WO2014010214A1 - Authentication device and authentication system provided with same - Google Patents

Authentication device and authentication system provided with same Download PDF

Info

Publication number
WO2014010214A1
WO2014010214A1 PCT/JP2013/004190 JP2013004190W WO2014010214A1 WO 2014010214 A1 WO2014010214 A1 WO 2014010214A1 JP 2013004190 W JP2013004190 W JP 2013004190W WO 2014010214 A1 WO2014010214 A1 WO 2014010214A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
authentication
tablet
distributed data
license
Prior art date
Application number
PCT/JP2013/004190
Other languages
French (fr)
Japanese (ja)
Inventor
西谷 裕之
航 石川
Original Assignee
パナソニック株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by パナソニック株式会社 filed Critical パナソニック株式会社
Publication of WO2014010214A1 publication Critical patent/WO2014010214A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/50Maintenance of biometric data or enrolment thereof
    • G06V40/53Measures to keep reference information secret, e.g. cancellable biometrics

Definitions

  • the present invention relates to an authentication device and an authentication system including the authentication device, and more particularly to an authentication device suitable for confirming the validity of an authentication target in a remote place and an authentication system including the authentication device.
  • this type of authentication system for example, an alcohol test system for preventing drunk driving, an alcohol measuring device for measuring the alcohol concentration in the driver's breath and an image of the driver's license A license reader to be read and a PC for determining whether or not the license number recognized from the image of the driver's license is registered in advance, the alcohol measuring device is obtained from the image of the driver's license It is known that the alcohol concentration measurement is started after the PC determines that the obtained license number is a regular number (see Patent Document 1).
  • Patent Document 1 uses the license number read from the driver's license image instead of entering the driver's ID, etc., to confirm that the driver's license is not carried or has expired, and to check drinking Can be performed simultaneously.
  • the present invention has been devised in view of such problems of the prior art, and an authentication apparatus capable of preventing leakage of information used for authentication and preventing impersonation in authentication, and the authentication apparatus.
  • the main purpose is to provide a prepared authentication system.
  • An authentication apparatus is an authentication apparatus that acquires confidential information stored in a storage medium using at least a part of authentication information, and is a part of distributed information in which the authentication information is distributed.
  • a shared data storage unit for storing the shared data, and second shared data different from the first shared data in the shared information is acquired from the outside, and the authentication information is obtained from the first and second shared data.
  • a distributed information restoring unit for restoring is an authentication apparatus that acquires confidential information stored in a storage medium using at least a part of authentication information, and is a part of distributed information in which the authentication information is distributed.
  • FIG. 3 is a flowchart showing the pre-registration operation of the management server in ST101 in FIG. Flow chart showing the login operation (starting place) of the tablet in ST102 in FIG. Flow chart showing tablet login operation (remote location) in ST103 in FIG. Flow chart showing registration operation of alcohol test result of tablet in ST105 in FIG. Flow chart showing registration operation of alcohol test result of tachograph in ST105 in FIG.
  • a first invention made to solve the above-mentioned problem is an authentication device that acquires confidential information stored in a storage medium using at least a part of authentication information, and in which the authentication information is distributed
  • a distributed data storage unit that stores first shared data that is part of the information; and second shared data that is different from the first shared data in the shared information is acquired from outside, and the first and second And a shared information restoring unit for restoring the authentication information from the shared data.
  • the authentication device restores authentication information used for authentication from the first distributed data stored in the authentication device and the second distributed data acquired from the outside. It is possible to prevent the authentication information from flowing out through the communication network and to prevent impersonation in authentication.
  • the authentication information includes key information used for acquiring confidential information stored in the storage medium.
  • the authentication device uses the restored key information for authentication, it is not necessary to store identification information such as a password, and the convenience of the authentication operation is improved.
  • the authentication information includes biometric information for collation for collating biometric information of the person to be authenticated.
  • the authentication device stores identification information such as a personal identification number in order to use the restored biometric information (for example, information such as facial images, fingerprints, and irises that can be acquired on the spot) for authentication. Therefore, the convenience of the authentication operation is improved.
  • identification information such as a personal identification number
  • the restored biometric information for example, information such as facial images, fingerprints, and irises that can be acquired on the spot
  • the said information for authentication collates the key information used in order to acquire the confidential information memorize
  • the authentication device restores biometric information for verification and key information used for authentication from the first distributed data stored in the authentication device and the second distributed data acquired from the outside. Therefore, it is possible to prevent such authentication information from leaking through the communication network and to prevent impersonation in authentication. Further, since the person to be authenticated can use biometric information (for example, information such as facial images, fingerprints, and irises that can be acquired on the spot) and the restored key information for authentication, identification information such as a password Need not be stored, and there is an advantage that the convenience of the authentication operation is improved.
  • biometric information for example, information such as facial images, fingerprints, and irises that can be acquired on the spot
  • the 5th invention acquired in the said 3rd invention the biometric information acquisition part which acquires the biometric information of the said authentication subject, and the said biometric information for collation contained in the restored said information for authentication
  • a biometric information collating unit that collates the biometric information with at least one of the authentication information only when the biometric information collating unit determines that the collating biometric information and the biometric information match. It is set as the structure which acquires the said confidential information using a part.
  • the authentication device can prevent the acquisition of confidential information and more reliably prevent impersonation of the person even when another person illegally acquires the storage medium or the authentication device.
  • the second shared data is erased after the secret information is read out by the shared information restoration unit.
  • the authentication device prevents the second distributed data from being leaked after use, improving the safety and reliability of the authentication device.
  • the seventh invention is an authentication system comprising the authentication device according to the first invention and an authentication management device for providing the second distributed data to the authentication device.
  • the storage medium stores public information that can be acquired without requiring the authentication information
  • the authentication apparatus acquires the information from the storage medium.
  • the public information is transmitted to the authentication management apparatus, and the authentication management apparatus transmits the second distributed data corresponding to the public information acquired from the authentication apparatus to the authentication apparatus.
  • the authentication device of the eighth invention it is possible to reliably acquire the second distributed data corresponding to the public information.
  • the ninth invention further comprises an authentication device according to the first invention, a body condition measuring device for measuring the body condition of the person to be authenticated, and a recording device for recording the measurement result of the body condition.
  • the recording apparatus records the secret information and the measurement result of the physical state in association with each other.
  • a tenth aspect of the present invention is the configuration according to the ninth aspect, wherein the authentication device transmits the confidential information and the corresponding measurement result of the physical condition to the recording device.
  • the authentication device can easily record confidential information and physical condition measurement results in correspondence with each other.
  • the eleventh aspect of the present invention is the recording apparatus according to the seventh aspect, further comprising: a physical condition measuring device that measures the physical condition of the person to be authenticated; and a recording device that records the measurement result of the physical condition. Is configured to record the confidential information and the measurement result of the physical state in association with each other.
  • the authentication device transmits the confidential information and the corresponding measurement result of the physical condition to the recording device.
  • the authentication device can easily record confidential information and physical condition measurement results in association with each other.
  • the thirteenth invention is a part of the distributed information in which the authentication information is distributed, and the first shared data stored inside in advance, and the shared information is different from the first shared data.
  • the authentication information is restored from the second distributed data obtained from the server, and the secret information stored in the storage medium is obtained using at least a part of the restored authentication information. It is an authentication method.
  • FIG. 1 is an overall configuration diagram showing an alcohol test system as an authentication system according to the first embodiment of the present invention.
  • This alcohol inspection system 1 is for confirming the validity of the alcohol inspection at a remote place for the driver (authentication object) of the transport truck in the shipping company.
  • Device) 4 and an operation management server (authentication management device) 5 that is installed in the transportation company and performs authentication processing in cooperation with the tablet 2.
  • Tablet 2 consists of a portable personal computer equipped with a touch panel.
  • the tablet 2 can be connected to other external devices (communication via a LAN (Local Area Network) 12 built in the operating company, the Internet (Wide Area Network) 13 connected thereto, or near field communication). It is possible to exchange data and the like with the digital tachograph 4 and the operation management server 5).
  • the tablet 2 can read information (hereinafter referred to as license information) recorded in a non-contact type IC card driving license (hereinafter referred to as license) L which is a storage medium owned by the driver. It also functions as a simple reader.
  • license non-contact type IC card driving license
  • the tablet 2 can also be connected to the Internet 13 via a 3G line (not shown) or a mobile network such as LTE.
  • the alcohol tester 3 has a well-known configuration for measuring the alcohol concentration in the breath to be tested.
  • a digital tachograph (hereinafter referred to as a tachograph) 4 connected to the alcohol tester 3 is for electrically recording the operation information (operation time, travel speed, etc.) of the transport truck.
  • the alcohol test result (information of the measured alcohol concentration) is acquired from the inspection device 3 and recorded as a part of the operation information.
  • the tachograph 4 can communicate with other external devices via the Internet 13, near field communication, or the like.
  • the operation management server 5 is composed of a general-purpose computer and manages the operation information of the transport truck.
  • the operation management server 5 can provide various data, programs, and the like for authentication processing in response to a request from the tablet 2 by communicating with the tablet 2 via the LAN 12 or the Internet 13.
  • FIG. 2 is a functional block diagram of the alcohol inspection system shown in FIG.
  • the tablet 2 includes a network communication unit 21 having a wireless communication module for performing wireless LAN communication in conformity with a predetermined communication standard (IEEE802.11b / g / a, etc.) and a touch panel. While displaying various information necessary for the authentication process, the driver captures a display / input unit 22 for inputting an operation for the authentication process, a driver's face image (here, a still image), and the like.
  • a network communication unit 21 having a wireless communication module for performing wireless LAN communication in conformity with a predetermined communication standard (IEEE802.11b / g / a, etc.) and a touch panel. While displaying various information necessary for the authentication process, the driver captures a display / input unit 22 for inputting an operation for the authentication process, a driver's face image (here, a still image), and the like.
  • a predetermined communication standard IEEE802.11b /
  • a short-distance communication unit 24 having a radio communication module for performing short-distance wireless communication in accordance with a predetermined communication standard (Bluetooth (registered trademark), etc.) And an IC card reader 25 that reads information recorded on the IC chip in the license L by transmitting power to the license L in a non-contact manner.
  • a predetermined communication standard Bluetooth (registered trademark), etc.
  • the tablet 2 also includes a program memory 31 that stores application programs for executing various processes including an authentication process, a work memory 32 that is used as a work area for executing the application programs, and will be described in detail later.
  • a distributed data storage unit 33 which is a memory for storing shared information, and a CPU (control unit) 34 that comprehensively controls the operation of the tablet 2 by executing various programs.
  • the application information stored in the program memory 31 uses the shared information based on the secret sharing method to restore the authentication information using the shared information restoration unit 41 and the driver's face image taken by the photographing unit 23.
  • a face image matching unit (biometric information matching unit) 42, a user registration unit 43 for a driver to perform user registration with respect to the operation management server 5, and an alcohol test for executing processing related to a driver's alcohol test (Body state information processing unit) 44 is realized.
  • a secret sharing method at least authentication information is distributed (divided into a plurality of pieces), and as long as the original authentication information cannot be guessed depending on a part of the distributed information.
  • Various methods can be used. For example, A.Shamir: “How to Share a Secret”, Communication of the ACM, November 1979, Volume 22, Number 11 are known as methods using polynomial interpolation.
  • the shared information for restoring the authentication information by the shared information restoring unit 41 may not be based on the secret sharing method described above.
  • a plurality of pieces of distributed information in the present invention are generated from the original authentication information, and the original authentication information cannot be restored or estimated by each alone.
  • the shared information can restore the original authentication information for the first time when all or a part of the plurality of generated pieces of distributed data are collected. Any method can be used as long as it can generate such shared information, not limited to the secret sharing method.
  • the license L includes a communication unit 51 having an antenna that transmits and receives power and data to and from the IC card reader 25 of the tablet 2, and an IC control unit 52 and a memory 53 provided in an IC chip (not shown). is doing.
  • the IC control unit 52 includes a rectifier circuit, a modulation circuit, a demodulation circuit, and the like in addition to a control circuit that comprehensively controls operations such as data transmission / reception and storage in the IC chip.
  • the memory 53 is composed of a non-volatile memory such as an EEPROM, and is protected by the public information 55 including information on the date of issue of the license L and the expiration date as the license information, and the first recitation number PIN1.
  • PIN1 confidential information 56 including information such as the driver's name, date of birth, license type, license number, etc. and PIN2 which is the second recitation number PIN2 secret information 57 including the URL is stored.
  • PIN1 and PIN2 are key information for acquiring the confidential information from the license L, and are configured by a number of digits set in advance by the driver.
  • confidential information can be read out by an IC card reader without requiring a recitation number.
  • confidential information does not necessarily mean secret information that has not been made public, but it cannot be read from the license L by being protected by key information such as a recital number. It means that it is information.
  • the tachograph 4 includes a network communication unit 61, a display unit 62 / input unit 63, and a short-range communication having the same functions as the network communication unit 21, the display / input unit 22, and the short-range communication unit 24 in the tablet 2 described above.
  • a portion 64 is provided.
  • the tachograph 4 includes a program memory 71 that stores an application program for executing registration (storage) of alcohol test results, a work memory 72 that is used as a work area for executing the application program, and alcohol test results.
  • a storage 73 for storing information such as, a CPU 74 for comprehensively controlling the operation of the tachograph 4 by executing various programs, and an inspector I / F 75 that is an interface to which the alcohol inspector 3 is connected.
  • the operation management server 5 includes a network communication unit 81, a display unit 82, and an input unit that have the same functions as the network communication unit 21, display / input unit 22, program memory 31, work memory 32, and CPU 34 in the tablet 2 described above. 83, a program memory 84, a work memory 85, and a CPU 86.
  • the management information collating unit 91 that collates public information received from the tablet 2 by the application program stored in the program memory 84 and the authentication process in the tablet 2 are used.
  • a distributed data generation unit 92 that generates shared information
  • a user registration unit 93 that allows the driver to perform user registration of the tablet 2 are realized.
  • information necessary for authentication processing transmitted / received to / from the tablet 2 is appropriately stored.
  • the shared information generated by the distributed data generation unit 92 includes two types of distributed data described below.
  • One of them is internal distributed data (first distributed data) stored in the tablet 2 in the take-out registration of the tablet 2 at the departure place, which will be described in detail later with reference to ST102 of FIG. 3 and FIG.
  • the other is the external distributed data that is not stored in the tablet 2 at the departure place but is transmitted to the tablet 2 when logging in to the tablet 2 at a remote place, which will be described in detail later with reference to ST103 in FIG. 3 and FIG. (Second distributed data).
  • FIG. 3 is a flowchart showing the flow of the processing procedure by the alcohol inspection system shown in FIG.
  • the driver of the transport truck performs user registration (hereinafter referred to as pre-registration) for starting use of the tablet 2 received from the system administrator in the transport company (ST101).
  • pre-registration when the driver communicates with the operation management server 5 using the tablet 2, authentication information and public information are provided from the tablet 2 to the operation management server 5.
  • Distributed information is generated from the authentication information.
  • the driver obtains internal shared data, which is a part of the shared information generated in ST101, by performing login to the tablet 2 at the departure place (here, in the shipping company) (ST102). ).
  • the driver who uses the tablet 2 often differs depending on the day. Therefore, the tablet 2 has been registered for take-out by the logged-in driver by this ST102.
  • the operation management server 5 holds both the external distributed data and the internal distributed data.
  • the driver when the driver starts driving the transport truck at a remote location (for example, the transport destination of the transport truck's baggage), the driver performs login (authentication processing) to the tablet 2 to authenticate the alcohol test. (ST103).
  • the login to the tablet 2 is performed using authentication information restored from the internal distributed data stored in the tablet 2 and the external distributed data stored in the operation management server 5.
  • the driver can start the alcohol test section (program) 44 for performing the alcohol test (more specifically, registering the alcohol test result in the tachograph 4). Become. On the other hand, if the login to the tablet 2 fails, the driver cannot perform the alcohol test (more specifically, the alcohol test result cannot be registered in the tachograph 4).
  • the driver activates an application program for performing an alcohol test and registering the result on the tablet 2, and performs an alcohol test using the alcohol tester 3 (ST104).
  • the alcohol test the alcohol concentration in the driver's breath is measured by a known method.
  • the alcohol test may be performed before or after the login (remote location) of the tablet 2 in ST103.
  • an example of performing an alcohol test is shown.
  • other methods for checking a driver's body condition or health condition for example, blood pressure, pulse, body temperature, electrocardiogram, complexion, etc.
  • the inspection may be carried out.
  • the login to the tablet 2 is used as an authentication process for the alcohol test.
  • the present invention is not limited to this, and for other functions (for example, a web access function) that can be executed in the tablet 2. It can also be used as an authentication process.
  • FIG. 4 and 5 are flowcharts showing the pre-registration operations of the tablet and the operation management server in ST101 in FIG. 3, respectively. These pre-registration operations are performed, for example, when a driver who has just been hired does business, or when there is a situation in which login may be hindered, such as renewing a driver's license or a major change in hairstyle. This is a case of re-registering.
  • the tablet 2 activates the user registration unit (program) 43 and requests the driver to input PIN1. Is displayed on the display / input unit 22 (ST201). Therefore, when PIN1 (four-digit number here) is input by the driver (ST202: Yes), the tablet 2 subsequently displays a screen for requesting the driver to input PIN2. This is displayed on the input unit 22 (ST203). Therefore, when PIN2 (four-digit number here) is input by the driver (ST204: Yes), the tablet 2 displays / inputs a screen for requesting the driver to read the license L. This is displayed on the unit 22 (ST205). PIN1 and PIN2 input by the driver in response to the request screens of ST201 and ST203 are stored in the work memory 32 of the tablet 2.
  • the tablet 2 acquires public information from the license L, and PIN1 and PIN2 acquired in ST202 and ST204. Is used to obtain the PIN1 secret information 56 and the PIN2 secret information 57 from the license L. Therefore, when acquisition of the driver's license face image (PIN2 confidential information 57) is successful (ST206: Yes), the tablet 2 then displays a screen for requesting the driver to capture the current face. The information is displayed on the display / input unit 22 (ST207).
  • the tablet 2 stores the face image acquired by photographing (hereinafter referred to as a photographed face image) in the work memory 32. Subsequently, the tablet 2 activates the face image collation unit (program) 42, and collates the captured face image of ST208 with the license face image acquired in ST206 (ST209). In the face image collation in ST209, the tablet 2 matches the two face images by performing matching by focusing on the characteristic parts (for example, each part constituting the face) in the two face images by a known method. It is determined whether or not to do.
  • the tablet 2 manages the PIN1, PIN2, public information, and photographed face image (hereinafter referred to as pre-registration information) acquired in the above steps. It transmits to the server 5 (ST210). And tablet 2 will judge that pre-processing was completed normally, if the notice to the effect that registration of the pre-registration information transmitted by ST210 was completed from operation management server 5 (ST211: Yes).
  • the acquired pre-registration information and license face image in the work memory 32 are deleted (ST212). As a result, troubles such as the pre-registration information and the license face image later leaking from the tablet 2 are avoided, and the safety and reliability of authentication are improved. Thereafter, the tablet 2 displays a screen informing the driver that the pre-registration is completed on the display / input unit 22 (ST213).
  • the tablet 2 has failed in the pre-processing.
  • the pre-registration information and the license face image in the work memory 32 are deleted (ST214). Thereafter, the tablet 2 displays on the display / input unit 22 a screen informing the driver that pre-registration has failed (ST215).
  • the operation management server 5 enters a state of waiting for reception of pre-registration information from the tablet 2 (ST301). And the operation management server 5 will start the user registration part (program) 93, if the pre-registration information (refer ST210 in FIG. 4) from the tablet 2 is received (ST302: Yes), and the received pre-registration information is included. Based on the public information included, a driver account is created (ST303).
  • the operation management server 5 activates the distributed data generation unit (program) 92, and based on the secret sharing method from the PIN1, PIN2 as authentication information included in the pre-registration information, and the photographed face image (internal information) (Distributed data, external distributed data) is generated (ST304).
  • the generated internal distributed data and external distributed data are associated with the account created in ST 303 and stored in the storage 95.
  • the photographed face image included in the authentication information here is collated with the face image photographed by each driver in processing such as login to the tablet 2 in ST103 in FIG. Is used as face image information for verification.
  • PIN1 and PIN2 and the captured face image are deleted from the operation management server 5 after the shared information is generated. Thereby, troubles such as those PIN1, PIN2, and the photographed face image that later flow out of the operation management server 5 are avoided, and the safety and reliability of authentication are improved.
  • the operation management server 5 registers the internal shared data and the external distributed data generated in ST304 to the account created in ST303 (ST305), and further notifies the tablet that the registration of the pre-registration information is completed. 2 (ST306).
  • FIG. 6 is a flowchart showing the login operation (starting place) of the tablet in ST102 in FIG. This is performed each time the driver departs from the shipping company (departure point), for example, in a state where the pre-registration of ST101 in FIG. 3 has been completed.
  • the tablet 2 starts the login procedure at the departure place, and displays a screen for requesting the driver to read the license L as in ST205 in FIG. 4 (ST401). Therefore, when the tablet 2 reads the license information from the license L and acquires the public information (ST402: Yes), the tablet 2 transmits the public information to the operation management server 5 via the LAN 12 (ST403).
  • the operation management server 5 recognizes that access has been received from the tablet 2 existing in the company, and subsequently activates the management information verification unit (program) 91 to verify the public information received from the tablet 2. Then, the internal shared data and the external distributed data associated with the public information are transmitted to the tablet 2.
  • the tablet 2 when the tablet 2 receives the internal distributed data and the external distributed data from the operation management server 5 (ST404: Yes), the tablet 2 stores the internal distributed data and the external distributed data in the distributed data storage unit 33. Then, the tablet 2 restores the authentication information (that is, obtains PIN1, PIN2, and collation face image) using the distributed data (ST405). Subsequently, as in ST207 in FIG. 4, the tablet 2 displays a screen for requesting the driver to photograph the face (ST406), and when the photographing of the driver's face is completed (ST407: Yes). ), The face image collation unit (program) 42 is activated, and the captured face image of ST407 and the collation face image acquired in ST405 are collated in the same manner as ST209 in FIG. 4 (ST408).
  • the tablet 2 If it is determined in ST408 that both face images match (Yes), the tablet 2 requests the driver to read the license L again (ST409), similarly to the above ST401, where PIN1, PIN2 Is used to access PIN1 confidential information 56 and PIN2 confidential information 57 (ST410). In this way, the tablet 2 can read the confidential information in the license L using the PIN1 and PIN2 only when it is determined that the driver's photographed face image and the matching face image match. Even when another person illegally acquires the license L or the tablet 2, it is possible to prevent the confidential information of the license L from being acquired and to prevent impersonation of the person more reliably.
  • the tablet 2 determines that the login by the driver is successful, and external distribution in the work memory 32 is performed.
  • the data, the photographed face image, and the collation face image are deleted (ST412).
  • the tablet 2 displays a screen informing the driver that the login is completed on the display / input unit 22 (ST413).
  • the tablet 2 determines that the login by the driver has failed, and similarly to the above ST412 Then, the external shared data and the internal distributed data in the work memory 32 are deleted (when the acquired face image and the collation face image are already acquired) (ST414). Thereafter, the tablet 2 displays on the display / input unit 22 a screen informing the driver that the login has failed (ST415).
  • FIG. 7 is a flowchart showing the login operation (remote location) of the tablet in ST103 in FIG.
  • the driver activates the tablet 2 at a remote location
  • the tablet 2 starts a login procedure at the remote location.
  • the tablet 2 performs ST501 to ST503 similar to ST401 to ST403 in FIG.
  • the operation management server 5 recognizes that access has been received from the tablet 2 that exists outside the company, and then activates the management information verification unit (program) 91 to verify the public information received from the tablet 2.
  • the external shared data associated with the public information is transmitted to the tablet 2.
  • the tablet 2 when receiving the external shared data from the operation management server 5 (ST504: Yes), the tablet 2 stores the external distributed data in the distributed data storage unit 33.
  • the tablet 2 restores the authentication information using the external shared data acquired from the operation management server 5 and the internal shared data stored in the distributed data storage unit 33 in ST102 described above (that is, PIN1, PIN2,. A face image for verification is acquired) (ST505).
  • the tablet 2 performs ST506 to ST515 similar to ST406 to ST415 in FIG.
  • ST514 only the external shared data is deleted from the distributed data storage unit 33 (if the image is already acquired, the photographed face image and the collation face image are also deleted), and the internal shared data is retained for the next login. Is done.
  • FIG. 8 and 9 are flowcharts showing the registration operation of the alcohol test result of the tablet and the tachograph in ST105 in FIG. 3, respectively.
  • the tablet 2 when the login is completed and the alcohol test section (program) 44 is activated, the tablet 2 is in a state of waiting for an alcohol test result (ST601). Therefore, when the tablet 2 acquires the alcohol test result from the tachograph 4 (ST602: Yes), the tablet 2 displays the alcohol test result on the display / input unit 22 (ST603). At this time, the display / input unit 22 displays a screen informing the driver that the alcohol test result is being registered.
  • the tablet 2 includes the alcohol test result (alcohol concentration measurement data), and at least a part of the license information (here, the license number) acquired at the time of login (see ST502 and ST511 in FIG. 7).
  • an alcohol test result here, the license number
  • an authenticated alcohol test result an alcohol test result to which the license information is added
  • ST604 an alcohol test result to which the license information is added
  • the confidential information includes the license number, the vehicle type permitted to drive, the name and address of the license holder, and the like.
  • Public information includes a promulgation date and an expiration date.
  • the tablet 2 registers the alcohol test result. Is displayed on the display / input unit 22 (ST609).
  • the operation of registering the alcohol test result of the tachograph will be described.
  • the tachograph 4 enters a state of waiting for an inspection of the alcohol tester 3 (ST701), and a message indicating that the driver is waiting for an inspection is displayed on the display unit 62. Is displayed.
  • the tachograph 4 receives the alcohol test result from the alcohol tester 3 (ST702: Yes). Subsequently, the tachograph 4 transmits the alcohol test result to the tablet 2.
  • the tachograph 4 stores the authenticated alcohol test result in the storage 73 (ST705). Then, a message that the registration of the alcohol test result is completed is displayed on the display unit 62, and the fact is notified to the tablet 2 (ST706).
  • the tachograph 4 acquires the authenticated alcohol test result from the tablet 2. However, the tachograph 4 acquires the license information from the tablet 2, and the authenticated alcohol test result similar to that of the tablet 2 described above. It is good also as a structure which produces
  • the tachograph 4 a message that the registration of the alcohol test result has failed. It is displayed on the display unit 62 (ST708).
  • FIG. 10 is a flowchart showing the login operation (starting place) of the tablet according to the second embodiment, and corresponds to FIG. 6 in the first embodiment.
  • Tablet 2 starts the login procedure at the departure place in the state where the pre-registration (see ST101 in FIG. 3) is completed, and executes ST801 and ST802 similar to ST406 and ST407 in FIG. Thereafter, the tablet 2 performs ST803 to ST807 similar to ST401 to ST405 in FIG. 6, respectively, and further performs ST808 to ST815 similar to ST408 to ST415 in FIG. Note that, unlike ST412 and ST414 in FIG. 6, the license information is also deleted in ST812 and ST814. This avoids troubles such as license information leaking out from the tablet 2 later, and improves the safety and reliability of authentication.
  • FIG. 11 is a flowchart showing the login operation (remote location) of the tablet according to the second embodiment, and corresponds to FIG. 7 in the first embodiment.
  • the tablet 2 When the driver activates the tablet 2 at a remote location, the tablet 2 starts a login procedure at the remote location, and executes ST901 and ST902 similar to S506 and ST507 in FIG. Thereafter, the tablet 2 performs ST903 to ST907 similar to ST501 to ST505 in FIG. 7, respectively, and further performs ST908 to ST915 similar to ST508 to ST515 in FIG. Unlike ST512 and ST514 in FIG. 6, the license information is also deleted in ST912 and ST914. This avoids troubles such as license information leaking out from the tablet 2 later, and improves the safety and reliability of authentication.
  • photographing of the driver's face is performed in ST801 to ST802 in FIG. 10 and ST901 to ST902 in FIG.
  • the reading operation of the license L twice is ST803 and ST809 in FIG. 10, and ST903 and ST909 in FIG. That is, photographing of the driver's face and reading operation of the license L twice are separated.
  • the driver first shoots his / her face using only the tablet 2 and then takes out the license L from the pocket or bag and holds it over the tablet 2 twice.
  • the face photographing operation does not enter during the reading operation of the license L.
  • the driver's license L that has been held before is placed somewhere in the vehicle before the face photographing operation, and the license L is not held again after the face photographing operation.
  • the number of times the tablet 2 is changed is reduced. Therefore, a smoother login procedure can be performed.
  • the processing from the first reading request of the license L (ST803 in FIG. 10 and ST903 in FIG. 11) to the face image collation (ST808 in FIG. 10 and ST908 in FIG. 11) currently takes time.
  • the tablet 2 can use PIN1 and PIN2 for the first time after collation of the face image is OK.
  • PIN1 and PIN2 can be used, there is a possibility that the driver who attempts to log in to the tablet 2 will release the license L from the tablet 2. Therefore, in order to reliably acquire the secret information 56 or the secret information 57 from the license L, a request for reading the license L is displayed again (ST809 in FIG. 10, ST909 in FIG. 11).
  • FIG. 12 is a flowchart showing an operation of registering the alcohol test result of the tablet according to the second embodiment, and corresponds to FIG. 8 in the first embodiment.
  • the tablet 2 when the login is completed and the alcohol test section (program) 44 is activated, a screen for requesting the driver to read the license L is displayed (ST1001), and PIN1 and PIN2 are used. The license L is then accessed (ST1002). This is necessary to obtain again the license information combined with the result after the alcohol test is completed after the license information has been deleted from the tablet 2 after the login in FIG. If the tablet 2 succeeds in obtaining the public information and the PIN1 confidential information 56 and the PIN2 confidential information 57 from the license L (ST1003: Yes), the tablet 2 is the same as S601 to ST603 in FIG. Steps ST1004 to ST1006 are executed.
  • the tablet 2 generates a plurality of distributed data in which information including the alcohol test result and the license information (at least a part) is distributed by the same processing as the distributed data generation unit (program) 92 of the operation management server 5. (ST1007). Then, the tablet 2 transmits a part of the distributed data regarding the inspection result generated in ST1007 to the tachograph 4 (ST1008). The remaining shared data that has not been transmitted to the tachograph 4 is held in the distributed data storage unit 33 of the tablet 2. Alternatively, a part or all of them may be transmitted to the operation management server 5. In other words, in the first embodiment shown in FIG.
  • FIG. 13 is a flowchart showing an operation for registering the alcohol test result of the tachograph according to the second embodiment, and corresponds to FIG. 9 in the first embodiment.
  • the tachograph 4 executes ST1101 to ST1103 similar to ST701 to ST703 in FIG.
  • the tachograph 4 receives distributed data (see ST1008 in FIG. 12) corresponding to the authenticated alcohol test result transmitted from the tablet 2 (ST1104: Yes), the distributed data is stored in the storage 73 (ST1105). ) A message indicating that the registration of the alcohol test result has been completed is displayed on the display unit 62, and the fact is notified to the tablet 2 (ST1106).
  • the tachograph 4 displays a message that the registration of the alcohol test result has failed. 62, and notifies the tablet 2 to that effect (ST1108).
  • the alcohol test result and the license information at a remote location become a plurality of different distributed data that cannot be restored by itself.
  • the plurality of different distributed data is registered in any one of the tachograph 4, the tablet 2, and the operation management server 5.
  • these distributed data are collected into the operation management server 5 and stored as part of the operation record.
  • the driver When such distributed data is registered in the tachograph 4 and the tablet 2, for example, the driver first pulls up the distributed data of the tachograph 4 to the tablet 2 and brings the tablet 2 into the transportation company. Then, the driver transfers the distributed data held in the tablet 2 to the operation management server 5. This facilitates data handling and improves convenience.
  • the operation management server 5 may collect the distributed data respectively registered in the tachograph 4 and the tablet 2 via at least some different communication paths.
  • the operation management server 5 may collect the distributed data held by the tablet 2 via the LAN 12 and may collect the distributed data held by the tachograph 4 via the LAN 12 and the Internet 13. (It may also be via a mobile phone line such as 3G or LTE (not shown)).
  • a mobile phone line such as 3G or LTE (not shown)
  • the operation management server 5 may directly collect the distributed data held by the tachograph 4.
  • the operation management server 5 may collect the distributed data held by the tachograph 4 via the LAN 12 and the Internet 13 (further, a cellular phone line such as 3G or LTE, not shown). May be used).
  • the following may be performed. That is, the driver collects the distributed data held in the tachograph 4 in the tablet 2 by using, for example, the short-range communication unit 24 of the tablet 2 and the short-range communication unit 64 of the tachograph 4, and stores it in the inside of the transportation company. Bring it in.
  • the driver transfers those distributed data held in the tablet 2 to the operation management server 5.
  • the tachograph 4 always holds only one of a plurality of distributed data from the time of leaving the shipping company until returning, the safety and reliability of the certified alcohol test result is ensured. Further improve.
  • the tablet 2 collects the distributed data stored in the tachograph 4 in the operation management server 5, the distributed data is only temporarily stored. Therefore, the safety and reliability of the authenticated alcohol test result Is further improved.
  • the tablet 2 in the alcohol test system for verification used for authentication from the internal distributed data stored in the distributed data storage unit 33 and the external distributed data acquired from the external operation management server 5. Since the face image and PIN1 and PIN2 (key information) are restored, it is possible to prevent such authentication information from leaking through a communication network such as the Internet 13, and to prevent impersonation in authentication.
  • the driver since the driver uses the face image photographed on the spot, the restored key information, and the license carried by himself / herself for authentication, the driver can use a personal identification number such as PIN1 or PIN2 of the license, There is no need to store identification information such as codes and employee codes, and there is an advantage that convenience of authentication operation is improved.
  • the driver is only required to hold the license L over the IC card reader 25 built in the tablet 2 and to photograph his / her face image with the tablet 2.
  • the present invention has been described based on specific embodiments, these embodiments are merely examples, and the present invention is not limited to these embodiments.
  • the means and method for performing communication between devices such as the authentication device and the authentication management device constituting the authentication system according to the present invention are shown in the embodiment as long as at least necessary data can be transmitted and received. It is possible to change to other well-known means and methods without being limited to those.
  • the biometric information used in the present invention is not limited to a face image, but may be other information used for well-known biometric authentication such as fingerprints, irises, voiceprints, veins, and ear shapes.
  • a device other than the camera for example, a fingerprint reading device
  • the storage medium used in the present invention is not limited to an IC card driver's license, and may be another storage medium such as a card having a known RF tag.
  • the external distributed data (the remaining distributed data excluding the internal distributed data) is held not only in the above-described operation management server 5 but also in a plurality of information processing apparatuses that can communicate with the authentication apparatus (that is, the authentication apparatus A configuration in which external distributed data is acquired from a plurality of information processing apparatuses is also possible.
  • the operation management server 5 may be provided with a device corresponding to each of the imaging unit 23, the IC card reader 25, the face image matching unit 42, and the user registration unit 43 provided in the tablet 2.
  • the photographing of the face image at the time of pre-registration and the photographing of the face image at the time of login to the tablet 2 at the departure place or the remote place are performed by the photographing unit 23 of the same tablet 2. Even if the tablet 2 to be used differs between pre-registration and login, the specifications of the photographing unit 23 are the same. Therefore, since a face image having no great difference in the number of pixels, color, and the like can be obtained between pre-registration and login, the authentication success rate is also increased.
  • the operation management server 5 shown in FIGS. 1 and 2 holds both the external distributed data and the internal distributed data.
  • a plurality of storages 73 of the operation management server 5 may be prepared, and the external distributed data and the internal distributed data may be separately stored in different storages.
  • the operation management server 5 may hold only externally distributed data. In that case, the internal distributed data may be returned to the operation management server 5 when the tablet 2 returns to the departure place. In any case, it is more advanced with respect to hacking or the like that the operation management server 5 retains the authentication information itself in the form of distributed data generated based on the authentication information than the authentication information itself. Security can be realized.
  • the operation management server 5 may restore the authentication information from the external distributed data and the internal distributed data, and appropriately perform processing for generating the external distributed data and the internal distributed data different from that before the recovery. That is, distributed data may be updated. In that case, it is desirable to carry out in a state where the internal distributed data is not held in the tablet 2. Then, the operation management server 5 can realize higher security against hacking and the like without hindering the exchange of information with the tablet 2.
  • the health management such as an alcohol test may be performed by the operation management server 5 or an information terminal (not shown) that can communicate with the operation management server 5 and the tablet 2.
  • the operation management server 5 or an information terminal communicable with the operation management server 5 is connected with a device for measuring and inspecting a physical condition such as another alcohol tester, and provided with a program capable of communicating with and controlling the device. That's fine.
  • “measuring and examining physical condition or health condition” refers to measuring and examining blood pressure, pulse, body temperature, electrocardiogram, facial color, and the like, as described above.
  • the operation management server 5 may pass the shared information to the tablet 2 only when the result of the inspection at the time of departure is OK, and may not pass the shared information to the tablet 2 when the result is NG. If it does in this way, it can prevent that the person who does not have driving qualification of the day carries out the tablet 2 illegally and departs.
  • the embodiments described so far assume that the tablet 2 is used daily by a plurality of drivers. However, when the tablet 2 is used as a dedicated terminal for one driver, the internal distributed data may be transferred to the tablet 2 immediately after the pre-registration is completed, and thereafter held on the tablet 2. In this case, the internal shared data is not erased when the facial image features do not match or when the license secret information acquisition fails.
  • Internal distributed data may be held in work memory or program memory in addition to the distributed data storage unit. Further, the remainder of the distributed data in the second embodiment may be held in the work memory or the program memory in addition to the distributed data storage unit.
  • the constituent elements of the authentication apparatus according to the present invention and the authentication system including the authentication apparatus according to the present invention are not necessarily essential, and may be appropriately selected as long as they do not depart from the scope of the present invention. Is possible.
  • the authentication apparatus according to the present invention and the authentication system including the authentication apparatus can prevent the outflow of information used for authentication and prevent impersonation in authentication, and particularly confirm the validity of the authentication target in a remote place. It is useful as an authentication device suitable for the above and an authentication system provided with the same.
  • Alcohol inspection system (authentication system) 2 Tablet (authentication device) 3 Alcohol tester (physical condition measuring device) 4 Digital tachograph (recording device) 5 Operation management server (authentication management device) 22 Display / Input Unit 23 Imaging Unit (Biological Information Acquisition Unit) 33 Distributed data storage unit 34 CPU (control unit) 41 Distributed information restoration unit (distributed information restoration unit) 42 face image matching unit (biometric information matching unit) 44 Alcohol testing department (physical condition information processing department) L IC card driver's license (storage medium)

Abstract

[Problem] To provide an authentication device that makes it possible to prevent a leak of information used in authentication, and to prevent forgery in authentication. [Solution] Provided is an authentication device (2) that uses at least a portion of information for authentication to acquire secret information that is stored in a storage medium (L), said authentication device (2) being provided with: a distributed data storage unit (33) that stores first distributed data, which is a portion of distributed information obtained by distributing information for authentication; and a distributed information reconstruction unit (41) that acquires, from outside, second distributed data that is of the distributed information but is different from the first distributed data, and reconstructs information for authentication from the first and second distributed data.

