WO2016035402A1 - Authentication device, authentication system, authentication method and program - Google Patents

Authentication device, authentication system, authentication method and program Download PDF

Info

Publication number
WO2016035402A1
WO2016035402A1 PCT/JP2015/066154 JP2015066154W WO2016035402A1 WO 2016035402 A1 WO2016035402 A1 WO 2016035402A1 JP 2015066154 W JP2015066154 W JP 2015066154W WO 2016035402 A1 WO2016035402 A1 WO 2016035402A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
user
authentication
distance
biometric information
Prior art date
Application number
PCT/JP2015/066154
Other languages
French (fr)
Japanese (ja)
Inventor
一秀 梅田
Original Assignee
Necソリューションイノベータ株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Necソリューションイノベータ株式会社 filed Critical Necソリューションイノベータ株式会社
Priority to JP2016546348A priority Critical patent/JP6390986B2/en
Publication of WO2016035402A1 publication Critical patent/WO2016035402A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T7/00Image analysis

Definitions

  • the present invention relates to an authentication device, an authentication system, an authentication method, and a program.
  • Patent Document 1 discloses an authentication system using a face image.
  • biometric authentication In addition to facial images, biometric authentication using various biological data such as fingerprints, voiceprints, irises, etc. is often used.
  • biometric authentication using various biological data such as fingerprints, voiceprints, irises, etc. is often used.
  • biometric authentication system when the number of registered biometric data registered in advance increases, there is a problem that authentication accuracy and authentication processing speed become insufficient.
  • An object of the present invention is to provide a technique for improving authentication accuracy and authentication processing speed in biometric authentication.
  • User information acquisition means for acquiring the identification information of the user from each of the user portable terminals located within a predetermined distance from an installation device installed in the vicinity of the biological information acquisition device that acquires biological information from each user; Extracting means for extracting the registered biometric information corresponding to the identification information of the user acquired by the user information acquisition means from a storage device storing a plurality of registered biometric information corresponding to each of the plurality of users; Biological information acquisition means for acquiring the biological information from the biological information acquisition device; Authentication means for performing authentication processing based on the registered biometric information extracted during authentication processing and the biometric information acquired by the biometric information acquisition means; An authentication device is provided.
  • the authentication device a biometric information acquisition device that acquires biometric information from each user, an installation device installed in the vicinity of the biometric information acquisition device, and a user portable terminal that is carried by each of the users
  • the installation apparatus further includes detection information transmission means for transmitting detection information to the user portable terminal located within a predetermined distance from the own apparatus periodically or intermittently,
  • the portable terminal is User information storage means for storing identification information of the user; Detection information receiving means for receiving the detection information; When the detection information receiving means receives the detection information, in response to the reception, user information transmission means for transmitting the user identification information to the authentication device;
  • An authentication system is provided.
  • Computer User information acquisition means for acquiring identification information of the user from each of the user portable terminals located within a predetermined distance from an installation device installed in the vicinity of the biological information acquisition device that acquires biological information from each user; Extraction means for extracting the registered biometric information corresponding to the identification information of the user acquired by the user information acquisition means from a storage device storing a plurality of registered biometric information corresponding to each of the plurality of users; Biological information acquisition means for acquiring the biological information from the biological information acquisition device; An authentication unit that performs an authentication process based on the registered biometric information extracted during the authentication process and the biometric information acquired by the biometric information acquisition unit; A program for functioning as a server is provided.
  • authentication accuracy and authentication processing speed can be improved in biometric authentication.
  • Each unit and each unit included in each embodiment of the present embodiment includes a CPU (Central Processing Unit), a memory, and a program loaded in the memory (a program stored in the memory from the stage of shipping the device in advance).
  • a CPU Central Processing Unit
  • a memory a program loaded in the memory (a program stored in the memory from the stage of shipping the device in advance).
  • a program loaded in the memory a program stored in the memory from the stage of shipping the device in advance
  • it includes hardware such as CD (Compact Disc) and programs downloaded from servers on the Internet, storage units such as hard disks that store the programs, and network connection interfaces. Realized by any combination of It will be understood by those skilled in the art that there are various modifications to the implementation method and apparatus.
  • each device and each terminal are described as being realized by one device, but the means for realizing the same is not limited thereto. That is, it may be a physically separated configuration or a logically separated configuration.
  • symbol is attached
  • the authentication system includes at least one of the biometric information acquisition device 10, the installation device 20, the user portable terminal 30, the authentication device 40, and the storage device 50.
  • the biometric information acquisition apparatus 10 is installed at a spot (place) where biometric authentication is required.
  • a spot include, but are not limited to, an entrance (e.g., a door) of a room where only authenticated users can enter, a gate that allows only authenticated users to pass through, and the like.
  • the biometric information acquisition apparatus 10 acquires biometric data such as a user's face image, fingerprint, voiceprint, iris, etc. at the installed spot.
  • the biometric information acquisition apparatus 10 may be able to extract a predetermined feature amount from the acquired biometric data. In this way, the biological information acquisition device 10 acquires biological information including biological data and / or feature amounts.
  • biometric information registered in advance is stored. That is, in the storage device 50, biometric information (registered biometric information) of each of one or more users who are authenticated at the spot (eg, passage is permitted) is registered.
  • the authentication device 40 is connected to the biometric information acquisition device 10 in a wired and / or wireless manner and can communicate. Further, the authentication device 40 is connected to the storage device 50 by wire and / or wireless so that communication is possible. Furthermore, the authentication device 40 is connected to the user portable terminal 30 via a network 1 such as the Internet by wire and / or wireless so that communication is possible.
  • a network 1 such as the Internet by wire and / or wireless so that communication is possible.
  • the connection between the authentication device 40 and the storage device 50, the connection between the authentication device 40 and the biometric information acquisition device 10, and the connection between the authentication device 40 and the user portable terminal 30 are realized by different networks. It may be realized by a network.
  • the authentication device 40 acquires biometric information from the biometric information acquisition device 10.
  • the authentication device 40 uses the biometric information acquired from the biometric information acquisition device 10 and the registered biometric information stored in the storage device 50 to authenticate the user who has input the biometric information to the biometric information acquisition device 10. I do.
  • the authentication device 40 does not perform the authentication process by using all of the registered biometric information registered in the storage device 50 each time, but some of the registered biometrics narrowed down using information acquired from the user portable terminal 30. Authentication processing is performed using only information.
  • identification information of each user is stored in the user portable terminal 30 carried by each user.
  • the authentication apparatus 40 acquires the said user's identification information via the network 1 from the user portable terminal 30 located near the biometric information acquisition apparatus 10.
  • the installation device 20 installed in the vicinity of the biometric information acquisition device 10 and the user portable terminal 30 communicate with each other according to a predetermined wireless communication standard in which the communication distance is equal to or less than a predetermined value when the distance between them is equal to or less than a predetermined value. Configured to do.
  • the user portable terminal 30 will transmit a user's identification information to the authentication apparatus 40 according to it.
  • the authentication device 40 extracts a part of the registered biometric information from the storage device 50 based on the user identification information received from the user portable terminal 30. Specifically, the registered biometric information of the user specified by the user identification information acquired from the user portable terminal 30 is extracted. In this way, registered biometric information of a user located near the biometric information acquisition apparatus 10 can be extracted in advance. And if the authentication apparatus 40 acquires biometric information from the biometric information acquisition apparatus 10, it will perform an authentication process using the biometric information acquired from the biometric information acquisition apparatus 10 and the registered biometric information extracted at that time. .
  • the authentication device 40 of the present embodiment includes a large number of registered biometric information registered in the storage device 50 based on information acquired from the user portable terminal 30 located near the biometric information acquisition device 10. Therefore, the registered biometric information of the user located near the biometric information acquisition apparatus 10 can be extracted. Then, the authentication process can be performed using only the registered biometric information extracted at the time of the authentication process.
  • the number of registered biometric information used in the authentication process using each biometric information acquired by the biometric information acquisition apparatus 10 can be reduced. As a result, authentication accuracy and authentication processing speed can be improved.
  • the biometric information acquisition device 10 includes devices such as a camera, a microphone, and a fingerprint input device, and acquires biometric data such as a user's face image, fingerprint, voiceprint, and iris. In addition, the biometric information acquisition apparatus 10 may acquire other biometric data. The biometric information acquisition apparatus 10 may be further configured to extract a predetermined feature amount from the biometric data by a predetermined algorithm. When the biometric information acquisition device 10 acquires biometric information including at least one of biometric data and the feature amount, the biometric information is transmitted to the authentication device 40 by wired and / or wireless communication, for example, by real-time processing.
  • FIG. 2 an example of the functional block diagram of the installation apparatus 20 is shown. As illustrated, the installation apparatus 20 includes a detection information transmission unit 21.
  • the detection information transmission part 21 transmits detection information by radio
  • the detection information may include identification information of the installation device 20.
  • the detection information transmission unit 21 periodically uses a predetermined wireless communication standard in which a communication distance is within a predetermined distance within a communication area (communication area 20A in FIG. 1) within a predetermined distance from the own device.
  • the detection information is transmitted intermittently or intermittently.
  • the user portable terminal 30 located in the said communication area (communication area 20A of FIG. 1) will receive the said detection information.
  • the wireless communication standard include, but are not limited to, a Bluetooth standard and a wireless LAN (Local Area Network) standard.
  • the installation device 20 may be, for example, a so-called beacon terminal or a wireless LAN access point, but is not limited thereto.
  • the installation device 20 is installed in the vicinity of the biological information acquisition device 10.
  • a user near the installation apparatus 20 is treated as a user near the biological information acquisition apparatus 10.
  • the installation apparatus 20 be installed as close as possible to the biological information acquisition apparatus 10.
  • the distance between the biological information acquisition apparatus 10 and the installation apparatus 20 is, for example, within 3 m, preferably within 1 m, and more preferably within 0.5 m.
  • the user portable terminal 30 includes a user information storage unit 31, a detection information reception unit 32, and a user information transmission unit 33.
  • the user information storage unit 31 stores user identification information.
  • the user identification information may be, but is not limited to, the user name, an arbitrarily defined character string (may include numbers, symbols, etc.), the terminal ID of the user portable terminal 30, and the like.
  • the detection information receiving unit 32 can perform wireless communication with the same standard as the detection information transmitting unit 21 of the installation apparatus 20. Then, when the user portable terminal 30 enters an area (communication area 20A in FIG. 1) in which wireless communication can be performed with the installation apparatus 20 according to the standard, that is, an area (in FIG. 1) where detection information transmitted from the installation apparatus 20 arrives. When the user portable terminal 30 enters the communication area 20 ⁇ / b> A), the detection information receiving unit 32 receives the detection information transmitted from the installation apparatus 20.
  • the user information transmission unit 33 transmits the user information including the user identification information stored in the user information storage unit 31 to the authentication device 40 in response to the reception. To do.
  • the user information transmission unit 33 may include the identification information of the installation device 20 in the user information and transmit it to the authentication device 40. For example, when the detection information receiving unit 32 receives the detection information, the user information transmission unit 33 writes the user identification information stored in the user information storage unit 31 at a predetermined position in the detection information, and stores the user identification information in the user information. May be transmitted to the authentication device 40.
  • the communication means by the user information transmission unit 33 is not particularly limited, but may be communication via the network 1 such as a wireless LAN or the Internet.
  • the detection information receiving unit 32 continues to receive detection information transmitted from the installation apparatus 20 periodically or intermittently.
  • the user information transmission unit 33 may transmit the user information to the authentication device 40 each time the detection information reception unit 32 receives the detection information.
  • the user information transmission unit 33 may be configured not to transmit the user information at the second or subsequent reception when the detection information is continuously received from the installation apparatus 20 at a time interval shorter than a predetermined time.
  • the user portable terminal 30 may transmit information (including user identification information) indicating the fact to the authentication device 40 when reception of the detection information from the installation device 20 is interrupted for a predetermined time or more. This means that the user portable terminal 30 went out of the communication area 20A.
  • the user portable terminal 30 may realize the above-described function by installing a predetermined application on an existing portable terminal such as a mobile phone such as a smartphone, a tablet terminal, or a portable game machine.
  • the user portable terminal 30 may be a terminal prepared exclusively for the authentication system of the present embodiment.
  • the storage device 50 stores (stores) a plurality of registered biometric information corresponding to each of a plurality of users. That is, the storage device 50 stores registered biometric information corresponding to each user who is authenticated as having the right authority in the authentication process by the authentication device 40.
  • the registered biometric information stored in the storage device 50 may be biometric data itself such as a user's face image, fingerprint, voiceprint, iris, or a predetermined feature amount extracted from these biometric data. It may be both or both.
  • the storage device 50 is composed of, for example, a nonvolatile storage device.
  • the registered biometric information is associated with the identification information of each user in the storage device 50.
  • the user identification information associated with the registered biometric information in the storage device 50 may be the same as or different from the user identification information stored in the user information storage unit 31 of the user portable terminal 30.
  • the authentication device 40 holds association information for connecting the identification information of the same user.
  • FIG. 4 schematically shows an example of registered biometric information stored in the storage device 50.
  • the user ID user identification information
  • the registered biometric information are associated with each other.
  • FIG. 5 is a diagram conceptually illustrating an example of a hardware configuration of the authentication device 40 of the present embodiment.
  • the authentication device 40 includes, for example, a CPU 1A, a RAM (Random Access Memory) 2A, a ROM (Read Only Memory) 3A, a display control unit 4A, a display 5A, which are connected to each other via a bus 10A.
  • An operation receiving unit 6A, an operation unit 7A, a communication unit 8A, an auxiliary storage device 9A, and the like are included.
  • other elements such as an input / output interface connected to an external device by wire, a microphone, and a speaker may be provided. Further, some of the illustrated elements may not be included.
  • the CPU 1A controls the entire computer of the authentication device 40 together with each element.
  • the ROM 3A includes an area for storing programs for operating the computer, various application programs, various setting data used when these programs operate.
  • the RAM 2A includes an area for temporarily storing data, such as a work area for operating a program.
  • the auxiliary storage device 9A is, for example, an HDD (Hard Disc Drive), and can store a large amount of data.
  • the touch panel display 5A includes a display device (LED (Light Emitting Diode) display, liquid crystal display, organic EL (Electro Luminescence) display, etc.) and a touch pad.
  • the display control unit 4A reads data stored in a VRAM (Video RAM), performs predetermined processing on the read data, and then sends the data to the touch panel display 5A to display various screens.
  • the operation reception unit 6A receives various operations via the operation unit 7A.
  • the operation unit 7A includes operation keys, operation buttons, switches, a jog dial, a touch panel display, a keyboard, and the like.
  • the communication unit 8A is wired and / or wirelessly connected to a network such as the Internet or a LAN, and communicates with other electronic devices.
  • FIG. 6 shows an example of a functional block diagram of the authentication device 40.
  • the authentication device 40 includes a user information acquisition unit 41, an extraction unit 42, a biometric information acquisition unit 43, and an authentication unit 44.
  • the user information acquisition unit 41 acquires user information including user identification information from each of the user portable terminals 30 located within a predetermined distance from the installation device 20 installed in the vicinity of the biological information acquisition device 10. That is, the user information acquisition unit 41 receives the user information transmitted from the user information transmission unit 33 of the user portable terminal 30. In FIG. 6, the user information acquisition unit 41 is shown to receive user information from the installation apparatus 20 or the user portable terminal 30. An embodiment in which the user information acquisition unit 41 receives user information from the installation apparatus 20 will be described below.
  • the extraction unit 42 extracts the registered biometric information corresponding to the user identification information included in the user information acquired by the user information acquisition unit 41 from the storage device 50.
  • the extracted registered biometric information is stored in the storage unit 45 (not shown).
  • the storage unit 45 is composed of, for example, a volatile storage device. Note that the storage unit 45 may be configured by a nonvolatile storage device.
  • the set of registered biometric information stored in the storage unit 45 is a subset of the set of registered biometric information stored in the storage device 50.
  • FIG. 7 schematically shows an example of registered biometric information stored in the storage unit 45.
  • the user ID and registered biometric information are associated with each other.
  • the extraction unit 42 can update the storage unit 45. For example, when the user information acquisition unit 41 newly acquires user information, the extraction unit 42 checks whether registered biometric information corresponding to the user identification information included in the user information is stored in the storage unit 45. And when it is memorize
  • the extraction unit 42 can also delete the registered biometric information stored in the storage unit 45.
  • the user information transmission unit 33 of the user portable terminal 30 is configured to transmit the user information to the authentication device 40 each time the detection information reception unit 32 receives the detection information.
  • the extraction unit 42 may delete the registered biometric information corresponding to the identification information of the user from the storage unit 45 after identifying the identification information of the user for whom new reception has been interrupted for a predetermined time or more.
  • the reception of the user identification information is interrupted for a predetermined time or more, it means that the user portable terminal 30 storing the user identification information has gone out of the communication area 20A.
  • the user portable terminal 30 when the reception of the detection information from the installation device 20 is interrupted for a predetermined time or longer, the user portable terminal 30 transmits information indicating that fact (including user identification information) to the authentication device 40. .
  • the extraction unit 42 may delete the registered biometric information corresponding to the identification information of the user from the storage unit 45 in response to reception of the information.
  • reception of the detection information is interrupted for a predetermined time or more, it means that the user portable terminal 30 storing the user identification information has gone out of the communication area 20A.
  • the biological information acquisition unit 43 acquires biological information from the biological information acquisition device 10. For example, when the biometric information acquisition device 10 acquires biometric information, the biometric information is transmitted to the authentication device 40 by real-time processing. The biometric information acquisition unit 43 receives the biometric information transmitted from the biometric information acquisition device 10 in this way.
  • the biometric information acquired by the biometric information acquisition unit 43 includes at least one of biometric data such as a user's face image, fingerprint, voiceprint, and iris, and a feature amount extracted from the biometric data.
  • the authentication unit 44 extracts the registered biometric information (stored in the storage unit 45) extracted during the authentication process using each of the biometric information acquired by the biometric information acquisition unit 43 and the biometric information acquired by the biometric information acquisition unit 43. Authentication processing is performed based on the information. That is, when the biometric information acquisition unit 43 acquires biometric information, the authentication unit 44 uses the biometric information and the verification process using the registered biometric information extracted by the extraction unit 42 and stored in the storage unit 45 at that time. Thus, the authentication process is performed.
  • the authentication device 40 may further include an output unit (not shown) that outputs an authentication result by the authentication unit 44.
  • the output unit transmits the authentication result to a predetermined device installed at a spot (place) where biometric authentication is required by wired and / or wireless communication.
  • the apparatus executes a predetermined process based on the authentication result. For example, if the authentication result is “Authenticate”, perform processing such as unlocking the entrance of a room where only authenticated users can enter or opening a gate that allows only authenticated users to pass through. To do. On the other hand, if the authentication result is “not authenticated”, information indicating that is output via a predetermined output device such as a display, a speaker, and a warning lamp.
  • the authentication device 40 acquires information acquired from the user portable terminal 30 located near the biological information acquisition device 10 (identification of the user carrying each user portable terminal 30). Information), it is possible to extract registered biometric information related to a user located near the biometric information acquisition apparatus 10 from a large number of registered biometric information registered in the storage device 50. Then, the authentication process can be performed using only the registered biometric information extracted during the authentication process.
  • the number of registered biometric information used in the authentication process using each biometric information acquired by the biometric information acquisition apparatus 10 can be reduced. As a result, authentication accuracy and authentication processing speed can be improved.
  • the authentication process using only the user identification information registered in the user portable terminal 30 fraud such as impersonation is easily performed by lending the user portable terminal 30.
  • the authentication process since the authentication process is performed using the biometric information, the occurrence of the inconvenience can be suppressed.
  • the user portable terminal 30 transmits detection information including user identification information into the communication area 30A, and the installation apparatus 20 located in the communication area 30A receives the detection information. And the installation apparatus 20 which received the detection information transmits the user information containing a user's identification information to the authentication apparatus 40 according to the said reception.
  • the authentication system of this embodiment is different from the first embodiment in this respect. Details will be described below.
  • description here is abbreviate
  • FIG. 9 an example of the functional block diagram of the user portable terminal 30 of this embodiment is shown.
  • the user portable terminal 30 includes a user information storage unit 31 and a detection information transmission unit 34.
  • the configuration of the user information storage unit 31 is the same as that of the first embodiment.
  • the user portable terminal 30 is carried by the user as in the first embodiment.
  • the detection information transmission part 34 transmits detection information by radio
  • the detection information includes user identification information stored in the user information storage unit 31.
  • the detection information transmission unit 34 uses a predetermined wireless communication standard in which a communication distance is within the predetermined distance, within a communication area (communication area 30A in FIG. 8) within the predetermined distance from the own terminal. Send detection information periodically or intermittently. And the installation apparatus 20 located in the said communication area (communication area 30A of FIG. 8) will receive the said detection information.
  • the wireless communication standard include, but are not limited to, a Bluetooth standard and a wireless LAN standard.
  • the user portable terminal 30 may realize the above function by installing a predetermined application on an existing portable terminal such as a mobile phone such as a smartphone, a tablet terminal, or a portable game machine.
  • the user portable terminal 30 may be a terminal prepared exclusively for the authentication system of the present embodiment, for example, a beacon terminal.
  • FIG. 10 an example of the functional block diagram of the installation apparatus 20 of this embodiment is shown.
  • the installation apparatus 20 includes a detection information reception unit 22 and a user information transmission unit 23.
  • the installation apparatus 20 is installed in the vicinity of the biological information acquisition apparatus 10 as in the first embodiment.
  • the detection information receiving unit 22 can perform wireless communication with the same standard as the detection information transmitting unit 34 of the user portable terminal 30.
  • the installation apparatus 20 enters the area (communication area 30A in FIG. 8) where the user portable terminal 30 can wirelessly communicate with the user portable terminal 30 according to the standard, that is, transmitted from the user portable terminal 30
  • the detection information receiving unit 22 receives the detection information transmitted from the user portable terminal 30.
  • the user information transmission unit 23 transmits user information including user identification information included in the detection information to the authentication device 40 in response to the reception.
  • the user information transmission part 23 may transmit to the authentication apparatus 40 including the identification information (identification information of the installation apparatus 20) of the own apparatus in the user information.
