the entity as an organization After gathering (S1332), confirming that the card is genuine (S133), and inputting personal identification information or authentication information (S131)

3 4).

 Refers to the personal identification information of each person, authentication information, and authentication information stored in the IC card. If they match (S135), it is said that such an access has occurred. The fact is left as a password in the storage device in the authentication IC card (S136), and the recorded personal identification information is displayed on the display attached to the card reading device (S137). If the required personal identification information does not match, it is an unauthorized access and the display of personal identification information is rejected (S138).

 It is assumed that the person to be authenticated on the card inputs one piece of personal identification information that he or she remembers, and it is sufficient that this matches one of the pieces of information stored in the authentication IC card. Here, for example, if you forget your PIN, you will disclose it by referring to your fingerprint, but if you want to know your signature, you will not be told even if the PIN matches, so you will not be required to display it. It may be displayed only when authentication is possible with advanced personal identification information.

For personal identification information that does not require a high degree of security, even if no witnesses gather, if personal identification can be performed using personal identification information based on the biological characteristics of the owner himself, It may be disclosed. In special cases, it is possible for the card issuer to read the information on his own initiative.

 FIG. 14 is a flowchart showing a procedure for rewriting personal identification information.

 If there is a request to rewrite personal identification information (S141), it may not be possible to eliminate unauthorized use by others if only the person to be authenticated can approve it. Collect (S 1 4 2) and confirm that everyone approves. After mutually confirming the authenticity of the authentication IC force and the issuing device (S144), each of the gathered persons enters personal identification information and authentication information (S144), and the entered personal identification information. For example, when the information matches the information stored in the authentication IC card (S145), rewriting of personal identification information is permitted for the first time.

 When each person passes the authentication, the recorded personal identification information is transferred to an external storage device (S146), and a log of the rewriting is recorded in the authentication IC card (S146). ). Furthermore, the personal identification information that is no longer needed is deleted (S148), the owner inputs the personal identification information (S149), and the new personal identification information is stored in the authentication IC card (S1408). 5 0).

 After that, the function of the authentication IC card is tested (S 15 1), and if it passes, it is issued to the owner (S 15 2). If the certification IC card is defective, rewrite the personal identification information again and pay if the test passes.

 In addition, if individual authentication is not passed, rewriting of personal identification information is rejected because there is a possibility of unauthorized access (S153).

 When personal identification information is read or rewritten, it may be a cause of abnormalities such as improper use, so it is preferable to store it in the authentication IC card itself. .

As described above, the authentication IC card according to the present embodiment can require the approval of a witness or the like to read or rewrite the personal identification information, so that the authentication IC card obtained by theft or detection can be stolen. It cannot be used by anyone who can handle the issuing device, reading device, rewriting device, etc. of an authentication IC card without the approval of a witness. Safety is extremely high. The user authentication system and the authentication IC card of the present invention can be applied to a lock control system:

 The first embodiment of the lock management system of the present invention is used for safe deposit box management, and can provide high security by performing personal authentication using authentication data registered in an IC card. .

 Referring to FIG. 15, the key card issuing office 301 issues a predetermined IC card as a key card 302 to a person who wants to use a safe, and the key box 300 3 issues a key card. It reads the authentication data of 302 and the user's own authentication data and unlocks the safe designated by the keypad 302 when the authentication is passed.

 The key card issuing office 301 has a host computer 311, a data input / output device 312 consisting of a display and keyboard, a personal identification data input device 313, and a key IC card issuing key. One Dalita 3 1 4 is provided.

 When a person who wants to borrow a safe applies for the use, he or she is required to input personal identification data to be used for user authentication from the personal identification data input device 3 13 of the key card issuing office 301.

 The host computer 311 is equipped with key card issuing software, key management software, and authentication data registration software as software. Key management software manages the status of safes, decides which safes to use for key cards, manages the security level of locks, specifies the type of authentication information, and manages the issuance and return status of keypads. Confirm the contents of the returned key card; The data input / output device 312 is composed of a display, a keyboard, a printer and the like normally required in a computer system.

 The personal identification data input device 3 13 is a personal user such as a fingerprint reader that extracts and classifies a fingerprint pattern when a finger is pressed, a voiceprint acquisition device consisting of a microphone and a voiceprint analyzer, and a tablet that writes a sign. Is a device for inputting information that can be identified. In a simple case, a keyboard for inputting character string encryption may be used. The reader / writer 314 for issuing a key card is composed of an IC card reader / writer command and an IC card reader / writer command.

鐽 The card issuing office 301 specifies the safe to be lent, and the authentication ID that authorizes the use of the safe and the personal authentication data of the user obtained with the personal identification data input device 3 13 It is stored in a memory area managed by the CPU in the PC, issued as a key card 302, and lent to users.

