WO2017006559A1 - Operator confirmation server, operator confirmation system, operator confirmation method, and operator confirmation program - Google Patents

Operator confirmation server, operator confirmation system, operator confirmation method, and operator confirmation program Download PDF

Info

Publication number
WO2017006559A1
WO2017006559A1 PCT/JP2016/003191 JP2016003191W WO2017006559A1 WO 2017006559 A1 WO2017006559 A1 WO 2017006559A1 JP 2016003191 W JP2016003191 W JP 2016003191W WO 2017006559 A1 WO2017006559 A1 WO 2017006559A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
terminal device
biometric information
information
user
Prior art date
Application number
PCT/JP2016/003191
Other languages
French (fr)
Japanese (ja)
Inventor
松本 義和
Original Assignee
サイバートラスト株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by サイバートラスト株式会社 filed Critical サイバートラスト株式会社
Publication of WO2017006559A1 publication Critical patent/WO2017006559A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Definitions

  • the present invention relates to an operator confirmation server, an operator confirmation system, an operator confirmation method, and an operator confirmation program.
  • the present invention has been made in view of the above, and provides an operator confirmation server, an operator confirmation system, an operator confirmation method, and an operator confirmation program capable of accurately grasping unauthorized use of a mobile terminal device. For the purpose.
  • the present invention receives terminal identification information and biological information transmitted from a mobile terminal device, and receives the received biological information and the biological information associated with the received terminal identification information.
  • a user certificate that is an electronic certificate corresponding to the user of the mobile terminal device is generated and generated A user certificate is transmitted to the mobile terminal device.
  • FIG. 4 is a flowchart illustrating a certificate generation processing procedure executed by the server 100 and the mobile terminal device 200.
  • 5 is a flowchart showing a biometric information collating process procedure executed by the server 100 and the mobile terminal device 200.
  • 4 is a flowchart showing an operator confirmation processing procedure executed by the server 100.
  • FIG. 1 is a block diagram illustrating a configuration example of a user confirmation system 10 according to the present embodiment.
  • the user confirmation system 10 connects a server 100, a mobile terminal device 200, and an information terminal device 300 through a network N so that they can communicate with each other.
  • a part or all of the network N is wired or wireless, and is a communication network such as the Internet, an intranet, a LAN (Local Area Network), and a mobile communication network.
  • the server 100 identifies an electronic certificate (hereinafter referred to as a user certificate) corresponding to user identification information (hereinafter referred to as a user ID) that identifies a user who operates the mobile terminal device 200 and the mobile terminal device 200.
  • the server issues an electronic certificate (hereinafter referred to as a terminal certificate) corresponding to terminal identification information (hereinafter referred to as a terminal ID).
  • the server 100 is a server that receives biometric information transmitted from the mobile terminal device 200 and generates a new user certificate if the biometric information does not match the prestored biometric information.
  • the mobile terminal device 200 is an information processing device operated by a user such as a smartphone, a mobile phone, a notebook PC, or the like, and acquires the biometric information of the user according to the user's operation.
  • the information terminal device 300 is a PC, tablet terminal or other information processing device operated by a person who confirms whether or not the operator of the mobile terminal device 200 is a valid user.
  • the server 100 includes a transmission / reception unit 101, a certificate generation unit 102, a certificate authentication unit 103, a biometric information matching unit 104, an operator confirmation unit 105, a biometric information storage unit 110, and a certificate information storage unit 120.
  • FIG. 2 is an explanatory diagram showing an example of the data configuration of the biological information storage unit 110.
  • the biological information storage unit 110 stores biological information transmitted from the portable terminal device 200 and information related to the biological information.
  • the biometric information storage unit 110 stores a terminal ID, biometric information, position information, and date / time information in association with each other.
  • FIG. 3 is an explanatory diagram showing an example of the data configuration of the certificate information storage unit 120.
  • the certificate information storage unit 120 stores information related to the user certificate and the terminal certificate. Specifically, the certificate information storage unit 120 includes a user ID, user certificate information, user certificate issuance date / time, terminal ID, terminal certificate information, and terminal certificate issuance date / time. Store in association with each other.
  • the user certificate information is information included in the user certificate and information used when authenticating the user certificate. For example, the serial number of the user certificate.
  • the terminal certificate information is information included in the terminal certificate and information used when authenticating the terminal certificate. For example, the serial number of the terminal certificate.
  • the transmission / reception unit 101 transmits / receives data to / from the mobile terminal device 200 or the information terminal device 400. Specifically, the transmission / reception unit 101 receives the user ID and the terminal ID transmitted from the mobile terminal device 200, and transmits the user certificate and the terminal certificate to the mobile terminal device 200. In addition, the transmission / reception unit 101 receives biological information transmitted from the mobile terminal device 200 and information related to the biological information.