  • the user information transmitting unit 23 writes the identification information of the own device (identification information of the installation device 20) at a predetermined position in the detection information, and uses this as user information. You may transmit to the authentication apparatus 40.
  • the communication means by the user information transmission unit 23 is not particularly limited, but may be communication via the network 1 such as a wireless LAN or the Internet, or may be wired communication.
  • the detection information receiving unit 22 continues to receive detection information transmitted from the user portable terminal 30 periodically or intermittently.
  • the user information transmission unit 23 may transmit the user information to the authentication device 40 each time the detection information reception unit 22 receives the detection information.
  • the user information transmission unit 23 is configured not to transmit the user information at the second or subsequent reception when the detection information is continuously received from the same user portable terminal 30 at a time interval shorter than a predetermined time. Also good.
  • the installation device 20 may transmit information indicating that fact (including user identification information) to the authentication device 40. In this case, it means that the installation device 20 has moved out of the communication area 30 ⁇ / b> A of the user portable terminal 30 due to the movement of the user portable terminal 30.
  • FIG. 6 An example of a functional block diagram of the authentication device 40 is shown in FIG. 6 as in the first embodiment. Although not shown, the storage unit 45 may be further included. The configurations of the extraction unit 42, the biometric information acquisition unit 43, the authentication unit 44, and the storage unit 45 are the same as those in the first embodiment.
  • the user information acquisition unit 41 is connected to each of the user portable terminals 30 located within a predetermined distance from the installation device 20 installed in the vicinity of the biological information acquisition device 10 via the installation device 20 (via the installation device 20). To obtain user identification information. That is, the user portable terminal 30 transmits user identification information to the installation apparatus 20. After that, the installation apparatus 20 transmits the received user identification information to the authentication apparatus 40. The user information acquisition unit 41 receives the user identification information transmitted in this way.
  • the plurality of registered biometric information stored in the storage device 50 is not narrowed down to groups used for authentication processing in one step, but stepwise according to the distance between the installation device 20 and the user portable terminal 30. And finally narrow down to groups used for authentication processing. For example, as shown in FIG. 11, a plurality of areas are set according to the distance from the installation device 20, and the registered biometric information is gradually narrowed down according to the detection of the user portable terminal 30 in each area.
  • the registered biometric information of the user is extracted from the storage device 50. That is, an enormous number of registered biometric information stored in the storage device 50 is a search target.
  • the registered biometric information of the user is extracted corresponding to the area 20A-2. It is extracted from the registered biometric information group.
  • the number of search targets is smaller than when a huge number of registered biometric information stored in the storage device 50 is the search target. As a result, it is possible to efficiently perform processing for extracting predetermined registered biometric information. Details will be described below.
  • the structure of the biometric information acquisition apparatus 10 and the storage apparatus 50 is the same as that of 1st Embodiment, description here is abbreviate
  • FIG. 2 An example of a functional block diagram of the installation apparatus 20 of the present embodiment is shown in FIG. 2 as in the first embodiment.
  • the detection information transmission unit 21 can control the transmission distance of the detection information from the first level to the nth level (n is an integer of 2 or more, and the distance increases as n increases).
  • the detection information transmission unit 21 may be capable of controlling the transmission distance between the first to third levels as shown in FIG. FIG. 11 shows three communication areas 20A-1 to 20A-3.
  • Communication area 20A-1 corresponds to the first level transmission distance
  • communication area 20A-2 corresponds to the second level transmission distance
  • communication area 20A-3 corresponds to the third level transmission distance. .
  • the detection information transmission unit 21 transmits the detection information to be transmitted including distance information indicating the transmission distance. That is, when the detection information is transmitted at a transmission distance of the p-th level (p is an integer of 1 to n), the detection information transmission unit 21 detects at the transmission distance of the p-th level in the detection information. It is transmitted including distance information indicating that the information has been transmitted.
  • the control of the transmission distance by the detection information transmission unit 21 may be realized by adjusting the transmission distance according to the same wireless communication standard, or the detection information transmission unit 21 may have a plurality of wireless communication with different communication distances.
  • the detection information can be transmitted according to the standard, and may be realized by transmitting the detection information according to each standard.
  • FIG. 3 An example of a functional block diagram of the user portable terminal 30 of the present embodiment is shown in FIG. 3 as in the first embodiment.
  • the configuration of the user information storage unit 31 is the same as that of the first embodiment.
  • the detection information receiving unit 32 can perform wireless communication with the same standard as the detection information transmitting unit 21 of the installation apparatus 20. Then, the detection information receiving unit 32 receives detection information including distance information from the installation apparatus 20.
  • the user information transmission unit 33 transmits user information including user identification information and distance information to the authentication device 40. For example, when the detection information receiving unit 32 receives the detection information, the user information transmission unit 33 writes the user identification information stored in the user information storage unit 31 at a predetermined position in the detection information, and stores the user identification information in the user information. May be transmitted to the authentication device 40.
  • the detection information receiving unit 32 is transmitted from the installation device 20 periodically or intermittently. Will continue to receive detection information.
  • the user information transmission unit 33 may transmit the user information to the authentication device 40 each time the detection information reception unit 32 receives the detection information.
  • the user information transmission unit 33 receives detection information including distance information indicating the same transmission distance continuously at a time interval shorter than a predetermined time from the installation device 20, the user information transmission unit 33 receives the user information at the second and subsequent receptions. You may comprise so that it may not transmit.
  • the user portable terminal 30 may transmit information (including user identification information) indicating the fact to the authentication device 40 when reception of the detection information from the installation device 20 is interrupted for a predetermined time or more. This means that the user portable terminal 30 went out of the communication area 20A.
  • FIG. 12 shows an example of a functional block diagram of the authentication device 40 of the present embodiment.
  • the authentication device 40 of this embodiment includes a user information acquisition unit 41, an extraction unit 42, a biometric information acquisition unit 43, an authentication unit 44, a storage unit 45, and a grouping unit 46 for each distance.
  • a user information acquisition unit 41 an extraction unit 42, a biometric information acquisition unit 43, an authentication unit 44, a storage unit 45, and a grouping unit 46 for each distance.
  • Have The structure of the extraction part 42 and the biometric information acquisition part 43 is the same as that of 1st Embodiment.
  • the user information acquisition unit 41 further acquires distance information indicating the distance from the installation device 20 of each user portable terminal 30. That is, the user information acquisition unit 41 receives user information including distance information transmitted by the user portable terminal 30.
  • the distance-by-distance grouping unit 46 divides the registered biometric information extracted by the extraction unit 42 into a plurality of groups according to the distance based on the distance information. For example, the distance grouping unit 46 divides the registered biometric information extracted by the extraction unit 42 and stored in the storage unit 45 into a plurality of groups according to the distance indicated by the distance information.
  • the distance grouping unit 46 performs grouping based on the distance information included in the latest user information.
  • the grouping process by the distance grouping unit 46 is not limited to this.
  • FIG. 13 schematically shows an example of registered biometric information stored in the storage unit 45.
  • the user ID, the registered biometric information, and the distance group ID are associated with each other.
  • the distance grouping unit 46 updates the distance group ID of the information shown in FIG. 13 stored in the storage unit 45 based on the user information acquired by the user information acquisition unit 41.
  • the illustrated distance group ID corresponds to the transmission distance level described above. That is, in the case of the example, the distance grouping unit 46 converts the registered biometric information extracted by the extraction unit 42 from the first group to the nth group (n is 2 or more) corresponding to the transmission distance level. And the larger the n, the larger the distance).
  • the distance-by-distance grouping unit 46 Is at least one of the (p ⁇ 1) th group and the (p + 1) th group in the registered biometric information extracted at that time (eg, registered biometric information stored in the storage unit 45).
  • the registered biometric information to which it belongs is set as a search target, and it is confirmed whether there is any registered biometric information corresponding to the identification information of the first user.
  • the distance-by-distance grouping unit 46 identifies the specified registered biometrics. Move information to the p th group. For example, the value of the distance group ID in FIG. 13 is updated to a predetermined value.
  • the grouping unit 46 for each distance indicates that fact.
  • Information is input to the extraction unit 42.
  • the extraction unit 42 extracts the registered biometric information corresponding to the identification information of the first user from the storage device 50 and stores it in the storage unit 45, for example.
  • the grouping unit 46 for each distance causes the newly extracted registered biometric information to belong to the p-th group. For example, a predetermined value is entered in the distance group ID column of FIG.
  • the authentication unit 44 is based on the registered biometric information belonging to the group with the smallest distance (distance group ID: 1 in FIG. 13) and the biometric information acquired by the biometric information acquisition unit 43 during the authentication process. Authentication processing.
  • the installation device 20 is based on the first embodiment, and the installation apparatus 20 changes the transmission distance from the first level to the nth level (n is an integer of 2 or more, and the larger the n, the larger the distance).
  • the detection information was transmitted while controlling between.
  • the user portable terminal 30 changes the transmission distance from the first level to the n-th level (n is an integer of 2 or more, and the distance increases as n increases).
  • the detection information may be transmitted while being controlled between. Even if it does in this way, the effect similar to the said example is realizable.
  • a plurality of registered biometric information stored in the storage device 50 can be narrowed down step by step according to the distance between the installation device 20 and the user portable terminal 30. As a result, the narrowing-down process can be performed efficiently.
  • the configurations of the biological information acquisition device 10, the installation device 20, and the user portable terminal 30 are the same as those in any of the first to third embodiments.
  • FIG. 14 schematically shows an example of information stored in the storage device 50 of the present embodiment.
  • the user ID, the registered biometric information, and the permitted spot ID are associated with each other.
  • a user whose registered biometric information is registered in the storage device 50 is authenticated by at least one of a plurality of spots.
  • the storage device 50 stores information indicating spots (permitted spots) where each user is authenticated.
  • FIG. 15 shows an example of a functional block diagram of the authentication device 40 of the present embodiment.
  • the authentication device 40 includes a user information acquisition unit 41, an extraction unit 42, a biometric information acquisition unit 43, an authentication unit 44, a storage unit 45, and a grouping unit 47 for each installation device.
  • the user information acquisition unit 41 receives user identification information from each user portable terminal 30 located within a predetermined distance from the installation device 20 installed in the vicinity of the biological information acquisition device 10 directly or via the installation device 20. Is acquired, the identification information of the installation apparatus 20 located within a predetermined distance from the user portable terminal 30 is further acquired.
  • the embodiment in which the installation device 20 or the user portable terminal 30 transmits the user information including the identification information of the installation device 20 to the authentication device 40 has been described.
  • the user information acquisition unit 41 can receive the user information transmitted in this way.
  • the extraction unit 42 receives the information from the storage device 50.
  • the registered biometric information of the user is extracted.
  • the extracted registered biometric information is stored in the storage unit 45, for example.
  • the extraction unit 42 is configured to be able to specify the installation spot of each installation device 20.
  • the extraction unit 42 holds information in which an installation device ID and a spot ID indicating an installation spot are associated with each other as illustrated in FIG. Then, when the user information acquisition unit 41 acquires the user information, the extraction unit 42 specifies the installation spot based on the identification information of the installation device 20. Further, the extraction unit 42 searches the storage device 50 and specifies registered biometric information corresponding to the user identification information included in the user information (see FIG. 14). Thereafter, the extraction unit 42 determines whether the installation spot specified this time is included in the spots where the user is authenticated. If included, the specified registered biometric information is extracted. If not included, the specified registered biometric information is not extracted.
  • the installation device grouping unit 47 extracts the registered biometric information extracted by the extraction unit 42 and stored in the storage unit 45 based on the identification information of the installation device 20 acquired by the user information acquisition unit 41, for example. Each of the identification information is divided into a plurality of groups.
  • FIG. 16 schematically shows an example of registered biometric information stored in the storage unit 45.
  • the user ID, the registered biometric information, and the installation device ID are associated with each other.
  • the installation device grouping unit 47 sets the installation device ID of the information shown in FIG. 16 stored in the storage unit 45 based on the identification information of the installation device 20 included in the user information acquired by the user information acquisition unit 41. Update.
  • FIG. 17 schematically shows another example of registered biometric information stored in the storage unit 45.
  • a user ID, registered biometric information, an installation device ID, and a distance group ID are associated with each other.
  • the installation device grouping unit 47 sets the installation device ID of the information shown in FIG. 17 stored in the storage unit 45 based on the identification information of the installation device 20 included in the user information acquired by the user information acquisition unit 41.
  • the distance grouping unit 46 then updates the distance group ID of the information shown in FIG. 17 stored in the storage unit 45 based on the distance information included in the user information acquired by the user information acquisition unit 41.
  • the biometric information acquisition unit 43 acquires the identification information of the installation device 20 installed nearby when acquiring biometric information from the biometric information acquisition device 10. That is, the biological information acquisition device 10 transmits the biological information and the identification information of the installation device 20 installed in the vicinity to the authentication device 40.
  • the authentication unit 44 associates the registered biometric information belonging to the group corresponding to the identification information of the installation device 20 acquired by the biometric information acquisition unit 43 (in FIG. 16 and FIG. 17, the identification information (installation device ID) of the installation device). Authentication processing) is performed based on the registered biometric information) and the biometric information acquired by the biometric information acquisition unit 43. As in the third embodiment, when the distance-by-distance grouping unit 46 is included, the authentication unit 44 belongs to the group corresponding to the identification information of the installation apparatus 20 acquired by the biometric information acquisition unit 43, and is the longest distance. Authentication processing is performed based on the registered biometric information belonging to the small group (distance group ID: 1 in the case of FIG. 17) and the biometric information acquired by the biometric information acquisition unit 43.
  • the same operational effects as those of the first to third embodiments can be realized.
  • the authentication processing at the plurality of spots is more efficiently performed by the pair of authentication device 40 and storage device 50. Can be executed.
  • User information acquisition means for acquiring the identification information of the user from each of the user portable terminals located within a predetermined distance from an installation device installed in the vicinity of the biological information acquisition device that acquires biological information from each user; Extracting means for extracting the registered biometric information corresponding to the identification information of the user acquired by the user information acquisition means from a storage device storing a plurality of registered biometric information corresponding to each of the plurality of users; Biological information acquisition means for acquiring the biological information from the biological information acquisition device; Authentication means for performing authentication processing based on the registered biometric information extracted during authentication processing and the biometric information acquired by the biometric information acquisition means; An authentication device. 2.
  • the user information acquisition means further acquires distance information indicating a distance from the installation device of each of the user portable terminals
  • the registration biometric information extracted by the extraction means further includes a grouping unit for each distance based on the distance information and divided into a plurality of groups according to the distance
  • the authentication unit is an authentication device that performs an authentication process based on the registered biometric information belonging to a group having the smallest distance during the authentication process and the biometric information acquired by the biometric information acquisition unit.
  • the distance grouping means includes: Grouping the registered biometric information extracted by the extracting means into a first group to an nth group (n is an integer of 2 or more, and the larger the n, the greater the distance);
  • n is an integer of 2 or more, and the larger the n, the greater the distance
  • the user information acquisition means acquires the first identification information of the user and the distance information corresponding to the p-th group (p is 1 or more and n or less)
  • the (p ⁇ 1) -th group When the registered biometric information corresponding to the identification information of the first user is specified from among the registered biometric information belonging to the search target group, at least one of the groups of (p + 1) is specified.
  • the user information acquisition means further acquires identification information of the installation device located within a predetermined distance from the user portable terminal
  • the registration biometric information extracted by the extraction unit further includes a grouping unit for each installation device that divides the biometric information into a plurality of groups for each identification information of the installation device based on the identification information of the installation device
  • the biological information acquisition means acquires the biological information and identification information of the installation device installed in the vicinity from the biological information acquisition device
  • the authentication unit performs an authentication process based on the registered biometric information belonging to the group corresponding to the identification information of the installation apparatus acquired by the biometric information acquisition unit and the biometric information acquired by the biometric information acquisition unit. Authentication device to perform. 5.
  • the authentication device according to any one of 1 to 4, a biological information acquisition device that acquires biological information from each user, an installation device that is installed in the vicinity of the biological information acquisition device, and each of the users A user portable terminal,
  • the installation apparatus further includes detection information transmission means for transmitting detection information to the user portable terminal located within a predetermined distance from the own apparatus periodically or intermittently,
  • the portable terminal is User information storage means for storing identification information of the user; Detection information receiving means for receiving the detection information; When the detection information receiving means receives the detection information, in response to the reception, user information transmission means for transmitting the user identification information to the authentication device; Having an authentication system. 6).
  • the detection information transmission means can control the transmission distance of the detection information from a first level to an nth level (n is an integer of 2 or more, and the larger the distance, the larger the distance). And including the distance information indicating the transmission distance in the detection information,
  • the user information transmission unit is an authentication system that transmits the distance information to the authentication device. 7).
  • the detection information transmitting means transmits the detection information including identification information of the device itself,
  • the user information transmission means is an authentication system for transmitting identification information of the installation device to the authentication device. 8).
  • the authentication device according to any one of 1 to 4, a biological information acquisition device that acquires biological information from each user, an installation device that is installed in the vicinity of the biological information acquisition device, and each of the users
  • a user portable terminal is User information storage means for storing identification information of the user; Periodically or intermittently, detection information transmission means for transmitting detection information including the identification information of the user to the installation device located within a predetermined distance from the device itself; Further comprising The installation device is Detection information receiving means for receiving the detection information; When the detection information receiving means receives the detection information, in response to the reception, user information transmission means for transmitting the user identification information to the authentication device; Having an authentication system. 9.
  • the detection information transmission means can control the transmission distance of the detection information from a first level to an nth level (n is an integer of 2 or more, and the larger the distance, the larger the distance). And including the distance information indicating the transmission distance in the detection information,
  • the user information transmission unit is an authentication system that transmits the distance information to the authentication device. 10.
  • the user information transmitting means is an authentication system that transmits identification information of the device itself to the authentication device. 11.
  • the authentication method In the user information acquisition step, further acquiring distance information indicating a distance from the installation device of each of the user portable terminals, The computer further performs a distance grouping step of dividing the registered biometric information extracted in the extraction step into a plurality of groups according to the distance based on the distance information, An authentication method for performing authentication processing based on the registered biometric information belonging to the group having the smallest distance at the time of authentication processing and the biometric information acquired in the biometric information acquisition step in the authentication step. 11-3.
  • the registered biometric information extracted in the extraction step is grouped into a first group to an nth group (n is an integer of 2 or more, and the larger n is, the larger the distance is).
  • the user information obtaining step when the identification information of the first user and the distance information corresponding to the p-th (p is 1 or more and n or less) group are obtained, the (p ⁇ 1) -th group and the When the registered biometric information corresponding to the identification information of the first user is specified from among the registered biometric information belonging to the search target group, at least one of the groups of (p + 1) is specified.
  • the user information acquisition step further acquiring identification information of the installation device located within a predetermined distance from the user portable terminal
  • the computer further executes a grouping step for each installation device that divides the registered biometric information extracted in the extraction step into a plurality of groups for each identification information of the installation device based on the identification information of the installation device
  • the biological information acquisition step from the biological information acquisition device, acquire the biological information and identification information of the installation device installed in the vicinity
  • an authentication process is performed based on the registered biometric information belonging to the group corresponding to the identification information of the installation device acquired in the biometric information acquisition step and the biometric information acquired in the biometric information acquisition step.
  • Computer User information acquisition means for acquiring identification information of the user from each of the user portable terminals located within a predetermined distance from an installation device installed in the vicinity of the biological information acquisition device that acquires biological information from each user; Extraction means for extracting the registered biometric information corresponding to the identification information of the user acquired by the user information acquisition means from a storage device storing a plurality of registered biometric information corresponding to each of the plurality of users; Biological information acquisition means for acquiring the biological information from the biological information acquisition device; An authentication unit that performs an authentication process based on the registered biometric information extracted during the authentication process and the biometric information acquired by the biometric information acquisition unit; Program to function as. 12-2.
  • the computer further causes the registered biometric information extracted by the extraction means to function as a distance-by-distance grouping means that divides the biometric information into a plurality of groups according to the distance based on the distance information,
  • the distance grouping means Grouping the registered biometric information extracted by the extraction means from the first group to the nth group (n is an integer of 2 or more, and the larger the n, the greater the distance);
  • the user information acquisition means acquires the first identification information of the user and the distance information corresponding to the p-th group (p is 1 or more and n or less)
  • the (p ⁇ 1) -th group and the
  • the registered biometric information corresponding to the identification information of the first user is specified from among the registered biometric information belonging to the search target group, at least one of the groups of (p + 1) is specified.
  • the computer further causes the registered biometric information extracted by the extraction unit to function as a grouping unit for each installation device that divides the biometric information into a plurality of groups for each identification information of the installation device based on the identification information of the installation device,
  • the biological information acquisition means from the biological information acquisition device, to acquire the biological information and identification information of the installation device installed in the vicinity, Based on the registered biometric information belonging to the group corresponding to the identification information of the installation device acquired by the biometric information acquisition unit and the biometric information acquired by the biometric information acquisition unit, the authentication unit performs authentication processing. Program to be performed.