 Keypad 302 is an IC card with CPU and built-in memory.

 The safety box 303 is provided with an unlocking device 331 equipped with an IC card reader / writer and a personal identification data input device, and a plurality of locker-type safes 332. The unlocking device 331 has a safe control interface and is equipped with authentication data collation software: The safe 332 has an electric controller and can be locked and unlocked remotely. If a sensor that detects abnormalities and a reporting device that generates an alarm when abnormalities are provided, safety can be ensured even when unmanned.

 The user of the cashier stores the object in the designated safe 332 of the safe deposit boxes 303 and locks it. Once locked, the personal identification data entered by the user on the spot and the authentication data read from the key card 302 presented by the user match within the range permitted by the verification logic Only when the safe is unlocked via the unlocking device 3 3 1.

 According to this management system, even if the key card 302 is genuine, it cannot be unlocked unless the person carrying it is a genuine user. Needless to say, it is also possible to use the guarantee provided by the attendant, etc .: Therefore, it is also possible to operate the safety deposit box by unattended management or similar management .: In addition, by using multiple types of authentication information, It is also possible to select and set the security level of the safe deposit box. In the case where the security level can be selected, the user of the safe selects the authentication information to be used in consideration of the importance and convenience of the items stored in the safe. When a user demands high security, a signature may be used to confirm the identity of the user, or a character string may be used for a request that emphasizes simplicity.

 Furthermore, it is possible to make the safe extremely safe by combining two or more types of information to be verified.

Also, if you decide the safe to use when issuing the key card 302 and write the ID corresponding to this in the IC card, even if the unissued IC card is stolen, it can be stolen There is little danger. The same lock management system can be used for storage devices accessed by multiple people, such as centralized safety boxes and lockers, or key boxes in building management.

 The second embodiment of the pre-failure management system according to the present invention is used for managing a vault. The identity is verified by collation with an IC card and a handwritten signature, and important items, medicines, moldings, Safe storage of poisons, etc., authorized persons take out only authorized substances.Also, sensors are detected and reported when unauthorized persons access the system, and the system is safe from external attacks. Features that enhance the safety and reliability of storage directly, such as configuring the circuit to lock to the side:

 FIG. 16 is a block diagram of a lock control system applied to a storage.

 The storage room 3 05 is divided into a plurality of storage rooms 3 51, 3 5 2. 3 5 3, and a plurality of small rooms or storage shelves 3 5 4, 3 5 5, 3 in the storage room 3 5 1. There are five and six. Each of the multiple storage rooms and the small room has a different security level, and the storage room and the small room can be selected and used according to the confidentiality of the articles to be stored. As a specific example, for example, a company owns a storage room 305, and the first storage room 351 is a room for storing highly confidential documents that only some people can handle inside the company. And only allow certain people to enter and leave. In addition, documents requiring the highest confidentiality are stored in the first small room 354 in the first storage room 351, and among those who are allowed to enter and leave the first storage room 351, Only one authorized to enter one small room 3 5 4 is allowed access. Also, for example, the second small room 355 is a room for storing personnel-related materials, and only the person in charge of HR can access it.The third small room 356 is a room for storing accounting documents, Ensure that only personnel can enter and exit.

 The second storage room 352 is a room for storing development-related materials, and it is necessary to prevent the stored information from leaking outside, so that only the person in charge of the department can enter and leave. On the other hand, the third storage room 353 is a room for storing documents of low importance. Any employee can enter and leave, but records of entry and exit are recorded.

In addition, independent storage such as safety box 357 is managed by the same system. Can be managed.

 In the storage management system of this embodiment, as in the first embodiment, qualifications are determined for each storage room and each small room, and a key card created with an IC card for employees who match the qualifications. To be paid. Only employees who are qualified by personal authentication based on the key card 302 can unlock the approved room.

 In other words, in the keypad 302, information for designating a lock to be permitted to access and personal authentication data obtained by the personal identification data input device and subjected to predetermined information processing are managed by the CPU in the IC card. Stored in the memory area.

 In addition, a storage unit 304 has a control unit 341, which can exchange information with an IC reader / writer 3432 that reads the key card 302 and a tablet 3443 as a personal identification data input device, and A lock management device 304 provided with an interface 344 for controlling locks in each storage section is provided.

 The doors of storage rooms 351, 3552, 3553, small rooms 3554, 3555, 3556, and safety box 3557 are equipped with electric locks that can be operated remotely. The lock control device 304 controls locking and unlocking. Each door is provided with an abnormality detection sensor 358, which detects that there is access to the room and transmits a signal to the lock control device 304.