  • the certificate generation unit 102 generates a user certificate corresponding to the user ID transmitted from the portable terminal device 200, and the biological information transmitted from the portable terminal device 200 is stored in the biological information storage unit 110. If it does not match, a new user certificate is generated. Further, the certificate generation unit 102 generates a terminal certificate corresponding to the terminal ID transmitted from the mobile terminal device 200.
  • the certificate authentication unit 103 authenticates the user certificate and the terminal certificate. Specifically, the certificate authentication unit 103 collates the terminal certificate information included in the user certificate transmitted from the mobile terminal device 200 with the user certificate information stored in the certificate storage unit 120, Authenticate the user certificate. The certificate authentication unit 103 verifies the terminal certificate by comparing the terminal certificate information included in the terminal certificate transmitted from the mobile terminal device 200 with the terminal certificate information stored in the certificate storage unit 120.
  • the biometric information collating unit 104 collates the biometric information transmitted from the mobile terminal device 200. Specifically, the biometric information collating unit 104 collates the biometric information transmitted from the mobile terminal device 200 with the latest biometric information stored in the biometric information storage unit 110 and determines whether or not they match. .
  • the operator confirmation unit 105 confirms whether or not the operation of the mobile terminal device 200 is an operation by a valid user (owner or the like) of the mobile terminal device 200. Specifically, the operator confirmation unit 105 determines whether the operation of the mobile terminal device 200 is based on whether the user certificate issuance date / time associated with the user ID matches the terminal certificate issuance date / time. It is determined whether the operation is performed by 200 authorized users.
  • the mobile terminal device 200 includes a transmission / reception unit 201, an operation display unit 202, a biometric information acquisition unit 203, and a certificate storage unit 210.
  • the certificate storage unit 210 stores a user certificate corresponding to the user ID of the user who operates the mobile terminal device 200 and a terminal certificate corresponding to the terminal ID of the mobile terminal device 200 generated by the server 100. To do.
  • the transmission / reception unit 201 transmits a user ID and a terminal ID to the server 100 and receives a user certificate and a terminal certificate.
  • the transmission / reception unit 201 adds position information and date / time information to the biological information acquired by the biological information acquisition unit 202 and transmits the information to the server 100.
  • communication between the mobile terminal device 200 and the server 100 can be performed by SSL (Secure Socket Layer) encrypted communication using an electronic certificate.
  • the operation display unit 202 includes an input unit and a display unit.
  • a liquid crystal display or an organic EL panel that is a display unit and a touch sensor that is an input unit are overlapped like a touch panel.
  • the biometric information acquisition unit 203 acquires the operator's biometric information from an operation on the mobile terminal device 200. For example, the biometric information acquisition unit 203 reads a fingerprint using a touch sensor when the operator performs an operation such as a tap or swipe on the operation display unit 202.
  • FIG. 4 is a flowchart showing a certificate generation processing procedure executed by the server 100 and the mobile terminal device 200.
  • the mobile terminal device 200 is turned on, the mobile terminal device 200 is activated (step S401). As a result, the initial setting program operates.
  • the operation display unit 202 receives an input of a user ID (step S402).
  • the transmission / reception unit 101 acquires a terminal ID from a storage unit (not shown) (step S403).
  • the transmission / reception unit 101 transmits the user ID and the terminal ID to the server 100 (step S404).
  • the transmission / reception unit 101 of the server 100 receives the user ID and the terminal ID, and the certificate generation unit 102 generates a user certificate corresponding to the user ID and a terminal certificate corresponding to the terminal ID (step S406). ).
  • the transmission / reception unit 101 transmits the user certificate and the terminal certificate to the mobile terminal device 200 (step S407).
  • the certificate generation unit 102 associates the user ID, user certificate information, user certificate issuance date / time information, terminal ID, terminal certificate information, and terminal certificate issuance date / time information in the certificate information storage unit 120. Store (step S408).
  • the transmission / reception unit 201 of the mobile terminal device 200 receives the user certificate and the terminal certificate, and stores them in the certificate storage unit 210 (step S409).
  • the biometric information acquisition unit 203 acquires biometric information (step S410).
  • the biometric information acquisition unit 203 adds position information and date / time information to the biometric information (step S411).
  • the transmission / reception unit 201 transmits the terminal ID, biometric information, position information, and date / time information to the server 100 (step S412). At this time, the encrypted information is transmitted using SSL encrypted communication.
  • the transmission / reception unit 101 of the server 100 receives the terminal ID, the biological information, the position information, and the date / time information, and stores the terminal ID, the biological information, the position information, and the date / time information in the biological information storage unit 110 in association with each other (step S413). .
  • FIG. 5 is a flowchart showing a biometric information matching processing procedure executed by the server 100 and the mobile terminal device 200.
  • the mobile terminal device 200 is activated by turning on the power or returning from sleep (step S501).
  • the biometric information acquisition unit 203 acquires biometric information (step S502).
  • the biometric information acquisition unit 203 adds position information and date / time information to the biometric information (step S503).
  • the transmission / reception unit 201 acquires a terminal certificate from the certificate storage unit 210 (step S504), and transmits the terminal certificate to the server 100 (step S505).