Abstract

An authentication device (40) comprises: a user information acquiring unit (41) which acquires user identification information from user mobile terminals located within a certain distance from an installed device installed in the vicinity of a biometric information acquiring device which acquires biometric information from users; an extracting unit (42) which extracts registered biometric information corresponding to the user identification information acquired by the user information acquiring unit (41), from a storage device which stores a plurality of items of registered biometric information corresponding to a plurality of users; a biometric information acquiring unit (43) which acquires biometric information from the biometric information acquiring device; and an authentication unit (44) which performs an authentication process on the basis of the registered biometric information extracted during the authentication process, and the biometric information acquired by the biometric information acquiring unit (43).

Description

認証装置、認証システム、認証方法及びプログラムAuthentication device, authentication system, authentication method and program
 本発明は、認証装置、認証システム、認証方法及びプログラムに関する。 The present invention relates to an authentication device, an authentication system, an authentication method, and a program.
 特許文献1には、顔画像を用いた認証システムが開示されている。 Patent Document 1 discloses an authentication system using a face image.
特開2014-115821号公報JP 2014-115821 A
 顔画像の他、指紋、声紋、虹彩等、様々な生体のデータを用いた生体認証が多く利用されている。しかし、従来の生体認証システムの場合、事前に登録されている登録生体データの数が多くなると、認証精度や認証の処理速度が不十分になるという問題があった。 In addition to facial images, biometric authentication using various biological data such as fingerprints, voiceprints, irises, etc. is often used. However, in the case of a conventional biometric authentication system, when the number of registered biometric data registered in advance increases, there is a problem that authentication accuracy and authentication processing speed become insufficient.
 本発明は、生体認証において、認証精度や認証の処理速度を向上させるための技術を提供することを課題とする。 An object of the present invention is to provide a technique for improving authentication accuracy and authentication processing speed in biometric authentication.
 本発明によれば、
 各ユーザから生体情報を取得する生体情報取得装置の近傍に設置されている設置装置から所定の距離以内に位置するユーザ携帯端末各々から、前記ユーザの識別情報を取得するユーザ情報取得手段と、
 複数の前記ユーザ各々に対応する複数の登録生体情報を格納する格納装置から、前記ユーザ情報取得手段が取得した前記ユーザの識別情報に対応する前記登録生体情報を抽出する抽出手段と、
 前記生体情報取得装置から、前記生体情報を取得する生体情報取得手段と、
 認証処理時に抽出されている前記登録生体情報と、前記生体情報取得手段が取得した前記生体情報とに基づいて、認証処理を行う認証手段と、
を有する認証装置が提供される。 According to the present invention,
User information acquisition means for acquiring the identification information of the user from each of the user portable terminals located within a predetermined distance from an installation device installed in the vicinity of the biological information acquisition device that acquires biological information from each user;
Extracting means for extracting the registered biometric information corresponding to the identification information of the user acquired by the user information acquisition means from a storage device storing a plurality of registered biometric information corresponding to each of the plurality of users;
Biological information acquisition means for acquiring the biological information from the biological information acquisition device;
Authentication means for performing authentication processing based on the registered biometric information extracted during authentication processing and the biometric information acquired by the biometric information acquisition means;
An authentication device is provided.
 また、本発明によれば、
 上記認証装置と、各ユーザから生体情報を取得する生体情報取得装置と、前記生体情報取得装置の近傍に設置されている設置装置と、前記ユーザ各々に携帯されるユーザ携帯端末とを有し、
 前記設置装置は、定期的に又は間欠的に、自装置からの距離が所定の距離以内に位置する前記ユーザ携帯端末に検知情報を送信する検知情報送信手段をさらに有し、
 前記携帯端末は、
  前記ユーザの識別情報を記憶するユーザ情報記憶手段と、
  前記検知情報を受信する検知情報受信手段と、
  前記検知情報受信手段が前記検知情報を受信すると、当該受信に応じて、前記ユーザの識別情報を前記認証装置に送信するユーザ情報送信手段と、
を有する認証システムが提供される。 Moreover, according to the present invention,
The authentication device, a biometric information acquisition device that acquires biometric information from each user, an installation device installed in the vicinity of the biometric information acquisition device, and a user portable terminal that is carried by each of the users,
The installation apparatus further includes detection information transmission means for transmitting detection information to the user portable terminal located within a predetermined distance from the own apparatus periodically or intermittently,
The portable terminal is
User information storage means for storing identification information of the user;
Detection information receiving means for receiving the detection information;
When the detection information receiving means receives the detection information, in response to the reception, user information transmission means for transmitting the user identification information to the authentication device;
An authentication system is provided.
 また、本発明によれば、
 コンピュータが、
 各ユーザから生体情報を取得する生体情報取得装置の近傍に設置されている設置装置から所定の距離以内に位置するユーザ携帯端末各々から、前記ユーザの識別情報を取得するユーザ情報取得工程と、
 複数の前記ユーザ各々に対応する複数の登録生体情報を格納する格納装置から、前記ユーザ情報取得工程で取得した前記ユーザの識別情報に対応する前記登録生体情報を抽出する抽出工程と、
 前記生体情報取得装置から、前記生体情報を取得する生体情報取得工程と、
 認証処理時に抽出されている前記登録生体情報と、前記生体情報取得工程で取得した前記生体情報とに基づいて、認証処理を行う認証工程と、
を実行する認証方法が提供される。 Moreover, according to the present invention,
Computer
A user information acquisition step of acquiring identification information of the user from each of the user portable terminals located within a predetermined distance from an installation device installed in the vicinity of the biological information acquisition device that acquires biological information from each user;
An extraction step of extracting the registered biometric information corresponding to the identification information of the user acquired in the user information acquisition step from a storage device storing a plurality of registered biometric information corresponding to each of the plurality of users;
A biological information acquisition step of acquiring the biological information from the biological information acquisition device;
An authentication process for performing an authentication process based on the registered biometric information extracted during the authentication process and the biometric information acquired in the biometric information acquisition process;
An authentication method is provided for performing.
 また、本発明によれば、
 コンピュータを、
 各ユーザから生体情報を取得する生体情報取得装置の近傍に設置されている設置装置から所定の距離以内に位置するユーザ携帯端末各々から、前記ユーザの識別情報を取得するユーザ情報取得手段、
 複数の前記ユーザ各々に対応する複数の登録生体情報を格納する格納装置から、前記ユーザ情報取得手段が取得した前記ユーザの識別情報に対応する前記登録生体情報を抽出する抽出手段、
 前記生体情報取得装置から、前記生体情報を取得する生体情報取得手段、
 認証処理時に抽出されている前記登録生体情報と、前記生体情報取得手段が取得した前記生体情報とに基づいて、認証処理を行う認証手段、
として機能させるためのプログラムが提供される。 Moreover, according to the present invention,
Computer
User information acquisition means for acquiring identification information of the user from each of the user portable terminals located within a predetermined distance from an installation device installed in the vicinity of the biological information acquisition device that acquires biological information from each user;
Extraction means for extracting the registered biometric information corresponding to the identification information of the user acquired by the user information acquisition means from a storage device storing a plurality of registered biometric information corresponding to each of the plurality of users;
Biological information acquisition means for acquiring the biological information from the biological information acquisition device;
An authentication unit that performs an authentication process based on the registered biometric information extracted during the authentication process and the biometric information acquired by the biometric information acquisition unit;
A program for functioning as a server is provided.
 本発明によれば、生体認証において、認証精度や認証の処理速度を向上させることが可能となる。 According to the present invention, authentication accuracy and authentication processing speed can be improved in biometric authentication.
 上述した目的、およびその他の目的、特徴および利点は、以下に述べる好適な実施の形態、およびそれに付随する以下の図面によってさらに明らかになる。 The above-described object and other objects, features, and advantages will be further clarified by a preferred embodiment described below and the following drawings attached thereto.
本実施形態の認証システムの全体像の一例を説明するための図である。It is a figure for demonstrating an example of the whole image of the authentication system of this embodiment. 本実施形態の設置装置の機能ブロック図の一例を示す図である。It is a figure which shows an example of the functional block diagram of the installation apparatus of this embodiment. 本実施形態のユーザ携帯端末の機能ブロック図の一例を示す図である。It is a figure which shows an example of the functional block diagram of the user portable terminal of this embodiment. 本実施形態の格納装置が記憶する情報の一例を模式的に示す図である。It is a figure which shows typically an example of the information which the storage device of this embodiment memorize | stores. 本実施形態の認証装置のハードウエア構成の一例を模式的に示す図である。It is a figure which shows typically an example of the hardware constitutions of the authentication apparatus of this embodiment. 本実施形態の認証装置の機能ブロック図の一例を示す図である。It is a figure which shows an example of the functional block diagram of the authentication apparatus of this embodiment. 本実施形態の認証装置の記憶部が記憶する情報の一例を模式的に示す図である。It is a figure which shows typically an example of the information which the memory | storage part of the authentication apparatus of this embodiment memorize | stores. 本実施形態の認証システムの全体像の一例を説明するための図である。It is a figure for demonstrating an example of the whole image of the authentication system of this embodiment. 本実施形態のユーザ携帯端末の機能ブロック図の一例を示す図である。It is a figure which shows an example of the functional block diagram of the user portable terminal of this embodiment. 本実施形態の設置装置の機能ブロック図の一例を示す図である。It is a figure which shows an example of the functional block diagram of the installation apparatus of this embodiment. 本実施形態の技術思想を説明するための模式図である。It is a schematic diagram for demonstrating the technical idea of this embodiment. 本実施形態の認証装置の機能ブロック図の一例を示す図である。It is a figure which shows an example of the functional block diagram of the authentication apparatus of this embodiment. 本実施形態の認証装置の記憶部が記憶する情報の一例を模式的に示す図である。It is a figure which shows typically an example of the information which the memory | storage part of the authentication apparatus of this embodiment memorize | stores. 本実施形態の格納装置が記憶する情報の一例を模式的に示す図である。It is a figure which shows typically an example of the information which the storage device of this embodiment memorize | stores. 本実施形態の認証装置の機能ブロック図の一例を示す図である。It is a figure which shows an example of the functional block diagram of the authentication apparatus of this embodiment. 本実施形態の認証装置の記憶部が記憶する情報の一例を模式的に示す図である。It is a figure which shows typically an example of the information which the memory | storage part of the authentication apparatus of this embodiment memorize | stores. 本実施形態の認証装置の記憶部が記憶する情報の一例を模式的に示す図である。It is a figure which shows typically an example of the information which the memory | storage part of the authentication apparatus of this embodiment memorize | stores. 本実施形態の認証装置が記憶する情報の一例を模式的に示す図である。It is a figure which shows typically an example of the information which the authentication apparatus of this embodiment memorize | stores.
 以下、本発明の実施形態について説明する。本実施形態の各装置及び各端末が備える各部は、任意のコンピュータのCPU(Central Processing Unit)、メモリ、メモリにロードされたプログラム(あらかじめ装置を出荷する段階からメモリ内に格納されているプログラムのほか、CD(Compact Disc)等の記憶媒体やインターネット上のサーバ等からダウンロードされたプログラムも含む)、そのプログラムを格納するハードディスク等の記憶ユニット、ネットワーク接続用インタフェイスを中心にハードウエアとソフトウエアの任意の組合せによって実現される。そして、その実現方法、装置にはいろいろな変形例があることは、当業者には理解されるところである。 Hereinafter, embodiments of the present invention will be described. Each unit and each unit included in each embodiment of the present embodiment includes a CPU (Central Processing Unit), a memory, and a program loaded in the memory (a program stored in the memory from the stage of shipping the device in advance). In addition, it includes hardware such as CD (Compact Disc) and programs downloaded from servers on the Internet, storage units such as hard disks that store the programs, and network connection interfaces. Realized by any combination of It will be understood by those skilled in the art that there are various modifications to the implementation method and apparatus.
 以下の実施形態の説明において利用する機能ブロック図は、ハードウエア単位の構成ではなく、機能単位のブロックを示している。これらの図においては、各装置及び各端末は1つの機器により実現されるよう記載されているが、その実現手段はこれに限定されない。すなわち、物理的に分かれた構成であっても、論理的に分かれた構成であっても構わない。なお、同一の構成要素には同一の符号を付し、適宜説明を省略する。 The functional block diagram used in the following description of the embodiment shows a functional unit block, not a hardware unit configuration. In these drawings, each device and each terminal are described as being realized by one device, but the means for realizing the same is not limited thereto. That is, it may be a physically separated configuration or a logically separated configuration. In addition, the same code | symbol is attached | subjected to the same component and description is abbreviate | omitted suitably.
<<第1の実施形態>>
 まず、図1を用いて、生体認証において、認証精度や認証の処理速度を向上させることが可能となる本実施形態の認証システムの全体像について説明する。 << First Embodiment >>
First, with reference to FIG. 1, an overall image of an authentication system according to the present embodiment that can improve authentication accuracy and authentication processing speed in biometric authentication will be described.
 本実施形態の認証システムは、生体情報取得装置10、設置装置20、ユーザ携帯端末30、認証装置40、および、格納装置50の中の少なくとも一つを有する。 The authentication system according to the present embodiment includes at least one of the biometric information acquisition device 10, the installation device 20, the user portable terminal 30, the authentication device 40, and the storage device 50.
 生体情報取得装置10は、生体認証が必要なスポット(場所)に設置される。このようなスポットとしては、例えば、認証されたユーザのみが入室できる部屋の入口(例:ドア)や、認証されたユーザのみが通過できるゲート等が考えられるが、これらに限定されない。 The biometric information acquisition apparatus 10 is installed at a spot (place) where biometric authentication is required. Examples of such a spot include, but are not limited to, an entrance (e.g., a door) of a room where only authenticated users can enter, a gate that allows only authenticated users to pass through, and the like.
 生体情報取得装置10は、設置されたスポットで、ユーザの顔画像、指紋、声紋、虹彩等の生体データを取得する。生体情報取得装置10は、取得した生体データから所定の特徴量を抽出できてもよい。このようにして、生体情報取得装置10は、生体データ及び/又は特徴量を含む生体情報を取得する。 The biometric information acquisition apparatus 10 acquires biometric data such as a user's face image, fingerprint, voiceprint, iris, etc. at the installed spot. The biometric information acquisition apparatus 10 may be able to extract a predetermined feature amount from the acquired biometric data. In this way, the biological information acquisition device 10 acquires biological information including biological data and / or feature amounts.
 格納装置50には、予め登録された登録生体情報が格納されている。すなわち、格納装置50には、上記スポットで認証される(例:通過が許可される)1人又は複数のユーザ各々の生体情報(登録生体情報)が登録されている。 In the storage device 50, registered biometric information registered in advance is stored. That is, in the storage device 50, biometric information (registered biometric information) of each of one or more users who are authenticated at the spot (eg, passage is permitted) is registered.
 認証装置40は、生体情報取得装置10と有線及び/又は無線で繋がり、通信可能となっている。また、認証装置40は、格納装置50と有線及び/又は無線で繋がり、通信可能となっている。さらに、認証装置40は、ユーザ携帯端末30と、インターネット等のネットワーク1を介して有線及び/又は無線で繋がり、通信可能となっている。なお、図では、認証装置40と格納装置50の接続、認証装置40と生体情報取得装置10の接続、認証装置40とユーザ携帯端末30の接続は、各々異なるネットワークで実現されているが、同じネットワークで実現されても構わない。 The authentication device 40 is connected to the biometric information acquisition device 10 in a wired and / or wireless manner and can communicate. Further, the authentication device 40 is connected to the storage device 50 by wire and / or wireless so that communication is possible. Furthermore, the authentication device 40 is connected to the user portable terminal 30 via a network 1 such as the Internet by wire and / or wireless so that communication is possible. In the figure, the connection between the authentication device 40 and the storage device 50, the connection between the authentication device 40 and the biometric information acquisition device 10, and the connection between the authentication device 40 and the user portable terminal 30 are realized by different networks. It may be realized by a network.
 認証装置40は、生体情報取得装置10から生体情報を取得する。そして、認証装置40は、生体情報取得装置10から取得した生体情報と、格納装置50に格納されている登録生体情報とを用いて、生体情報取得装置10に生体情報を入力したユーザの認証処理を行う。 The authentication device 40 acquires biometric information from the biometric information acquisition device 10. The authentication device 40 uses the biometric information acquired from the biometric information acquisition device 10 and the registered biometric information stored in the storage device 50 to authenticate the user who has input the biometric information to the biometric information acquisition device 10. I do.
 なお、認証装置40は、格納装置50に登録されている登録生体情報の全てを毎回用いて認証処理を行うのでなく、ユーザ携帯端末30から取得した情報を用いて絞り込まれた一部の登録生体情報のみを用いて認証処理を行う。 Note that the authentication device 40 does not perform the authentication process by using all of the registered biometric information registered in the storage device 50 each time, but some of the registered biometrics narrowed down using information acquired from the user portable terminal 30. Authentication processing is performed using only information.
 具体的には、各ユーザに携帯されるユーザ携帯端末30には、各ユーザの識別情報が記憶されている。そして、認証装置40は、生体情報取得装置10の近くに位置するユーザ携帯端末30から、ネットワーク1を介して、当該ユーザの識別情報を取得する。例えば、生体情報取得装置10の近傍に設置された設置装置20と、ユーザ携帯端末30とは、互いの距離が所定値以下になると、通信距離が所定値以下である所定の無線通信規格で通信を行うように構成される。そして、ユーザ携帯端末30は、設置装置20との上記無線通信が行われると、それに応じて、ユーザの識別情報を認証装置40に送信する。 Specifically, identification information of each user is stored in the user portable terminal 30 carried by each user. And the authentication apparatus 40 acquires the said user's identification information via the network 1 from the user portable terminal 30 located near the biometric information acquisition apparatus 10. For example, the installation device 20 installed in the vicinity of the biometric information acquisition device 10 and the user portable terminal 30 communicate with each other according to a predetermined wireless communication standard in which the communication distance is equal to or less than a predetermined value when the distance between them is equal to or less than a predetermined value. Configured to do. And if the said wireless communication with the installation apparatus 20 is performed, the user portable terminal 30 will transmit a user's identification information to the authentication apparatus 40 according to it.
 認証装置40は、ユーザ携帯端末30から受信したユーザの識別情報に基づいて、格納装置50から一部の登録生体情報を抽出する。具体的には、ユーザ携帯端末30から取得したユーザの識別情報で特定されるユーザの登録生体情報を抽出する。このようにすれば、生体情報取得装置10の近くに位置するユーザの登録生体情報を予め抽出することができる。そして、認証装置40は、生体情報取得装置10から生体情報を取得すると、生体情報取得装置10から取得した生体情報と、その時点で抽出されている登録生体情報とを用いて、認証処理を行う。 The authentication device 40 extracts a part of the registered biometric information from the storage device 50 based on the user identification information received from the user portable terminal 30. Specifically, the registered biometric information of the user specified by the user identification information acquired from the user portable terminal 30 is extracted. In this way, registered biometric information of a user located near the biometric information acquisition apparatus 10 can be extracted in advance. And if the authentication apparatus 40 acquires biometric information from the biometric information acquisition apparatus 10, it will perform an authentication process using the biometric information acquired from the biometric information acquisition apparatus 10 and the registered biometric information extracted at that time. .
 このように、本実施形態の認証装置40は、生体情報取得装置10の近くに位置するユーザ携帯端末30から取得した情報に基づいて、格納装置50に登録されている多数の登録生体情報の中から、生体情報取得装置10の近くに位置するユーザの登録生体情報を抽出することができる。そして、認証処理の時点で抽出されている登録生体情報のみを用いて、認証処理を行うことができる。 As described above, the authentication device 40 of the present embodiment includes a large number of registered biometric information registered in the storage device 50 based on information acquired from the user portable terminal 30 located near the biometric information acquisition device 10. Therefore, the registered biometric information of the user located near the biometric information acquisition apparatus 10 can be extracted. Then, the authentication process can be performed using only the registered biometric information extracted at the time of the authentication process.
 このような本実施形態によれば、生体情報取得装置10が取得した生体情報各々を用いた認証処理において利用される登録生体情報の数を小さくすることができる。結果、認証精度や認証の処理速度を向上させることができる。 According to this embodiment, the number of registered biometric information used in the authentication process using each biometric information acquired by the biometric information acquisition apparatus 10 can be reduced. As a result, authentication accuracy and authentication processing speed can be improved.
 以下、各装置の構成について説明する。 Hereinafter, the configuration of each device will be described.
<生体情報取得装置10>
 生体情報取得装置10は、カメラ、マイク、指紋入力装置等の装置を備え、ユーザの顔画像、指紋、声紋、虹彩等の生体データを取得する。なお、生体情報取得装置10は、その他の生体データを取得してもよい。生体情報取得装置10は、さらに、当該生体データから予め定められた所定のアルゴリズムにより、所定の特徴量を抽出するよう構成されてもよい。生体情報取得装置10は、生体データ及び上記特徴量の少なくとも一方を含む生体情報を取得すると、例えばリアルタイム処理で、当該生体情報を、有線及び/又は無線での通信により認証装置40に送信する。 <Biological information acquisition apparatus 10>
The biometric information acquisition device 10 includes devices such as a camera, a microphone, and a fingerprint input device, and acquires biometric data such as a user's face image, fingerprint, voiceprint, and iris. In addition, the biometric information acquisition apparatus 10 may acquire other biometric data. The biometric information acquisition apparatus 10 may be further configured to extract a predetermined feature amount from the biometric data by a predetermined algorithm. When the biometric information acquisition device 10 acquires biometric information including at least one of biometric data and the feature amount, the biometric information is transmitted to the authentication device 40 by wired and / or wireless communication, for example, by real-time processing.
<設置装置20>
 図2に、設置装置20の機能ブロック図の一例を示す。図示するように、設置装置20は、検知情報送信部21を有する。 <Installation device 20>
In FIG. 2, an example of the functional block diagram of the installation apparatus 20 is shown. As illustrated, the installation apparatus 20 includes a detection information transmission unit 21.
 検知情報送信部21は、定期的に又は間欠的に、自装置からの距離が所定の距離以内に位置するユーザ携帯端末30に、無線通信で検知情報を送信する。検知情報には、設置装置20の識別情報が含まれてもよい。 The detection information transmission part 21 transmits detection information by radio | wireless communication to the user portable terminal 30 located within the predetermined distance regularly or intermittently from the own apparatus. The detection information may include identification information of the installation device 20.
 例えば、検知情報送信部21は、通信距離が所定の距離以内である所定の無線通信規格を用いて、自装置から所定の距離以内の通信エリア(図1の通信エリア20A)内に、定期的に又は間欠的に検知情報を送信する。そして、当該通信エリア(図1の通信エリア20A)内に位置するユーザ携帯端末30は、当該検知情報を受信することとなる。無線通信規格は、ブルートゥース規格や無線LAN(Local Area Network)規格等が挙げられるがこれらに限定されない。設置装置20は、例えば、いわゆるビーコン端末や無線LANアクセスポイントであってもよいが、これらに限定されない。 For example, the detection information transmission unit 21 periodically uses a predetermined wireless communication standard in which a communication distance is within a predetermined distance within a communication area (communication area 20A in FIG. 1) within a predetermined distance from the own device. The detection information is transmitted intermittently or intermittently. And the user portable terminal 30 located in the said communication area (communication area 20A of FIG. 1) will receive the said detection information. Examples of the wireless communication standard include, but are not limited to, a Bluetooth standard and a wireless LAN (Local Area Network) standard. The installation device 20 may be, for example, a so-called beacon terminal or a wireless LAN access point, but is not limited thereto.
 なお、図1に示す通り、設置装置20は、生体情報取得装置10の近傍に設置される。そして、本実施形態では、設置装置20の近くにいるユーザを、生体情報取得装置10の近くにいるユーザとして扱う。このため、設置装置20は、生体情報取得装置10にできるだけ近づけて設置されるのが好ましい。生体情報取得装置10と設置装置20との距離は、例えば、3m以内、好ましくは1m以内、さらに好ましくは0.5m以内である。 Note that, as shown in FIG. 1, the installation device 20 is installed in the vicinity of the biological information acquisition device 10. In this embodiment, a user near the installation apparatus 20 is treated as a user near the biological information acquisition apparatus 10. For this reason, it is preferable that the installation apparatus 20 be installed as close as possible to the biological information acquisition apparatus 10. The distance between the biological information acquisition apparatus 10 and the installation apparatus 20 is, for example, within 3 m, preferably within 1 m, and more preferably within 0.5 m.
<ユーザ携帯端末30>
 図3に、ユーザ携帯端末30の機能ブロック図の一例を示す。図示するように、ユーザ携帯端末30は、ユーザ情報記憶部31と、検知情報受信部32と、ユーザ情報送信部33とを有する。 <User portable terminal 30>
In FIG. 3, an example of the functional block diagram of the user portable terminal 30 is shown. As illustrated, the user portable terminal 30 includes a user information storage unit 31, a detection information reception unit 32, and a user information transmission unit 33.
 ユーザ情報記憶部31は、ユーザの識別情報を記憶する。ユーザの識別情報は、ユーザの名称、任意に定められた文字列(数字、記号等を含んでもよい)、ユーザ携帯端末30の端末ID等が考えられるが、これらに限定されない。 The user information storage unit 31 stores user identification information. The user identification information may be, but is not limited to, the user name, an arbitrarily defined character string (may include numbers, symbols, etc.), the terminal ID of the user portable terminal 30, and the like.