 It is also good to install an indicator light and turn it on at the door where access has been granted, so that it can be notified to the accessor.

 To use the storage room 305, the user inserts the key card 302 into the card reader / writer 342 and inputs the code determined at the time of registration into the tablet 343. The control unit 341 confirms that the key card 302 is a genuine IC card, and records which lock corresponds to the record provided via the CPU of the key card 302. Check from the contents.

Next, personal identification information such as a signature input from the tablet 343 is collated with personal authentication data provided from the key card 302 to determine whether or not they are the same. When the authentication data collation software confirms that both match, it determines that the lock specified by the key card 302 is a person who has access right and unlocks the specified lock. When the user accesses the area other than the authorized management area, the sensor is activated and an alarm is generated. In the event of unauthorized access, the lock is automatically locked so that unauthorized users can be kept indoors.

 In addition, when unlocking is permitted based on the key card 302, an object that is permitted is displayed by turning on the indicator light provided on the lock or in the room or on the shelf, and a mischievous person accesses the device incorrectly. May be prevented.

 The required authentication depth can be determined in advance according to the security level of the target room. Simply presenting the key card 302 may be a level that permits access, and it may be required that the code, shape, stroke order, and writing pressure entered in advance match., _ Higher standards that require complex assurance, such as signatures, u'll.

 It is also possible to store a plurality of pieces of authentication information on one key card 2 corresponding to these different levels of security, and to read out and verify the corresponding authentication data for each lock accessed. Les ,.

 Further, a plurality of different personal identification data input means can be provided on the storage side 305 side, and can be selectively used depending on a required authentication level. Generally, authentication information corresponding to a high security level requires time and effort to input personal identification data, so locks that require only a low level of security can use a simpler authentication method and prioritize user convenience.

 In addition, by allowing the user to select accurate authentication information from a plurality of types, unauthorized access can be easily eliminated. Allowing the user to select which kind of personal identification data and how to combine it makes it more difficult for others to impersonate and improves security.

 In addition, since this management system allows the individual who accesses the lock to be clearly understood, it is possible to automatically record when and who accessed which storage room (or storage shelf).

When a power outage occurs or the power cable is disconnected, the system is confidentially locked. It is preferable to provide a mechanism to alert the management room when an abnormality occurs in the storage, including vandalism. It is preferable to provide an authentication level for the administrator who can release the lock in an emergency.

 Although the description of the present embodiment has described the management of documents, the same embodiment can be applied to the requirements of a medicine store, a medicine shelf, a mouth locker, and the like that manage medicines according to the degree of risk. Industrial applicability

 As described above, by using the user authentication system according to the present invention, the personal identification information directly input by the user at the authentication use place is compared with the biological feature data in the authentication slip, and a more advanced When assurance is required, a part of personal identification information is transmitted to a higher-level certificate authority to perform user authentication, so most of the information processing is performed at the authentication use place, and the communication circuit is not heavily loaded; User authentication corresponding to the required security level can be obtained. Also, by dividing personal identification information, it is possible to construct a user authentication system that is extremely resistant to invasion.

 In addition, since the authentication IC card of the present invention accesses information through the CPU, the access right of the file is arbitrarily set, and unauthorized access is eliminated by utilizing personal identification information. Privacy can be reliably protected, and highly secure transactions are possible for service providers, etc .: Also, the number of cards to carry can be reduced even when using a large number of services.

 Furthermore, since the authentication IC card of the present invention can require the approval of a second person at the time of issuance or the like, the danger of plagiarism or the like is extremely small and the security is high:

 In addition, the lock management system of the present invention can secure a high degree of security of the stored items because the authorized person is correctly authenticated, and can construct a storage management system or a safe deposit box management system with higher security than before. it can.

Claims

The scope of the claims

 1. A registry equipped with an information defeating device that acquires biological characteristic data that distinguishes individual users, and recorded a part of the biological characteristic data for the user. An authentication card issuing office for issuing user authentication cards, an authentication card reader that reads information on the user authentication cards, and a personal identification card acquisition device that inputs biological characteristic data of the user are provided. A user authentication system comprising at least one certification authority connected to the certification use place and the information communication path, wherein the user authentication form is included in the biological characteristic data of the user obtained at the registration place. The part not recorded in the certificate authority is recorded in the certification authority, and the recorded contents of the user authentication card read by the authentication card reader at the authentication use place and the biological information of the user input to the personal identification card acquisition device are recorded. Characteristic data By performing the comparison, the user is authenticated as being a valid owner of the nuclear user authentication ticket, and when performing further advanced authentication, the certification authority responds to the inquiry from the authentication use place in the user authentication ticket. Missing biological feature data A user authentication system characterized in that a result of comparing and comparing an overnight portion and sending the result is sent to the authentication use place.