Description

認証装置及びこれを備えた認証システムAuthentication apparatus and authentication system provided with the same
 本発明は、認証装置及びこれを備えた認証システムに関し、特に、遠隔地における認証対象の正当性を確認するのに適した認証装置及びこれを備えた認証システムに関する。 The present invention relates to an authentication device and an authentication system including the authentication device, and more particularly to an authentication device suitable for confirming the validity of an authentication target in a remote place and an authentication system including the authentication device.
 従来、この種の認証システムとして、例えば、飲酒運転を防止するためのアルコール検査システムであって、運転者の呼気中のアルコール濃度を測定するアルコール測定器と、運転者の運転免許証の画像を読み込む免許証リーダと、その運転免許証の画像から認識した免許証番号が事前に登録されたものであるか否かを判定するPCとを備え、アルコール測定器は、運転免許証の画像から取得された免許証番号が正規の番号であるとPCによって判断された後に、アルコール濃度の測定を開始するようにしたものが知られている(特許文献1参照)。 Conventionally, as this type of authentication system, for example, an alcohol test system for preventing drunk driving, an alcohol measuring device for measuring the alcohol concentration in the driver's breath and an image of the driver's license A license reader to be read and a PC for determining whether or not the license number recognized from the image of the driver's license is registered in advance, the alcohol measuring device is obtained from the image of the driver's license It is known that the alcohol concentration measurement is started after the PC determines that the obtained license number is a regular number (see Patent Document 1).
特開2005-157599号公報JP 2005-157599 A
 上記特許文献1に記載された従来技術は、運転者のID入力等の代わりに運転免許証の画像から読み取った免許証番号を用いることで、免許証の不携帯や失効の確認と、飲酒点検とを同時に行うことを可能とするものである。 The prior art described in Patent Document 1 uses the license number read from the driver's license image instead of entering the driver's ID, etc., to confirm that the driver's license is not carried or has expired, and to check drinking Can be performed simultaneously.
 しかしながら、上記従来技術では、遠隔地においてアルコール濃度を測定する場合、免許証番号等の個人情報が不特定の利用者によって共有されるネットワーク上を流れるため、この個人情報が悪意の第三者に入手されると、本人への成り済まし等の犯罪に用いられる可能性があるという問題があった。 However, in the above prior art, when measuring alcohol concentration in a remote place, personal information such as a license number flows on a network shared by unspecified users, so this personal information is sent to a malicious third party. Once obtained, there was a problem that it could be used for crimes such as impersonation of the person.
 また、上記従来技術では、遠隔地においてアルコール濃度を測定する場合に、正規の運転者でない他人であっても、正規の免許証を入手できれば、その券面に印刷された顔写真やその他の免許証本人の顔写真を入手し認識させて本人に成り済ますことが可能となるという問題もあった。つまり、上記従来技術では、飲酒した運転者の代わりに、飲酒していない他人がアルコール検査を行うこと等の不正行為を防止できなかった。 In addition, in the above prior art, when measuring alcohol concentration in a remote place, even if someone other than a regular driver can obtain a regular license, a photo of the face printed on the ticket and other licenses can be obtained. There was also a problem that it was possible to acquire and recognize the person's face photo and recognize him. That is, in the above-described conventional technology, it is not possible to prevent an illegal act such as an alcohol test performed by another person who has not drunk instead of a driver who has drunk.
 本発明は、このような従来技術の課題を鑑みて案出されたものであり、認証に用いられる情報の流出を防止すると共に、認証における成り済ましを防止することを可能とした認証装置及びこれを備えた認証システムを提供することを主目的とする。 The present invention has been devised in view of such problems of the prior art, and an authentication apparatus capable of preventing leakage of information used for authentication and preventing impersonation in authentication, and the authentication apparatus. The main purpose is to provide a prepared authentication system.
 本発明の認証装置は、認証用情報の少なくとも一部を用いて記憶媒体に記憶された秘匿情報を取得する認証装置であって、前記認証用情報を分散した分散情報の一部である第1の分散データを格納する分散データ格納部と、前記分散情報において前記第1の分散データとは異なる第2の分散データを外部から取得し、前記第1および第2の分散データから前記認証用情報を復元する分散情報復元部とを備えたことを特徴とする。 An authentication apparatus according to the present invention is an authentication apparatus that acquires confidential information stored in a storage medium using at least a part of authentication information, and is a part of distributed information in which the authentication information is distributed. A shared data storage unit for storing the shared data, and second shared data different from the first shared data in the shared information is acquired from the outside, and the authentication information is obtained from the first and second shared data. And a distributed information restoring unit for restoring.
 このように本発明によれば、認証に用いられる情報の流出を防止すると共に、認証における成り済ましを防止することが可能となるという優れた効果を奏する。 As described above, according to the present invention, it is possible to prevent an outflow of information used for authentication and to prevent impersonation in authentication.
第1実施形態に係るアルコール検査システムの全体構成図Overall configuration diagram of an alcohol test system according to the first embodiment 図1に示したアルコール検査システムの機能ブロック図Functional block diagram of the alcohol test system shown in FIG. 図1に示したアルコール検査システムによる処理手順の流れを示すフロー図The flowchart which shows the flow of the processing procedure by the alcohol test | inspection system shown in FIG. 図3中のST101におけるタブレットの事前登録動作を示すフロー図Flow chart showing tablet pre-registration operation in ST101 in FIG. 図3中のST101における管理サーバの事前登録動作を示すフロー図FIG. 3 is a flowchart showing the pre-registration operation of the management server in ST101 in FIG. 図3中のST102におけるタブレットのログイン動作(出発地)を示すフロー図Flow chart showing the login operation (starting place) of the tablet in ST102 in FIG. 図3中のST103におけるタブレットのログイン動作(遠隔地)を示すフロー図Flow chart showing tablet login operation (remote location) in ST103 in FIG. 図3中のST105におけるタブレットのアルコール検査結果の登録動作を示すフロー図Flow chart showing registration operation of alcohol test result of tablet in ST105 in FIG. 図3中のST105におけるタコグラフのアルコール検査結果の登録動作を示すフロー図Flow chart showing registration operation of alcohol test result of tachograph in ST105 in FIG. 第2実施形態に係るタブレットのログイン動作(出発地)を示すフロー図The flowchart which shows the login operation | movement (starting place) of the tablet which concerns on 2nd Embodiment. 第2実施形態に係るタブレットのログイン動作(遠隔地)を示すフロー図The flowchart which shows the login operation | movement (remote place) of the tablet which concerns on 2nd Embodiment. 第2実施形態に係るタブレットのアルコール検査結果の登録動作を示すフロー図The flowchart which shows registration operation | movement of the alcohol test result of the tablet which concerns on 2nd Embodiment. 第2実施形態に係るタコグラフのアルコール検査結果の登録動作を示すフロー図The flowchart which shows the registration operation | movement of the alcohol test result of the tachograph which concerns on 2nd Embodiment
 上記課題を解決するためになされた第1の発明は、認証用情報の少なくとも一部を用いて記憶媒体に記憶された秘匿情報を取得する認証装置であって、前記認証用情報を分散した分散情報の一部である第1の分散データを格納する分散データ格納部と、前記分散情報において前記第1の分散データとは異なる第2の分散データを外部から取得し、前記第1および第2の分散データから前記認証用情報を復元する分散情報復元部とを備えたことを特徴とする。 A first invention made to solve the above-mentioned problem is an authentication device that acquires confidential information stored in a storage medium using at least a part of authentication information, and in which the authentication information is distributed A distributed data storage unit that stores first shared data that is part of the information; and second shared data that is different from the first shared data in the shared information is acquired from outside, and the first and second And a shared information restoring unit for restoring the authentication information from the shared data.
 この第1の発明に係る認証装置は、認証装置内に格納された第1の分散データと、外部から取得された第2の分散データとから認証に用いられる認証用情報を復元するため、それら認証用情報が通信ネットワークを介して流出することを防止できると共に、認証における成り済ましを防止することができる。 The authentication device according to the first aspect of the present invention restores authentication information used for authentication from the first distributed data stored in the authentication device and the second distributed data acquired from the outside. It is possible to prevent the authentication information from flowing out through the communication network and to prevent impersonation in authentication.
 また、第2の発明は、上記第1の発明において、前記認証用情報には、前記記憶媒体に記憶された秘匿情報を取得するために用いられる鍵情報が含まれる構成とする。 In addition, in a second aspect based on the first aspect, the authentication information includes key information used for acquiring confidential information stored in the storage medium.
 この第2の発明に係る認証装置は、復元された鍵情報を認証に用いるため、暗証番号等の識別情報を記憶しておく必要はなく、認証操作の利便性が向上する。 Since the authentication device according to the second invention uses the restored key information for authentication, it is not necessary to store identification information such as a password, and the convenience of the authentication operation is improved.
 また、第3の発明は、上記第1の発明において、前記認証用情報には、認証対象者の生体情報を照合するための照合用生体情報が含まれる構成とする。 Also, in a third aspect based on the first aspect, the authentication information includes biometric information for collation for collating biometric information of the person to be authenticated.
 この第3の発明に係る認証装置は、復元された生体情報(例えば、その場で取得できる顔画像、指紋、虹彩等の情報)を認証に用いるため、暗証番号等の識別情報を記憶しておく必要はなく、認証操作の利便性が向上する。 The authentication device according to the third aspect of the present invention stores identification information such as a personal identification number in order to use the restored biometric information (for example, information such as facial images, fingerprints, and irises that can be acquired on the spot) for authentication. Therefore, the convenience of the authentication operation is improved.
 また、第4の発明は、上記第1の発明において、前記認証用情報は、前記記憶媒体に記憶された秘匿情報を取得するために用いられる鍵情報と、認証対象者の生体情報を照合するための照合用生体情報と、により構成され、前記分散情報復元部により復元された前記認証用情報のうち前記鍵情報を用いて、前記記憶媒体より前記秘匿情報を取得する構成とする。 Moreover, 4th invention is the said 1st invention. WHEREIN: The said information for authentication collates the key information used in order to acquire the confidential information memorize | stored in the said storage medium, and biometric information of an authentication subject person Biometric information for verification, and the secret information is obtained from the storage medium using the key information among the authentication information restored by the distributed information restoration unit.
 この第4の発明に係る認証装置は、認証装置内に格納された第1の分散データと、外部から取得された第2の分散データとから認証に用いられる照合用生体情報および鍵情報を復元するため、それら認証用情報が通信ネットワークを介して流出することを防止できると共に、認証における成り済ましを防止することができる。また、認証対象者は、生体情報(例えば、その場で取得できる顔画像、指紋、虹彩等の情報)と、復元された鍵情報とを認証に用いることができるため、暗証番号等の識別情報を記憶しておく必要はなく、認証操作の利便性が向上するという利点もある。 The authentication device according to the fourth invention restores biometric information for verification and key information used for authentication from the first distributed data stored in the authentication device and the second distributed data acquired from the outside. Therefore, it is possible to prevent such authentication information from leaking through the communication network and to prevent impersonation in authentication. Further, since the person to be authenticated can use biometric information (for example, information such as facial images, fingerprints, and irises that can be acquired on the spot) and the restored key information for authentication, identification information such as a password Need not be stored, and there is an advantage that the convenience of the authentication operation is improved.
 また、第5の発明は、上記第3の発明において、前記認証対象者の生体情報を取得する生体情報取得部と、復元された前記認証用情報に含まれる前記照合用生体情報と、取得した前記生体情報と、を照合する生体情報照合部とを更に備え、前記生体情報照合部によって前記照合用生体情報と前記生体情報とが一致すると判定された場合にのみ、前記認証用情報の少なくとも一部を用いて前記秘匿情報を取得する構成とする。 Moreover, the 5th invention acquired in the said 3rd invention the biometric information acquisition part which acquires the biometric information of the said authentication subject, and the said biometric information for collation contained in the restored said information for authentication A biometric information collating unit that collates the biometric information with at least one of the authentication information only when the biometric information collating unit determines that the collating biometric information and the biometric information match. It is set as the structure which acquires the said confidential information using a part.
 この第5の発明に係る認証装置は、記憶媒体や認証装置を他人が不正に取得した場合でも、秘匿情報の取得を防止できると共に、本人への成り済ましをより確実に防止することができる。 The authentication device according to the fifth aspect of the present invention can prevent the acquisition of confidential information and more reliably prevent impersonation of the person even when another person illegally acquires the storage medium or the authentication device.
 また、第6の発明は、上記第1の発明において、前記分散情報復元部によって前記秘匿情報が読み出された後に、前記第2の分散データが消去される構成とする。 In addition, in a sixth aspect based on the first aspect, the second shared data is erased after the secret information is read out by the shared information restoration unit.
 この第6の発明に係る認証装置は、使用後の第2の分散データの流出を防止し、認証装置の安全性および信頼性が向上する。 The authentication device according to the sixth aspect of the present invention prevents the second distributed data from being leaked after use, improving the safety and reliability of the authentication device.
 また、第7の発明は、上記第1の発明に係る認証装置と、前記第2の分散データを前記認証装置に提供する認証管理装置とを備えたことを特徴とする認証システムである。 The seventh invention is an authentication system comprising the authentication device according to the first invention and an authentication management device for providing the second distributed data to the authentication device.
 また、第8の発明は、上記第7の発明において、前記記憶媒体には、前記認証用情報を必要とすることなく取得可能な公開情報が記憶され、前記認証装置は、前記記憶媒体から取得した前記公開情報を前記認証管理装置に送信し、前記認証管理装置は、前記認証装置から取得した前記公開情報に対応する前記第2の分散データを前記認証装置に送信する構成とする。 Also, in an eighth aspect based on the seventh aspect, the storage medium stores public information that can be acquired without requiring the authentication information, and the authentication apparatus acquires the information from the storage medium. The public information is transmitted to the authentication management apparatus, and the authentication management apparatus transmits the second distributed data corresponding to the public information acquired from the authentication apparatus to the authentication apparatus.
 この第8の発明に係る認証装置によれば、公開情報に対応する第2の分散データを確実に取得することが可能となる。 According to the authentication device of the eighth invention, it is possible to reliably acquire the second distributed data corresponding to the public information.
 また、第9の発明は、上記第1の発明に係る認証装置と、認証対象者の身体の状態を測定する身体状態測定装置と、前記身体状態の測定結果を記録する記録装置とを更に備え、前記記録装置は、前記秘匿情報と前記身体状態の測定結果とを対応させて記録することを特徴とする認証システムである。 The ninth invention further comprises an authentication device according to the first invention, a body condition measuring device for measuring the body condition of the person to be authenticated, and a recording device for recording the measurement result of the body condition. The recording apparatus records the secret information and the measurement result of the physical state in association with each other.
 また、第10の発明は、上記第9の発明において、前記認証装置は、前記秘匿情報と、これに対応する前記身体状態の測定結果と、を前記記録装置に送信する構成とする。 Further, a tenth aspect of the present invention is the configuration according to the ninth aspect, wherein the authentication device transmits the confidential information and the corresponding measurement result of the physical condition to the recording device.
 この第10の発明に係る認証装置は、秘匿情報と身体状態の測定結果とを容易に対応させて記録することができる。 The authentication device according to the tenth aspect of the present invention can easily record confidential information and physical condition measurement results in correspondence with each other.
 また、第11の発明は、上記第7の発明において、認証対象者の身体の状態を測定する身体状態測定装置と、前記身体状態の測定結果を記録する記録装置とを更に備え、前記記録装置は、前記秘匿情報と前記身体状態の測定結果とを対応させて記録する構成とする。 The eleventh aspect of the present invention is the recording apparatus according to the seventh aspect, further comprising: a physical condition measuring device that measures the physical condition of the person to be authenticated; and a recording device that records the measurement result of the physical condition. Is configured to record the confidential information and the measurement result of the physical state in association with each other.
 また、第12の発明は、上記第11の発明において、前記認証装置は、前記秘匿情報と、これに対応する前記身体状態の測定結果と、を前記記録装置に送信する構成とする。 In addition, in a twelfth aspect based on the eleventh aspect, the authentication device transmits the confidential information and the corresponding measurement result of the physical condition to the recording device.
 この第12の発明に係る認証装置は、秘匿情報と身体状態の測定結果とを容易に対応させて記録することができる。 The authentication device according to the twelfth aspect of the present invention can easily record confidential information and physical condition measurement results in association with each other.
 また、第13の発明は、認証用情報を分散した分散情報の一部であり、あらかじめ内部に格納された第1の分散データと、前記分散情報において前記第1の分散データとは異なる、外部から取得した第2の分散データと、から前記認証用情報を復元し、復元された前記認証用情報の少なくとも一部を用いて、記憶媒体に記憶された秘匿情報を取得することを特徴とする認証方法である。 The thirteenth invention is a part of the distributed information in which the authentication information is distributed, and the first shared data stored inside in advance, and the shared information is different from the first shared data. The authentication information is restored from the second distributed data obtained from the server, and the secret information stored in the storage medium is obtained using at least a part of the restored authentication information. It is an authentication method.
 以下、本発明の実施の形態について図面を参照しながら説明する。 Hereinafter, embodiments of the present invention will be described with reference to the drawings.
<第1実施形態>
 図1は本発明の第1実施形態に係る認証システムとしてのアルコール検査システムを示す全体構成図である。このアルコール検査システム1は、運送会社における運送トラックの運転者(認証対象)に対する遠隔地でのアルコール検査の正当性を確認するためのものであり、運転者に携帯され、アルコール検査における検査対象の認証処理に用いられるタブレット(認証装置)2と、運送トラック内に設置され、アルコール検査およびその検査結果の記録にそれぞれ用いられる携帯型のアルコール検査器(身体状態測定装置)3およびデジタルタコグラフ(記録装置)4と、運送会社内に設置され、タブレット2と協働して認証処理を行う運行管理サーバ(認証管理装置)5とを備える。 <First Embodiment>
FIG. 1 is an overall configuration diagram showing an alcohol test system as an authentication system according to the first embodiment of the present invention. This alcohol inspection system 1 is for confirming the validity of the alcohol inspection at a remote place for the driver (authentication object) of the transport truck in the shipping company. A tablet (authentication device) 2 used for authentication processing, a portable alcohol tester (physical condition measuring device) 3 and a digital tachograph (recording) installed in a transport truck and used for alcohol testing and recording of the test results, respectively. Device) 4 and an operation management server (authentication management device) 5 that is installed in the transportation company and performs authentication processing in cooperation with the tablet 2.