 検知情報受信部32は、設置装置20の検知情報送信部21と同じ規格で無線通信が可能である。そして、ユーザ携帯端末30が設置装置20と当該規格で無線通信可能なエリア(図1の通信エリア20A)に入ると、すなわち、設置装置20から送信された検知情報が到達するエリア(図1の通信エリア20A)にユーザ携帯端末30が入ると、検知情報受信部32は設置装置20から送信された検知情報を受信する。 The detection information receiving unit 32 can perform wireless communication with the same standard as the detection information transmitting unit 21 of the installation apparatus 20. Then, when the user portable terminal 30 enters an area (communication area 20A in FIG. 1) in which wireless communication can be performed with the installation apparatus 20 according to the standard, that is, an area (in FIG. 1) where detection information transmitted from the installation apparatus 20 arrives. When the user portable terminal 30 enters the communication area 20 </ b> A), the detection information receiving unit 32 receives the detection information transmitted from the installation apparatus 20.
 ユーザ情報送信部33は、検知情報受信部32が検知情報を受信すると、当該受信に応じて、ユーザ情報記憶部31に記憶されているユーザの識別情報を含むユーザ情報を、認証装置40に送信する。検知情報に、設置装置20の識別情報が含まれている場合、ユーザ情報送信部33はユーザ情報に当該設置装置20の識別情報を含めて認証装置40に送信してもよい。例えば、検知情報受信部32が検知情報を受信すると、ユーザ情報送信部33は、検知情報内の所定の位置にユーザ情報記憶部31に記憶されているユーザの識別情報を書き込み、それをユーザ情報として認証装置40に送信してもよい。 When the detection information reception unit 32 receives the detection information, the user information transmission unit 33 transmits the user information including the user identification information stored in the user information storage unit 31 to the authentication device 40 in response to the reception. To do. When the identification information of the installation device 20 is included in the detection information, the user information transmission unit 33 may include the identification information of the installation device 20 in the user information and transmit it to the authentication device 40. For example, when the detection information receiving unit 32 receives the detection information, the user information transmission unit 33 writes the user identification information stored in the user information storage unit 31 at a predetermined position in the detection information, and stores the user identification information in the user information. May be transmitted to the authentication device 40.
 ユーザ情報送信部33による通信手段は特段制限されないが、無線LANやインターネット等のネットワーク1を介した通信であってもよい。 The communication means by the user information transmission unit 33 is not particularly limited, but may be communication via the network 1 such as a wireless LAN or the Internet.
 なお、通信エリア20A内にユーザ携帯端末30がいる間、検知情報受信部32は、設置装置20から定期的に又は間欠的に送信される検知情報を受信し続けることとなる。ユーザ情報送信部33は、検知情報受信部32が検知情報を受信すると、その都度、ユーザ情報を認証装置40に送信してもよい。または、ユーザ情報送信部33は、設置装置20から所定の時間よりも短い時間間隔で連続的に検知情報を受信した場合、2回目以降の受信時にはユーザ情報を送信しないように構成してもよい。この場合、ユーザ携帯端末30は、設置装置20からの検知情報の受信が所定時間以上途絶えると、その旨を示す情報(ユーザの識別情報を含む)を認証装置40に送信してもよい。これは、ユーザ携帯端末30が通信エリア20A外に出て行ったことを意味する。 In addition, while the user portable terminal 30 is in the communication area 20A, the detection information receiving unit 32 continues to receive detection information transmitted from the installation apparatus 20 periodically or intermittently. The user information transmission unit 33 may transmit the user information to the authentication device 40 each time the detection information reception unit 32 receives the detection information. Alternatively, the user information transmission unit 33 may be configured not to transmit the user information at the second or subsequent reception when the detection information is continuously received from the installation apparatus 20 at a time interval shorter than a predetermined time. . In this case, the user portable terminal 30 may transmit information (including user identification information) indicating the fact to the authentication device 40 when reception of the detection information from the installation device 20 is interrupted for a predetermined time or more. This means that the user portable terminal 30 went out of the communication area 20A.
 ユーザ携帯端末30は、例えば、スマートフォン等の携帯電話、タブレット端末、携帯ゲーム機等の既存の携帯端末に所定のアプリをインストールすることで上記機能を実現したものであってもよい。または、ユーザ携帯端末30は、本実施形態の認証システム専用に準備された端末であってもよい。 The user portable terminal 30 may realize the above-described function by installing a predetermined application on an existing portable terminal such as a mobile phone such as a smartphone, a tablet terminal, or a portable game machine. Alternatively, the user portable terminal 30 may be a terminal prepared exclusively for the authentication system of the present embodiment.
<格納装置50>
 格納装置50には、複数のユーザ各々に対応する複数の登録生体情報が格納(記憶)されている。すなわち、格納装置50には、認証装置40による認証処理で正当権限を有すると認証されるユーザ各々に対応する登録生体情報が格納されている。格納装置50に格納される登録生体情報は、ユーザの顔画像、指紋、声紋、虹彩等の生体データそのものであってもよいし、これらの生体データから抽出された所定の特徴量であってもよいし、これらの両方であってもよい。格納装置50は、例えば、不揮発性の記憶装置で構成される。 <Storage device 50>
The storage device 50 stores (stores) a plurality of registered biometric information corresponding to each of a plurality of users. That is, the storage device 50 stores registered biometric information corresponding to each user who is authenticated as having the right authority in the authentication process by the authentication device 40. The registered biometric information stored in the storage device 50 may be biometric data itself such as a user's face image, fingerprint, voiceprint, iris, or a predetermined feature amount extracted from these biometric data. It may be both or both. The storage device 50 is composed of, for example, a nonvolatile storage device.
 登録生体情報は、格納装置50において、各ユーザの識別情報と対応付けられる。格納装置50において登録生体情報と対応付けられるユーザの識別情報は、ユーザ携帯端末30のユーザ情報記憶部31に記憶されるユーザの識別情報と同じであってもよいし、異なってもよい。異なる場合、認証装置40は、互いの識別情報を同じユーザのもの同士で結びつけるための対応付け情報を保持する。 The registered biometric information is associated with the identification information of each user in the storage device 50. The user identification information associated with the registered biometric information in the storage device 50 may be the same as or different from the user identification information stored in the user information storage unit 31 of the user portable terminal 30. When they are different from each other, the authentication device 40 holds association information for connecting the identification information of the same user.
 図4に、格納装置50が記憶する登録生体情報の一例を模式的に示す。図示する例では、ユーザID(ユーザの識別情報)と登録生体情報とが互いに対応付けられている。 FIG. 4 schematically shows an example of registered biometric information stored in the storage device 50. In the illustrated example, the user ID (user identification information) and the registered biometric information are associated with each other.
<認証装置40>
 図5は、本実施形態の認証装置40のハードウエア構成の一例を概念的に示す図である。図示するように、本実施形態の認証装置40は、例えば、バス10Aで相互に接続されるCPU1A、RAM(Random Access Memory)2A、ROM(Read Only Memory)3A、表示制御部4A、ディスプレイ5A、操作受付部6A、操作部7A、通信部8A、補助記憶装置9A等を有する。なお、図示しないが、その他、外部機器と有線で接続される入出力インタフェイス、マイク、スピーカ等の他の要素を備えてもよい。また、図示する要素の一部を含まなくてもよい。 <Authentication device 40>
FIG. 5 is a diagram conceptually illustrating an example of a hardware configuration of the authentication device 40 of the present embodiment. As illustrated, the authentication device 40 according to the present embodiment includes, for example, a CPU 1A, a RAM (Random Access Memory) 2A, a ROM (Read Only Memory) 3A, a display control unit 4A, a display 5A, which are connected to each other via a bus 10A. An operation receiving unit 6A, an operation unit 7A, a communication unit 8A, an auxiliary storage device 9A, and the like are included. Although not shown, other elements such as an input / output interface connected to an external device by wire, a microphone, and a speaker may be provided. Further, some of the illustrated elements may not be included.
 CPU1Aは各要素とともに認証装置40のコンピュータ全体を制御する。ROM3Aは、コンピュータを動作させるためのプログラムや各種アプリケーションプログラム、それらのプログラムが動作する際に使用する各種設定データなどを記憶する領域を含む。RAM2Aは、プログラムが動作するための作業領域など一時的にデータを記憶する領域を含む。補助記憶装置9Aは、例えばHDD(Hard Disc Drive)であり、大容量のデータを記憶可能である。 The CPU 1A controls the entire computer of the authentication device 40 together with each element. The ROM 3A includes an area for storing programs for operating the computer, various application programs, various setting data used when these programs operate. The RAM 2A includes an area for temporarily storing data, such as a work area for operating a program. The auxiliary storage device 9A is, for example, an HDD (Hard Disc Drive), and can store a large amount of data.
 タッチパネルディスプレイ5Aは、表示装置(LED(Light Emitting Diode)表示器、液晶ディスプレイ、有機EL(Electro Luminescence)ディスプレイ等)と、タッチパッドとが一体になっている。表示制御部4Aは、VRAM(Video RAM)に記憶されたデータを読み出し、読み出したデータに対して所定の処理を施した後、タッチパネルディスプレイ5Aに送って各種画面表示を行う。操作受付部6Aは、操作部7Aを介して各種操作を受付ける。操作部7Aは、操作キー、操作ボタン、スイッチ、ジョグダイヤル、タッチパネルディスプレイ、キーボードなどを含む。通信部8Aは、有線及び/又は無線で、インターネット、LAN等のネットワークに接続し、他の電子機器と通信する。 The touch panel display 5A includes a display device (LED (Light Emitting Diode) display, liquid crystal display, organic EL (Electro Luminescence) display, etc.) and a touch pad. The display control unit 4A reads data stored in a VRAM (Video RAM), performs predetermined processing on the read data, and then sends the data to the touch panel display 5A to display various screens. The operation reception unit 6A receives various operations via the operation unit 7A. The operation unit 7A includes operation keys, operation buttons, switches, a jog dial, a touch panel display, a keyboard, and the like. The communication unit 8A is wired and / or wirelessly connected to a network such as the Internet or a LAN, and communicates with other electronic devices.
 図6に、認証装置40の機能ブロック図の一例を示す。図示するように、認証装置40は、ユーザ情報取得部41と、抽出部42と、生体情報取得部43と、認証部44とを有する。 FIG. 6 shows an example of a functional block diagram of the authentication device 40. As illustrated, the authentication device 40 includes a user information acquisition unit 41, an extraction unit 42, a biometric information acquisition unit 43, and an authentication unit 44.
 ユーザ情報取得部41は、生体情報取得装置10の近傍に設置されている設置装置20から所定の距離以内に位置するユーザ携帯端末30各々から、ユーザの識別情報を含むユーザ情報を取得する。すなわち、ユーザ情報取得部41は、ユーザ携帯端末30のユーザ情報送信部33から送信されてきたユーザ情報を受信する。なお、図6において、ユーザ情報取得部41は、設置装置20又はユーザ携帯端末30からユーザ情報を受信することが示されている。ユーザ情報取得部41が設置装置20からユーザ情報を受信する実施形態は、以下で説明する。 The user information acquisition unit 41 acquires user information including user identification information from each of the user portable terminals 30 located within a predetermined distance from the installation device 20 installed in the vicinity of the biological information acquisition device 10. That is, the user information acquisition unit 41 receives the user information transmitted from the user information transmission unit 33 of the user portable terminal 30. In FIG. 6, the user information acquisition unit 41 is shown to receive user information from the installation apparatus 20 or the user portable terminal 30. An embodiment in which the user information acquisition unit 41 receives user information from the installation apparatus 20 will be described below.
 抽出部42は、格納装置50から、ユーザ情報取得部41が取得したユーザ情報に含まれるユーザの識別情報に対応する登録生体情報を抽出する。抽出された登録生体情報は、記憶部45(不図示)に記憶される。記憶部45は、例えば、揮発性の記憶装置で構成される。なお、記憶部45は、不揮発性の記憶装置で構成されてもよい。記憶部45に記憶されている登録生体情報の集合は、格納装置50に記憶されている登録生体情報の集合の部分集合である。 The extraction unit 42 extracts the registered biometric information corresponding to the user identification information included in the user information acquired by the user information acquisition unit 41 from the storage device 50. The extracted registered biometric information is stored in the storage unit 45 (not shown). The storage unit 45 is composed of, for example, a volatile storage device. Note that the storage unit 45 may be configured by a nonvolatile storage device. The set of registered biometric information stored in the storage unit 45 is a subset of the set of registered biometric information stored in the storage device 50.
 図7に、記憶部45に記憶されている登録生体情報の一例を模式的に示す。図示する例では、ユーザIDと登録生体情報とが互いに対応付けられている。 FIG. 7 schematically shows an example of registered biometric information stored in the storage unit 45. In the illustrated example, the user ID and registered biometric information are associated with each other.
 なお、抽出部42は、記憶部45を更新することができる。例えば、抽出部42は、ユーザ情報取得部41が新たにユーザ情報を取得すると、当該ユーザ情報に含まれるユーザの識別情報に対応する登録生体情報が記憶部45に記憶されているか確認する。そして、記憶されている場合、処理を終了する。一方、記憶されていない場合、格納装置50からそのユーザの識別情報に対応する登録生体情報を抽出し、記憶部45に格納する。 Note that the extraction unit 42 can update the storage unit 45. For example, when the user information acquisition unit 41 newly acquires user information, the extraction unit 42 checks whether registered biometric information corresponding to the user identification information included in the user information is stored in the storage unit 45. And when it is memorize | stored, a process is complete | finished. On the other hand, if not stored, the registered biometric information corresponding to the identification information of the user is extracted from the storage device 50 and stored in the storage unit 45.
 また、抽出部42は、記憶部45に記憶されている登録生体情報を削除することもできる。例えば、ユーザ携帯端末30のユーザ情報送信部33は、検知情報受信部32が検知情報を受信すると、その都度、ユーザ情報を認証装置40に送信するよう構成される。この場合、抽出部42は、新たな受信が所定時間以上途絶えたユーザの識別情報を特定すると、当該ユーザの識別情報に対応する登録生体情報を、記憶部45から削除してもよい。ユーザの識別情報の受信が所定時間以上途絶えた場合、当該ユーザの識別情報を記憶しているユーザ携帯端末30が、通信エリア20A外に出て行ったことを意味する。 Further, the extraction unit 42 can also delete the registered biometric information stored in the storage unit 45. For example, the user information transmission unit 33 of the user portable terminal 30 is configured to transmit the user information to the authentication device 40 each time the detection information reception unit 32 receives the detection information. In this case, the extraction unit 42 may delete the registered biometric information corresponding to the identification information of the user from the storage unit 45 after identifying the identification information of the user for whom new reception has been interrupted for a predetermined time or more. When the reception of the user identification information is interrupted for a predetermined time or more, it means that the user portable terminal 30 storing the user identification information has gone out of the communication area 20A.
 その他の例として、例えば、ユーザ携帯端末30は、設置装置20からの検知情報の受信が所定時間以上途絶えた場合、その旨を示す情報(ユーザの識別情報を含む)を認証装置40に送信する。この場合、抽出部42は、当該情報の受信に応じて、当該ユーザの識別情報に対応する登録生体情報を、記憶部45から削除してもよい。検知情報の受信が所定時間以上途絶えた場合、当該ユーザの識別情報を記憶しているユーザ携帯端末30が、通信エリア20A外に出て行ったことを意味する。 As another example, for example, when the reception of the detection information from the installation device 20 is interrupted for a predetermined time or longer, the user portable terminal 30 transmits information indicating that fact (including user identification information) to the authentication device 40. . In this case, the extraction unit 42 may delete the registered biometric information corresponding to the identification information of the user from the storage unit 45 in response to reception of the information. When reception of the detection information is interrupted for a predetermined time or more, it means that the user portable terminal 30 storing the user identification information has gone out of the communication area 20A.
 図6に戻り、生体情報取得部43は、生体情報取得装置10から、生体情報を取得する。例えば、生体情報取得装置10は生体情報を取得すると、リアルタイム処理で、当該生体情報を認証装置40に送信する。生体情報取得部43は、このように生体情報取得装置10から送信されてきた生体情報を受信する。生体情報取得部43が取得する生体情報は、ユーザの顔画像、指紋、声紋、虹彩等の生体データ、及び、当該生体データから抽出された特徴量の少なくとも一方を含む。 Returning to FIG. 6, the biological information acquisition unit 43 acquires biological information from the biological information acquisition device 10. For example, when the biometric information acquisition device 10 acquires biometric information, the biometric information is transmitted to the authentication device 40 by real-time processing. The biometric information acquisition unit 43 receives the biometric information transmitted from the biometric information acquisition device 10 in this way. The biometric information acquired by the biometric information acquisition unit 43 includes at least one of biometric data such as a user's face image, fingerprint, voiceprint, and iris, and a feature amount extracted from the biometric data.
 認証部44は、生体情報取得部43が取得した生体情報各々を用いた認証処理時に抽出されている(記憶部45に記憶されている)登録生体情報と、生体情報取得部43が取得した生体情報とに基づいて、認証処理を行う。すなわち、認証部44は、生体情報取得部43が生体情報を取得すると、当該生体情報と、その時点で抽出部42に抽出され、記憶部45に記憶されている登録生体情報と用いた照合処理により、認証処理を行う。 The authentication unit 44 extracts the registered biometric information (stored in the storage unit 45) extracted during the authentication process using each of the biometric information acquired by the biometric information acquisition unit 43 and the biometric information acquired by the biometric information acquisition unit 43. Authentication processing is performed based on the information. That is, when the biometric information acquisition unit 43 acquires biometric information, the authentication unit 44 uses the biometric information and the verification process using the registered biometric information extracted by the extraction unit 42 and stored in the storage unit 45 at that time. Thus, the authentication process is performed.
 認証装置40は、認証部44による認証結果を出力する出力部(不図示)をさらに有してもよい。出力部は、有線及び/又は無線での通信により、認証結果を、生体認証が必要なスポット(場所)に設置された所定の装置に送信する。当該装置は、認証結果に基づいて、所定の処理を実行する。例えば、認証結果が「認証する」ものである場合、認証されたユーザのみが入室できる部屋の入口のロックを解除したり、認証されたユーザのみが通過できるゲートを開いたりするなどの処理を実行する。一方、認証結果が「認証しない」ものである場合、ディスプレイ、スピーカ、警告ランプ等の所定の出力装置を介して、その旨を示す情報を出力する。 The authentication device 40 may further include an output unit (not shown) that outputs an authentication result by the authentication unit 44. The output unit transmits the authentication result to a predetermined device installed at a spot (place) where biometric authentication is required by wired and / or wireless communication. The apparatus executes a predetermined process based on the authentication result. For example, if the authentication result is “Authenticate”, perform processing such as unlocking the entrance of a room where only authenticated users can enter or opening a gate that allows only authenticated users to pass through. To do. On the other hand, if the authentication result is “not authenticated”, information indicating that is output via a predetermined output device such as a display, a speaker, and a warning lamp.
 以上説明した本実施形態の認証システムによれば、認証装置40は、生体情報取得装置10の近くに位置するユーザ携帯端末30から取得した情報(各ユーザ携帯端末30を携帯しているユーザの識別情報)に基づいて、格納装置50に登録されている多数の登録生体情報の中から、生体情報取得装置10の近くに位置するユーザに関する登録生体情報を抽出することができる。そして、認証処理時に抽出されている登録生体情報のみを用いて、認証処理を行うことができる。 According to the authentication system of this embodiment described above, the authentication device 40 acquires information acquired from the user portable terminal 30 located near the biological information acquisition device 10 (identification of the user carrying each user portable terminal 30). Information), it is possible to extract registered biometric information related to a user located near the biometric information acquisition apparatus 10 from a large number of registered biometric information registered in the storage device 50. Then, the authentication process can be performed using only the registered biometric information extracted during the authentication process.
 このような本実施形態によれば、生体情報取得装置10が取得した生体情報各々を用いた認証処理において利用される登録生体情報の数を小さくすることができる。結果、認証精度や認証の処理速度を向上させることができる。なお、ユーザ携帯端末30に登録されたユーザの識別情報のみを用いた認証処理の場合、ユーザ携帯端末30を貸し渡す等により、容易になりすまし等の不正がなされてしまう。本実施形態では、生体情報を用いて認証処理を行うので、当該不都合の発生を抑制することができる。 According to this embodiment, the number of registered biometric information used in the authentication process using each biometric information acquired by the biometric information acquisition apparatus 10 can be reduced. As a result, authentication accuracy and authentication processing speed can be improved. In the case of the authentication process using only the user identification information registered in the user portable terminal 30, fraud such as impersonation is easily performed by lending the user portable terminal 30. In the present embodiment, since the authentication process is performed using the biometric information, the occurrence of the inconvenience can be suppressed.
<第2の実施形態>
 まず、図8を用いて、本実施形態の認証システムの全体像について説明する。本実施形態の認証システムでは、ユーザ携帯端末30がユーザの識別情報を含む検知情報を通信エリア30A内に送信し、当該通信エリア30A内に位置する設置装置20が当該検知情報を受信する。そして、検知情報を受信した設置装置20は、当該受信に応じて、ユーザの識別情報を含むユーザ情報を認証装置40に送信する。本実施形態の認証システムは、当該点で、第1の実施形態と異なる。以下、詳細に説明する。なお、生体情報取得装置10、格納装置50の構成は、第1の実施形態と同様であるので、ここでの説明は省略する。 <Second Embodiment>
First, the overall image of the authentication system according to the present embodiment will be described with reference to FIG. In the authentication system of this embodiment, the user portable terminal 30 transmits detection information including user identification information into the communication area 30A, and the installation apparatus 20 located in the communication area 30A receives the detection information. And the installation apparatus 20 which received the detection information transmits the user information containing a user's identification information to the authentication apparatus 40 according to the said reception. The authentication system of this embodiment is different from the first embodiment in this respect. Details will be described below. In addition, since the structure of the biometric information acquisition apparatus 10 and the storage apparatus 50 is the same as that of 1st Embodiment, description here is abbreviate | omitted.
<ユーザ携帯端末30>
 図9に、本実施形態のユーザ携帯端末30の機能ブロック図の一例を示す。図示するように、ユーザ携帯端末30は、ユーザ情報記憶部31と、検知情報送信部34とを有する。ユーザ情報記憶部31の構成は、第1の実施形態と同様である。ユーザ携帯端末30は、第1の実施形態と同様、ユーザに携帯される。 <User portable terminal 30>
In FIG. 9, an example of the functional block diagram of the user portable terminal 30 of this embodiment is shown. As illustrated, the user portable terminal 30 includes a user information storage unit 31 and a detection information transmission unit 34. The configuration of the user information storage unit 31 is the same as that of the first embodiment. The user portable terminal 30 is carried by the user as in the first embodiment.
 検知情報送信部34は、定期的に又は間欠的に、自装置からの距離が所定の距離以内に位置する設置装置20に、無線通信で検知情報を送信する。検知情報には、ユーザ情報記憶部31に記憶されているユーザの識別情報が含まれる。 The detection information transmission part 34 transmits detection information by radio | wireless communication to the installation apparatus 20 located within the predetermined distance regularly or intermittently from the own apparatus. The detection information includes user identification information stored in the user information storage unit 31.
 例えば、検知情報送信部34は、通信距離が上記所定の距離以内である所定の無線通信規格を用いて、自端末から上記所定の距離以内の通信エリア(図8の通信エリア30A)内に、定期的に又は間欠的に検知情報を送信する。そして、当該通信エリア(図8の通信エリア30A)内に位置する設置装置20は、当該検知情報を受信することとなる。無線通信規格は、ブルートゥース規格や無線LAN規格等が挙げられるがこれらに限定されない。ユーザ携帯端末30は、例えば、スマートフォン等の携帯電話、タブレット端末、携帯ゲーム機等の既存の携帯端末に所定のアプリをインストールすることで上記機能を実現したものであってもよい。または、ユーザ携帯端末30は、本実施形態の認証システム専用に準備された端末、例えばビーコン端末であってもよい。 For example, the detection information transmission unit 34 uses a predetermined wireless communication standard in which a communication distance is within the predetermined distance, within a communication area (communication area 30A in FIG. 8) within the predetermined distance from the own terminal. Send detection information periodically or intermittently. And the installation apparatus 20 located in the said communication area (communication area 30A of FIG. 8) will receive the said detection information. Examples of the wireless communication standard include, but are not limited to, a Bluetooth standard and a wireless LAN standard. For example, the user portable terminal 30 may realize the above function by installing a predetermined application on an existing portable terminal such as a mobile phone such as a smartphone, a tablet terminal, or a portable game machine. Alternatively, the user portable terminal 30 may be a terminal prepared exclusively for the authentication system of the present embodiment, for example, a beacon terminal.
<設置装置20>
 図10に、本実施形態の設置装置20の機能ブロック図の一例を示す。図示するように、設置装置20は、検知情報受信部22と、ユーザ情報送信部23とを有する。設置装置20は、第1の実施形態と同様、生体情報取得装置10の近傍に設置される。 <Installation device 20>
In FIG. 10, an example of the functional block diagram of the installation apparatus 20 of this embodiment is shown. As illustrated, the installation apparatus 20 includes a detection information reception unit 22 and a user information transmission unit 23. The installation apparatus 20 is installed in the vicinity of the biological information acquisition apparatus 10 as in the first embodiment.
 検知情報受信部22は、ユーザ携帯端末30の検知情報送信部34と同じ規格で無線通信が可能である。そして、ユーザ携帯端末30の移動により、当該ユーザ携帯端末30と当該規格で無線通信可能なエリア(図8の通信エリア30A)に設置装置20が入ると、すなわち、ユーザ携帯端末30から送信された検知情報が到達するエリア(図8の通信エリア30A)に設置装置20が入ると、検知情報受信部22はユーザ携帯端末30から送信された検知情報を受信する。 The detection information receiving unit 22 can perform wireless communication with the same standard as the detection information transmitting unit 34 of the user portable terminal 30. When the installation apparatus 20 enters the area (communication area 30A in FIG. 8) where the user portable terminal 30 can wirelessly communicate with the user portable terminal 30 according to the standard, that is, transmitted from the user portable terminal 30 When the installation apparatus 20 enters the area where the detection information reaches (communication area 30 </ b> A in FIG. 8), the detection information receiving unit 22 receives the detection information transmitted from the user portable terminal 30.
 ユーザ情報送信部23は、検知情報受信部22が検知情報を受信すると、当該受信に応じて、当該検知情報に含まれているユーザの識別情報を含むユーザ情報を、認証装置40に送信する。なお、ユーザ情報送信部23は、ユーザ情報に、自装置の識別情報(設置装置20の識別情報)を含めて認証装置40に送信してもよい。例えば、検知情報受信部22が検知情報を受信すると、ユーザ情報送信部23は、検知情報内の所定の位置に自装置の識別情報(設置装置20の識別情報)を書き込み、それをユーザ情報として認証装置40に送信してもよい。 When the detection information reception unit 22 receives the detection information, the user information transmission unit 23 transmits user information including user identification information included in the detection information to the authentication device 40 in response to the reception. In addition, the user information transmission part 23 may transmit to the authentication apparatus 40 including the identification information (identification information of the installation apparatus 20) of the own apparatus in the user information. For example, when the detection information receiving unit 22 receives the detection information, the user information transmitting unit 23 writes the identification information of the own device (identification information of the installation device 20) at a predetermined position in the detection information, and uses this as user information. You may transmit to the authentication apparatus 40.