  • the transmission / reception unit 101 of the server 100 receives the terminal certificate, and the certificate authentication unit 103 authenticates the terminal certificate (step S506). Specifically, authentication is performed based on whether the terminal certificate information included in the received terminal certificate matches the terminal certificate information stored in the certificate information storage unit 120.
  • the transmission / reception unit 101 transmits the authentication result to the mobile terminal device 200 (step S507).
  • the transmission / reception unit 201 of the mobile terminal device 200 receives the authentication result and determines that the terminal certificate is authenticated based on the received authentication result (step S508: Yes)
  • the transmission / reception unit 201 receives the terminal ID, the biological information, The position information and date / time information are transmitted to the server 100 (step S509).
  • the encrypted information is transmitted using SSL encrypted communication. If it is determined that the terminal certificate has not been authenticated (step S508: No), the process ends.
  • the transmitting / receiving unit 101 of the server 100 receives the terminal ID, biological information, position information, and date / time information (step S510).
  • the biometric information matching unit 104 determines whether the biometric information matches the biometric information stored in the biometric information storage unit 110 (step S511). Specifically, the latest biometric information associated with the terminal ID is acquired from the biometric information storage unit 110, and it is determined whether the acquired biometric information matches the biometric information received from the mobile terminal device 200. To do. When it is determined that the biological information matches the biological information stored in the biological information storage unit 110 (step S511: Yes), that is, when it is determined that the operator has not changed, the process proceeds to step S516.
  • step S511 If it is determined that the biometric information does not match the biometric information stored in the biometric information storage unit 110 (step S511: No), that is, if it is determined that the operator has changed, the certificate generation unit 102. A new user certificate is generated (step S512).
  • the transmission / reception unit 101 transmits the user certificate to the mobile terminal device 200 (step S513).
  • the transmission / reception unit 201 of the mobile terminal device 200 receives the user certificate and stores it in the certificate storage unit 210 (step S514).
  • the certificate generation unit 102 of the server 100 stores the user ID, user certificate information, and issue date / time in the certificate information storage unit 120 (step S515). For example, it is stored as indicated by 31 in FIG.
  • the transmission / reception unit 101 stores the terminal ID, biometric information, position information, and date / time information in the biometric information storage unit 110 (step S516).
  • the biometric information acquired by the operation of the portable terminal device 200 is different from the biometric information stored in the biometric information storage unit 110 of the server 100.
  • a valid user certificate As a result, when and where the operator of the mobile terminal device 200 is changed can be recorded. Further, since the biometric information when the user certificate is issued is stored in the biometric information storage unit 110, it is possible to know who operated after the fact.
  • fingerprints are used as biometric information.
  • an operator's voice or voiceprint may be acquired as biometric information.
  • the biometric information acquisition unit 203 acquires sound from a microphone used for telephone or voice input.
  • FIG. 6 is a flowchart showing an operator confirmation processing procedure executed by the server 100.
  • the transmission / reception unit 101 of the server 100 receives the user ID from the mobile terminal device 200 or the information terminal device 300 (step S601).
  • the operator confirmation unit 105 acquires a terminal ID corresponding to the user ID from the certificate information storage unit 120 (step S602).
  • the operator confirmation unit 105 acquires the terminal certificate issuance date and time corresponding to the terminal ID from the certificate information storage unit 120 (step S603).
  • the operator confirmation unit 105 obtains the latest user certificate issuance date corresponding to the user ID from the certificate information storage unit 120 (step S604).
  • the operator confirmation unit 105 determines whether or not the terminal certificate issuance date / time and the user certificate issuance date / time match (step S605). If it is determined that the terminal certificate issuance date / time does not match the user certificate issuance date / time (step S605: No), that is, if it is determined that a new user certificate has been issued, it is determined that there is an operator change ( Step S606). If it is determined that the terminal certificate issuance date / time and the user certificate issuance date / time match (step S605: Yes), that is, if it is determined that a new user certificate has not been issued, it is determined that there is no change in the operator. (Step S607). The transmission / reception unit 101 transmits the determination result to the mobile terminal device 200 or the information terminal device 300 (step S608).
  • the user ID “UID *** 62” has a terminal certificate issuance date and time of “2015.7.1 10:23:46” (32 in FIG. 3), and the most recent user certificate issuance Since the date and time is '2015.7.28 21:38:38' (31 in FIG. 3), the terminal certificate issuance date and the user certificate issuance date do not match, and it is determined that there is an operator change. Note that the time lag that occurs in the system is taken into account in determining whether the terminal certificate issuance date and time and the user certificate issuance date and time match.
  • the mobile terminal device 200 used by the user is a legitimate user. It is possible to know the possibility that other users operated. Note that the operator confirmation process may accept confirmation from a person other than the user, such as a credit company or an EC site that accepts an operation from the portable terminal device 200, in addition to the user of the portable terminal device 200 itself.
  • the biological information acquisition unit 203 may be a device independent of the mobile terminal device 200.