 タブレット2は、タッチパネルを備えた携帯型のパーソナルコンピュータからなる。タブレット2は、運行会社内に構築されたLAN(Local Area Network)12またはそれを介して接続されるインターネット(広域ネットワーク)13経由の通信により、或いは近距離無線通信等により、他の外部機器(デジタルタコグラフ4や運行管理サーバ5等)との間でデータ等の送受信を行うことが可能である。また、タブレット2は、運転者が所有する記憶媒体である非接触式のICカード運転免許証(以下、免許証という。)Lに記録された情報(以下、免許証情報という。)を読み取り可能な読み取り装置としても機能する。なお、タブレット2は、図示しない3G回線やLTE等のモバイルネットワークを介してインターネット13に接続することも可能である。 Tablet 2 consists of a portable personal computer equipped with a touch panel. The tablet 2 can be connected to other external devices (communication via a LAN (Local Area Network) 12 built in the operating company, the Internet (Wide Area Network) 13 connected thereto, or near field communication). It is possible to exchange data and the like with the digital tachograph 4 and the operation management server 5). The tablet 2 can read information (hereinafter referred to as license information) recorded in a non-contact type IC card driving license (hereinafter referred to as license) L which is a storage medium owned by the driver. It also functions as a simple reader. Note that the tablet 2 can also be connected to the Internet 13 via a 3G line (not shown) or a mobile network such as LTE.
 アルコール検査器3は、検査対象の呼気中のアルコール濃度を測定するための周知の構成を有している。また、アルコール検査器3を接続するデジタルタコグラフ(以下、タコグラフという。)4は、運送トラックの運行情報(運行時間や走行速度等)を電気的に記録するためのものであり、ここでは、アルコール検査器3からアルコール検査結果(測定されたアルコール濃度の情報)を取得して運行情報の一部として記録する。タコグラフ4は、タブレット2と同様に、インターネット13や近距離無線通信等により他の外部機器と通信を行うことが可能である。 The alcohol tester 3 has a well-known configuration for measuring the alcohol concentration in the breath to be tested. A digital tachograph (hereinafter referred to as a tachograph) 4 connected to the alcohol tester 3 is for electrically recording the operation information (operation time, travel speed, etc.) of the transport truck. The alcohol test result (information of the measured alcohol concentration) is acquired from the inspection device 3 and recorded as a part of the operation information. As with the tablet 2, the tachograph 4 can communicate with other external devices via the Internet 13, near field communication, or the like.
 運行管理サーバ5は、汎用コンピュータからなり、運送トラックの運行情報の管理を行う。また、運行管理サーバ5は、LAN12またはインターネット13を介してタブレット2と通信を行うことにより、タブレット2の要求に応じて認証処理用の各種データやプログラム等を提供することが可能である。 The operation management server 5 is composed of a general-purpose computer and manages the operation information of the transport truck. In addition, the operation management server 5 can provide various data, programs, and the like for authentication processing in response to a request from the tablet 2 by communicating with the tablet 2 via the LAN 12 or the Internet 13.
 図2は図1に示したアルコール検査システムの機能ブロック図である。タブレット2は、所定の通信規格(IEEE 802.11b/g/a等)に準拠して無線LAN通信を行うための無線通信モジュールを有するネットワーク通信部21と、タッチパネルにより構成され、運転者に対して認証処理等に必要な種々の情報を表示する一方、運転者が認証処理等のための操作入力を行う表示・入力部22と、運転者の顔画像(ここでは、静止画)等を撮影するためのカメラを有する撮影部(生体情報取得部)23と、所定の通信規格(Bluetooth(登録商標)等)に準拠して近距離無線通信を行うための無線通信モジュールを有する近距離通信部24と、免許証Lに対して非接触で電力伝送を行うことにより、免許証L内のICチップに記録された情報を読み取るICカードリーダ25とを備えている。 FIG. 2 is a functional block diagram of the alcohol inspection system shown in FIG. The tablet 2 includes a network communication unit 21 having a wireless communication module for performing wireless LAN communication in conformity with a predetermined communication standard (IEEE802.11b / g / a, etc.) and a touch panel. While displaying various information necessary for the authentication process, the driver captures a display / input unit 22 for inputting an operation for the authentication process, a driver's face image (here, a still image), and the like. A short-distance communication unit 24 having a radio communication module for performing short-distance wireless communication in accordance with a predetermined communication standard (Bluetooth (registered trademark), etc.) And an IC card reader 25 that reads information recorded on the IC chip in the license L by transmitting power to the license L in a non-contact manner.
 また、タブレット2には、認証処理を含む種々の処理を実行するためのアプリケーションプログラムを格納するプログラムメモリ31と、アプリケーションプログラムを実行するための作業領域として用いられるワークメモリ32と、後に詳述する分散情報を格納するメモリである分散データ格納部33と、各種プログラムの実行により、タブレット2の動作を統括的に制御するCPU(制御部)34とを備えている。 The tablet 2 also includes a program memory 31 that stores application programs for executing various processes including an authentication process, a work memory 32 that is used as a work area for executing the application programs, and will be described in detail later. A distributed data storage unit 33, which is a memory for storing shared information, and a CPU (control unit) 34 that comprehensively controls the operation of the tablet 2 by executing various programs.
 タブレット2では、プログラムメモリ31に格納されたアプリケーションプログラムによって、秘密分散法に基づく分散情報を用いて認証用情報を復元する分散情報復元部41と、撮影部23によって撮影された運転者の顔画像を照合する顔画像照合部(生体情報照合部)42と、運転者が運行管理サーバ5に対してユーザ登録を行うためのユーザ登録部43と、運転者のアルコール検査に関する処理を実行するアルコール検査部(身体状態情報処理部)44とが実現される。 In the tablet 2, the application information stored in the program memory 31 uses the shared information based on the secret sharing method to restore the authentication information using the shared information restoration unit 41 and the driver's face image taken by the photographing unit 23. A face image matching unit (biometric information matching unit) 42, a user registration unit 43 for a driver to perform user registration with respect to the operation management server 5, and an alcohol test for executing processing related to a driver's alcohol test (Body state information processing unit) 44 is realized.
 なお、秘密分散法としては、少なくとも認証用情報を分散化(複数に分割)し、その分散化された情報の一部によっては元の認証用情報を推測できないようにすることが可能な限りにおいて、種々の方法を用いることができる。例えば、多項式補間を利用する手法としてA.Shamir:"How to Share a Secret"、Communicaions of the ACM、November 1979、Volume 22、Number 11が知られている。 In addition, as a secret sharing method, at least authentication information is distributed (divided into a plurality of pieces), and as long as the original authentication information cannot be guessed depending on a part of the distributed information. Various methods can be used. For example, A.Shamir: “How to Share a Secret”, Communication of the ACM, November 1979, Volume 22, Number 11 are known as methods using polynomial interpolation.
 さらに、分散情報復元部41によって認証用情報が復元されるための分散情報は、上述の秘密分散法に基づくものでなくてもよい。本発明における分散情報は、元の認証用情報より複数生成され、それぞれ単独によっては元の認証用情報を復元または推測できないものである。そして、分散情報は、生成された複数の分散データの全て、またはその一部の組が揃った時に、初めて元の認証用情報を復元できるものである。そのような分散情報を生成できる手法であれば、秘密分散法に限らず、いかなる手法を用いてもよい。 Furthermore, the shared information for restoring the authentication information by the shared information restoring unit 41 may not be based on the secret sharing method described above. A plurality of pieces of distributed information in the present invention are generated from the original authentication information, and the original authentication information cannot be restored or estimated by each alone. The shared information can restore the original authentication information for the first time when all or a part of the plurality of generated pieces of distributed data are collected. Any method can be used as long as it can generate such shared information, not limited to the secret sharing method.
 免許証Lは、タブレット2のICカードリーダ25との間で電力やデータの送受を行うアンテナを有する通信部51と、図示しないICチップ内に設けられたIC制御部52およびメモリ53とを有している。IC制御部52は、ICチップにおけるデータの送受信や記憶等の動作を統括的に制御する制御回路の他、整流回路、変調回路、復調回路等を有している。また、メモリ53は、EEPROM等の不揮発性メモリからなり、免許証情報として、免許証Lの交付年月日および有効期限の情報を含む公開情報55と、第1の暗唱番号であるPIN1によって保護された運転者の氏名、生年月日、免許の種類、免許証番号等の情報を含むPIN1秘匿情報56と、第2の暗唱番号であるPIN2によって保護された運転者の免許証顔画像の情報を含むPIN2秘匿情報57とを格納している。PIN1およびPIN2は、免許証Lから秘匿情報を取得するための鍵情報であり、ここでは、運転者が予め設定した複数桁の数等により構成される。 The license L includes a communication unit 51 having an antenna that transmits and receives power and data to and from the IC card reader 25 of the tablet 2, and an IC control unit 52 and a memory 53 provided in an IC chip (not shown). is doing. The IC control unit 52 includes a rectifier circuit, a modulation circuit, a demodulation circuit, and the like in addition to a control circuit that comprehensively controls operations such as data transmission / reception and storage in the IC chip. The memory 53 is composed of a non-volatile memory such as an EEPROM, and is protected by the public information 55 including information on the date of issue of the license L and the expiration date as the license information, and the first recitation number PIN1. Information of driver's license face image protected by PIN1 confidential information 56 including information such as the driver's name, date of birth, license type, license number, etc. and PIN2 which is the second recitation number PIN2 secret information 57 including the URL is stored. PIN1 and PIN2 are key information for acquiring the confidential information from the license L, and are configured by a number of digits set in advance by the driver.
 なお、公開情報については、暗唱番号を必要とすることなくICカードリーダによって読み出すことが可能である。また、ここで用いる「秘匿情報」は、公になっていない秘密の情報を必ずしも意味するものではなく、暗唱番号等の鍵情報で保護されることにより、第三者が免許証Lから読み出し不能な情報であることを意味する。 Note that public information can be read out by an IC card reader without requiring a recitation number. In addition, “confidential information” used here does not necessarily mean secret information that has not been made public, but it cannot be read from the license L by being protected by key information such as a recital number. It means that it is information.
 タコグラフ4は、上述のタブレット2におけるネットワーク通信部21、表示・入力部22、及び近距離通信部24とそれぞれ同様の機能を有するネットワーク通信部61、表示部62・入力部63、及び近距離通信部64を備えている。また、タコグラフ4は、アルコール検査結果の登録(保存)等を実行するためのアプリケーションプログラムを格納するプログラムメモリ71と、アプリケーションプログラムを実行するための作業領域として用いられるワークメモリ72と、アルコール検査結果等の情報を記憶するストレージ73と、各種プログラムの実行により、タコグラフ4の動作を統括的に制御するCPU74と、アルコール検査器3が接続されるインタフェースである検査器I/F75とを備える。 The tachograph 4 includes a network communication unit 61, a display unit 62 / input unit 63, and a short-range communication having the same functions as the network communication unit 21, the display / input unit 22, and the short-range communication unit 24 in the tablet 2 described above. A portion 64 is provided. The tachograph 4 includes a program memory 71 that stores an application program for executing registration (storage) of alcohol test results, a work memory 72 that is used as a work area for executing the application program, and alcohol test results. A storage 73 for storing information such as, a CPU 74 for comprehensively controlling the operation of the tachograph 4 by executing various programs, and an inspector I / F 75 that is an interface to which the alcohol inspector 3 is connected.
 運行管理サーバ5は、上述のタブレット2におけるネットワーク通信部21、表示・入力部22、プログラムメモリ31、ワークメモリ32、及びCPU34とそれぞれ同様の機能を有するネットワーク通信部81、表示部82・入力部83、プログラムメモリ84、ワークメモリ85、及びCPU86を備えている。 The operation management server 5 includes a network communication unit 81, a display unit 82, and an input unit that have the same functions as the network communication unit 21, display / input unit 22, program memory 31, work memory 32, and CPU 34 in the tablet 2 described above. 83, a program memory 84, a work memory 85, and a CPU 86.
 後に詳述するように、運行管理サーバ5では、プログラムメモリ84に格納されたアプリケーションプログラムによって、タブレット2から受信した公開情報等を照合する管理情報照合部91と、タブレット2での認証処理に用いられる認証用情報を秘密分散法に基づき分散することにより、分散情報を生成する分散データ生成部92と、運転者がタブレット2のユーザ登録を行うためのユーザ登録部93とが実現される。運行管理サーバ5のストレージ95には、タブレット2との間で送受される認証処理に必要な情報が適宜格納される。 As will be described in detail later, in the operation management server 5, the management information collating unit 91 that collates public information received from the tablet 2 by the application program stored in the program memory 84 and the authentication process in the tablet 2 are used. By distributing the authentication information based on the secret sharing method, a distributed data generation unit 92 that generates shared information and a user registration unit 93 that allows the driver to perform user registration of the tablet 2 are realized. In the storage 95 of the operation management server 5, information necessary for authentication processing transmitted / received to / from the tablet 2 is appropriately stored.
 ここでは、認証用情報として、各運転者に固有の顔の画像(生体情報)を照合するための照合用顔画像情報(照合用生体情報)と、PIN1およびPIN2とが用いられる。また、分散データ生成部92によって生成される分散情報は、以下に述べる2種類の分散データからなる。その一つは、後に図3のST102および図6を用いて詳述する出発地でのタブレット2の持ち出し登録において、タブレット2に保存される内部分散データ(第1の分散データ)である。もう一つは、出発地においてタブレット2には保存されず、後に図3のST103および図7を用いて詳述する遠隔地でのタブレット2へのログインにおいて、タブレット2に送信される外部分散データ(第2の分散データ)である。 Here, as authentication information, face image information for collation (biometric information for collation) for collating face images (biological information) unique to each driver, and PIN1 and PIN2 are used. In addition, the shared information generated by the distributed data generation unit 92 includes two types of distributed data described below. One of them is internal distributed data (first distributed data) stored in the tablet 2 in the take-out registration of the tablet 2 at the departure place, which will be described in detail later with reference to ST102 of FIG. 3 and FIG. The other is the external distributed data that is not stored in the tablet 2 at the departure place but is transmitted to the tablet 2 when logging in to the tablet 2 at a remote place, which will be described in detail later with reference to ST103 in FIG. 3 and FIG. (Second distributed data).
 図3は図1に示したアルコール検査システムによる処理手順の流れを示すフロー図である。まず、運送トラックの運転者は、運送会社内において、システム管理者から受け取ったタブレット2の使用を開始するためのユーザ登録(以下、事前登録という。)を行う(ST101)。この事前登録では、運転者がタブレット2を用いて運行管理サーバ5と通信することにより、タブレット2から運行管理サーバ5に対して認証用情報および公開情報が提供されると共に、運行管理サーバ5において認証用情報から分散情報(内部分散データおよび外部分散データ)が生成される。 FIG. 3 is a flowchart showing the flow of the processing procedure by the alcohol inspection system shown in FIG. First, the driver of the transport truck performs user registration (hereinafter referred to as pre-registration) for starting use of the tablet 2 received from the system administrator in the transport company (ST101). In this pre-registration, when the driver communicates with the operation management server 5 using the tablet 2, authentication information and public information are provided from the tablet 2 to the operation management server 5. Distributed information (internal distributed data and external distributed data) is generated from the authentication information.
 次に、運転者は、出発地(ここでは、運送会社内)において、タブレット2へのログインを実行することにより、ST101において生成された分散情報の一部である内部分散データを取得する(ST102)。タブレット2を使用する運転者は、日によって異なる場合が多い。したがって、このST102により、タブレット2は、ログインした運転者による持ち出し登録が行われたことになる。なお、ここでは、運行管理サーバ5には、外部分散データおよび内部分散データの両方とも保持されている。 Next, the driver obtains internal shared data, which is a part of the shared information generated in ST101, by performing login to the tablet 2 at the departure place (here, in the shipping company) (ST102). ). The driver who uses the tablet 2 often differs depending on the day. Therefore, the tablet 2 has been registered for take-out by the logged-in driver by this ST102. Here, the operation management server 5 holds both the external distributed data and the internal distributed data.
 次に、運転者は、遠隔地(例えば、運送トラックの荷物の運搬先)において運送トラックの運転を開始する際に、タブレット2へのログイン(認証処理)を実行することにより、アルコール検査の認証を行う(ST103)。このタブレット2へのログインは、タブレット2に保存された内部分散データと、運行管理サーバ5に保存された外部分散データとから復元された認証用情報を用いて実施される。 Next, when the driver starts driving the transport truck at a remote location (for example, the transport destination of the transport truck's baggage), the driver performs login (authentication processing) to the tablet 2 to authenticate the alcohol test. (ST103). The login to the tablet 2 is performed using authentication information restored from the internal distributed data stored in the tablet 2 and the external distributed data stored in the operation management server 5.
 ST103におけるログインが正常に完了すると、運転者は、アルコール検査を実施する(より詳細には、アルコール検査結果をタコグラフ4に登録する)ためのアルコール検査部(プログラム)44を起動することが可能となる。一方、タブレット2へのログインに失敗すると、運転者はアルコール検査を実施することができない(より詳細には、アルコール検査結果をタコグラフ4に登録できない。)。 When the login in ST103 is normally completed, the driver can start the alcohol test section (program) 44 for performing the alcohol test (more specifically, registering the alcohol test result in the tachograph 4). Become. On the other hand, if the login to the tablet 2 fails, the driver cannot perform the alcohol test (more specifically, the alcohol test result cannot be registered in the tachograph 4).
 続いて、運転者は、タブレット2において、アルコール検査とその結果の登録を実施するためのアプリケーションプログラムを起動し、アルコール検査器3を使用してアルコール検査を実施する(ST104)。このアルコール検査では、周知の方法により、運転者の呼気中のアルコール濃度の測定が行われる。なお、アルコール検査の実施は、ST103におけるタブレット2のログイン(遠隔地)の実行と前後してもよい。また、本実施形態では、アルコール検査を実施する例を示すが、アルコール検査の代わりに運転者の身体の状態または健康状態(例えば血圧、脈拍、体温、心電図、顔色など)を確認するための他の検査を実施してもよい。 Subsequently, the driver activates an application program for performing an alcohol test and registering the result on the tablet 2, and performs an alcohol test using the alcohol tester 3 (ST104). In this alcohol test, the alcohol concentration in the driver's breath is measured by a known method. Note that the alcohol test may be performed before or after the login (remote location) of the tablet 2 in ST103. In the present embodiment, an example of performing an alcohol test is shown. However, in place of the alcohol test, other methods for checking a driver's body condition or health condition (for example, blood pressure, pulse, body temperature, electrocardiogram, complexion, etc.) The inspection may be carried out.
 その後、運転者は、タブレット2において、ST104のアルコール検査の結果をタコグラフ4に登録する(ST105)。 Thereafter, the driver registers the result of the alcohol test in ST104 in the tachograph 4 on the tablet 2 (ST105).
 なお、本実施形態では、タブレット2へのログインをアルコール検査のための認証処理として用いているが、これに限らず、タブレット2において実行可能な他の機能(例えば、Webアクセス機能)のための認証処理として用いることも可能である。 In this embodiment, the login to the tablet 2 is used as an authentication process for the alcohol test. However, the present invention is not limited to this, and for other functions (for example, a web access function) that can be executed in the tablet 2. It can also be used as an authentication process.
 図4および図5は、それぞれ図3中のST101におけるタブレットおよび運行管理サーバの事前登録動作を示すフロー図である。これらの事前登録動作が行われるのは、例えば、雇用したばかりの運転者に業務を行わせる場合と、免許証の更新や髪型の大幅な変更など、ログインに支障をきたす事態が生じたときに、改めて登録しなおす場合である。 4 and 5 are flowcharts showing the pre-registration operations of the tablet and the operation management server in ST101 in FIG. 3, respectively. These pre-registration operations are performed, for example, when a driver who has just been hired does business, or when there is a situation in which login may be hindered, such as renewing a driver's license or a major change in hairstyle. This is a case of re-registering.