 ユーザ情報送信部23による通信手段は特段制限されないが、無線LANやインターネット等のネットワーク1を介した通信であってもよいし、有線での通信であってもよい。 The communication means by the user information transmission unit 23 is not particularly limited, but may be communication via the network 1 such as a wireless LAN or the Internet, or may be wired communication.
 なお、通信エリア30A内に設置装置20がいる間、検知情報受信部22は、ユーザ携帯端末30から定期的に又は間欠的に送信される検知情報を受信し続けることとなる。ユーザ情報送信部23は、検知情報受信部22が検知情報を受信すると、その都度、ユーザ情報を認証装置40に送信してもよい。または、ユーザ情報送信部23は、同じユーザ携帯端末30から所定の時間よりも短い時間間隔で連続的に検知情報を受信した場合、2回目以降の受信時にはユーザ情報を送信しないように構成してもよい。この場合、設置装置20は、あるユーザ携帯端末30からの検知情報の受信が所定時間以上途絶えると、その旨を示す情報(ユーザの識別情報を含む)を認証装置40に送信してもよい。この場合、ユーザ携帯端末30の移動により、設置装置20は当該ユーザ携帯端末30の通信エリア30A外に移動したことを意味する。 In addition, while the installation apparatus 20 is in the communication area 30 </ b> A, the detection information receiving unit 22 continues to receive detection information transmitted from the user portable terminal 30 periodically or intermittently. The user information transmission unit 23 may transmit the user information to the authentication device 40 each time the detection information reception unit 22 receives the detection information. Alternatively, the user information transmission unit 23 is configured not to transmit the user information at the second or subsequent reception when the detection information is continuously received from the same user portable terminal 30 at a time interval shorter than a predetermined time. Also good. In this case, when reception of detection information from a certain user portable terminal 30 is interrupted for a predetermined time or more, the installation device 20 may transmit information indicating that fact (including user identification information) to the authentication device 40. In this case, it means that the installation device 20 has moved out of the communication area 30 </ b> A of the user portable terminal 30 due to the movement of the user portable terminal 30.
<認証装置40>
 認証装置40の機能ブロック図の一例は、第1の実施形態と同様、図6で示される。なお図示しないが、記憶部45をさらに有してもよい。抽出部42、生体情報取得部43、認証部44及び記憶部45の構成は、第1の実施形態と同様である。 <Authentication device 40>
An example of a functional block diagram of the authentication device 40 is shown in FIG. 6 as in the first embodiment. Although not shown, the storage unit 45 may be further included. The configurations of the extraction unit 42, the biometric information acquisition unit 43, the authentication unit 44, and the storage unit 45 are the same as those in the first embodiment.
 ユーザ情報取得部41は、生体情報取得装置10の近傍に設置されている設置装置20から所定の距離以内に位置するユーザ携帯端末30各々から、設置装置20を介して(設置装置20を経由して)、ユーザの識別情報を取得する。すなわち、ユーザ携帯端末30は、ユーザの識別情報を設置装置20に送信する。そして、その後、設置装置20は、受信したユーザの識別情報を認証装置40に送信する。ユーザ情報取得部41は、このように送信されてきたユーザの識別情報を受信する。 The user information acquisition unit 41 is connected to each of the user portable terminals 30 located within a predetermined distance from the installation device 20 installed in the vicinity of the biological information acquisition device 10 via the installation device 20 (via the installation device 20). To obtain user identification information. That is, the user portable terminal 30 transmits user identification information to the installation apparatus 20. After that, the installation apparatus 20 transmits the received user identification information to the authentication apparatus 40. The user information acquisition unit 41 receives the user identification information transmitted in this way.
 以上説明した本実施形態の認証システムにおいても、第1の実施形態と同様の作用効果を実現することができる。 In the authentication system of the present embodiment described above, the same operational effects as those of the first embodiment can be realized.
<第3の実施形態>
 まず、本実施形態の全体像について説明する。本実施形態では、格納装置50に記憶されている複数の登録生体情報を、1ステップで認証処理に利用するグループに絞り込むのでなく、設置装置20とユーザ携帯端末30との距離に応じて段階的に絞り込んでいき、最終的に、認証処理に利用するグループに絞り込む。例えば、図11に示すように、設置装置20からの距離に応じて複数のエリアを設定し、各エリア内のユーザ携帯端末30の検知に応じて、徐々に登録生体情報を絞り込んでいく。 <Third Embodiment>
First, the overall image of this embodiment will be described. In the present embodiment, the plurality of registered biometric information stored in the storage device 50 is not narrowed down to groups used for authentication processing in one step, but stepwise according to the distance between the installation device 20 and the user portable terminal 30. And finally narrow down to groups used for authentication processing. For example, as shown in FIG. 11, a plurality of areas are set according to the distance from the installation device 20, and the registered biometric information is gradually narrowed down according to the detection of the user portable terminal 30 in each area.
 このような本実施形態によれば、認証処理に利用するグループとして登録生体情報を抽出する処理を、効率的に行うことができる。例えば、図11の場合、20A-1のエリア内に位置するユーザに対応する登録生体情報が、認証処理に利用するグループとして抽出されることになる。 According to this embodiment, it is possible to efficiently perform the process of extracting the registered biometric information as a group used for the authentication process. For example, in the case of FIG. 11, registered biometric information corresponding to a user located in the area 20A-1 is extracted as a group used for authentication processing.
 1ステップで絞り込む場合、20A-1のエリア内にユーザが位置することを検知すると、このユーザの登録生体情報を、格納装置50内から抽出することとなる。すなわち、格納装置50に格納されている膨大な数の登録生体情報が検索対象となる。 In the case of narrowing down in one step, when it is detected that the user is located in the area of 20A-1, the registered biometric information of the user is extracted from the storage device 50. That is, an enormous number of registered biometric information stored in the storage device 50 is a search target.
 これに対し、距離に応じて段階的に絞り込む場合、20A-1のエリア内にユーザが位置することを検知すると、このユーザの登録生体情報を、20A-2のエリアに対応して抽出されている登録生体情報群から抽出することとなる。当然、格納装置50に格納されている膨大な数の登録生体情報が検索対象とする場合に比べて、検索対象の数は少なくなる。結果、所定の登録生体情報を抽出する処理を効率的に行うことができる。以下、詳細に説明する。なお、生体情報取得装置10、格納装置50の構成は、第1の実施形態と同様であるので、ここでの説明は省略する。 On the other hand, when narrowing down step by step according to the distance, when it is detected that the user is located in the area 20A-1, the registered biometric information of the user is extracted corresponding to the area 20A-2. It is extracted from the registered biometric information group. Naturally, the number of search targets is smaller than when a huge number of registered biometric information stored in the storage device 50 is the search target. As a result, it is possible to efficiently perform processing for extracting predetermined registered biometric information. Details will be described below. In addition, since the structure of the biometric information acquisition apparatus 10 and the storage apparatus 50 is the same as that of 1st Embodiment, description here is abbreviate | omitted.
<設置装置20>
 本実施形態の設置装置20の機能ブロック図の一例は、第1の実施形態と同様、図2で示される。 <Installation device 20>
An example of a functional block diagram of the installation apparatus 20 of the present embodiment is shown in FIG. 2 as in the first embodiment.
 検知情報送信部21は、検知情報の送信距離を、第1のレベルから第n(nは2以上の整数、かつ、nが大きいほど距離が大きい)のレベルの間で制御可能である。例えば、検知情報送信部21は、図11に示すように、第1から第3の3つのレベルの間で送信距離を制御可能であってもよい。図11には、3つの通信エリア20A-1乃至20A-3が示されている。通信エリア20A-1が第1のレベルの送信距離に対応し、通信エリア20A-2が第2のレベルの送信距離に対応し、通信エリア20A-3が第3のレベルの送信距離に対応する。 The detection information transmission unit 21 can control the transmission distance of the detection information from the first level to the nth level (n is an integer of 2 or more, and the distance increases as n increases). For example, the detection information transmission unit 21 may be capable of controlling the transmission distance between the first to third levels as shown in FIG. FIG. 11 shows three communication areas 20A-1 to 20A-3. Communication area 20A-1 corresponds to the first level transmission distance, communication area 20A-2 corresponds to the second level transmission distance, and communication area 20A-3 corresponds to the third level transmission distance. .
 そして、検知情報送信部21は、送信する検知情報に、送信距離を示す距離情報を含めて送信する。すなわち、検知情報送信部21は、第pのレベル(pは1以上n以下の整数)の送信距離で検知情報を送信する場合、当該検知情報の中に、第pのレベルの送信距離で検知情報を送信したことを示す距離情報を含めて送信する。 Then, the detection information transmission unit 21 transmits the detection information to be transmitted including distance information indicating the transmission distance. That is, when the detection information is transmitted at a transmission distance of the p-th level (p is an integer of 1 to n), the detection information transmission unit 21 detects at the transmission distance of the p-th level in the detection information. It is transmitted including distance information indicating that the information has been transmitted.
 なお、検知情報送信部21による送信距離の制御は、同じ無線通信規格で送信距離を調整することで実現してもよいし、又は、検知情報送信部21が互いに通信距離が異なる複数の無線通信規格で検知情報を送信可能であり、各規格で検知情報を送信することで実現してもよい。 The control of the transmission distance by the detection information transmission unit 21 may be realized by adjusting the transmission distance according to the same wireless communication standard, or the detection information transmission unit 21 may have a plurality of wireless communication with different communication distances. The detection information can be transmitted according to the standard, and may be realized by transmitting the detection information according to each standard.
<ユーザ携帯端末30>
 本実施形態のユーザ携帯端末30の機能ブロック図の一例は、第1の実施形態と同様、図3で示される。ユーザ情報記憶部31の構成は、第1の実施形態と同様である。 <User portable terminal 30>
An example of a functional block diagram of the user portable terminal 30 of the present embodiment is shown in FIG. 3 as in the first embodiment. The configuration of the user information storage unit 31 is the same as that of the first embodiment.
 検知情報受信部32は、設置装置20の検知情報送信部21と同じ規格で無線通信が可能である。そして、検知情報受信部32は、距離情報が含まれている検知情報を設置装置20から受信する。 The detection information receiving unit 32 can perform wireless communication with the same standard as the detection information transmitting unit 21 of the installation apparatus 20. Then, the detection information receiving unit 32 receives detection information including distance information from the installation apparatus 20.
 ユーザ情報送信部33は、ユーザの識別情報及び距離情報を含むユーザ情報を認証装置40に送信する。例えば、検知情報受信部32が検知情報を受信すると、ユーザ情報送信部33は、検知情報内の所定の位置にユーザ情報記憶部31に記憶されているユーザの識別情報を書き込み、それをユーザ情報として認証装置40に送信してもよい。 The user information transmission unit 33 transmits user information including user identification information and distance information to the authentication device 40. For example, when the detection information receiving unit 32 receives the detection information, the user information transmission unit 33 writes the user identification information stored in the user information storage unit 31 at a predetermined position in the detection information, and stores the user identification information in the user information. May be transmitted to the authentication device 40.
 なお、通信エリア20A(図11に示す通信エリア20A-1乃至20A-3)内にユーザ携帯端末30がいる間、検知情報受信部32は、設置装置20から定期的に又は間欠的に送信される検知情報を受信し続けることとなる。ユーザ情報送信部33は、検知情報受信部32が検知情報を受信すると、その都度、ユーザ情報を認証装置40に送信してもよい。または、ユーザ情報送信部33は、設置装置20から所定の時間よりも短い時間間隔で連続的に同じ送信距離を示す距離情報を含む検知情報を受信した場合、2回目以降の受信時にはユーザ情報を送信しないように構成してもよい。この場合、ユーザ携帯端末30は、設置装置20からの検知情報の受信が所定時間以上途絶えると、その旨を示す情報(ユーザの識別情報を含む)を認証装置40に送信してもよい。これは、ユーザ携帯端末30が通信エリア20A外に出て行ったことを意味する。 While the user portable terminal 30 is in the communication area 20A (communication areas 20A-1 to 20A-3 shown in FIG. 11), the detection information receiving unit 32 is transmitted from the installation device 20 periodically or intermittently. Will continue to receive detection information. The user information transmission unit 33 may transmit the user information to the authentication device 40 each time the detection information reception unit 32 receives the detection information. Alternatively, when the user information transmission unit 33 receives detection information including distance information indicating the same transmission distance continuously at a time interval shorter than a predetermined time from the installation device 20, the user information transmission unit 33 receives the user information at the second and subsequent receptions. You may comprise so that it may not transmit. In this case, the user portable terminal 30 may transmit information (including user identification information) indicating the fact to the authentication device 40 when reception of the detection information from the installation device 20 is interrupted for a predetermined time or more. This means that the user portable terminal 30 went out of the communication area 20A.
<認証装置40>
 図12に、本実施形態の認証装置40の機能ブロック図の一例を示す。図示するように、本実施形態の認証装置40は、ユーザ情報取得部41と、抽出部42と、生体情報取得部43と、認証部44と、記憶部45と、距離毎グループ化部46とを有する。抽出部42及び生体情報取得部43の構成は、第1の実施形態と同様である。 <Authentication device 40>
FIG. 12 shows an example of a functional block diagram of the authentication device 40 of the present embodiment. As shown in the figure, the authentication device 40 of this embodiment includes a user information acquisition unit 41, an extraction unit 42, a biometric information acquisition unit 43, an authentication unit 44, a storage unit 45, and a grouping unit 46 for each distance. Have The structure of the extraction part 42 and the biometric information acquisition part 43 is the same as that of 1st Embodiment.
 ユーザ情報取得部41は、ユーザ携帯端末30各々の設置装置20からの距離を示す距離情報をさらに取得する。すなわち、ユーザ情報取得部41は、ユーザ携帯端末30により送信された距離情報を含むユーザ情報を受信する。 The user information acquisition unit 41 further acquires distance information indicating the distance from the installation device 20 of each user portable terminal 30. That is, the user information acquisition unit 41 receives user information including distance information transmitted by the user portable terminal 30.
 距離毎グループ化部46は、抽出部42が抽出した登録生体情報を、距離情報に基づき、距離に応じた複数のグループに分ける。例えば、距離毎グループ化部46は、抽出部42が抽出し、記憶部45に記憶されている登録生体情報を、距離情報で示される距離に応じて複数のグループに分ける。なお、ユーザ情報取得部41が、あるユーザの識別情報を含むユーザ情報を繰り返し取得した場合、距離毎グループ化部46は、最新のユーザ情報に含まれる距離情報に基づいて、グループ化を行う。 The distance-by-distance grouping unit 46 divides the registered biometric information extracted by the extraction unit 42 into a plurality of groups according to the distance based on the distance information. For example, the distance grouping unit 46 divides the registered biometric information extracted by the extraction unit 42 and stored in the storage unit 45 into a plurality of groups according to the distance indicated by the distance information. When the user information acquisition unit 41 repeatedly acquires user information including identification information of a certain user, the distance grouping unit 46 performs grouping based on the distance information included in the latest user information.
 ここで、距離毎グループ化部46によるグループ化処理の一例を示すが、距離毎グループ化部46によるグループ化処理はこれに限定されない。 Here, although an example of the grouping process by the distance grouping unit 46 is shown, the grouping process by the distance grouping unit 46 is not limited to this.
 図13に、記憶部45に記憶されている登録生体情報の一例を模式的に示す。図示する例では、ユーザIDと、登録生体情報と、距離グループIDとが対応付けられている。例えば、距離毎グループ化部46は、ユーザ情報取得部41が取得したユーザ情報に基づいて、記憶部45が記憶する図13に示す情報の距離グループIDを更新する。図示する距離グループIDは、上述した送信距離のレベルに対応する。すなわち、当該例の場合、距離毎グループ化部46は、抽出部42が抽出した登録生体情報を、上記送信距離のレベルに対応して、第1のグループから第nのグループ(nは2以上の整数、かつ、nが大きいほど距離が大きい)にグループ化している。 FIG. 13 schematically shows an example of registered biometric information stored in the storage unit 45. In the example illustrated, the user ID, the registered biometric information, and the distance group ID are associated with each other. For example, the distance grouping unit 46 updates the distance group ID of the information shown in FIG. 13 stored in the storage unit 45 based on the user information acquired by the user information acquisition unit 41. The illustrated distance group ID corresponds to the transmission distance level described above. That is, in the case of the example, the distance grouping unit 46 converts the registered biometric information extracted by the extraction unit 42 from the first group to the nth group (n is 2 or more) corresponding to the transmission distance level. And the larger the n, the larger the distance).
 なお、ユーザ情報取得部41が、第1のユーザの識別情報、及び、第p(pは1以上n以下)のグループに対応する距離情報を含むユーザ情報を取得すると、距離毎グループ化部46は、その時点で抽出されている登録生体情報(例:記憶部45に記憶されている登録生体情報)の中の、第(p-1)のグループ及び第(p+1)のグループの少なくとも一方に属する登録生体情報を検索対象とし、第1のユーザの識別情報に対応する登録生体情報がないか確認する。 When the user information acquisition unit 41 acquires user information including the identification information of the first user and the distance information corresponding to the p-th (p is 1 or more and n or less) group, the distance-by-distance grouping unit 46 Is at least one of the (p−1) th group and the (p + 1) th group in the registered biometric information extracted at that time (eg, registered biometric information stored in the storage unit 45). The registered biometric information to which it belongs is set as a search target, and it is confirmed whether there is any registered biometric information corresponding to the identification information of the first user.
 そして、第(p-1)のグループ又は第(p+1)のグループに属する第1のユーザの識別情報に対応する登録生体情報が存在した場合、距離毎グループ化部46は、特定したその登録生体情報を、第pのグループに移動させる。例えば、図13の距離グループIDの値を所定の値に更新する。 When there is registered biometric information corresponding to the identification information of the first user belonging to the (p−1) th group or the (p + 1) th group, the distance-by-distance grouping unit 46 identifies the specified registered biometrics. Move information to the p th group. For example, the value of the distance group ID in FIG. 13 is updated to a predetermined value.
 一方、第(p-1)のグループ又は第(p+1)のグループに属する第1のユーザの識別情報に対応する登録生体情報が存在しなかった場合、距離毎グループ化部46はその旨を示す情報を抽出部42に入力する。すると、抽出部42はそれに応じて、第1のユーザの識別情報に対応する登録生体情報を格納装置50から抽出し、例えば記憶部45に記憶させる。そして、距離毎グループ化部46は、新たに抽出された登録生体情報を、第pのグループに属させる。例えば、図13の距離グループIDの欄に所定の値を入力する。 On the other hand, if there is no registered biometric information corresponding to the identification information of the first user belonging to the (p−1) th group or the (p + 1) th group, the grouping unit 46 for each distance indicates that fact. Information is input to the extraction unit 42. Then, the extraction unit 42 extracts the registered biometric information corresponding to the identification information of the first user from the storage device 50 and stores it in the storage unit 45, for example. Then, the grouping unit 46 for each distance causes the newly extracted registered biometric information to belong to the p-th group. For example, a predetermined value is entered in the distance group ID column of FIG.
 図12に戻り、認証部44は、認証処理時に最も距離が小さいグループ(図13の場合、距離グループID:1)に属する登録生体情報と、生体情報取得部43が取得した生体情報とに基づいて、認証処理を行う。 Returning to FIG. 12, the authentication unit 44 is based on the registered biometric information belonging to the group with the smallest distance (distance group ID: 1 in FIG. 13) and the biometric information acquired by the biometric information acquisition unit 43 during the authentication process. Authentication processing.
 ここで、本実施形態の変形例について説明する。上述した例では、第1の実施形態をベースとし、設置装置20が、送信距離を、第1のレベルから第n(nは2以上の整数、かつ、nが大きいほど距離が大きい)のレベルの間で制御しながら検知情報を送信した。これに対し、第2の実施形態をベースとし、ユーザ携帯端末30が、送信距離を、第1のレベルから第n(nは2以上の整数、かつ、nが大きいほど距離が大きい)のレベルの間で制御しながら検知情報を送信してもよい。このようにしても、上記例と同様の作用効果を実現できる。 Here, a modified example of this embodiment will be described. In the example described above, the installation device 20 is based on the first embodiment, and the installation apparatus 20 changes the transmission distance from the first level to the nth level (n is an integer of 2 or more, and the larger the n, the larger the distance). The detection information was transmitted while controlling between. On the other hand, based on the second embodiment, the user portable terminal 30 changes the transmission distance from the first level to the n-th level (n is an integer of 2 or more, and the distance increases as n increases). The detection information may be transmitted while being controlled between. Even if it does in this way, the effect similar to the said example is realizable.
 以上説明した本実施形態によれば、第1及び第2の実施形態と同様の作用効果を実現できる。また、本実施形態によれば、格納装置50に記憶されている複数の登録生体情報を、設置装置20とユーザ携帯端末30との距離に応じて段階的に絞り込んでいくことができる。結果、当該絞り込み処理を、効率的に行うことが可能となる。 According to the present embodiment described above, the same operational effects as those of the first and second embodiments can be realized. Further, according to the present embodiment, a plurality of registered biometric information stored in the storage device 50 can be narrowed down step by step according to the distance between the installation device 20 and the user portable terminal 30. As a result, the narrowing-down process can be performed efficiently.
<第4の実施形態>
 まず、本実施形態の全体像について説明する。本実施形態では、生体認証が行われるスポットが複数あり、各スポットに生体情報取得装置10及び設置装置20が設置されている。そして、認証装置40は、複数の生体情報取得装置10から生体情報を取得し、認証処理を行う。以下、詳細に説明する。 <Fourth Embodiment>
First, the overall image of this embodiment will be described. In this embodiment, there are a plurality of spots where biometric authentication is performed, and the biometric information acquisition apparatus 10 and the installation apparatus 20 are installed in each spot. And the authentication apparatus 40 acquires biometric information from the some biometric information acquisition apparatus 10, and performs an authentication process. Details will be described below.
 生体情報取得装置10、設置装置20及びユーザ携帯端末30の構成は、第1乃至第3の実施形態のいずれかと同様である。 The configurations of the biological information acquisition device 10, the installation device 20, and the user portable terminal 30 are the same as those in any of the first to third embodiments.
<格納装置50>
 図14に、本実施形態の格納装置50が記憶する情報の一例を模式的に示す。図示する例では、ユーザIDと、登録生体情報と、許可スポットIDとが対応付けられている。格納装置50に登録生体情報が登録されているユーザは、複数のスポットのうち、少なくとも一つで認証される。格納装置50は、図14に示すように、各ユーザが認証されるスポット(許可スポット)を示す情報を記憶している。 <Storage device 50>
FIG. 14 schematically shows an example of information stored in the storage device 50 of the present embodiment. In the example illustrated, the user ID, the registered biometric information, and the permitted spot ID are associated with each other. A user whose registered biometric information is registered in the storage device 50 is authenticated by at least one of a plurality of spots. As shown in FIG. 14, the storage device 50 stores information indicating spots (permitted spots) where each user is authenticated.
<認証装置40>
 図15に、本実施形態の認証装置40の機能ブロック図の一例を示す。図示するように、認証装置40は、ユーザ情報取得部41と、抽出部42と、生体情報取得部43と、認証部44と、記憶部45と、設置装置毎グループ化部47とを有する。なお、距離毎グループ化部46をさらに有してもよい。 <Authentication device 40>
FIG. 15 shows an example of a functional block diagram of the authentication device 40 of the present embodiment. As illustrated, the authentication device 40 includes a user information acquisition unit 41, an extraction unit 42, a biometric information acquisition unit 43, an authentication unit 44, a storage unit 45, and a grouping unit 47 for each installation device. In addition, you may further have the grouping part 46 for every distance.
 ユーザ情報取得部41は、生体情報取得装置10の近傍に設置されている設置装置20から所定の距離以内に位置するユーザ携帯端末30各々から、直接又は当該設置装置20を介してユーザの識別情報を取得する時、当該ユーザ携帯端末30から所定の距離以内に位置する当該設置装置20の識別情報をさらに取得する。 The user information acquisition unit 41 receives user identification information from each user portable terminal 30 located within a predetermined distance from the installation device 20 installed in the vicinity of the biological information acquisition device 10 directly or via the installation device 20. Is acquired, the identification information of the installation apparatus 20 located within a predetermined distance from the user portable terminal 30 is further acquired.
 第1乃至第3の実施形態で、設置装置20又はユーザ携帯端末30が、ユーザ情報に設置装置20の識別情報を含めて認証装置40に送信する実施形態を示した。ユーザ情報取得部41は、このように送信されたユーザ情報を受信することができる。 In the first to third embodiments, the embodiment in which the installation device 20 or the user portable terminal 30 transmits the user information including the identification information of the installation device 20 to the authentication device 40 has been described. The user information acquisition unit 41 can receive the user information transmitted in this way.
 抽出部42は、ユーザ情報に含まれるユーザの識別情報と、設置装置20の識別情報とに基づき、当該ユーザが当該設置装置20の設置スポットで認証されるユーザである場合、格納装置50から当該ユーザの登録生体情報を抽出する。抽出された登録生体情報は、例えば記憶部45に記憶される。 When the user is a user who is authenticated at the installation spot of the installation device 20 based on the user identification information included in the user information and the identification information of the installation device 20, the extraction unit 42 receives the information from the storage device 50. The registered biometric information of the user is extracted. The extracted registered biometric information is stored in the storage unit 45, for example.
 抽出部42は、各設置装置20の設置スポットを特定可能に構成される。例えば、抽出部42は、図18に示すような、設置装置IDと、設置スポットを示すスポットIDとを対応付けた情報を保持しておく。そして、抽出部42は、ユーザ情報取得部41がユーザ情報を取得すると、設置装置20の識別情報に基づいて、設置スポットを特定する。また、抽出部42は、格納装置50を検索し、当該ユーザ情報に含まれるユーザの識別情報に対応する登録生体情報を特定する(図14参照)。その後、抽出部42は、当該ユーザが認証されるスポットの中に、今回特定した設置スポットが含まれるか判断する。含まれる場合、特定した登録生体情報を抽出する。含まれない場合、特定した登録生体情報を抽出しない。 The extraction unit 42 is configured to be able to specify the installation spot of each installation device 20. For example, the extraction unit 42 holds information in which an installation device ID and a spot ID indicating an installation spot are associated with each other as illustrated in FIG. Then, when the user information acquisition unit 41 acquires the user information, the extraction unit 42 specifies the installation spot based on the identification information of the installation device 20. Further, the extraction unit 42 searches the storage device 50 and specifies registered biometric information corresponding to the user identification information included in the user information (see FIG. 14). Thereafter, the extraction unit 42 determines whether the installation spot specified this time is included in the spots where the user is authenticated. If included, the specified registered biometric information is extracted. If not included, the specified registered biometric information is not extracted.