  • a measuring device that measures, for example, heart rate, electrocardiogram, blood pressure, body temperature, respiratory rate, number of steps, brain waves, and the like may be used.
  • the mobile terminal device 200 is connected to the mobile terminal device 200 by a short-range wireless communication method such as Bluetooth (registered trademark), WiFi (WIreless®FIdelity) (registered trademark), or NFC (Near®Field®Communication). Send and receive data between them.
  • Bluetooth registered trademark
  • WiFi WIreless®FIdelity
  • NFC Near®Field®Communication
  • the hardware configuration of the server 100, the portable terminal device 200, and the information terminal device 300 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), an HDD (Hard Disk Drive). ) And the like, and the above-described configuration and functions are realized by the CPU reading and operating the program stored in the ROM, RAM, HDD, or the like.
  • a CPU Central Processing Unit
  • ROM Read Only Memory
  • RAM Random Access Memory
  • HDD Hard Disk Drive
  • Programs operating on the server 100, the mobile terminal device 200, and the information terminal device 300 are stored on a computer connected to the network N such as the Internet, and can be provided or installed by downloading via the network N
  • a file in a format or an executable format may be recorded and provided on a computer-readable recording medium such as a CD-ROM, DVD, USB memory, or SD card.
  • the program that realizes the above-described functions and processes may be provided in a usage form such as API (Application Programming Interface), SaaS (Software as Service), or cloud computing.
  • the present invention is not limited to the above-described embodiments as they are, and does not necessarily have to be physically configured as illustrated.
  • the present invention is configured to functionally or physically divide, integrate, replace, modify, or delete all or a part of the constituent elements described in the embodiments in arbitrary units according to various loads or usage conditions. Can be configured.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)

Abstract

[Problem] To provide an operator confirmation server, an operator confirmation system, an operator confirmation method, and an operator confirmation program which are capable of accurately ascertaining unauthorized use of a portable terminal device. [Solution] In a biological information storage unit 110, a terminal ID for identifying a portable terminal device 200, biological information, and date and time information are associated with each other, and stored. A transmission/reception unit 101 receives the terminal ID and biological information transmitted from the portable terminal device 200. A biological information verification unit 104 verifies the received biological information against the most recent biological information associated with the terminal ID and stored in the biological information storage unit 110. If it is determined that the biological information does not match, a user certificate, i.e. an electronic certificate corresponding to the user of the portable terminal device 200, is generated, and the transmission/reception unit 101 transmits the generated user certificate to the portable terminal device 200.

Description

操作者確認サーバ、操作者確認システム、操作者確認方法および操作者確認プログラムOperator confirmation server, operator confirmation system, operator confirmation method, and operator confirmation program
 本発明は、操作者確認サーバ、操作者確認システム、操作者確認方法および操作者確認プログラムに関する。 The present invention relates to an operator confirmation server, an operator confirmation system, an operator confirmation method, and an operator confirmation program.
 近年、スマートフォンや携帯電話等の携帯端末装置から様々な処理を実行することが可能となり、他人に不正な使用をされないよう操作者を確認する技術の重要性が高まっている。このような操作者を認証する技術として、より細かな情報にアクセスする際、または、セキュリティチェックが完了していない場合に、パスワード入力でのセキュリティチェックを行うことで不正使用を判別し、不正使用の履歴を保存する技術(特許文献1参照)が開示されている。 In recent years, it has become possible to execute various processes from a mobile terminal device such as a smartphone or a mobile phone, and the importance of technology for confirming an operator so as not to be used illegally by other people is increasing. As a technology for authenticating such an operator, when more detailed information is accessed or when the security check has not been completed, unauthorized use is determined by performing a security check by entering a password. Has been disclosed (see Patent Document 1).
特開2004-110840号公報JP 2004-110840 A
 しかしながら、上述した公報では、正しいパスワードを入力することによって正当な利用者であるか否かを判断するため、他者にパスワードを知られた場合には不正な使用であることを判断できず、また事後に不正な使用であったことを証明することが難しいという問題があった。 However, in the above-mentioned publication, in order to determine whether or not the user is a legitimate user by inputting a correct password, if the password is known to others, it cannot be determined to be an unauthorized use. There was also a problem that it was difficult to prove that it was illegal use after the fact.
 本発明は、上記に鑑みてなされたものであり、携帯端末装置の不正使用を的確に把握することができる操作者確認サーバ、操作者確認システム、操作者確認方法および操作者確認プログラムを提供することを目的とする。 The present invention has been made in view of the above, and provides an operator confirmation server, an operator confirmation system, an operator confirmation method, and an operator confirmation program capable of accurately grasping unauthorized use of a mobile terminal device. For the purpose.