 図4に示すように、タブレット2は、運転者の事前登録が完了していない場合には、ユーザ登録部(プログラム)43を起動し、運転者に対してPIN1の入力を要求するための画面を表示・入力部22に表示する(ST201)。そこで、タブレット2は、運転者によりPIN1(ここでは、4桁の数字)が入力されると(ST202:Yes)、続いて、運転者に対してPIN2の入力を要求するための画面を表示・入力部22に表示する(ST203)。そこで、タブレット2は、運転者によりPIN2(ここでは、4桁の数字)が入力されると(ST204:Yes)、運転者に対して免許証Lの読み取りを要求するための画面を表示・入力部22に表示する(ST205)。ST201およびST203の要求画面に応じて運転者が入力したPIN1およびPIN2は、タブレット2のワークメモリ32に保存される。 As shown in FIG. 4, when the driver's pre-registration has not been completed, the tablet 2 activates the user registration unit (program) 43 and requests the driver to input PIN1. Is displayed on the display / input unit 22 (ST201). Therefore, when PIN1 (four-digit number here) is input by the driver (ST202: Yes), the tablet 2 subsequently displays a screen for requesting the driver to input PIN2. This is displayed on the input unit 22 (ST203). Therefore, when PIN2 (four-digit number here) is input by the driver (ST204: Yes), the tablet 2 displays / inputs a screen for requesting the driver to read the license L. This is displayed on the unit 22 (ST205). PIN1 and PIN2 input by the driver in response to the request screens of ST201 and ST203 are stored in the work memory 32 of the tablet 2.
 次に、運転者が免許証LをICカードリーダ25と交信可能な位置までタブレット2に近づけると、タブレット2は、免許証Lから公開情報を取得すると共に、ST202およびST204で取得したPIN1、PIN2を用いて免許証LからPIN1秘匿情報56およびPIN2秘匿情報57を取得する。そこで、運転者の免許証顔画像(PIN2秘匿情報57)の取得が成功すると(ST206:Yes)、続いて、タブレット2は、運転者に対して現在の顔の撮影を要求するための画面を表示・入力部22に表示する(ST207)。 Next, when the driver brings the license L close to the tablet 2 to a position where it can communicate with the IC card reader 25, the tablet 2 acquires public information from the license L, and PIN1 and PIN2 acquired in ST202 and ST204. Is used to obtain the PIN1 secret information 56 and the PIN2 secret information 57 from the license L. Therefore, when acquisition of the driver's license face image (PIN2 confidential information 57) is successful (ST206: Yes), the tablet 2 then displays a screen for requesting the driver to capture the current face. The information is displayed on the display / input unit 22 (ST207).
 その後、タブレット2は、撮影部23のカメラによる運転者の顔の撮影が終了すると(ST208:Yes)、撮影により取得した顔画像(以下、撮影顔画像という。)をワークメモリ32に保存する。続いて、タブレット2は、顔画像照合部(プログラム)42を起動し、ST208の撮影顔画像と、ST206で取得した免許証顔画像とを照合する(ST209)。このST209における顔画像の照合では、タブレット2は、周知の方法により、両顔画像における特徴部分(例えば、顔を構成する各パーツ)に着目してマッチングを実施することにより、両顔画像が一致するか否かを判定する。 After that, when the photographing of the driver's face by the camera of the photographing unit 23 is completed (ST208: Yes), the tablet 2 stores the face image acquired by photographing (hereinafter referred to as a photographed face image) in the work memory 32. Subsequently, the tablet 2 activates the face image collation unit (program) 42, and collates the captured face image of ST208 with the license face image acquired in ST206 (ST209). In the face image collation in ST209, the tablet 2 matches the two face images by performing matching by focusing on the characteristic parts (for example, each part constituting the face) in the two face images by a known method. It is determined whether or not to do.
 ST209において両顔画像が一致したと判定されると(Yes)、タブレット2は、上述のステップで取得したPIN1、PIN2、公開情報、及び撮影顔画像(以下、事前登録情報という。)を運行管理サーバ5に対して送信する(ST210)。そして、タブレット2は、ST210で送信した事前登録情報の登録が完了した旨の通知を運行管理サーバ5から受信すると(ST211:Yes)、事前処理が正常に終了したと判断し、上述のステップで取得したワークメモリ32内の事前登録情報及び免許証顔画像を消去する(ST212)。これにより、それら事前登録情報及び免許証顔画像が、後にタブレット2から流出する等のトラブルを回避し、認証の安全性および信頼性が向上する。その後、タブレット2は、運転者に対して事前登録が完了したことを知らせる画面を表示・入力部22に表示する(ST213)。 If it is determined in ST209 that both face images match (Yes), the tablet 2 manages the PIN1, PIN2, public information, and photographed face image (hereinafter referred to as pre-registration information) acquired in the above steps. It transmits to the server 5 (ST210). And tablet 2 will judge that pre-processing was completed normally, if the notice to the effect that registration of the pre-registration information transmitted by ST210 was completed from operation management server 5 (ST211: Yes). The acquired pre-registration information and license face image in the work memory 32 are deleted (ST212). As a result, troubles such as the pre-registration information and the license face image later leaking from the tablet 2 are avoided, and the safety and reliability of authentication are improved. Thereafter, the tablet 2 displays a screen informing the driver that the pre-registration is completed on the display / input unit 22 (ST213).
 一方、上述のST206において運転者の免許証顔画像の取得に失敗した場合(No)、ST209において撮影顔画像と免許証顔画像とが一致しないと判定された場合(No)、或いは、ST211において運行管理サーバ5から事前登録情報の登録が失敗した旨の通知を受信した(または、登録完了の通知を規定時間内に受信できなかった)場合(No)、タブレット2は、事前処理に失敗したと判断し、上述のST212と同様に、ワークメモリ32内の事前登録情報及び免許証顔画像を消去する(ST214)。その後、タブレット2は、運転者に対して事前登録が失敗したことを知らせる画面を表示・入力部22に表示する(ST215)。 On the other hand, if acquisition of the driver's license face image fails in ST206 described above (No), if it is determined in ST209 that the photographed face image does not match the license face image (No), or in ST211 When the notification that the registration of the pre-registration information has failed from the operation management server 5 (or the registration completion notification has not been received within the specified time) (No), the tablet 2 has failed in the pre-processing. In the same manner as in ST212 described above, the pre-registration information and the license face image in the work memory 32 are deleted (ST214). Thereafter, the tablet 2 displays on the display / input unit 22 a screen informing the driver that pre-registration has failed (ST215).
 次に、図5を参照して、運行管理サーバ5の事前登録動作について説明する。事前登録の際には、運行管理サーバ5はタブレット2からの事前登録情報の受信待ちの状態となる(ST301)。そして、運行管理サーバ5は、タブレット2からの事前登録情報(図4中のST210参照)を受信すると(ST302:Yes)、ユーザ登録部(プログラム)93を起動し、その受信した事前登録情報に含まれる公開情報に基づき、運転者のアカウントを作成する(ST303)。 Next, the pre-registration operation of the operation management server 5 will be described with reference to FIG. At the time of pre-registration, the operation management server 5 enters a state of waiting for reception of pre-registration information from the tablet 2 (ST301). And the operation management server 5 will start the user registration part (program) 93, if the pre-registration information (refer ST210 in FIG. 4) from the tablet 2 is received (ST302: Yes), and the received pre-registration information is included. Based on the public information included, a driver account is created (ST303).
 続いて、運行管理サーバ5は、分散データ生成部(プログラム)92を起動し、事前登録情報に含まれる認証用情報としてのPIN1、PIN2、及び撮影顔画像から秘密分散法に基づき分散情報(内部分散データ、外部分散データ)を生成する(ST304)。ここで、生成された内部分散データおよび外部分散データは、ST303で作成されたアカウントに対応づけられ、ストレージ95に格納される。 Subsequently, the operation management server 5 activates the distributed data generation unit (program) 92, and based on the secret sharing method from the PIN1, PIN2 as authentication information included in the pre-registration information, and the photographed face image (internal information) (Distributed data, external distributed data) is generated (ST304). Here, the generated internal distributed data and external distributed data are associated with the account created in ST 303 and stored in the storage 95.
 なお、後に詳述するが、ここでの認証用情報に含まれる撮影顔画像は、図3中のST103におけるタブレット2へのログイン等の処理において、各運転者によって撮影される顔画像を照合するための照合用顔画像情報として用いられる。また、ST304では、分散情報の生成後に、PIN1、PIN2、及び撮影顔画像が運行管理サーバ5から消去される。これにより、それらPIN1、PIN2、及び撮影顔画像が、後に運行管理サーバ5から流出する等のトラブルを回避し、認証の安全性および信頼性が向上する。 As will be described in detail later, the photographed face image included in the authentication information here is collated with the face image photographed by each driver in processing such as login to the tablet 2 in ST103 in FIG. Is used as face image information for verification. In ST304, PIN1 and PIN2 and the captured face image are deleted from the operation management server 5 after the shared information is generated. Thereby, troubles such as those PIN1, PIN2, and the photographed face image that later flow out of the operation management server 5 are avoided, and the safety and reliability of authentication are improved.
 その後、運行管理サーバ5は、ST304において生成された内部分散データおよび外部分散データをST303で作成したアカウントに対して登録し(ST305)、さらに、事前登録情報の登録が完了した旨の通知をタブレット2に対して送信する(ST306)。 Thereafter, the operation management server 5 registers the internal shared data and the external distributed data generated in ST304 to the account created in ST303 (ST305), and further notifies the tablet that the registration of the pre-registration information is completed. 2 (ST306).
 一方、上述のST302において、タブレット2からの事前登録情報を受信できずに(No)、規定時間が経過した場合(ST307:Yes)、運行管理サーバ5は、事前登録情報の登録が失敗した旨の通知をタブレット2に対して送信する(ST308)。 On the other hand, in the above-described ST302, when the pre-registration information from the tablet 2 cannot be received (No), and when the specified time has elapsed (ST307: Yes), the operation management server 5 indicates that registration of the pre-registration information has failed. Is sent to the tablet 2 (ST308).
 図6は、図3中のST102におけるタブレットのログイン動作(出発地)を示すフロー図である。これは、図3中のST101の事前登録が完了した状態で、例えば運転者が運送会社(出発地)を出発する際に、毎回行われる。タブレット2は、出発地におけるログイン手続きを開始し、図4中のST205と同様に、運転者に対して免許証Lの読み取りを要求するための画面を表示する(ST401)。そこで、タブレット2は、免許証Lから免許証情報を読み取って公開情報を取得すると(ST402:Yes)、その公開情報を運行管理サーバ5にLAN12経由で送信する(ST403)。 FIG. 6 is a flowchart showing the login operation (starting place) of the tablet in ST102 in FIG. This is performed each time the driver departs from the shipping company (departure point), for example, in a state where the pre-registration of ST101 in FIG. 3 has been completed. The tablet 2 starts the login procedure at the departure place, and displays a screen for requesting the driver to read the license L as in ST205 in FIG. 4 (ST401). Therefore, when the tablet 2 reads the license information from the license L and acquires the public information (ST402: Yes), the tablet 2 transmits the public information to the operation management server 5 via the LAN 12 (ST403).
 このとき、運行管理サーバ5は、社内に存在するタブレット2からアクセスを受けたことを認識し、続いて、管理情報照合部(プログラム)91を起動して、タブレット2から受信した公開情報を照合し、その公開情報に対応づけられた内部分散データおよび外部分散データをタブレット2に対して送信する。 At this time, the operation management server 5 recognizes that access has been received from the tablet 2 existing in the company, and subsequently activates the management information verification unit (program) 91 to verify the public information received from the tablet 2. Then, the internal shared data and the external distributed data associated with the public information are transmitted to the tablet 2.
 次に、タブレット2は、運行管理サーバ5から内部分散データおよび外部分散データを受信すると(ST404:Yes)、それら内部分散データおよび外部分散データを分散データ格納部33に格納する。そして、タブレット2は、それら分散データを用いて認証用情報を復元(すなわち、PIN1、PIN2、照合用顔画像を取得)する(ST405)。続いて、タブレット2は、図4中のST207と同様に、運転者に対して顔の撮影を要求するための画面を表示し(ST406)、運転者の顔の撮影が終了すると(ST407:Yes)、顔画像照合部(プログラム)42を起動し、図4中のST209と同様に、ST407の撮影顔画像と、ST405で取得した照合用顔画像とを照合する(ST408)。 Next, when the tablet 2 receives the internal distributed data and the external distributed data from the operation management server 5 (ST404: Yes), the tablet 2 stores the internal distributed data and the external distributed data in the distributed data storage unit 33. Then, the tablet 2 restores the authentication information (that is, obtains PIN1, PIN2, and collation face image) using the distributed data (ST405). Subsequently, as in ST207 in FIG. 4, the tablet 2 displays a screen for requesting the driver to photograph the face (ST406), and when the photographing of the driver's face is completed (ST407: Yes). ), The face image collation unit (program) 42 is activated, and the captured face image of ST407 and the collation face image acquired in ST405 are collated in the same manner as ST209 in FIG. 4 (ST408).
 ST408において両顔画像が一致したと判定されると(Yes)、タブレット2は、上記ST401と同様に、再び運転者に対して免許証Lの読み取りを要求し(ST409)、そこで、PIN1、PIN2を用いてPIN1秘匿情報56およびPIN2秘匿情報57にアクセスする(ST410)。このように、タブレット2では、運転者の撮影顔画像と照合用顔画像とが一致すると判定された場合にのみ、PIN1、PIN2を用いて免許証L中の秘匿情報を読み出し可能となるため、免許証Lやタブレット2を他人が不正に取得した場合でも、免許証Lの秘匿情報の取得を防止できると共に、本人への成り済ましをより確実に防止することができる。 If it is determined in ST408 that both face images match (Yes), the tablet 2 requests the driver to read the license L again (ST409), similarly to the above ST401, where PIN1, PIN2 Is used to access PIN1 confidential information 56 and PIN2 confidential information 57 (ST410). In this way, the tablet 2 can read the confidential information in the license L using the PIN1 and PIN2 only when it is determined that the driver's photographed face image and the matching face image match. Even when another person illegally acquires the license L or the tablet 2, it is possible to prevent the confidential information of the license L from being acquired and to prevent impersonation of the person more reliably.
 その後、タブレット2は、PIN1秘匿情報56およびPIN2秘匿情報57を免許証Lから取得することに成功すると(ST411:Yes)、運転者によるログインが成功したと判断し、ワークメモリ32内の外部分散データ、撮影顔画像、及び照合用顔画像を消去する(ST412)。これにより、分散データ格納部33には、内部分散データのみが保持され、認証用情報を分散した分散情報が運行管理サーバ5とタブレット2に分散されて保持された状態となる。その後、タブレット2は、運転者に対してログインが完了したことを知らせる画面を表示・入力部22に表示する(ST413)。 After that, when the tablet 2 succeeds in obtaining the PIN1 confidential information 56 and the PIN2 confidential information 57 from the license L (ST411: Yes), the tablet 2 determines that the login by the driver is successful, and external distribution in the work memory 32 is performed. The data, the photographed face image, and the collation face image are deleted (ST412). As a result, only the internal shared data is stored in the distributed data storage unit 33, and the distributed information obtained by distributing the authentication information is distributed and stored in the operation management server 5 and the tablet 2. After that, the tablet 2 displays a screen informing the driver that the login is completed on the display / input unit 22 (ST413).
 一方、上述のST404において内部分散データおよび外部分散データを規定時間内に受信できなかった場合(No)、ST408において撮影顔画像と照合用顔画像とが一致しないと判定された場合(No)、或いは、ST411において免許証LからPIN1秘匿情報56およびPIN2秘匿情報57を取得することに失敗した場合(No)、タブレット2は、運転者によるログインが失敗したと判断し、上述のST412と同様に、ワークメモリ32内の外部分散データおよび内部分散データを消去(既に取得されている場合には撮影顔画像及び照合用顔画像も消去)する(ST414)。その後、タブレット2は、運転者に対してログインが失敗したことを知らせる画面を表示・入力部22に表示する(ST415)。 On the other hand, when the internal dispersion data and the external dispersion data cannot be received within the specified time in ST404 described above (No), or when it is determined in ST408 that the captured face image does not match the collation face image (No), Alternatively, if the acquisition of the PIN1 confidential information 56 and the PIN2 confidential information 57 from the license L fails in ST411 (No), the tablet 2 determines that the login by the driver has failed, and similarly to the above ST412 Then, the external shared data and the internal distributed data in the work memory 32 are deleted (when the acquired face image and the collation face image are already acquired) (ST414). Thereafter, the tablet 2 displays on the display / input unit 22 a screen informing the driver that the login has failed (ST415).
 なお、タブレット2では、ログイン前(すなわち、秘匿情報の読み出し前)には、認証に関する処理(運転者のログイン操作)以外の処理は制限され、ログイン後(すなわち、秘匿情報の読み出し後)に、認証に関する処理以外の情報処理(例えば、Webアクセス)が可能となる。 Note that in the tablet 2, before the login (that is, before the confidential information is read), processing other than the processing related to authentication (driver's login operation) is limited, and after login (that is, after the confidential information is read), Information processing (for example, Web access) other than processing related to authentication can be performed.
 図7は、図3中のST103におけるタブレットのログイン動作(遠隔地)を示すフロー図である。運転者が遠隔地においてタブレット2を起動すると、タブレット2は遠隔地におけるログイン手続きを開始する。 FIG. 7 is a flowchart showing the login operation (remote location) of the tablet in ST103 in FIG. When the driver activates the tablet 2 at a remote location, the tablet 2 starts a login procedure at the remote location.
 まず、タブレット2は、図6中のST401~ST403とそれぞれ同様のST501~ST503を実施する。ST503では、運行管理サーバ5は、社外に存在するタブレット2からアクセスを受けたことを認識し、続いて、管理情報照合部(プログラム)91を起動して、タブレット2から受信した公開情報を照合し、その公開情報に対応づけられた外部分散データをタブレット2に対して送信する。 First, the tablet 2 performs ST501 to ST503 similar to ST401 to ST403 in FIG. In ST503, the operation management server 5 recognizes that access has been received from the tablet 2 that exists outside the company, and then activates the management information verification unit (program) 91 to verify the public information received from the tablet 2. The external shared data associated with the public information is transmitted to the tablet 2.
 次に、タブレット2は、運行管理サーバ5から外部分散データを受信すると(ST504:Yes)、その外部分散データを分散データ格納部33に格納する。そして、タブレット2は、運行管理サーバ5から取得した外部分散データと、上述のST102において分散データ格納部33に格納された内部分散データとを用いて認証用情報を復元(すなわち、PIN1、PIN2、照合用顔画像を取得)する(ST505)。その後、タブレット2は、図6中のST406~ST415とそれぞれ同様のST506~ST515を実施する。なお、ST514では、分散データ格納部33から外部分散データのみが消去され(既に取得されている場合には撮影顔画像及び照合用顔画像も消去)、内部分散データは次回のログインのために保持される。 Next, when receiving the external shared data from the operation management server 5 (ST504: Yes), the tablet 2 stores the external distributed data in the distributed data storage unit 33. The tablet 2 restores the authentication information using the external shared data acquired from the operation management server 5 and the internal shared data stored in the distributed data storage unit 33 in ST102 described above (that is, PIN1, PIN2,. A face image for verification is acquired) (ST505). Thereafter, the tablet 2 performs ST506 to ST515 similar to ST406 to ST415 in FIG. In ST514, only the external shared data is deleted from the distributed data storage unit 33 (if the image is already acquired, the photographed face image and the collation face image are also deleted), and the internal shared data is retained for the next login. Is done.
 図8および図9は、それぞれ図3中のST105におけるタブレットおよびタコグラフのアルコール検査結果の登録動作を示すフロー図である。 8 and 9 are flowcharts showing the registration operation of the alcohol test result of the tablet and the tachograph in ST105 in FIG. 3, respectively.
 図8に示すように、タブレット2では、ログインが完了してアルコール検査部(プログラム)44が起動されると、アルコール検査結果待ちの状態となる(ST601)。そこで、タブレット2は、タコグラフ4からアルコール検査結果を取得すると(ST602:Yes)、そのアルコール検査結果を表示・入力部22に表示する(ST603)。また、このとき、表示・入力部22には、運転者に対してアルコール検査結果を登録中であることを知らせる画面が表示される。 As shown in FIG. 8, in the tablet 2, when the login is completed and the alcohol test section (program) 44 is activated, the tablet 2 is in a state of waiting for an alcohol test result (ST601). Therefore, when the tablet 2 acquires the alcohol test result from the tachograph 4 (ST602: Yes), the tablet 2 displays the alcohol test result on the display / input unit 22 (ST603). At this time, the display / input unit 22 displays a screen informing the driver that the alcohol test result is being registered.