 設置装置毎グループ化部47は、抽出部42が抽出し、例えば記憶部45に記憶されている登録生体情報を、ユーザ情報取得部41が取得した設置装置20の識別情報に基づき、設置装置20の識別情報毎に複数のグループに分ける。 The installation device grouping unit 47 extracts the registered biometric information extracted by the extraction unit 42 and stored in the storage unit 45 based on the identification information of the installation device 20 acquired by the user information acquisition unit 41, for example. Each of the identification information is divided into a plurality of groups.
 図16に、記憶部45に記憶されている登録生体情報の一例を模式的に示す。図示する例では、ユーザIDと、登録生体情報と、設置装置IDとが対応付けられている。例えば、設置装置毎グループ化部47は、ユーザ情報取得部41が取得したユーザ情報に含まれる設置装置20の識別情報に基づいて、記憶部45が記憶する図16に示す情報の設置装置IDを更新する。 FIG. 16 schematically shows an example of registered biometric information stored in the storage unit 45. In the example illustrated, the user ID, the registered biometric information, and the installation device ID are associated with each other. For example, the installation device grouping unit 47 sets the installation device ID of the information shown in FIG. 16 stored in the storage unit 45 based on the identification information of the installation device 20 included in the user information acquired by the user information acquisition unit 41. Update.
 図17に、記憶部45に記憶されている登録生体情報の他の一例を模式的に示す。図示する例では、ユーザIDと、登録生体情報と、設置装置IDと、距離グループIDとが対応付けられている。例えば、設置装置毎グループ化部47は、ユーザ情報取得部41が取得したユーザ情報に含まれる設置装置20の識別情報に基づいて、記憶部45が記憶する図17に示す情報の設置装置IDを更新する。そして、距離毎グループ化部46は、ユーザ情報取得部41が取得したユーザ情報に含まれる距離情報に基づいて、記憶部45が記憶する図17に示す情報の距離グループIDを更新する。 FIG. 17 schematically shows another example of registered biometric information stored in the storage unit 45. In the illustrated example, a user ID, registered biometric information, an installation device ID, and a distance group ID are associated with each other. For example, the installation device grouping unit 47 sets the installation device ID of the information shown in FIG. 17 stored in the storage unit 45 based on the identification information of the installation device 20 included in the user information acquired by the user information acquisition unit 41. Update. The distance grouping unit 46 then updates the distance group ID of the information shown in FIG. 17 stored in the storage unit 45 based on the distance information included in the user information acquired by the user information acquisition unit 41.
 生体情報取得部43は、生体情報取得装置10から生体情報を取得する際、併せて、近くに設置されている設置装置20の識別情報を取得する。すなわち、生体情報取得装置10は、生体情報と、近傍に設置されている設置装置20の識別情報を、認証装置40に送信する。 The biometric information acquisition unit 43 acquires the identification information of the installation device 20 installed nearby when acquiring biometric information from the biometric information acquisition device 10. That is, the biological information acquisition device 10 transmits the biological information and the identification information of the installation device 20 installed in the vicinity to the authentication device 40.
 認証部44は、生体情報取得部43が取得した設置装置20の識別情報に対応するグループに属する登録生体情報(図16及び図17において、当該設置装置の識別情報(設置装置ID)を対応付けられている登録生体情報)と、生体情報取得部43が取得した生体情報とに基づいて、認証処理を行う。なお、第3の実施形態と同様、距離毎グループ化部46を有する場合、認証部44は、生体情報取得部43が取得した設置装置20の識別情報に対応するグループに属し、かつ、最も距離が小さいグループ(図17の場合、距離グループID:1)に属する登録生体情報と、生体情報取得部43が取得した生体情報とに基づいて、認証処理を行う。 The authentication unit 44 associates the registered biometric information belonging to the group corresponding to the identification information of the installation device 20 acquired by the biometric information acquisition unit 43 (in FIG. 16 and FIG. 17, the identification information (installation device ID) of the installation device). Authentication processing) is performed based on the registered biometric information) and the biometric information acquired by the biometric information acquisition unit 43. As in the third embodiment, when the distance-by-distance grouping unit 46 is included, the authentication unit 44 belongs to the group corresponding to the identification information of the installation apparatus 20 acquired by the biometric information acquisition unit 43, and is the longest distance. Authentication processing is performed based on the registered biometric information belonging to the small group (distance group ID: 1 in the case of FIG. 17) and the biometric information acquired by the biometric information acquisition unit 43.
 以上説明した本実施形態によれば、第1乃至第3の実施形態と同様な作用効果を実現することができる。また、生体認証を行うスポットが複数あり、かつ、スポットごとに認証されるユーザが異なる場合であっても、複数のスポットでの認証処理を、1組の認証装置40及び格納装置50により効率的に実行することができる。 According to the present embodiment described above, the same operational effects as those of the first to third embodiments can be realized. In addition, even when there are a plurality of spots for performing biometric authentication and the authenticated user is different for each spot, the authentication processing at the plurality of spots is more efficiently performed by the pair of authentication device 40 and storage device 50. Can be executed.
 以下、参考形態の例を付記する。
1. 各ユーザから生体情報を取得する生体情報取得装置の近傍に設置されている設置装置から所定の距離以内に位置するユーザ携帯端末各々から、前記ユーザの識別情報を取得するユーザ情報取得手段と、
 複数の前記ユーザ各々に対応する複数の登録生体情報を格納する格納装置から、前記ユーザ情報取得手段が取得した前記ユーザの識別情報に対応する前記登録生体情報を抽出する抽出手段と、
 前記生体情報取得装置から、前記生体情報を取得する生体情報取得手段と、
 認証処理時に抽出されている前記登録生体情報と、前記生体情報取得手段が取得した前記生体情報とに基づいて、認証処理を行う認証手段と、
を有する認証装置。
2. 1に記載の認証装置において、
 前記ユーザ情報取得手段は、前記ユーザ携帯端末各々の前記設置装置からの距離を示す距離情報をさらに取得し、
 前記抽出手段が抽出した前記登録生体情報を、前記距離情報に基づき、距離に応じた複数のグループに分ける距離毎グループ化手段をさらに有し、
 前記認証手段は、認証処理時に最も距離が小さいグループに属する前記登録生体情報と、前記生体情報取得手段が取得した前記生体情報とに基づいて、認証処理を行う認証装置。
3. 2に記載の認証装置において、
 前記距離毎グループ化手段は、
  前記抽出手段が抽出した前記登録生体情報を、第1のグループから第nのグループ(nは2以上の整数、かつ、nが大きいほど距離が大きい)にグループ化し、
  前記ユーザ情報取得手段が、第1の前記ユーザの識別情報、及び、第p(pは1以上n以下)のグループに対応する前記距離情報を取得すると、第(p-1)のグループ及び第(p+1)のグループの少なくとも一方を検索対象とし、検索対象のグループに属する前記登録生体情報の中から前記第1のユーザの識別情報に対応する前記登録生体情報を特定すると、特定した前記登録生体情報を前記第pのグループに移動させる認証装置。
4. 1から3のいずれかに記載の認証装置において、
 前記ユーザ情報取得手段は、前記ユーザ携帯端末から所定の距離以内に位置する前記設置装置の識別情報をさらに取得し、
 前記抽出手段が抽出した前記登録生体情報を、前記設置装置の識別情報に基づき、前記設置装置の識別情報毎に複数のグループに分ける設置装置毎グループ化手段をさらに有し、
 前記生体情報取得手段は、前記生体情報取得装置から、前記生体情報及び近傍に設置されている前記設置装置の識別情報を取得し、
 前記認証手段は、前記生体情報取得手段が取得した前記設置装置の識別情報に対応するグループに属する前記登録生体情報と、前記生体情報取得手段が取得した前記生体情報とに基づいて、認証処理を行う認証装置。
5. 1から4のいずれかに記載の認証装置と、各ユーザから生体情報を取得する生体情報取得装置と、前記生体情報取得装置の近傍に設置されている設置装置と、前記ユーザ各々に携帯されるユーザ携帯端末とを有し、
 前記設置装置は、定期的に又は間欠的に、自装置からの距離が所定の距離以内に位置する前記ユーザ携帯端末に検知情報を送信する検知情報送信手段をさらに有し、
 前記携帯端末は、
  前記ユーザの識別情報を記憶するユーザ情報記憶手段と、
  前記検知情報を受信する検知情報受信手段と、
  前記検知情報受信手段が前記検知情報を受信すると、当該受信に応じて、前記ユーザの識別情報を前記認証装置に送信するユーザ情報送信手段と、
を有する認証システム。
6. 5に記載の認証システムにおいて、
 前記検知情報送信手段は、前記検知情報の送信距離を、第1のレベルから第n(nは2以上の整数、かつ、nが大きいほど距離が大きい)のレベルの間で制御可能であり、かつ、前記検知情報に前記送信距離を示す距離情報を含めて送信し、
 前記ユーザ情報送信手段は、前記距離情報を前記認証装置に送信する認証システム。
7. 5又は6に記載の認証システムにおいて、
 前記検知情報送信手段は、前記検知情報に自装置の識別情報を含めて送信し、
 前記ユーザ情報送信手段は、前記設置装置の識別情報を前記認証装置に送信する認証システム。
8. 1から4のいずれかに記載の認証装置と、各ユーザから生体情報を取得する生体情報取得装置と、前記生体情報取得装置の近傍に設置されている設置装置と、前記ユーザ各々に携帯されるユーザ携帯端末とを有し、
 前記ユーザ携帯端末は、
  前記ユーザの識別情報を記憶するユーザ情報記憶手段と、
 定期的に又は間欠的に、自装置からの距離が所定の距離以内に位置する前記設置装置に、前記ユーザの識別情報を含む検知情報を送信する検知情報送信手段と、
をさらに有し、
 前記設置装置は、
  前記検知情報を受信する検知情報受信手段と、
  前記検知情報受信手段が前記検知情報を受信すると、当該受信に応じて、前記ユーザの識別情報を前記認証装置に送信するユーザ情報送信手段と、
を有する認証システム。
9. 8に記載の認証システムにおいて、
 前記検知情報送信手段は、前記検知情報の送信距離を、第1のレベルから第n(nは2以上の整数、かつ、nが大きいほど距離が大きい)のレベルの間で制御可能であり、かつ、前記検知情報に前記送信距離を示す距離情報を含めて送信し、
 前記ユーザ情報送信手段は、前記距離情報を前記認証装置に送信する認証システム。
10. 8又は9に記載の認証システムにおいて、
 前記ユーザ情報送信手段は、自装置の識別情報を前記認証装置に送信する認証システム。
11. コンピュータが、
 各ユーザから生体情報を取得する生体情報取得装置の近傍に設置されている設置装置から所定の距離以内に位置するユーザ携帯端末各々から、前記ユーザの識別情報を取得するユーザ情報取得工程と、
 複数の前記ユーザ各々に対応する複数の登録生体情報を格納する格納装置から、前記ユーザ情報取得工程で取得した前記ユーザの識別情報に対応する前記登録生体情報を抽出する抽出工程と、
 前記生体情報取得装置から、前記生体情報を取得する生体情報取得工程と、
 認証処理時に抽出されている前記登録生体情報と、前記生体情報取得工程で取得した前記生体情報とに基づいて、認証処理を行う認証工程と、
を実行する認証方法。
11-2. 11に記載の認証方法において、
 前記ユーザ情報取得工程では、前記ユーザ携帯端末各々の前記設置装置からの距離を示す距離情報をさらに取得し、
 前記コンピュータは、前記抽出工程で抽出した前記登録生体情報を、前記距離情報に基づき、距離に応じた複数のグループに分ける距離毎グループ化工程をさらに実行し、
 前記認証工程では、認証処理時に最も距離が小さいグループに属する前記登録生体情報と、前記生体情報取得工程で取得した前記生体情報とに基づいて、認証処理を行う認証方法。
11-3. 11-2に記載の認証方法において、
 前記距離毎グループ化工程では、
  前記抽出工程で抽出した前記登録生体情報を、第1のグループから第nのグループ(nは2以上の整数、かつ、nが大きいほど距離が大きい)にグループ化し、
  前記ユーザ情報取得工程では、第1の前記ユーザの識別情報、及び、第p(pは1以上n以下)のグループに対応する前記距離情報を取得すると、第(p-1)のグループ及び第(p+1)のグループの少なくとも一方を検索対象とし、検索対象のグループに属する前記登録生体情報の中から前記第1のユーザの識別情報に対応する前記登録生体情報を特定すると、特定した前記登録生体情報を前記第pのグループに移動させる認証方法。
11-4. 11から11-3のいずれかに記載の認証方法において、
 前記ユーザ情報取得工程では、前記ユーザ携帯端末から所定の距離以内に位置する前記設置装置の識別情報をさらに取得し、
 前記コンピュータは、前記抽出工程で抽出した前記登録生体情報を、前記設置装置の識別情報に基づき、前記設置装置の識別情報毎に複数のグループに分ける設置装置毎グループ化工程をさらに実行し、
 前記生体情報取得工程では、前記生体情報取得装置から、前記生体情報及び近傍に設置されている前記設置装置の識別情報を取得し、
 前記認証工程では、前記生体情報取得工程で取得した前記設置装置の識別情報に対応するグループに属する前記登録生体情報と、前記生体情報取得工程で取得した前記生体情報とに基づいて、認証処理を行う認証方法。
12. コンピュータを、
 各ユーザから生体情報を取得する生体情報取得装置の近傍に設置されている設置装置から所定の距離以内に位置するユーザ携帯端末各々から、前記ユーザの識別情報を取得するユーザ情報取得手段、
 複数の前記ユーザ各々に対応する複数の登録生体情報を格納する格納装置から、前記ユーザ情報取得手段が取得した前記ユーザの識別情報に対応する前記登録生体情報を抽出する抽出手段、
 前記生体情報取得装置から、前記生体情報を取得する生体情報取得手段、
 認証処理時に抽出されている前記登録生体情報と、前記生体情報取得手段が取得した前記生体情報とに基づいて、認証処理を行う認証手段、
として機能させるためのプログラム。
12-2. 12に記載のプログラムにおいて、
 前記ユーザ情報取得手段に、前記ユーザ携帯端末各々の前記設置装置からの距離を示す距離情報をさらに取得させ、
 前記コンピュータを、前記抽出手段が抽出した前記登録生体情報を、前記距離情報に基づき、距離に応じた複数のグループに分ける距離毎グループ化手段としてさらに機能させ、
 前記認証手段に、認証処理時に最も距離が小さいグループに属する前記登録生体情報と、前記生体情報取得手段が取得した前記生体情報とに基づいて、認証処理を行わせるプログラム。
12-3. 12-2に記載のプログラムにおいて、
 前記距離毎グループ化手段に、
  前記抽出手段が抽出した前記登録生体情報を、第1のグループから第nのグループ(nは2以上の整数、かつ、nが大きいほど距離が大きい)にグループ化させ、
  前記ユーザ情報取得手段が、第1の前記ユーザの識別情報、及び、第p(pは1以上n以下)のグループに対応する前記距離情報を取得すると、第(p-1)のグループ及び第(p+1)のグループの少なくとも一方を検索対象とし、検索対象のグループに属する前記登録生体情報の中から前記第1のユーザの識別情報に対応する前記登録生体情報を特定すると、特定した前記登録生体情報を前記第pのグループに移動させるプログラム。
12-4. 12から12-3のいずれかに記載のプログラムにおいて、
 前記ユーザ情報取得手段に、前記ユーザ携帯端末から所定の距離以内に位置する前記設置装置の識別情報をさらに取得させ、
 前記コンピュータを、前記抽出手段が抽出した前記登録生体情報を、前記設置装置の識別情報に基づき、前記設置装置の識別情報毎に複数のグループに分ける設置装置毎グループ化手段としてさらに機能させ、
 前記生体情報取得手段に、前記生体情報取得装置から、前記生体情報及び近傍に設置されている前記設置装置の識別情報を取得させ、
 前記認証手段に、前記生体情報取得手段が取得した前記設置装置の識別情報に対応するグループに属する前記登録生体情報と、前記生体情報取得手段が取得した前記生体情報とに基づいて、認証処理を行わせるプログラム。 Hereinafter, examples of the reference form will be added.
1. User information acquisition means for acquiring the identification information of the user from each of the user portable terminals located within a predetermined distance from an installation device installed in the vicinity of the biological information acquisition device that acquires biological information from each user;
Extracting means for extracting the registered biometric information corresponding to the identification information of the user acquired by the user information acquisition means from a storage device storing a plurality of registered biometric information corresponding to each of the plurality of users;
Biological information acquisition means for acquiring the biological information from the biological information acquisition device;
Authentication means for performing authentication processing based on the registered biometric information extracted during authentication processing and the biometric information acquired by the biometric information acquisition means;
An authentication device.
2. In the authentication device according to 1,
The user information acquisition means further acquires distance information indicating a distance from the installation device of each of the user portable terminals,
The registration biometric information extracted by the extraction means further includes a grouping unit for each distance based on the distance information and divided into a plurality of groups according to the distance,
The authentication unit is an authentication device that performs an authentication process based on the registered biometric information belonging to a group having the smallest distance during the authentication process and the biometric information acquired by the biometric information acquisition unit.
3. In the authentication device according to 2,
The distance grouping means includes:
Grouping the registered biometric information extracted by the extracting means into a first group to an nth group (n is an integer of 2 or more, and the larger the n, the greater the distance);
When the user information acquisition means acquires the first identification information of the user and the distance information corresponding to the p-th group (p is 1 or more and n or less), the (p−1) -th group and the When the registered biometric information corresponding to the identification information of the first user is specified from among the registered biometric information belonging to the search target group, at least one of the groups of (p + 1) is specified. An authentication apparatus for moving information to the p-th group.
4). In the authentication device according to any one of 1 to 3,
The user information acquisition means further acquires identification information of the installation device located within a predetermined distance from the user portable terminal,
The registration biometric information extracted by the extraction unit further includes a grouping unit for each installation device that divides the biometric information into a plurality of groups for each identification information of the installation device based on the identification information of the installation device,
The biological information acquisition means acquires the biological information and identification information of the installation device installed in the vicinity from the biological information acquisition device,
The authentication unit performs an authentication process based on the registered biometric information belonging to the group corresponding to the identification information of the installation apparatus acquired by the biometric information acquisition unit and the biometric information acquired by the biometric information acquisition unit. Authentication device to perform.
5. The authentication device according to any one of 1 to 4, a biological information acquisition device that acquires biological information from each user, an installation device that is installed in the vicinity of the biological information acquisition device, and each of the users A user portable terminal,
The installation apparatus further includes detection information transmission means for transmitting detection information to the user portable terminal located within a predetermined distance from the own apparatus periodically or intermittently,
The portable terminal is
User information storage means for storing identification information of the user;
Detection information receiving means for receiving the detection information;
When the detection information receiving means receives the detection information, in response to the reception, user information transmission means for transmitting the user identification information to the authentication device;
Having an authentication system.
6). In the authentication system according to 5,
The detection information transmission means can control the transmission distance of the detection information from a first level to an nth level (n is an integer of 2 or more, and the larger the distance, the larger the distance). And including the distance information indicating the transmission distance in the detection information,
The user information transmission unit is an authentication system that transmits the distance information to the authentication device.
7). In the authentication system according to 5 or 6,
The detection information transmitting means transmits the detection information including identification information of the device itself,
The user information transmission means is an authentication system for transmitting identification information of the installation device to the authentication device.
8). The authentication device according to any one of 1 to 4, a biological information acquisition device that acquires biological information from each user, an installation device that is installed in the vicinity of the biological information acquisition device, and each of the users A user portable terminal,
The user portable terminal is
User information storage means for storing identification information of the user;
Periodically or intermittently, detection information transmission means for transmitting detection information including the identification information of the user to the installation device located within a predetermined distance from the device itself;
Further comprising
The installation device is
Detection information receiving means for receiving the detection information;
When the detection information receiving means receives the detection information, in response to the reception, user information transmission means for transmitting the user identification information to the authentication device;
Having an authentication system.
9. In the authentication system according to 8,
The detection information transmission means can control the transmission distance of the detection information from a first level to an nth level (n is an integer of 2 or more, and the larger the distance, the larger the distance). And including the distance information indicating the transmission distance in the detection information,
The user information transmission unit is an authentication system that transmits the distance information to the authentication device.
10. In the authentication system according to 8 or 9,
The user information transmitting means is an authentication system that transmits identification information of the device itself to the authentication device.
11. Computer
A user information acquisition step of acquiring identification information of the user from each of the user portable terminals located within a predetermined distance from an installation device installed in the vicinity of the biological information acquisition device that acquires biological information from each user;
An extraction step of extracting the registered biometric information corresponding to the identification information of the user acquired in the user information acquisition step from a storage device storing a plurality of registered biometric information corresponding to each of the plurality of users;
A biological information acquisition step of acquiring the biological information from the biological information acquisition device;
An authentication process for performing an authentication process based on the registered biometric information extracted during the authentication process and the biometric information acquired in the biometric information acquisition process;
Authentication method to perform.
11-2. 11. In the authentication method according to 11,
In the user information acquisition step, further acquiring distance information indicating a distance from the installation device of each of the user portable terminals,
The computer further performs a distance grouping step of dividing the registered biometric information extracted in the extraction step into a plurality of groups according to the distance based on the distance information,
An authentication method for performing authentication processing based on the registered biometric information belonging to the group having the smallest distance at the time of authentication processing and the biometric information acquired in the biometric information acquisition step in the authentication step.
11-3. In the authentication method described in 11-2,
In the distance grouping step,
The registered biometric information extracted in the extraction step is grouped into a first group to an nth group (n is an integer of 2 or more, and the larger n is, the larger the distance is).
In the user information obtaining step, when the identification information of the first user and the distance information corresponding to the p-th (p is 1 or more and n or less) group are obtained, the (p−1) -th group and the When the registered biometric information corresponding to the identification information of the first user is specified from among the registered biometric information belonging to the search target group, at least one of the groups of (p + 1) is specified. An authentication method for moving information to the p-th group.
11-4. In the authentication method according to any one of 11 to 11-3,
In the user information acquisition step, further acquiring identification information of the installation device located within a predetermined distance from the user portable terminal,
The computer further executes a grouping step for each installation device that divides the registered biometric information extracted in the extraction step into a plurality of groups for each identification information of the installation device based on the identification information of the installation device,
In the biological information acquisition step, from the biological information acquisition device, acquire the biological information and identification information of the installation device installed in the vicinity,
In the authentication step, an authentication process is performed based on the registered biometric information belonging to the group corresponding to the identification information of the installation device acquired in the biometric information acquisition step and the biometric information acquired in the biometric information acquisition step. Authentication method to perform.
12 Computer
User information acquisition means for acquiring identification information of the user from each of the user portable terminals located within a predetermined distance from an installation device installed in the vicinity of the biological information acquisition device that acquires biological information from each user;
Extraction means for extracting the registered biometric information corresponding to the identification information of the user acquired by the user information acquisition means from a storage device storing a plurality of registered biometric information corresponding to each of the plurality of users;
Biological information acquisition means for acquiring the biological information from the biological information acquisition device;
An authentication unit that performs an authentication process based on the registered biometric information extracted during the authentication process and the biometric information acquired by the biometric information acquisition unit;
Program to function as.
12-2. In the program described in 12,
Causing the user information acquisition means to further acquire distance information indicating a distance from the installation device of each of the user portable terminals;
The computer further causes the registered biometric information extracted by the extraction means to function as a distance-by-distance grouping means that divides the biometric information into a plurality of groups according to the distance based on the distance information,
A program for causing the authentication unit to perform an authentication process based on the registered biometric information belonging to the group having the smallest distance during the authentication process and the biometric information acquired by the biometric information acquisition unit.
12-3. In the program described in 12-2,
In the distance grouping means,
Grouping the registered biometric information extracted by the extraction means from the first group to the nth group (n is an integer of 2 or more, and the larger the n, the greater the distance);
When the user information acquisition means acquires the first identification information of the user and the distance information corresponding to the p-th group (p is 1 or more and n or less), the (p−1) -th group and the When the registered biometric information corresponding to the identification information of the first user is specified from among the registered biometric information belonging to the search target group, at least one of the groups of (p + 1) is specified. A program for moving information to the p-th group.
12-4. In the program according to any one of 12 to 12-3,
Causing the user information acquisition means to further acquire identification information of the installation device located within a predetermined distance from the user portable terminal;
The computer further causes the registered biometric information extracted by the extraction unit to function as a grouping unit for each installation device that divides the biometric information into a plurality of groups for each identification information of the installation device based on the identification information of the installation device,
The biological information acquisition means, from the biological information acquisition device, to acquire the biological information and identification information of the installation device installed in the vicinity,
Based on the registered biometric information belonging to the group corresponding to the identification information of the installation device acquired by the biometric information acquisition unit and the biometric information acquired by the biometric information acquisition unit, the authentication unit performs authentication processing. Program to be performed.
 この出願は、2014年9月2日に出願された日本出願特願2014-177857号を基礎とする優先権を主張し、その開示の全てをここに取り込む。 This application claims priority based on Japanese Patent Application No. 2014-177857 filed on September 2, 2014, the entire disclosure of which is incorporated herein.