 上述した課題を解決するために、本発明では、携帯端末装置から送信された、端末識別情報および生体情報を受信し、受信した生体情報と、受信した端末識別情報に対応付けられた、生体情報記憶手段に記憶された直近の生体情報とを照合し、生体情報が合致しないと判断した場合、携帯端末装置の利用者に対応する電子証明書である利用者証明書を生成し、生成された利用者証明書を携帯端末装置に送信することを特徴とする。 In order to solve the above-described problem, the present invention receives terminal identification information and biological information transmitted from a mobile terminal device, and receives the received biological information and the biological information associated with the received terminal identification information. When the latest biometric information stored in the storage means is collated and it is determined that the biometric information does not match, a user certificate that is an electronic certificate corresponding to the user of the mobile terminal device is generated and generated A user certificate is transmitted to the mobile terminal device.
 上記のように構成した本発明によれば、携帯端末装置の不正使用を的確に把握することができるという効果を奏する。 According to the present invention configured as described above, there is an effect that unauthorized use of the mobile terminal device can be accurately grasped.
本実施例にかかる利用者確認システム10の構成例を示すブロック図である。It is a block diagram which shows the structural example of the user confirmation system 10 concerning a present Example. 生体情報記憶部110のデータ構成の一例を示す説明図である。It is explanatory drawing which shows an example of a data structure of the biometric information storage part. 証明書情報記憶部120のデータ構成の一例を示す説明図である。4 is an explanatory diagram illustrating an example of a data configuration of a certificate information storage unit 120. FIG. サーバ100と携帯端末装置200で実行する証明書生成処理手順を示すフローチャートである。4 is a flowchart illustrating a certificate generation processing procedure executed by the server 100 and the mobile terminal device 200. サーバ100、携帯端末装置200で実行する生体情報照合処理手順を示すフローチャートである。5 is a flowchart showing a biometric information collating process procedure executed by the server 100 and the mobile terminal device 200. サーバ100で実行する操作者確認処理手順を示すフローチャートである。4 is a flowchart showing an operator confirmation processing procedure executed by the server 100.
 以下、添付図面を参照し、本発明の実施例を説明する。なお、以下の説明は、実施の形態の一例であり、本発明は、これらの実施例に限定されるものではない。 Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. In addition, the following description is an example of embodiment and this invention is not limited to these Examples.
 図1は、本実施例にかかる利用者確認システム10の構成例を示すブロック図である。図1に示すように、利用者確認システム10は、サーバ100と、携帯端末装置200と、情報端末装置300とを、ネットワークNを介して互いに通信可能に接続する。ネットワークNは、一部または全部が有線あるいは無線であり、インターネット、イントラネット、LAN(Local Area Network)、移動体通信網等の通信ネットワークである。 FIG. 1 is a block diagram illustrating a configuration example of a user confirmation system 10 according to the present embodiment. As shown in FIG. 1, the user confirmation system 10 connects a server 100, a mobile terminal device 200, and an information terminal device 300 through a network N so that they can communicate with each other. A part or all of the network N is wired or wireless, and is a communication network such as the Internet, an intranet, a LAN (Local Area Network), and a mobile communication network.
 サーバ100は、携帯端末装置200を操作する利用者を識別する利用者識別情報(以下、利用者IDという)に対応する電子証明書(以下、利用者証明書という)および携帯端末装置200を識別する端末識別情報(以下、端末IDという)に対応する電子証明書(以下、端末証明書という)を発行するサーバである。また、サーバ100は、携帯端末装置200から送信される生体情報を受信し、予め記憶した生体情報と合致しない場合は、新たな利用者証明書を生成するサーバである。 The server 100 identifies an electronic certificate (hereinafter referred to as a user certificate) corresponding to user identification information (hereinafter referred to as a user ID) that identifies a user who operates the mobile terminal device 200 and the mobile terminal device 200. The server issues an electronic certificate (hereinafter referred to as a terminal certificate) corresponding to terminal identification information (hereinafter referred to as a terminal ID). The server 100 is a server that receives biometric information transmitted from the mobile terminal device 200 and generates a new user certificate if the biometric information does not match the prestored biometric information.
 携帯端末装置200は、スマートフォン、携帯電話、ノート型PCその他の利用者が操作する情報処理装置であり、利用者の操作に応じ利用者の生体情報を取得する。 The mobile terminal device 200 is an information processing device operated by a user such as a smartphone, a mobile phone, a notebook PC, or the like, and acquires the biometric information of the user according to the user's operation.
 情報端末装置300は、携帯端末装置200の操作者が正当な利用者であるか否かを確認する者が操作する、PC、タブレット端末その他の情報処理装置である。 The information terminal device 300 is a PC, tablet terminal or other information processing device operated by a person who confirms whether or not the operator of the mobile terminal device 200 is a valid user.
 次に、サーバ100の構成、機能について説明する。サーバ100は、送受信部101、証明書生成部102、証明書認証部103、生体情報照合部104、操作者確認部105、生体情報記憶部110、証明書情報記憶部120を備える。 Next, the configuration and functions of the server 100 will be described. The server 100 includes a transmission / reception unit 101, a certificate generation unit 102, a certificate authentication unit 103, a biometric information matching unit 104, an operator confirmation unit 105, a biometric information storage unit 110, and a certificate information storage unit 120.