 次に、タブレット2は、アルコール検査結果(アルコール濃度の測定データ)と、ログイン時(図7中のST502およびST511参照)に取得した免許証情報の少なくとも一部(ここでは、免許証番号)とを所定のデータ形式で組み合わせ、その免許証情報が付加されたアルコール検査結果(以下、認証済みアルコール検査結果という。)をタコグラフ4に送信する(ST604)。このように、アルコール検査結果を免許証情報と組み合わせることにより、アルコール検査結果の正当性を確認することが可能となる。この場合、アルコール検査結果と組み合わせる情報として秘匿情報(PIN1秘匿情報56およびPIN2秘匿情報57)のいずれかを含むことがより好ましい。アルコール検査結果と組み合わせる免許証情報のうち、秘匿情報としては、免許証番号のほか、運転が許可されている車種、免許証保持者の氏名、住所などがある。また、公開情報としては公布年月日と有効期限がある。 Next, the tablet 2 includes the alcohol test result (alcohol concentration measurement data), and at least a part of the license information (here, the license number) acquired at the time of login (see ST502 and ST511 in FIG. 7). Are combined in a predetermined data format, and an alcohol test result (hereinafter referred to as an authenticated alcohol test result) to which the license information is added is transmitted to the tachograph 4 (ST604). In this way, by combining the alcohol test result with the license information, it is possible to confirm the validity of the alcohol test result. In this case, it is more preferable to include any of confidential information (PIN1 confidential information 56 and PIN2 confidential information 57) as information combined with the alcohol test result. Among the license information combined with the alcohol test result, the confidential information includes the license number, the vehicle type permitted to drive, the name and address of the license holder, and the like. Public information includes a promulgation date and an expiration date.
 その後、タブレット2は、ST604で送信したアルコール検査結果の登録が完了した旨の通知をタコグラフ4から受信すると(ST605:Yes)、運転者に対してアルコール検査結果の登録が完了したことを知らせる画面を表示・入力部22に表示し(ST606)、さらに、認証済みアルコール検査結果を消去する(ST607)。これにより、それらアルコール検査結果や免許証情報が、後にタブレット2から流出する等のトラブルを回避し、認証済みアルコール検査結果の安全性および信頼性が向上する。 After that, when the tablet 2 receives a notification from the tachograph 4 indicating that the registration of the alcohol test result transmitted in ST604 has been completed (ST605: Yes), the screen informing the driver that the registration of the alcohol test result has been completed. Is displayed on the display / input unit 22 (ST606), and the authenticated alcohol test result is deleted (ST607). Thereby, troubles such as those alcohol test results and license information flowing out from the tablet 2 later are avoided, and the safety and reliability of the authenticated alcohol test results are improved.
 一方、上述のST605においてタコグラフ4からアルコール検査結果の登録が完了した旨の通知を受信できずに(No)、規定時間が経過した場合(ST608:Yes)、タブレット2は、アルコール検査結果の登録が失敗したことを知らせる画面を表示・入力部22に表示する(ST609)。 On the other hand, if the notification that the registration of the alcohol test result is completed is not received from the tachograph 4 in ST605 described above (No), and the specified time has elapsed (ST608: Yes), the tablet 2 registers the alcohol test result. Is displayed on the display / input unit 22 (ST609).
 次に、図9を参照して、タコグラフのアルコール検査結果の登録動作について説明する。アルコール検査の際に運転者がタコグラフ4の検査開始ボタンを押下すると、タコグラフ4は、アルコール検査器3の検査待ちの状態となり(ST701)、運転者に対する検査待ちである旨のメッセージが表示部62に表示される。その後、アルコール検査器3によるアルコール検査が終了すると、タコグラフ4はアルコール検査器3からアルコール検査結果を受信する(ST702:Yes)。続いて、タコグラフ4は、そのアルコール検査結果をタブレット2に送信する。 Next, with reference to FIG. 9, the operation of registering the alcohol test result of the tachograph will be described. When the driver presses the inspection start button of the tachograph 4 during the alcohol test, the tachograph 4 enters a state of waiting for an inspection of the alcohol tester 3 (ST701), and a message indicating that the driver is waiting for an inspection is displayed on the display unit 62. Is displayed. Thereafter, when the alcohol test by the alcohol tester 3 is completed, the tachograph 4 receives the alcohol test result from the alcohol tester 3 (ST702: Yes). Subsequently, the tachograph 4 transmits the alcohol test result to the tablet 2.
 次に、タコグラフ4は、タブレット2から送信された認証済みアルコール検査結果(図8中のST604参照)を受信すると(ST704:Yes)、その認証済みアルコール検査結果をストレージ73に保存し(ST705)、アルコール検査結果の登録が完了した旨のメッセージを表示部62に表示すると共に、その旨をタブレット2に対して通知する(ST706)。なお、ここでは、タコグラフ4がタブレット2から認証済みアルコール検査結果を取得する構成としたが、タコグラフ4が、タブレット2から免許証情報を取得し、上述のタブレット2と同様の認証済みアルコール検査結果を生成する構成としてもよい。 Next, when receiving the authenticated alcohol test result (see ST604 in FIG. 8) transmitted from the tablet 2 (ST704: Yes), the tachograph 4 stores the authenticated alcohol test result in the storage 73 (ST705). Then, a message that the registration of the alcohol test result is completed is displayed on the display unit 62, and the fact is notified to the tablet 2 (ST706). Here, the tachograph 4 acquires the authenticated alcohol test result from the tablet 2. However, the tachograph 4 acquires the license information from the tablet 2, and the authenticated alcohol test result similar to that of the tablet 2 described above. It is good also as a structure which produces | generates.
 一方、上述のST704においてタブレット2から認証済みアルコール検査結果を受信できずに(No)、規定時間が経過した場合(ST707:Yes)、タコグラフ4、アルコール検査結果の登録が失敗した旨のメッセージを表示部62に表示する(ST708)。 On the other hand, if the authenticated alcohol test result cannot be received from the tablet 2 in the above-described ST704 (No), and the specified time has elapsed (ST707: Yes), the tachograph 4, a message that the registration of the alcohol test result has failed. It is displayed on the display unit 62 (ST708).
<第2実施形態>
 次に、本発明の第2実施形態に係るアルコール検査システムについて図10~図13を参照して説明する。第2実施形態に関して以下で特に言及しない事項については、上述の第1実施形態の場合と同様とする。 Second Embodiment
Next, an alcohol test system according to a second embodiment of the present invention will be described with reference to FIGS. Matters not particularly mentioned below regarding the second embodiment are the same as those of the first embodiment described above.
 図10は、第2実施形態に係るタブレットのログイン動作(出発地)を示すフロー図であり、第1実施形態における図6に対応するものである。 FIG. 10 is a flowchart showing the login operation (starting place) of the tablet according to the second embodiment, and corresponds to FIG. 6 in the first embodiment.
 タブレット2は、事前登録(図3中のST101参照)が完了した状態で、出発地におけるログイン手続きを開始し、図6中のST406およびST407と同様のST801およびST802を実行する。その後、タブレット2は、図6中のST401~ST405とそれぞれ同様のST803~ST807を実施し、さらに、図6中のST408~ST415とそれぞれ同様のST808~ST815を実施する。なお、図6中のST412およびST414の場合とは異なり、ST812およびST814では、免許証情報についても消去される。これにより、免許証情報が、後にタブレット2から流出する等のトラブルを回避し、認証の安全性および信頼性が向上する。 Tablet 2 starts the login procedure at the departure place in the state where the pre-registration (see ST101 in FIG. 3) is completed, and executes ST801 and ST802 similar to ST406 and ST407 in FIG. Thereafter, the tablet 2 performs ST803 to ST807 similar to ST401 to ST405 in FIG. 6, respectively, and further performs ST808 to ST815 similar to ST408 to ST415 in FIG. Note that, unlike ST412 and ST414 in FIG. 6, the license information is also deleted in ST812 and ST814. This avoids troubles such as license information leaking out from the tablet 2 later, and improves the safety and reliability of authentication.
 図11は、第2実施形態に係るタブレットのログイン動作(遠隔地)を示すフロー図であり、第1実施形態における図7に対応するものである。 FIG. 11 is a flowchart showing the login operation (remote location) of the tablet according to the second embodiment, and corresponds to FIG. 7 in the first embodiment.
 運転者が遠隔地においてタブレット2を起動すると、タブレット2は遠隔地におけるログイン手続きを開始し、図7中のS506およびST507と同様のST901およびST902を実行する。その後、タブレット2は、図7中のST501~ST505とそれぞれ同様のST903~ST907を実施し、さらに、図6中のST508~ST515とそれぞれ同様のST908~ST915を実施する。なお、図6中のST512およびST514の場合とは異なり、ST912およびST914では、免許証情報についても消去される。これにより、免許証情報が、後にタブレット2から流出する等のトラブルを回避し、認証の安全性および信頼性が向上する。 When the driver activates the tablet 2 at a remote location, the tablet 2 starts a login procedure at the remote location, and executes ST901 and ST902 similar to S506 and ST507 in FIG. Thereafter, the tablet 2 performs ST903 to ST907 similar to ST501 to ST505 in FIG. 7, respectively, and further performs ST908 to ST915 similar to ST508 to ST515 in FIG. Unlike ST512 and ST514 in FIG. 6, the license information is also deleted in ST912 and ST914. This avoids troubles such as license information leaking out from the tablet 2 later, and improves the safety and reliability of authentication.
 ちなみに、この第2実施形態において、運転者の顔の撮影は、図10におけるST801~ST802および図11におけるST901~ST902である。そして、免許証Lの2回にわたる読み取り動作は、図10におけるST803およびST809、図11におけるST903およびST909である。すなわち、運転者の顔の撮影と、免許証Lの2回にわたる読み取り動作とが分かれている。運転者は、最初にタブレット2のみを用いて自分の顔を撮影し、その後で免許証Lをポケットかカバンから取り出してタブレット2に2回かざせばよい。先に示す第1の実施形態のように、免許証Lの読み取り動作の間に顔の撮影動作が入ることはない。これにより、顔の撮影動作の前に、それまで持っていた免許証Lを車内のどこかへ置き、顔の撮影動作の後で免許証Lを再び持つことがない。それに加えて、タブレット2を持ち替える回数が減少する。したがって、よりスムーズなログイン手順を行うことができる。また、ログイン手順の途中で免許証Lを車内の床に落として、拾い上げるのに時間を要したり、免許証Lの券面を汚損したり、免許証Lをどこかに置き忘れて、探し出すのに時間を要したりすることも少なくできる。これらにより、利便性は向上する。 Incidentally, in the second embodiment, photographing of the driver's face is performed in ST801 to ST802 in FIG. 10 and ST901 to ST902 in FIG. The reading operation of the license L twice is ST803 and ST809 in FIG. 10, and ST903 and ST909 in FIG. That is, photographing of the driver's face and reading operation of the license L twice are separated. The driver first shoots his / her face using only the tablet 2 and then takes out the license L from the pocket or bag and holds it over the tablet 2 twice. As in the first embodiment described above, the face photographing operation does not enter during the reading operation of the license L. Thus, the driver's license L that has been held before is placed somewhere in the vehicle before the face photographing operation, and the license L is not held again after the face photographing operation. In addition, the number of times the tablet 2 is changed is reduced. Therefore, a smoother login procedure can be performed. In addition, it takes time to drop the license L on the floor in the car during the login procedure, pick up the license L, damage the face of the license L, or misplace the license L somewhere to find it. Less time is required. As a result, convenience is improved.
 なお、免許証Lの最初の読取要求(図10におけるST803、図11におけるST903)から顔画像の照合(図10におけるST808、図11におけるST908)までの処理には、現状では時間を要する。顔画像の照合がOKになって、初めてタブレット2はPIN1、PIN2を使うことができる。しかしながら、それらPIN1、PIN2が使えるようになる頃には、タブレット2へのログインを試みる運転者が、免許証Lをタブレット2から離してしまう可能性がある。したがって、免許証Lより秘匿情報56または秘匿情報57を確実に取得するために、免許証Lの読取要求がもう一度表示されるようになっている(図10におけるST809、図11におけるST909)。このとき、運転者が最初の読取要求から十分に長い時間、免許証Lをタブレット2にかざしていたとする。そうすれば、タブレット2は即座に、免許証Lからの秘匿情報を取得する(図10におけるST810~ST811、図11におけるST910~ST911)手順へと移るはずである。したがって、このような場合には、運転者にとって、免許証Lが有する免許証情報の読取が、あたかも1回で終了したように見える。この点においても、利便性はさらに向上する。 It should be noted that the processing from the first reading request of the license L (ST803 in FIG. 10 and ST903 in FIG. 11) to the face image collation (ST808 in FIG. 10 and ST908 in FIG. 11) currently takes time. The tablet 2 can use PIN1 and PIN2 for the first time after collation of the face image is OK. However, when these PIN1 and PIN2 can be used, there is a possibility that the driver who attempts to log in to the tablet 2 will release the license L from the tablet 2. Therefore, in order to reliably acquire the secret information 56 or the secret information 57 from the license L, a request for reading the license L is displayed again (ST809 in FIG. 10, ST909 in FIG. 11). At this time, it is assumed that the driver holds the license L over the tablet 2 for a sufficiently long time from the first reading request. Then, the tablet 2 should immediately move to the procedure of acquiring the confidential information from the license L (ST810 to ST811 in FIG. 10, ST910 to ST911 in FIG. 11). Therefore, in such a case, it seems to the driver that the reading of the license information held by the license L is completed once. Also in this respect, convenience is further improved.
 また、将来的に、免許証Lの最初の読取要求(図10におけるST803、図11におけるST903)から秘匿情報の取得までの処理が高速になれば、2回目の免許証Lの読取要求を行わないようにしてもよい。ここで「秘匿情報の取得」とは、図10におけるST811、図11におけるST911であり、「2回目の免許証Lの読取要求」とは図10におけるST809、図11におけるST909である。 In the future, if the processing from the first request for reading the license L (ST803 in FIG. 10 and ST903 in FIG. 11) to the acquisition of the confidential information becomes faster, the second request for reading the license L is made. It may not be possible. Here, “acquisition of confidential information” is ST811 in FIG. 10 and ST911 in FIG. 11, and “second license L reading request” is ST809 in FIG. 10 and ST909 in FIG.
 図12は、第2実施形態に係るタブレットのアルコール検査結果の登録動作を示すフロー図であり、第1実施形態における図8に対応するものである。 FIG. 12 is a flowchart showing an operation of registering the alcohol test result of the tablet according to the second embodiment, and corresponds to FIG. 8 in the first embodiment.
 タブレット2では、ログインが完了してアルコール検査部(プログラム)44が起動されると、運転者に対して免許証Lの読み取りを要求するための画面を表示し(ST1001)、PIN1、PIN2を用いて免許証Lにアクセスする(ST1002)。これは、先の図11におけるログイン後に、タブレット2から免許証情報が削除されており、アルコール検査の終了後にその結果と組み合わせる免許証情報を再び取得するために必要なものである。そして、タブレット2は、公開情報とPIN1秘匿情報56およびPIN2秘匿情報57とを免許証Lから取得することに成功すると(ST1003:Yes)、タブレット2は、図8中のS601~ST603と同様のST1004~ST1006を実行する。 In the tablet 2, when the login is completed and the alcohol test section (program) 44 is activated, a screen for requesting the driver to read the license L is displayed (ST1001), and PIN1 and PIN2 are used. The license L is then accessed (ST1002). This is necessary to obtain again the license information combined with the result after the alcohol test is completed after the license information has been deleted from the tablet 2 after the login in FIG. If the tablet 2 succeeds in obtaining the public information and the PIN1 confidential information 56 and the PIN2 confidential information 57 from the license L (ST1003: Yes), the tablet 2 is the same as S601 to ST603 in FIG. Steps ST1004 to ST1006 are executed.
 次に、タブレット2は、運行管理サーバ5の分散データ生成部(プログラム)92と同様の処理により、アルコール検査結果および免許証情報(少なくとも一部)からなる情報を分散した複数の分散データを生成する(ST1007)。そして、タブレット2は、ST1007で生成した検査結果に関する分散データの一部をタコグラフ4に対して送信する(ST1008)。タコグラフ4に送信しなかった残りの分散データは、タブレット2の分散データ格納部33に保持される。あるいは、その一部または全てを、運行管理サーバ5に送信してもよい。つまり、図8に示した第1実施形態では、ST604において、アルコール検査結果と、免許証Lの秘匿情報とを単に組み合わせたものをタコグラフ4に送信したが、分散データを用いることにより、認証済みアルコール検査結果の安全性が高まる。すなわち、タブレット2、タコグラフ4、運行管理サーバ5のうちいずれか複数にそれぞれ分散されて保持される分散データのいずれかが第三者に流出したとしても、アルコール検査結果と免許証情報は復元できない。 Next, the tablet 2 generates a plurality of distributed data in which information including the alcohol test result and the license information (at least a part) is distributed by the same processing as the distributed data generation unit (program) 92 of the operation management server 5. (ST1007). Then, the tablet 2 transmits a part of the distributed data regarding the inspection result generated in ST1007 to the tachograph 4 (ST1008). The remaining shared data that has not been transmitted to the tachograph 4 is held in the distributed data storage unit 33 of the tablet 2. Alternatively, a part or all of them may be transmitted to the operation management server 5. In other words, in the first embodiment shown in FIG. 8, in ST604, a simple combination of the alcohol test result and the secret information of the license L is transmitted to the tachograph 4, but it has been authenticated by using the distributed data. Increased safety of alcohol test results. That is, even if any of the distributed data distributed and held among any one of the tablet 2, the tachograph 4 and the operation management server 5 leaks to a third party, the alcohol test result and the license information cannot be restored. .
 その後、タブレット2は、ST1008で送信したアルコール検査結果(分散データ)の登録が完了した旨の通知をタコグラフ4から受信すると(ST1009:Yes)、アルコール検査結果の登録が完了したことを知らせる画面を表示・入力部22に表示し(ST1010)、さらに、アルコール検査結果、免許証情報およびタコグラフ4に送信した分散データを消去する(ST1011)。これにより、それらアルコール検査結果および免許情報が、後にタブレット2から流出する等のトラブルを回避し、認証済みアルコール検査結果の安全性および信頼性が向上する。 After that, when the tablet 2 receives a notification from the tachograph 4 that the registration of the alcohol test result (distributed data) transmitted in ST1008 has been completed (ST1009: Yes), a screen informing that the registration of the alcohol test result has been completed. Displayed on the display / input unit 22 (ST1010), and further, alcohol test results, license information, and distributed data transmitted to the tachograph 4 are deleted (ST1011). Thereby, troubles such as those alcohol test results and license information flowing out from the tablet 2 later are avoided, and the safety and reliability of the authenticated alcohol test results are improved.
 一方、上述のST1009においてタコグラフ4からアルコール検査結果の登録が完了した旨の通知を受信できずに(No)、タコグラフ4からアルコール検査結果の登録が失敗した旨の通知を受けた場合(ST1012:Yes)、或いは、タコグラフ4からアルコール検査結果の登録が失敗した旨の通知を受けることなく(ST1012:No)、規定時間が経過した場合(ST1013:Yes)、タブレット2は、運転者に対してアルコール検査結果(分散データ)の登録が失敗したことを知らせる画面を表示・入力部22に表示する(ST1014)。それと同時に、アルコール検査および免許証情報より作成された分散データのうち、タコグラフ4に送信した分散データは消去される(ST1011)。もしくは、分散データ全てが消去されるようにしてもよい。これにより、それらアルコール検査結果および免許情報が、後にタブレット2から流出する等のトラブルを回避し、認証済みアルコール検査結果の安全性および信頼性が向上する。 On the other hand, when the notification that the registration of the alcohol test result is completed is not received from the tachograph 4 in the above-described ST1009 (No), and the notification that the registration of the alcohol test result is failed from the tachograph 4 (ST1012: Yes), or without receiving notification that the registration of the alcohol test result has failed from the tachograph 4 (ST1012: No), when the specified time has elapsed (ST1013: Yes), the tablet 2 A screen informing that registration of the alcohol test result (distributed data) has failed is displayed on display / input unit 22 (ST1014). At the same time, the distributed data transmitted to the tachograph 4 among the distributed data created from the alcohol test and the license information is deleted (ST1011). Alternatively, all the distributed data may be erased. Thereby, troubles such as those alcohol test results and license information flowing out from the tablet 2 later are avoided, and the safety and reliability of the authenticated alcohol test results are improved.
 図13は、第2実施形態に係るタコグラフのアルコール検査結果の登録動作を示すフロー図であり、第1実施形態における図9に対応するものである。 FIG. 13 is a flowchart showing an operation for registering the alcohol test result of the tachograph according to the second embodiment, and corresponds to FIG. 9 in the first embodiment.
 アルコール検査の際に運転者がタコグラフ4の検査開始ボタンを押下すると、タコグラフ4は、図9のST701~ST703と同様のST1101~ST1103を実行する。 When the driver presses the inspection start button of the tachograph 4 during the alcohol inspection, the tachograph 4 executes ST1101 to ST1103 similar to ST701 to ST703 in FIG.