 2. The user authentication system according to claim 1, wherein an operation for authentication at the authentication use place is performed by using an operation function of the user authentication slip.

3. The user authentication system according to claim 1, wherein information to be sent to the information communication path is encrypted.

4. The two or more certificate authorities do not record the biological characteristic data of the user obtained at the registry in the user authentication form, but record the parts separately, Each time, in response to an inquiry from the certification use center or another certification authority, the biological feature data stored therein is compared and authenticated. User authentication system _{c according} to any one of paragraphs 3

5. The user authentication system according to claim 1, wherein the user authentication system includes a certificate authority provided with a storage device for recording the biological characteristic data of the user obtained at the registry. The user authentication system according to any one of the above.

6. A method according to any one of claims 1 to 5, wherein a plurality of data is registered as the biological characteristic data, and different transactions are performed according to the input data. User authentication system as described in:

 7. An authentication slip reader that reads information recorded in the user authentication slip, a personal identification card input device that inputs biological characteristics data of the user, and a user authentication slip that is read by the authentication slip reader. A determination device for comparing the recorded biological feature data with the biological feature data of the user input to the personal identification card acquiring device to determine whether or not the user is acceptable; A communication device that transmits at least a part of biological characteristic data to an external certificate authority and receives a result of authentication determination, and a user authentication device including a display device that outputs the result of determination.

 8. An authentication IC card with an authentication file storing CPU and personal identification information and a 0-ranking file classified according to the authentication depth, which is externally recorded in the application file When there is an information presentation request, the CPU checks the depth of authentication by comparing personal identification information input from the outside with personal identification information stored in the authentication file. Access to the application file via the authentication IC card.

5 9. An authentication IC card provided with an authentication file storing CPU and personal identification information and an application file classified according to the authentication depth, which is externally recorded in the application file. When there is an information presentation request, the CPU outputs the personal identification information stored in the authentication file, and transmits the personal identification information to the application file via the CPU based on a determination result received from an external device. Authentication IC capabilities, which are characterized by access.

 10. The authentication IC according to claim 8, wherein a unique ID indicating authority of a target transaction is recorded in the application file.

 11. The access to the application file is characterized in that access qualifications are registered in advance for each file and only authorized persons are allowed to access the application files. An authentication IC card according to any one of paragraphs 10 to 10.

1 2. A CPU, an authentication file storing personal identification information or personal identification information and authentication information, and an abbreviated file storing job program data classified according to the authentication depth. External access to the abbreviated file An authentication IC card that grants access when a request for access is made, based on the result of determining authenticity based on personal identification information stored in the authentication file, and forcibly authenticating the authentication file. Storing personal identification information of at least one second person other than the first person to be authenticated or authentication information of at least one subject, and determining in advance a job or data requiring authentication of the second person or the subject. When there is a request to execute or present a job or data requiring authentication of the second person or principal, personal identification information input from outside by the second person or subject or The authentication information is compared with the personal identification information or the authentication information stored in the authentication file, and when the authentication is passed, the execution of the job and the presentation of data are permitted through the CPU. Authentication IC card, characterized in that was.

 13. The CPU outputs the personal identification information or the authentication information stored in the authentication file to an external device and, based on the determination result received from the external device, sends the personal identification information or the authentication information to the application file via the CPU. The authentication IC card according to claim 12, wherein the authentication IC card is accessed.

 14. The authentication of the person or the subject is executed for both the first person and the second person or the subject, and the access to the publication file is permitted only when both pass. The authentication IC card according to claim 12 or 13, characterized in that:

 15. The authentication IC card further has an electronic certification file that records the contents of the authentication, and presents an electronic certificate that represents the contents of the authentication used when accessing the abrication file. The scope of the claim, characterized in that it can be used for certification IC certification according to any of paragraphs 12 to 14:

 16. Equipped with an IC card reader and a personal identification data input device, read the IC card with the user's authentication data recorded by the IC card reader, and read the personal identification data input from the personal identification data input device and the personal identification data A lock management system characterized by collating personal authentication data recorded on an IC card and unlocking the corresponding lock when authentication is successful.

17. The personal authentication data recorded on the IC card is biometric information data owned by the user or information data created by the user. Lock control described in Box 16

18. The lock control system according to claim 16 or 17, wherein there are a plurality of types of personal authentication data that can be recorded on the IC card, and the data can be selectively recorded.

o 19. The lock according to claim 18, wherein the lock is provided for each management section of the storage room divided into a plurality of management sections, and personal authentication data to be applied to each management section can be selected. Lock control for:

0 5 0 5