 図2は、生体情報記憶部110のデータ構成の一例を示す説明図である。生体情報記憶部110は、携帯端末装置200から送信される生体情報および生体情報に関連する情報を記憶する。具体的には、生体情報記憶部110は、端末IDと、生体情報と、位置情報と、日時情報とを対応付けて記憶する。 FIG. 2 is an explanatory diagram showing an example of the data configuration of the biological information storage unit 110. The biological information storage unit 110 stores biological information transmitted from the portable terminal device 200 and information related to the biological information. Specifically, the biometric information storage unit 110 stores a terminal ID, biometric information, position information, and date / time information in association with each other.
 図3は、証明書情報記憶部120のデータ構成の一例を示す説明図である。証明書情報記憶部120は、利用者証明書と端末証明書に関連する情報を記憶する。具体的には、証明書情報記憶部120は、利用者IDと、利用者証明書情報と、利用者証明書発行日時と、端末IDと、端末証明書情報と、端末証明書発行日時とを対応付けて記憶する。ここで、利用者証明書情報とは、利用者証明書に含まれる情報で、かつ、利用者証明書を認証する際に使用する情報である。例えば、利用者証明書のシリアル番号である。また、端末証明書情報は、端末証明書に含まれる情報で、かつ、端末証明書を認証する際に使用する情報である。例えば、端末証明書のシリアル番号である。 FIG. 3 is an explanatory diagram showing an example of the data configuration of the certificate information storage unit 120. The certificate information storage unit 120 stores information related to the user certificate and the terminal certificate. Specifically, the certificate information storage unit 120 includes a user ID, user certificate information, user certificate issuance date / time, terminal ID, terminal certificate information, and terminal certificate issuance date / time. Store in association with each other. Here, the user certificate information is information included in the user certificate and information used when authenticating the user certificate. For example, the serial number of the user certificate. The terminal certificate information is information included in the terminal certificate and information used when authenticating the terminal certificate. For example, the serial number of the terminal certificate.
 送受信部101は、携帯端末装置200または情報端末装置400との間でデータを送受信する。具体的には、送受信部101は、携帯端末装置200から送信された利用者IDおよび端末IDを受信し、利用者証明書および端末証明書を携帯端末装置200に送信する。また、送受信部101は、携帯端末装置200から送信された生体情報および生体情報に関連する情報を受信する。 The transmission / reception unit 101 transmits / receives data to / from the mobile terminal device 200 or the information terminal device 400. Specifically, the transmission / reception unit 101 receives the user ID and the terminal ID transmitted from the mobile terminal device 200, and transmits the user certificate and the terminal certificate to the mobile terminal device 200. In addition, the transmission / reception unit 101 receives biological information transmitted from the mobile terminal device 200 and information related to the biological information.
 証明書生成部102は、携帯端末装置200から送信された利用者IDに対応する利用者証明書を生成し、携帯端末装置200から送信された生体情報が生体情報記憶部110に記憶する生体情報と合致しない場合は、新たな利用者証明書を生成する。また、証明書生成部102は、携帯端末装置200から送信された端末IDに対応する端末証明書を生成する。 The certificate generation unit 102 generates a user certificate corresponding to the user ID transmitted from the portable terminal device 200, and the biological information transmitted from the portable terminal device 200 is stored in the biological information storage unit 110. If it does not match, a new user certificate is generated. Further, the certificate generation unit 102 generates a terminal certificate corresponding to the terminal ID transmitted from the mobile terminal device 200.
 証明書認証部103は、利用者証明書および端末証明書を認証する。具体的には、証明書認証部103は、携帯端末装置200から送信された利用者証明書に含まれる端末証明書情報と、証明書記憶部120に記憶する利用者証明書情報を照合し、利用者証明書を認証する。証明書認証部103は、携帯端末装置200から送信された端末証明書に含まれる端末証明書情報と、証明書記憶部120に記憶する端末証明書情報を照合し、端末証明書を認証する。 The certificate authentication unit 103 authenticates the user certificate and the terminal certificate. Specifically, the certificate authentication unit 103 collates the terminal certificate information included in the user certificate transmitted from the mobile terminal device 200 with the user certificate information stored in the certificate storage unit 120, Authenticate the user certificate. The certificate authentication unit 103 verifies the terminal certificate by comparing the terminal certificate information included in the terminal certificate transmitted from the mobile terminal device 200 with the terminal certificate information stored in the certificate storage unit 120.
 生体情報照合部104は、携帯端末装置200から送信された生体情報を照合する。具体的には、生体情報照合部104は、携帯端末装置200から送信された生体情報と、生体情報記憶部110に記憶された直近の生体情報とを照合し、合致するか否かを判断する。 The biometric information collating unit 104 collates the biometric information transmitted from the mobile terminal device 200. Specifically, the biometric information collating unit 104 collates the biometric information transmitted from the mobile terminal device 200 with the latest biometric information stored in the biometric information storage unit 110 and determines whether or not they match. .