 その後、タコグラフ4は、タブレット2から送信された認証済みアルコール検査結果に相当する分散データ(図12中のST1008参照)を受信すると(ST1104:Yes)、その分散データをストレージ73に保存し(ST1105)、アルコール検査結果の登録が完了した旨のメッセージを表示部62に表示すると共に、その旨をタブレット2に対して通知する(ST1106)。 Thereafter, when the tachograph 4 receives distributed data (see ST1008 in FIG. 12) corresponding to the authenticated alcohol test result transmitted from the tablet 2 (ST1104: Yes), the distributed data is stored in the storage 73 (ST1105). ) A message indicating that the registration of the alcohol test result has been completed is displayed on the display unit 62, and the fact is notified to the tablet 2 (ST1106).
 一方、上述のST1104においてタブレット2から分散データを受信できずに(No)、規定時間が経過した場合(ST1107:Yes)、タコグラフ4は、アルコール検査結果の登録が失敗した旨のメッセージを表示部62に表示すると共に、その旨をタブレット2に対して通知する(ST1108)。 On the other hand, if the distributed data cannot be received from the tablet 2 in ST1104 described above (No) and the specified time has elapsed (ST1107: Yes), the tachograph 4 displays a message that the registration of the alcohol test result has failed. 62, and notifies the tablet 2 to that effect (ST1108).
 このようにして、遠隔地におけるアルコール検査結果および免許証情報は、単体では元の情報が復元できない複数の異なる分散データとなる。そしてそれら複数の異なる分散データは、タコグラフ4、タブレット2、運行管理サーバ5のうちいずれか複数にそれぞれ登録される。そして、運転者が運送会社に帰着したときに、これらの分散データは、運行管理サーバ5へと回収され、運行記録の一部として保管される。 In this way, the alcohol test result and the license information at a remote location become a plurality of different distributed data that cannot be restored by itself. The plurality of different distributed data is registered in any one of the tachograph 4, the tablet 2, and the operation management server 5. When the driver returns to the transportation company, these distributed data are collected into the operation management server 5 and stored as part of the operation record.
 このような分散データがタコグラフ4とタブレット2に登録されている場合、例えば運転者は、まずタコグラフ4の分散データをタブレット2に引き上げ、そのタブレット2を運送会社の社内に持ち込む。そして、運転者は、タブレット2の内部に保持されているそれらの分散データを運行管理サーバ5へと転送する。そうすれば、データのハンドリングが容易になり利便性が向上する。 When such distributed data is registered in the tachograph 4 and the tablet 2, for example, the driver first pulls up the distributed data of the tachograph 4 to the tablet 2 and brings the tablet 2 into the transportation company. Then, the driver transfers the distributed data held in the tablet 2 to the operation management server 5. This facilitates data handling and improves convenience.
 または、運行管理サーバ5が、タコグラフ4とタブレット2にそれぞれ登録されている分散データを、それぞれ少なくとも一部が異なる通信経路を介して回収するようにしてもよい。例えば、図1において、運行管理サーバ5は、タブレット2が保持する分散データを、LAN12を介して回収し、タコグラフ4が保持する分散データを、LAN12およびインターネット13を介して回収するようにしてもよい(さらには図示しない3GやLTEなどの携帯電話回線を介してもよい)。そうすれば、運送会社を出発してから戻るまでの間、タブレット2やタコグラフ4には、複数の分散データのうちの一つだけが常に保持されるため、認証済みアルコール検査結果の安全性および信頼性がさらに向上する。そしてこのことは、分散データが、タコグラフ4、タブレット2、運行管理サーバ5の3つにそれぞれ登録されている場合においても同様である。 Alternatively, the operation management server 5 may collect the distributed data respectively registered in the tachograph 4 and the tablet 2 via at least some different communication paths. For example, in FIG. 1, the operation management server 5 may collect the distributed data held by the tablet 2 via the LAN 12 and may collect the distributed data held by the tachograph 4 via the LAN 12 and the Internet 13. (It may also be via a mobile phone line such as 3G or LTE (not shown)). By doing so, since only one of a plurality of distributed data is always kept in the tablet 2 and the tachograph 4 from the time of leaving the shipping company until returning, the safety of the certified alcohol test result and Reliability is further improved. This also applies to the case where the distributed data is registered in each of the tachograph 4, the tablet 2, and the operation management server 5.
 また、分散データがタコグラフ4と運行管理サーバ5に登録される場合、タコグラフ4が保持する分散データは、運行管理サーバ5が直接回収してもよい。この場合、運行管理サーバ5は、先程と同様に、タコグラフ4が保持する分散データを、LAN12およびインターネット13を介して回収するようにしてもよい(さらには図示しない3GやLTEなどの携帯電話回線を介してもよい)。または、次のようにしてもよい。すなわち、運転者が、例えばタブレット2の近距離通信部24とタコグラフ4の近距離通信部64とを用いて、タコグラフ4に保持されている分散データをタブレット2に回収し、運送会社の社内に持ち込む。そして運転者は、タブレット2の内部に保持されているそれらの分散データを運行管理サーバ5へと転送する。そうすれば、運送会社を出発してから戻るまでの間、タコグラフ4には、複数の分散データのうちの一つだけが常に保持されるため、認証済みアルコール検査結果の安全性および信頼性がさらに向上する。また、タブレット2には、タコグラフ4に保持される分散データを運行管理サーバ5に回収する際に、その分散データが一時的に保持されるだけなので、認証済みアルコール検査結果の安全性および信頼性がさらに向上する。 In addition, when the distributed data is registered in the tachograph 4 and the operation management server 5, the operation management server 5 may directly collect the distributed data held by the tachograph 4. In this case, the operation management server 5 may collect the distributed data held by the tachograph 4 via the LAN 12 and the Internet 13 (further, a cellular phone line such as 3G or LTE, not shown). May be used). Alternatively, the following may be performed. That is, the driver collects the distributed data held in the tachograph 4 in the tablet 2 by using, for example, the short-range communication unit 24 of the tablet 2 and the short-range communication unit 64 of the tachograph 4, and stores it in the inside of the transportation company. Bring it in. Then, the driver transfers those distributed data held in the tablet 2 to the operation management server 5. By doing so, since the tachograph 4 always holds only one of a plurality of distributed data from the time of leaving the shipping company until returning, the safety and reliability of the certified alcohol test result is ensured. Further improve. In addition, when the tablet 2 collects the distributed data stored in the tachograph 4 in the operation management server 5, the distributed data is only temporarily stored. Therefore, the safety and reliability of the authenticated alcohol test result Is further improved.
 なお、上述の第2実施形態における上述の第1実施形態との相違部分については、その相違部分の一部のみを本発明の範囲を逸脱しない範囲で第1実施形態に適用することも可能である。 In addition, about the difference part with the above-mentioned 1st Embodiment in the above-mentioned 2nd Embodiment, it is also possible to apply only a part of the difference part to 1st Embodiment in the range which does not deviate from the scope of the present invention. is there.
 このように、アルコール検査システム1におけるタブレット2によれば、分散データ格納部33に格納された内部分散データと、外部の運行管理サーバ5から取得された外部分散データとから認証に用いられる照合用顔画像およびPIN1、PIN2(鍵情報)を復元するため、それら認証用情報がインターネット13等の通信ネットワークを介して流出することを防止できると共に、認証における成り済ましを防止することができる。また、運転者は、その場で撮影した顔画像と、復元された鍵情報と、自身が携帯する免許証とを認証に用いるため、免許証のPIN1、PIN2のような暗証番号や、ドライバーズコード、社員コード等の識別情報を記憶しておく必要はなく、認証操作の利便性が向上するという利点もある。タブレット2へのログイン時において運転者に求められるのは、免許証Lをタブレット2に内蔵されるICカードリーダ25にかざすことと、自身の顔画像をタブレット2により撮影することのみである。 Thus, according to the tablet 2 in the alcohol test system 1, for verification used for authentication from the internal distributed data stored in the distributed data storage unit 33 and the external distributed data acquired from the external operation management server 5. Since the face image and PIN1 and PIN2 (key information) are restored, it is possible to prevent such authentication information from leaking through a communication network such as the Internet 13, and to prevent impersonation in authentication. In addition, since the driver uses the face image photographed on the spot, the restored key information, and the license carried by himself / herself for authentication, the driver can use a personal identification number such as PIN1 or PIN2 of the license, There is no need to store identification information such as codes and employee codes, and there is an advantage that convenience of authentication operation is improved. When logging in to the tablet 2, the driver is only required to hold the license L over the IC card reader 25 built in the tablet 2 and to photograph his / her face image with the tablet 2.
 本発明を特定の実施形態に基づいて説明したが、これらの実施形態はあくまでも例示であって、本発明はこれらの実施形態によって限定されるものではない。例えば、本発明に係る認証システムを構成する認証装置や認証管理装置等の各装置間で通信を行うための手段や方法は、少なくとも必要なデータ等を送受信可能な限りにおいて、実施形態に示したものに限らず他の周知の手段や方法に変更することが可能である。また、本発明に用いる生体情報としては、顔画像に限らず、指紋、虹彩、声紋、静脈、耳の形状など周知の生体認証に用いられる他の情報でもよい。生態情報を変更した場合、それを取得する手段としてカメラ以外のもの(例えば、指紋読み取り装置)を用いることができる。また、本発明に用いる記憶媒体としては、ICカード運転免許証に限らず、周知のRFタグを備えたカード等の他の記憶媒体でもよい。また、外部分散データ(内部分散データを除いた残りの分散データ)については、上述の運行管理サーバ5に限らず、認証装置と通信可能な複数の情報処理装置に保持させる(すなわち、認証装置が複数の情報処理装置から外部分散データを取得する)構成も可能である。 Although the present invention has been described based on specific embodiments, these embodiments are merely examples, and the present invention is not limited to these embodiments. For example, the means and method for performing communication between devices such as the authentication device and the authentication management device constituting the authentication system according to the present invention are shown in the embodiment as long as at least necessary data can be transmitted and received. It is possible to change to other well-known means and methods without being limited to those. The biometric information used in the present invention is not limited to a face image, but may be other information used for well-known biometric authentication such as fingerprints, irises, voiceprints, veins, and ear shapes. When the biological information is changed, a device other than the camera (for example, a fingerprint reading device) can be used as a means for acquiring the biological information. The storage medium used in the present invention is not limited to an IC card driver's license, and may be another storage medium such as a card having a known RF tag. Further, the external distributed data (the remaining distributed data excluding the internal distributed data) is held not only in the above-described operation management server 5 but also in a plurality of information processing apparatuses that can communicate with the authentication apparatus (that is, the authentication apparatus A configuration in which external distributed data is acquired from a plurality of information processing apparatuses is also possible.
 図3のST101および図4、図5に示す運行管理サーバ5への事前登録は、運行管理サーバ5とタブレット2の両方を用いるのではなく、運行管理サーバ5のみで行うようにしてもよい。この場合、運行管理サーバ5は、タブレット2が備える撮影部23、ICカードリーダ25、顔画像照合部42およびユーザ登録部43のそれぞれに相当するものを備えればよい。また、図4のST201~ST204におけるPIN1およびPIN2の入力は、入力部83を用いて行えばよい。 3 may be performed in advance by the operation management server 5 instead of using both the operation management server 5 and the tablet 2. In this case, the operation management server 5 may be provided with a device corresponding to each of the imaging unit 23, the IC card reader 25, the face image matching unit 42, and the user registration unit 43 provided in the tablet 2. In addition, the input of PIN1 and PIN2 in ST201 to ST204 in FIG.
 しかしながら、図3のST101および図4、図5に示すように、運行管理サーバ5とタブレット2の両方を用いて事前登録を行ったほうが、より好ましい。この場合は、事前登録時における顔画像の撮影と、出発地または遠隔地におけるタブレット2へのログイン時での顔画像の撮影が、同じタブレット2の撮影部23によってなされる。使用するタブレット2が、事前登録時とログイン時とで異なったとしても、撮影部23の仕様は同じである。したがって、事前登録時とログイン時との間で、画素数や色味などに大きな相違の無い顔画像が得られるため、認証の成功率も高くなる。 However, it is more preferable to perform pre-registration using both the operation management server 5 and the tablet 2 as shown in ST101 of FIG. 3, FIG. 4, and FIG. In this case, the photographing of the face image at the time of pre-registration and the photographing of the face image at the time of login to the tablet 2 at the departure place or the remote place are performed by the photographing unit 23 of the same tablet 2. Even if the tablet 2 to be used differs between pre-registration and login, the specifications of the photographing unit 23 are the same. Therefore, since a face image having no great difference in the number of pixels, color, and the like can be obtained between pre-registration and login, the authentication success rate is also increased.
 図3のST102および図6に示す出発地でのタブレット2の持ち出し登録後において、図1および図2に示す運行管理サーバ5には、外部分散データおよび内部分散データの両方とも保持されている。このとき、運行管理サーバ5のストレージ73を複数用意し、外部分散データと内部分散データとを異なるストレージに分けて保持するようにしてもよい。 3 After both the ST102 in FIG. 3 and the take-out registration of the tablet 2 at the departure place shown in FIG. 6, the operation management server 5 shown in FIGS. 1 and 2 holds both the external distributed data and the internal distributed data. At this time, a plurality of storages 73 of the operation management server 5 may be prepared, and the external distributed data and the internal distributed data may be separately stored in different storages.
 これとは別に、運行管理サーバ5には外部分散データのみが保持されるようにしてもよい。その場合は、タブレット2が出発地に戻ってきたときに、内部分散データを運行管理サーバ5に戻せばよい。いずれにしても、運行管理サーバ5には、認証用情報そのものを保持させるよりも、その認証用情報に基づいて生成された分散データの形で保持させるほうが、ハッキングなどに対して、より高度なセキュリティを実現することができる。 Alternatively, the operation management server 5 may hold only externally distributed data. In that case, the internal distributed data may be returned to the operation management server 5 when the tablet 2 returns to the departure place. In any case, it is more advanced with respect to hacking or the like that the operation management server 5 retains the authentication information itself in the form of distributed data generated based on the authentication information than the authentication information itself. Security can be realized.
 そして、運行管理サーバ5は、外部分散データおよび内部分散データから認証用情報を復元し、復元する前とは異なる外部分散データおよび内部分散データを生成する処理を、適宜行うようにしてもよい。すなわち、分散データの更新を行うようにしてもよい。その場合、内部分散データがタブレット2に保持されていない状態で行うことが望ましい。そうすれば、運行管理サーバ5は、タブレット2との情報のやり取りに支障をきたすことなく、ハッキングなどに対して、より高度なセキュリティを実現することができる。 Then, the operation management server 5 may restore the authentication information from the external distributed data and the internal distributed data, and appropriately perform processing for generating the external distributed data and the internal distributed data different from that before the recovery. That is, distributed data may be updated. In that case, it is desirable to carry out in a state where the internal distributed data is not held in the tablet 2. Then, the operation management server 5 can realize higher security against hacking and the like without hindering the exchange of information with the tablet 2.
 さらに、この出発地でのタブレット2の持ち出し登録時において、運行管理サーバ5またはそれと通信可能な図示しない情報端末と、タブレット2とにより、アルコール検査などの健康状態の検査が行われてもよい。その場合、運行管理サーバ5またはそれと通信可能な情報端末には、別のアルコール検査器などの身体状態を測定し検査する装置が接続され、その装置と通信し制御可能なプログラムが備えられていればよい。ここでいう「身体状態または健康状態を測定し検査する」とは、先にも述べたように、例えば血圧、脈拍、体温、心電図、顔色などを測定し検査することを指す。そして、運行管理サーバ5は、この出発時における検査の結果がOKの時にのみ、分散情報をタブレット2に渡し、NGの時には分散情報をタブレット2に渡さないようにしてもよい。このようにすれば、その日の運転資格の無い者がタブレット2を不正に持ち出して出発するのを防ぐことができる。 Furthermore, when taking out the tablet 2 at the departure place, the health management such as an alcohol test may be performed by the operation management server 5 or an information terminal (not shown) that can communicate with the operation management server 5 and the tablet 2. In that case, the operation management server 5 or an information terminal communicable with the operation management server 5 is connected with a device for measuring and inspecting a physical condition such as another alcohol tester, and provided with a program capable of communicating with and controlling the device. That's fine. As used herein, “measuring and examining physical condition or health condition” refers to measuring and examining blood pressure, pulse, body temperature, electrocardiogram, facial color, and the like, as described above. The operation management server 5 may pass the shared information to the tablet 2 only when the result of the inspection at the time of departure is OK, and may not pass the shared information to the tablet 2 when the result is NG. If it does in this way, it can prevent that the person who does not have driving qualification of the day carries out the tablet 2 illegally and departs.
 これまで記載してきた実施形態は、いずれも、タブレット2が複数の運転者によって日替わりで使われる場合を想定している。しかしながら、タブレット2が一人の運転者の専用端末として使用される場合、内部分散データは、事前登録完了直後にタブレット2へ転送し、それ以降はタブレット2上で保持するようにしてもよい。この場合、顔画像の特徴不一致時または免許証の秘匿情報取得失敗時に、その内部分散データは消去されない。 The embodiments described so far assume that the tablet 2 is used daily by a plurality of drivers. However, when the tablet 2 is used as a dedicated terminal for one driver, the internal distributed data may be transferred to the tablet 2 immediately after the pre-registration is completed, and thereafter held on the tablet 2. In this case, the internal shared data is not erased when the facial image features do not match or when the license secret information acquisition fails.
 内部分散データは、分散データ格納部のほか、ワークメモリや、プログラムメモリに保持されてもよい。また、第2の実施形態における分散データの残りは、分散データ格納部のほか、ワークメモリや、プログラムメモリに保持されてもよい。 Internal distributed data may be held in work memory or program memory in addition to the distributed data storage unit. Further, the remainder of the distributed data in the second embodiment may be held in the work memory or the program memory in addition to the distributed data storage unit.
 そのほか、上記実施形態に示した本発明に係る認証装置及びこれを備えた認証システムの各構成要素は、必ずしも全てが必須ではなく、少なくとも本発明の範囲を逸脱しない限りにおいて適宜取捨選択することが可能である。 In addition, the constituent elements of the authentication apparatus according to the present invention and the authentication system including the authentication apparatus according to the present invention are not necessarily essential, and may be appropriately selected as long as they do not depart from the scope of the present invention. Is possible.
 本発明に係る認証装置及びこれを備えた認証システムは、認証に用いられる情報の流出を防止すると共に、認証における成り済ましを防止することを可能とし、特に、遠隔地における認証対象の正当性を確認するのに適した認証装置及びこれを備えた認証システムなどとして有用である。 The authentication apparatus according to the present invention and the authentication system including the authentication apparatus can prevent the outflow of information used for authentication and prevent impersonation in authentication, and particularly confirm the validity of the authentication target in a remote place. It is useful as an authentication device suitable for the above and an authentication system provided with the same.
1 アルコール検査システム(認証システム)
2 タブレット(認証装置)
3 アルコール検査器(身体状態測定装置)
4 デジタルタコグラフ(記録装置)
5 運行管理サーバ(認証管理装置)
22 表示・入力部
23 撮影部(生体情報取得部)
33 分散データ格納部
34 CPU(制御部)
41 分散情報復元部(分散情報復元部)
42 顔画像照合部(生体情報照合部)
44 アルコール検査部(身体状態情報処理部)
L ICカード運転免許証(記憶媒体) 1 Alcohol inspection system (authentication system)
2 Tablet (authentication device)
3 Alcohol tester (physical condition measuring device)
4 Digital tachograph (recording device)
5 Operation management server (authentication management device)
22 Display / Input Unit 23 Imaging Unit (Biological Information Acquisition Unit)
33 Distributed data storage unit 34 CPU (control unit)
41 Distributed information restoration unit (distributed information restoration unit)
42 face image matching unit (biometric information matching unit)
44 Alcohol testing department (physical condition information processing department)
L IC card driver's license (storage medium)