Claims (12)

  1.  各ユーザから生体情報を取得する生体情報取得装置の近傍に設置されている設置装置から所定の距離以内に位置するユーザ携帯端末各々から、前記ユーザの識別情報を取得するユーザ情報取得手段と、
     複数の前記ユーザ各々に対応する複数の登録生体情報を格納する格納装置から、前記ユーザ情報取得手段が取得した前記ユーザの識別情報に対応する前記登録生体情報を抽出する抽出手段と、
     前記生体情報取得装置から、前記生体情報を取得する生体情報取得手段と、
     認証処理時に抽出されている前記登録生体情報と、前記生体情報取得手段が取得した前記生体情報とに基づいて、認証処理を行う認証手段と、
    を有する認証装置。     User information acquisition means for acquiring the identification information of the user from each of the user portable terminals located within a predetermined distance from an installation device installed in the vicinity of the biological information acquisition device that acquires biological information from each user;
    Extracting means for extracting the registered biometric information corresponding to the identification information of the user acquired by the user information acquisition means from a storage device storing a plurality of registered biometric information corresponding to each of the plurality of users;
    Biological information acquisition means for acquiring the biological information from the biological information acquisition device;
    Authentication means for performing authentication processing based on the registered biometric information extracted during authentication processing and the biometric information acquired by the biometric information acquisition means;
    An authentication device.
  2.  請求項1に記載の認証装置において、
     前記ユーザ情報取得手段は、前記ユーザ携帯端末各々の前記設置装置からの距離を示す距離情報をさらに取得し、
     前記抽出手段が抽出した前記登録生体情報を、前記距離情報に基づき、距離に応じた複数のグループに分ける距離毎グループ化手段をさらに有し、
     前記認証手段は、認証処理時に最も距離が小さいグループに属する前記登録生体情報と、前記生体情報取得手段が取得した前記生体情報とに基づいて、認証処理を行う認証装置。     The authentication device according to claim 1,
    The user information acquisition means further acquires distance information indicating a distance from the installation device of each of the user portable terminals,
    The registration biometric information extracted by the extraction means further includes a grouping unit for each distance based on the distance information and divided into a plurality of groups according to the distance,
    The authentication unit is an authentication device that performs an authentication process based on the registered biometric information belonging to a group having the smallest distance during the authentication process and the biometric information acquired by the biometric information acquisition unit.
  3.  請求項2に記載の認証装置において、
     前記距離毎グループ化手段は、
      前記抽出手段が抽出した前記登録生体情報を、第1のグループから第nのグループ(nは2以上の整数、かつ、nが大きいほど距離が大きい)にグループ化し、
      前記ユーザ情報取得手段が、第1の前記ユーザの識別情報、及び、第p(pは1以上n以下)のグループに対応する前記距離情報を取得すると、第(p-1)のグループ及び第(p+1)のグループの少なくとも一方を検索対象とし、検索対象のグループに属する前記登録生体情報の中から前記第1のユーザの識別情報に対応する前記登録生体情報を特定すると、特定した前記登録生体情報を前記第pのグループに移動させる認証装置。     The authentication device according to claim 2,
    The distance grouping means includes:
    Grouping the registered biometric information extracted by the extracting means into a first group to an nth group (n is an integer of 2 or more, and the larger the n, the greater the distance);
    When the user information acquisition means acquires the first identification information of the user and the distance information corresponding to the p-th group (p is 1 or more and n or less), the (p−1) -th group and the When the registered biometric information corresponding to the identification information of the first user is specified from among the registered biometric information belonging to the search target group, at least one of the groups of (p + 1) is specified. An authentication apparatus for moving information to the p-th group.
  4.  請求項1から3のいずれか1項に記載の認証装置において、
     前記ユーザ情報取得手段は、前記ユーザ携帯端末から所定の距離以内に位置する前記設置装置の識別情報をさらに取得し、
     前記抽出手段が抽出した前記登録生体情報を、前記設置装置の識別情報に基づき、前記設置装置の識別情報毎に複数のグループに分ける設置装置毎グループ化手段をさらに有し、
     前記生体情報取得手段は、前記生体情報取得装置から、前記生体情報及び近傍に設置されている前記設置装置の識別情報を取得し、
     前記認証手段は、前記生体情報取得手段が取得した前記設置装置の識別情報に対応するグループに属する前記登録生体情報と、前記生体情報取得手段が取得した前記生体情報とに基づいて、認証処理を行う認証装置。     The authentication device according to any one of claims 1 to 3,
    The user information acquisition means further acquires identification information of the installation device located within a predetermined distance from the user portable terminal,
    The registration biometric information extracted by the extraction unit further includes a grouping unit for each installation device that divides the biometric information into a plurality of groups for each identification information of the installation device based on the identification information of the installation device,
    The biological information acquisition means acquires the biological information and identification information of the installation device installed in the vicinity from the biological information acquisition device,
    The authentication unit performs an authentication process based on the registered biometric information belonging to the group corresponding to the identification information of the installation apparatus acquired by the biometric information acquisition unit and the biometric information acquired by the biometric information acquisition unit. Authentication device to perform.
  5.  請求項1から4のいずれか1項に記載の認証装置と、各ユーザから生体情報を取得する生体情報取得装置と、前記生体情報取得装置の近傍に設置されている設置装置と、前記ユーザ各々に携帯されるユーザ携帯端末とを有し、
     前記設置装置は、定期的に又は間欠的に、自装置からの距離が所定の距離以内に位置する前記ユーザ携帯端末に検知情報を送信する検知情報送信手段をさらに有し、
     前記携帯端末は、
      前記ユーザの識別情報を記憶するユーザ情報記憶手段と、
      前記検知情報を受信する検知情報受信手段と、
      前記検知情報受信手段が前記検知情報を受信すると、当該受信に応じて、前記ユーザの識別情報を前記認証装置に送信するユーザ情報送信手段と、
    を有する認証システム。     5. The authentication apparatus according to claim 1, a biological information acquisition apparatus that acquires biological information from each user, an installation apparatus that is installed in the vicinity of the biological information acquisition apparatus, and each of the users And a user portable terminal
    The installation apparatus further includes detection information transmission means for transmitting detection information to the user portable terminal located within a predetermined distance from the own apparatus periodically or intermittently,
    The portable terminal is
    User information storage means for storing identification information of the user;
    Detection information receiving means for receiving the detection information;
    When the detection information receiving means receives the detection information, in response to the reception, user information transmission means for transmitting the user identification information to the authentication device;
    Having an authentication system.
  6.  請求項5に記載の認証システムにおいて、
     前記検知情報送信手段は、前記検知情報の送信距離を、第1のレベルから第n(nは2以上の整数、かつ、nが大きいほど距離が大きい)のレベルの間で制御可能であり、かつ、前記検知情報に前記送信距離を示す距離情報を含めて送信し、
     前記ユーザ情報送信手段は、前記距離情報を前記認証装置に送信する認証システム。     The authentication system according to claim 5,
    The detection information transmission means can control the transmission distance of the detection information from a first level to an nth level (n is an integer of 2 or more, and the larger the distance, the larger the distance). And including the distance information indicating the transmission distance in the detection information,
    The user information transmission unit is an authentication system that transmits the distance information to the authentication device.
  7.  請求項5又は6に記載の認証システムにおいて、
     前記検知情報送信手段は、前記検知情報に自装置の識別情報を含めて送信し、
     前記ユーザ情報送信手段は、前記設置装置の識別情報を前記認証装置に送信する認証システム。     The authentication system according to claim 5 or 6,
    The detection information transmitting means transmits the detection information including identification information of the device itself,
    The user information transmission means is an authentication system for transmitting identification information of the installation device to the authentication device.
  8.  請求項1から4のいずれか1項に記載の認証装置と、各ユーザから生体情報を取得する生体情報取得装置と、前記生体情報取得装置の近傍に設置されている設置装置と、前記ユーザ各々に携帯されるユーザ携帯端末とを有し、
     前記ユーザ携帯端末は、
      前記ユーザの識別情報を記憶するユーザ情報記憶手段と、
     定期的に又は間欠的に、自装置からの距離が所定の距離以内に位置する前記設置装置に、前記ユーザの識別情報を含む検知情報を送信する検知情報送信手段と、
    をさらに有し、
     前記設置装置は、
      前記検知情報を受信する検知情報受信手段と、
      前記検知情報受信手段が前記検知情報を受信すると、当該受信に応じて、前記ユーザの識別情報を前記認証装置に送信するユーザ情報送信手段と、
    を有する認証システム。     5. The authentication apparatus according to claim 1, a biological information acquisition apparatus that acquires biological information from each user, an installation apparatus that is installed in the vicinity of the biological information acquisition apparatus, and each of the users And a user portable terminal
    The user portable terminal is
    User information storage means for storing identification information of the user;
    Periodically or intermittently, detection information transmission means for transmitting detection information including the identification information of the user to the installation device located within a predetermined distance from the device itself;
    Further comprising
    The installation device is
    Detection information receiving means for receiving the detection information;
    When the detection information receiving means receives the detection information, in response to the reception, user information transmission means for transmitting the user identification information to the authentication device;
    Having an authentication system.
  9.  請求項8に記載の認証システムにおいて、
     前記検知情報送信手段は、前記検知情報の送信距離を、第1のレベルから第n(nは2以上の整数、かつ、nが大きいほど距離が大きい)のレベルの間で制御可能であり、かつ、前記検知情報に前記送信距離を示す距離情報を含めて送信し、
     前記ユーザ情報送信手段は、前記距離情報を前記認証装置に送信する認証システム。     The authentication system according to claim 8,
    The detection information transmission means can control the transmission distance of the detection information from a first level to an nth level (n is an integer of 2 or more, and the larger the distance, the larger the distance). And including the distance information indicating the transmission distance in the detection information,
    The user information transmission unit is an authentication system that transmits the distance information to the authentication device.
  10.  請求項8又は9に記載の認証システムにおいて、
     前記ユーザ情報送信手段は、自装置の識別情報を前記認証装置に送信する認証システム。     The authentication system according to claim 8 or 9,
    The user information transmitting means is an authentication system that transmits identification information of the device itself to the authentication device.
  11.  コンピュータが、
     各ユーザから生体情報を取得する生体情報取得装置の近傍に設置されている設置装置から所定の距離以内に位置するユーザ携帯端末各々から、前記ユーザの識別情報を取得するユーザ情報取得工程と、
     複数の前記ユーザ各々に対応する複数の登録生体情報を格納する格納装置から、前記ユーザ情報取得工程で取得した前記ユーザの識別情報に対応する前記登録生体情報を抽出する抽出工程と、
     前記生体情報取得装置から、前記生体情報を取得する生体情報取得工程と、
     認証処理時に抽出されている前記登録生体情報と、前記生体情報取得工程で取得した前記生体情報とに基づいて、認証処理を行う認証工程と、
    を実行する認証方法。     Computer
    A user information acquisition step of acquiring identification information of the user from each of the user portable terminals located within a predetermined distance from an installation device installed in the vicinity of the biological information acquisition device that acquires biological information from each user;
    An extraction step of extracting the registered biometric information corresponding to the identification information of the user acquired in the user information acquisition step from a storage device storing a plurality of registered biometric information corresponding to each of the plurality of users;
    A biological information acquisition step of acquiring the biological information from the biological information acquisition device;
    An authentication process for performing an authentication process based on the registered biometric information extracted during the authentication process and the biometric information acquired in the biometric information acquisition process;
    Authentication method to perform.
  12.  コンピュータを、
     各ユーザから生体情報を取得する生体情報取得装置の近傍に設置されている設置装置から所定の距離以内に位置するユーザ携帯端末各々から、前記ユーザの識別情報を取得するユーザ情報取得手段、
     複数の前記ユーザ各々に対応する複数の登録生体情報を格納する格納装置から、前記ユーザ情報取得手段が取得した前記ユーザの識別情報に対応する前記登録生体情報を抽出する抽出手段、
     前記生体情報取得装置から、前記生体情報を取得する生体情報取得手段、
     認証処理時に抽出されている前記登録生体情報と、前記生体情報取得手段が取得した前記生体情報とに基づいて、認証処理を行う認証手段、
    として機能させるためのプログラム。     Computer
    User information acquisition means for acquiring identification information of the user from each of the user portable terminals located within a predetermined distance from an installation device installed in the vicinity of the biological information acquisition device that acquires biological information from each user;
    Extraction means for extracting the registered biometric information corresponding to the identification information of the user acquired by the user information acquisition means from a storage device storing a plurality of registered biometric information corresponding to each of the plurality of users;
    Biological information acquisition means for acquiring the biological information from the biological information acquisition device;
    An authentication unit that performs an authentication process based on the registered biometric information extracted during the authentication process and the biometric information acquired by the biometric information acquisition unit;
    Program to function as.
PCT/JP2015/066154 2014-09-02 2015-06-04 Authentication device, authentication system, authentication method and program WO2016035402A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2016546348A JP6390986B2 (en) 2014-09-02 2015-06-04 Authentication device, authentication system, authentication method and program