 操作者確認部105は、携帯端末装置200の操作が携帯端末装置200の正当な利用者(所有者等)による操作であるか否かを確認する。具体的には、操作者確認部105は、利用者IDに対応付けられた利用者証明書発行日時と、端末証明書発行日時が合致するか否かで携帯端末装置200の操作が携帯端末装置200の正当な利用者による操作か否かを判断する。 The operator confirmation unit 105 confirms whether or not the operation of the mobile terminal device 200 is an operation by a valid user (owner or the like) of the mobile terminal device 200. Specifically, the operator confirmation unit 105 determines whether the operation of the mobile terminal device 200 is based on whether the user certificate issuance date / time associated with the user ID matches the terminal certificate issuance date / time. It is determined whether the operation is performed by 200 authorized users.
 次に、携帯端末装置200の構成,機能について説明する。携帯端末装置200は、送受信部201、操作表示部202、生体情報取得部203、証明書記憶部210を備える。 Next, the configuration and functions of the mobile terminal device 200 will be described. The mobile terminal device 200 includes a transmission / reception unit 201, an operation display unit 202, a biometric information acquisition unit 203, and a certificate storage unit 210.
 証明書記憶部210は、サーバ100で生成された、携帯端末装置200を操作する利用者の利用者IDに対応する利用者証明書および携帯端末装置200の端末IDに対応する端末証明書を記憶する。 The certificate storage unit 210 stores a user certificate corresponding to the user ID of the user who operates the mobile terminal device 200 and a terminal certificate corresponding to the terminal ID of the mobile terminal device 200 generated by the server 100. To do.
 送受信部201は、サーバ100に利用者IDおよび端末IDを送信し、利用者証明書および端末証明書を受信する。送受信部201は、生体情報取得部202によって取得した生体情報に、位置情報、日時情報を追加しサーバ100に送信する。なお、携帯端末装置200とサーバ100との通信は、電子証明書を用いたSSL(Secure Socket Layer)暗号化通信で行うことができる。 The transmission / reception unit 201 transmits a user ID and a terminal ID to the server 100 and receives a user certificate and a terminal certificate. The transmission / reception unit 201 adds position information and date / time information to the biological information acquired by the biological information acquisition unit 202 and transmits the information to the server 100. Note that communication between the mobile terminal device 200 and the server 100 can be performed by SSL (Secure Socket Layer) encrypted communication using an electronic certificate.
 操作表示部202は、入力部と表示部を備え、例えばスマートフォンの場合は、タッチパネルのように、表示部である液晶ディスプレイや有機ELパネルと、入力部であるタッチセンサを重畳して構成する。 The operation display unit 202 includes an input unit and a display unit. For example, in the case of a smartphone, a liquid crystal display or an organic EL panel that is a display unit and a touch sensor that is an input unit are overlapped like a touch panel.
 生体情報取得部203は、携帯端末装置200に対する操作から操作者の生体情報を取得する。例えば、生体情報取得部203は、操作者が操作表示部202にタップやスワイプ等の操作をした際にタッチセンサを用いて指紋を読み取る。 The biometric information acquisition unit 203 acquires the operator's biometric information from an operation on the mobile terminal device 200. For example, the biometric information acquisition unit 203 reads a fingerprint using a touch sensor when the operator performs an operation such as a tap or swipe on the operation display unit 202.
 上述のように構成された利用者確認システム10で実行する証明書生成処理について説明する。図4は、サーバ100と携帯端末装置200が実行する証明書生成処理手順を示すフローチャートである。 The certificate generation process executed by the user confirmation system 10 configured as described above will be described. FIG. 4 is a flowchart showing a certificate generation processing procedure executed by the server 100 and the mobile terminal device 200.
 まず、携帯端末装置200の電源をONした際に、携帯端末装置200が起動する(ステップS401)。これにより、初期設定プログラムが動作する。操作表示部202は、利用者IDの入力を受付ける(ステップS402)。送受信部101は、図示しない記憶部から端末IDを取得する(ステップS403)。送受信部101は、利用者IDおよび端末IDをサーバ100に送信する(ステップS404)。 First, when the mobile terminal device 200 is turned on, the mobile terminal device 200 is activated (step S401). As a result, the initial setting program operates. The operation display unit 202 receives an input of a user ID (step S402). The transmission / reception unit 101 acquires a terminal ID from a storage unit (not shown) (step S403). The transmission / reception unit 101 transmits the user ID and the terminal ID to the server 100 (step S404).