Claims (13)

  1.  認証用情報の少なくとも一部を用いて記憶媒体に記憶された秘匿情報を取得する認証装置であって、
     前記認証用情報を分散した分散情報の一部である第1の分散データを格納する分散データ格納部と、
     前記分散情報において前記第1の分散データとは異なる第2の分散データを外部から取得し、前記第1および第2の分散データから前記認証用情報を復元する分散情報復元部と
    を備えたことを特徴とする認証装置。     An authentication device that acquires confidential information stored in a storage medium using at least a part of authentication information,
    A distributed data storage unit that stores first shared data that is a part of shared information in which the authentication information is distributed;
    A shared information restoring unit that obtains from the outside second shared data different from the first shared data in the shared information and restores the authentication information from the first and second shared data; An authentication device.
  2.  前記認証用情報には、前記記憶媒体に記憶された秘匿情報を取得するために用いられる鍵情報が含まれることを特徴とする請求項1に記載の認証装置。 2. The authentication apparatus according to claim 1, wherein the authentication information includes key information used to acquire confidential information stored in the storage medium.
  3.  前記認証用情報には、認証対象者の生体情報を照合するための照合用生体情報が含まれることを特徴とする請求項1に記載の認証装置。 2. The authentication apparatus according to claim 1, wherein the authentication information includes verification biometric information for verifying biometric information of the person to be authenticated.
  4.  前記認証用情報は、前記記憶媒体に記憶された秘匿情報を取得するために用いられる鍵情報と、認証対象者の生体情報を照合するための照合用生体情報と、により構成され、
     前記分散情報復元部により復元された前記認証用情報のうち前記鍵情報を用いて、前記記憶媒体より前記秘匿情報を取得することを特徴とする請求項1記載の認証装置。     The authentication information is composed of key information used for acquiring confidential information stored in the storage medium and biometric information for verification for verifying biometric information of the person to be authenticated,
    The authentication apparatus according to claim 1, wherein the secret information is acquired from the storage medium using the key information among the authentication information restored by the distributed information restoration unit.
  5.  前記認証対象者の生体情報を取得する生体情報取得部と、
     復元された前記認証用情報に含まれる前記照合用生体情報と、取得した前記生体情報と、を照合する生体情報照合部と
    を更に備え、
     前記生体情報照合部によって前記照合用生体情報と前記生体情報とが一致すると判定された場合にのみ、前記認証用情報の少なくとも一部を用いて前記秘匿情報を取得することを特徴とする請求項3に記載の認証装置。     A biometric information acquisition unit for acquiring biometric information of the person to be authenticated;
    A biometric information matching unit for matching the biometric information for verification included in the restored authentication information with the acquired biometric information;
    The secret information is acquired using at least a part of the authentication information only when the biometric information collation unit determines that the biometric information for collation and the biometric information match. 4. The authentication device according to 3.
  6.  前記分散情報復元部によって前記秘匿情報が読み出された後に、前記第2の分散データが消去されることを特徴とする請求項1に記載の認証装置。 The authentication apparatus according to claim 1, wherein the second shared data is erased after the secret information is read by the shared information restoration unit.
  7.  請求項1に記載の認証装置と、前記第2の分散データを前記認証装置に提供する認証管理装置とを備えたことを特徴とする認証システム。 An authentication system comprising: the authentication device according to claim 1; and an authentication management device that provides the second distributed data to the authentication device.
  8.  前記記憶媒体には、前記認証用情報を必要とすることなく取得可能な公開情報が記憶され、
     前記認証装置は、前記記憶媒体から取得した前記公開情報を前記認証管理装置に送信し、
     前記認証管理装置は、前記認証装置から取得した前記公開情報に対応する前記第2の分散データを前記認証装置に送信することを特徴とする請求項7に記載の認証システム。     The storage medium stores public information that can be acquired without requiring the authentication information,
    The authentication device transmits the public information acquired from the storage medium to the authentication management device,
    The authentication system according to claim 7, wherein the authentication management apparatus transmits the second distributed data corresponding to the public information acquired from the authentication apparatus to the authentication apparatus.
  9.  請求項1記載の認証装置と、認証対象者の身体の状態を測定する身体状態測定装置と、前記身体状態の測定結果を記録する記録装置とを更に備え、
     前記記録装置は、前記秘匿情報と前記身体状態の測定結果とを対応させて記録することを特徴とする認証システム。     The authentication apparatus according to claim 1, further comprising: a physical condition measuring apparatus that measures a physical condition of the person to be authenticated; and a recording apparatus that records the measurement result of the physical condition,
    The said recording apparatus records the said confidential information and the measurement result of the said physical state correspondingly, The authentication system characterized by the above-mentioned.
  10.  前記認証装置は、前記秘匿情報と、これに対応する前記身体状態の測定結果と、を前記記録装置に送信することを特徴とする請求項9に記載の認証システム。 10. The authentication system according to claim 9, wherein the authentication device transmits the confidential information and the measurement result of the physical condition corresponding to the confidential information to the recording device.
  11.  認証対象者の身体の状態を測定する身体状態測定装置と、前記身体状態の測定結果を記録する記録装置とを更に備え、
     前記記録装置は、前記秘匿情報と前記身体状態の測定結果とを対応させて記録することを特徴とする請求項7に記載の認証システム。     A physical condition measuring device that measures the physical condition of the person to be authenticated, and a recording device that records the measurement result of the physical condition;
    The authentication system according to claim 7, wherein the recording device records the secret information and the measurement result of the physical state in association with each other.
  12.  前記認証装置は、前記秘匿情報と、これに対応する前記身体状態の測定結果と、を前記記録装置に送信することを特徴とする請求項11に記載の認証システム。 12. The authentication system according to claim 11, wherein the authentication device transmits the confidential information and the measurement result of the physical condition corresponding to the confidential information to the recording device.
  13.  認証用情報を分散した分散情報の一部であり、あらかじめ内部に格納された第1の分散データと、前記分散情報において前記第1の分散データとは異なる、外部から取得した第2の分散データと、から前記認証用情報を復元し、復元された前記認証用情報の少なくとも一部を用いて、記憶媒体に記憶された秘匿情報を取得することを特徴とする認証方法。 First shared data that is a part of shared information in which authentication information is distributed and stored in advance, and second shared data obtained from the outside that is different from the first shared data in the shared information The authentication information is restored from the above, and the secret information stored in the storage medium is obtained using at least a part of the restored authentication information.
PCT/JP2013/004190 2012-07-09 2013-07-05 Authentication device and authentication system provided with same WO2014010214A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2012153858A JP5323971B1 (en) 2012-07-09 2012-07-09 Authentication apparatus and authentication system provided with the same
JP2012-153858 2012-07-09