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2014177857 2014-09-02
JP2014-177857 2014-09-02

Publications (1)

Publication Number Publication Date
WO2016035402A1 true WO2016035402A1 (en) 2016-03-10

Family

ID=55439475

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2015/066154 WO2016035402A1 (en) 2014-09-02 2015-06-04 Authentication device, authentication system, authentication method and program

Country Status (2)

Country Link
JP (1) JP6390986B2 (en)
WO (1) WO2016035402A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108022098A (en) * 2017-11-20 2018-05-11 胡研 A kind of method of commerce, traction equipment and computer-readable recording medium
JP2019046151A (en) * 2017-09-01 2019-03-22 コニカミノルタ株式会社 Authentication system, authentication control device, control method of authentication control device, and program
JP2019168915A (en) * 2018-03-23 2019-10-03 株式会社セガゲームス Authentication system
JP2021107978A (en) * 2019-12-27 2021-07-29 国立大学法人鳥取大学 Program, information processing system, information processing method, and cart
WO2021149632A1 (en) * 2020-01-20 2021-07-29 株式会社 東芝 Portable authentication device, ic card, and authentication system
JP2022513977A (en) * 2018-12-26 2022-02-09 巽騰(広東)科技有限公司 Identity identification method, device and server for designated point approval
JP7151944B1 (en) * 2021-09-30 2022-10-12 日本電気株式会社 Authentication terminal, system, control method and program for authentication terminal
WO2023053362A1 (en) * 2021-09-30 2023-04-06 日本電気株式会社 Authentication terminal, system, control method for authentication terminal, and recording medium
JP2023063159A (en) * 2021-10-22 2023-05-09 エヌ・ティ・ティ・コミュニケーションズ株式会社 Presentation device, presentation method, and presentation program
JP7407102B2 (en) 2020-11-24 2023-12-28 株式会社日立ビルシステム Authentication system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002132733A (en) * 2000-10-30 2002-05-10 Omron Corp Electronic equipment, control method therefor, device, method and system for authentication
JP2003178031A (en) * 2001-12-11 2003-06-27 Mitsubishi Electric Corp Biometric personal identification system, server terminal and client terminal
JP2008065446A (en) * 2006-09-05 2008-03-21 Mitsubishi Electric Corp Fingerprint sensor unit and fingerprint collation device adopting the same fingerprint sensor unit
JP2008197895A (en) * 2007-02-13 2008-08-28 Toshiba Tec Corp Pos terminal, and biological authentication unit

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002132733A (en) * 2000-10-30 2002-05-10 Omron Corp Electronic equipment, control method therefor, device, method and system for authentication
JP2003178031A (en) * 2001-12-11 2003-06-27 Mitsubishi Electric Corp Biometric personal identification system, server terminal and client terminal
JP2008065446A (en) * 2006-09-05 2008-03-21 Mitsubishi Electric Corp Fingerprint sensor unit and fingerprint collation device adopting the same fingerprint sensor unit
JP2008197895A (en) * 2007-02-13 2008-08-28 Toshiba Tec Corp Pos terminal, and biological authentication unit

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2019046151A (en) * 2017-09-01 2019-03-22 コニカミノルタ株式会社 Authentication system, authentication control device, control method of authentication control device, and program
CN108022098A (en) * 2017-11-20 2018-05-11 胡研 A kind of method of commerce, traction equipment and computer-readable recording medium
JP2019168915A (en) * 2018-03-23 2019-10-03 株式会社セガゲームス Authentication system
JP7279973B2 (en) 2018-12-26 2023-05-23 巽騰(広東)科技有限公司 Identification method, device and server in designated point authorization
JP2022513977A (en) * 2018-12-26 2022-02-09 巽騰(広東)科技有限公司 Identity identification method, device and server for designated point approval
JP2021107978A (en) * 2019-12-27 2021-07-29 国立大学法人鳥取大学 Program, information processing system, information processing method, and cart
WO2021149632A1 (en) * 2020-01-20 2021-07-29 株式会社 東芝 Portable authentication device, ic card, and authentication system
JP7414545B2 (en) 2020-01-20 2024-01-16 株式会社東芝 Portable authentication devices, IC cards and authentication systems
JP7407102B2 (en) 2020-11-24 2023-12-28 株式会社日立ビルシステム Authentication system
JP7151944B1 (en) * 2021-09-30 2022-10-12 日本電気株式会社 Authentication terminal, system, control method and program for authentication terminal
WO2023053362A1 (en) * 2021-09-30 2023-04-06 日本電気株式会社 Authentication terminal, system, control method for authentication terminal, and recording medium
WO2023053360A1 (en) * 2021-09-30 2023-04-06 日本電気株式会社 Authentication terminal, system, method for controlling authentication terminal, and storage medium
JP2023063159A (en) * 2021-10-22 2023-05-09 エヌ・ティ・ティ・コミュニケーションズ株式会社 Presentation device, presentation method, and presentation program
JP7331062B2 (en) 2021-10-22 2023-08-22 エヌ・ティ・ティ・コミュニケーションズ株式会社 PRESENTATION DEVICE, PRESENTATION METHOD AND PRESENTATION PROGRAM

Also Published As

Publication number Publication date
JP6390986B2 (en) 2018-09-19
JPWO2016035402A1 (en) 2017-04-27

Similar Documents

Publication Publication Date Title
JP6390986B2 (en) Authentication device, authentication system, authentication method and program
AU2022202047B2 (en) Remote usage of locally stored biometric authentication data
US20190236249A1 (en) Systems and methods for authenticating device users through behavioral analysis
CN103139705B (en) Location-based security system for portable electronic device
JP6208104B2 (en) Biometric authentication system, biometric authentication processing device, biometric authentication method, biometric information acquisition terminal, and information terminal
US10522154B2 (en) Voice signature for user authentication to electronic device
US9418664B2 (en) System and method of speaker recognition
JP2017511912A (en) Dynamic keyboard and touchscreen biometrics
JP6572537B2 (en) Authentication apparatus, method, and program
US11392680B2 (en) Authentication and generation of information for authentication
EP3319271A1 (en) Method and device for controlling subordinate electronic device or supporting control of subordinate electronic device by learning ir signal
JP6031172B1 (en) Biometric matching system, biometric matching method, biometric matching device, and control program
KR102442779B1 (en) Method and apparatus for authenticating user
CA3166863A1 (en) System and method for disentangling features specific to users, actions and devices recorded in motion sensor data
CN112861082A (en) Integrated system and method for passive authentication
CN113056738A (en) Method for increasing authentication security
WO2018222304A1 (en) Improvements in biometric authentication
WO2022208598A1 (en) Authentication system and authentication method
KR20200037529A (en) Electronic device, server and method for signature authentication using the same
KR101512498B1 (en) Door open system and method using nfc
US20140136702A1 (en) Method and apparatuses for sharing data in a data sharing system
JP2020135666A (en) Authentication device, terminal for authentication, authentication method, program and recording medium
KR102340398B1 (en) Apparatus, system, and control method for access control
CN107147633A (en) Cipher-code input method and device
JP2018077593A (en) Character input device, character input method, and character input program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15838494

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2016546348

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15838494

Country of ref document: EP

Kind code of ref document: A1