Publications (1)

Publication Number Publication Date
WO2014010214A1 true WO2014010214A1 (en) 2014-01-16

Family

ID=49595879

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2013/004190 WO2014010214A1 (en) 2012-07-09 2013-07-05 Authentication device and authentication system provided with same

Country Status (2)

Country Link
JP (1) JP5323971B1 (en)
WO (1) WO2014010214A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104239851A (en) * 2014-07-25 2014-12-24 重庆科技学院 Intelligent cell inspection system based on behavior analysis and control method thereof
CN105405239A (en) * 2015-11-13 2016-03-16 合肥安奎思成套设备有限公司 On-line security monitoring method for freight
CN105590506A (en) * 2016-03-07 2016-05-18 山东大学 Monitoring system for learner-driven vehicle and working method thereof
WO2016114368A1 (en) * 2015-01-15 2016-07-21 富士通株式会社 Measurement instrument, transmission control method, transmission control program, and mobile communications terminal
WO2019011124A1 (en) * 2017-07-12 2019-01-17 Huawei Technologies Co., Ltd. Integrated system for detection of driver condition
GB2581533A (en) * 2019-02-25 2020-08-26 Continental Automotive Gmbh Method for authenticating a user to a digital tachograph of a vehicle by means of a mobile device, digital tachograph, mobile device and data base device
JP2022530573A (en) * 2019-04-03 2022-06-30 キーチェーンクス エージー Biometric digital signature generation for identity verification

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6741137B2 (en) * 2018-11-14 2020-08-19 大日本印刷株式会社 Personal authentication system, authenticator, program and personal authentication method
CN109948323A (en) * 2019-03-27 2019-06-28 苏州达芬奇数字科技有限公司 It is a kind of for examining the intelligent identification equipment of electronic information
JP7244354B2 (en) * 2019-05-23 2023-03-22 矢崎エナジーシステム株式会社 In-vehicle device and operation management system
JP7231514B2 (en) * 2019-08-08 2023-03-01 矢崎エナジーシステム株式会社 In-vehicle device management system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005038139A (en) * 2003-07-18 2005-02-10 Global Friendship Inc Electronic information management system
JP2005346489A (en) * 2004-06-03 2005-12-15 Fuji Electric Holdings Co Ltd Biological information registration method, biological information registration device, authentication medium, program, and recording medium
JP2006236213A (en) * 2005-02-28 2006-09-07 Digitalact:Kk Authentication system
JP2006301992A (en) * 2005-04-21 2006-11-02 Base Technology Inc Authentication management method and system
JP2007189590A (en) * 2006-01-16 2007-07-26 Mitsubishi Electric Corp Personal authentication device, server device, authentication system and authentication method
JP2008065605A (en) * 2006-09-07 2008-03-21 Toppan Printing Co Ltd Biometric authentication device and method
JP2009181153A (en) * 2008-01-29 2009-08-13 Dainippon Printing Co Ltd User authentication system and method, program, medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005038139A (en) * 2003-07-18 2005-02-10 Global Friendship Inc Electronic information management system
JP2005346489A (en) * 2004-06-03 2005-12-15 Fuji Electric Holdings Co Ltd Biological information registration method, biological information registration device, authentication medium, program, and recording medium
JP2006236213A (en) * 2005-02-28 2006-09-07 Digitalact:Kk Authentication system
JP2006301992A (en) * 2005-04-21 2006-11-02 Base Technology Inc Authentication management method and system
JP2007189590A (en) * 2006-01-16 2007-07-26 Mitsubishi Electric Corp Personal authentication device, server device, authentication system and authentication method
JP2008065605A (en) * 2006-09-07 2008-03-21 Toppan Printing Co Ltd Biometric authentication device and method
JP2009181153A (en) * 2008-01-29 2009-08-13 Dainippon Printing Co Ltd User authentication system and method, program, medium

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104239851A (en) * 2014-07-25 2014-12-24 重庆科技学院 Intelligent cell inspection system based on behavior analysis and control method thereof
WO2016114368A1 (en) * 2015-01-15 2016-07-21 富士通株式会社 Measurement instrument, transmission control method, transmission control program, and mobile communications terminal
JP2016133851A (en) * 2015-01-15 2016-07-25 富士通株式会社 Measurement device, transmission control method, transmission control program, and mobile communication terminal
CN105405239A (en) * 2015-11-13 2016-03-16 合肥安奎思成套设备有限公司 On-line security monitoring method for freight
CN105590506A (en) * 2016-03-07 2016-05-18 山东大学 Monitoring system for learner-driven vehicle and working method thereof
WO2019011124A1 (en) * 2017-07-12 2019-01-17 Huawei Technologies Co., Ltd. Integrated system for detection of driver condition
US10592785B2 (en) 2017-07-12 2020-03-17 Futurewei Technologies, Inc. Integrated system for detection of driver condition
GB2581533A (en) * 2019-02-25 2020-08-26 Continental Automotive Gmbh Method for authenticating a user to a digital tachograph of a vehicle by means of a mobile device, digital tachograph, mobile device and data base device
JP2022530573A (en) * 2019-04-03 2022-06-30 キーチェーンクス エージー Biometric digital signature generation for identity verification
JP7115760B2 (en) 2019-04-03 2022-08-09 キーチェーンクス エージー Biometric digital signature generation for identity verification
JP2022172069A (en) * 2019-04-03 2022-11-15 キーチェーンクス エージー Biological digital signature generation for identification
JP7458661B2 (en) 2019-04-03 2024-04-01 キーチェーンクス エージー Biometric digital signature generation for identity verification

Also Published As

Publication number Publication date
JP2014016804A (en) 2014-01-30
JP5323971B1 (en) 2013-10-23

Similar Documents

Publication Publication Date Title
WO2014010214A1 (en) Authentication device and authentication system provided with same
CN103907328B (en) A kind of user authen method of site resource
JP5728652B2 (en) Authentication apparatus and authentication system provided with the same
US9998922B2 (en) Instant mobile device based capture and credentials issuance system
AU2010282394B2 (en) An intelligent peripheral device and system for the authentication and verification of individuals and/ or documents through a secure multifunctional authentication service with data storage capability
JP4923974B2 (en) Wireless communication system and in-vehicle device
EP3382587B1 (en) Identity authentication using a barcode
CN103020818A (en) Payment system utilizing dynamic two-dimensional verification codes
US9058482B2 (en) Controlling user access to electronic resources without password
KR20180054575A (en) System and method for authorization verification of electronic signature session
JP5588327B2 (en) Sharing vehicle authentication system
KR101168272B1 (en) The system of issuing nfc ticket and method thereof
JP2017097802A (en) User information management device, user information management method, and user information management program
US11240029B2 (en) Method of registration and access control of identity for third-party certification
CN111581624B (en) Intelligent terminal user identity authentication method
JP2013080329A (en) Information provision system
CN107516371A (en) Verification and identification method and hotel intelligent card system
CN208969738U (en) Hand-held tour terminal for safety monitoring
US20220230500A1 (en) App assisted voting
JP2014030902A (en) Data printing method, printing device, and portable terminal
KR102392147B1 (en) Method for Converging Facing and Non-facing Certification
JP2021149400A (en) Data processing device and computer program
JP5267594B2 (en) Wireless communication system
CN110942407A (en) Electronic evidence collection device and management system
JP2006072585A (en) Authentication method using mobile communication terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13816802

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13816802

Country of ref document: EP

Kind code of ref document: A1