 サーバ100の送受信部101は、利用者IDおよび端末IDを受信し、証明書生成部102は、利用者IDに対応する利用者証明書および端末IDに対応する端末証明書を生成する(ステップS406)。送受信部101は、利用者証明書および端末証明書を携帯端末装置200に送信する(ステップS407)。証明書生成部102は、利用者ID、利用者証明書情報、利用者証明書発行日時情報、端末ID、端末証明書情報、端末証明書発行日時情報を対応付けて証明書情報記憶部120に格納する(ステップS408)。 The transmission / reception unit 101 of the server 100 receives the user ID and the terminal ID, and the certificate generation unit 102 generates a user certificate corresponding to the user ID and a terminal certificate corresponding to the terminal ID (step S406). ). The transmission / reception unit 101 transmits the user certificate and the terminal certificate to the mobile terminal device 200 (step S407). The certificate generation unit 102 associates the user ID, user certificate information, user certificate issuance date / time information, terminal ID, terminal certificate information, and terminal certificate issuance date / time information in the certificate information storage unit 120. Store (step S408).
 携帯端末装置200の送受信部201は、利用者証明書および端末証明書を受信し、証明書記憶部210に格納する(ステップS409)。生体情報取得部203は、生体情報を取得する(ステップS410)。生体情報取得部203は、生体情報に位置情報、日時情報を追加する(ステップS411)。送受信部201は、端末ID、生体情報、位置情報、日時情報をサーバ100に送信する(ステップS412)。このとき、SSL暗号化通信を用い、暗号化して生体情報等を送信する。 The transmission / reception unit 201 of the mobile terminal device 200 receives the user certificate and the terminal certificate, and stores them in the certificate storage unit 210 (step S409). The biometric information acquisition unit 203 acquires biometric information (step S410). The biometric information acquisition unit 203 adds position information and date / time information to the biometric information (step S411). The transmission / reception unit 201 transmits the terminal ID, biometric information, position information, and date / time information to the server 100 (step S412). At this time, the encrypted information is transmitted using SSL encrypted communication.
 サーバ100の送受信部101は、端末ID、生体情報、位置情報、日時情報を受信し、端末ID、生体情報、位置情報、日時情報を対応付けて生体情報記憶部110に格納する(ステップS413)。 The transmission / reception unit 101 of the server 100 receives the terminal ID, the biological information, the position information, and the date / time information, and stores the terminal ID, the biological information, the position information, and the date / time information in the biological information storage unit 110 in association with each other (step S413). .
 次に、操作者確認システム10で実行する生体情報照合処理について説明する。図5は、サーバ100、携帯端末装置200で実行する生体情報照合処理手順を示すフローチャートである。 Next, the biometric information matching process executed by the operator confirmation system 10 will be described. FIG. 5 is a flowchart showing a biometric information matching processing procedure executed by the server 100 and the mobile terminal device 200.
 携帯端末装置200は、電源ONまたはスリープからの復帰により起動する(ステップS501)。生体情報取得部203は、生体情報を取得する(ステップS502)。生体情報取得部203は、生体情報に位置情報、日時情報を追加する(ステップS503)。送受信部201は、証明書記憶部210から端末証明書を取得し(ステップS504)、端末証明書をサーバ100に送信する(ステップS505)。 The mobile terminal device 200 is activated by turning on the power or returning from sleep (step S501). The biometric information acquisition unit 203 acquires biometric information (step S502). The biometric information acquisition unit 203 adds position information and date / time information to the biometric information (step S503). The transmission / reception unit 201 acquires a terminal certificate from the certificate storage unit 210 (step S504), and transmits the terminal certificate to the server 100 (step S505).
 サーバ100の送受信部101は、端末証明書を受信し、証明書認証部103は、端末証明書を認証する(ステップS506)。具体的には、受信した端末証明書に含まれる端末証明書情報と、証明書情報記憶部120に記憶する端末証明書情報が合致するか否かで認証する。送受信部101は、認証結果を携帯端末装置200に送信する(ステップS507)。 The transmission / reception unit 101 of the server 100 receives the terminal certificate, and the certificate authentication unit 103 authenticates the terminal certificate (step S506). Specifically, authentication is performed based on whether the terminal certificate information included in the received terminal certificate matches the terminal certificate information stored in the certificate information storage unit 120. The transmission / reception unit 101 transmits the authentication result to the mobile terminal device 200 (step S507).
 携帯端末装置200の送受信部201は、認証結果を受信し、受信した認証結果によって端末証明書が認証されたと判断する場合は(ステップS508:Yes)、送受信部201は、端末ID、生体情報、位置情報、日時情報をサーバ100に送信する(ステップS509)。このとき、SSL暗号化通信を用い、暗号化して生体情報等を送信する。端末証明書が認証されなかったと判断する場合は(ステップS508:No)、処理を終了する。 When the transmission / reception unit 201 of the mobile terminal device 200 receives the authentication result and determines that the terminal certificate is authenticated based on the received authentication result (step S508: Yes), the transmission / reception unit 201 receives the terminal ID, the biological information, The position information and date / time information are transmitted to the server 100 (step S509). At this time, the encrypted information is transmitted using SSL encrypted communication. If it is determined that the terminal certificate has not been authenticated (step S508: No), the process ends.
 サーバ100の送受信部101は、端末ID、生体情報、位置情報、日時情報を受信する(ステップS510)。生体情報照合部104は、生体情報が生体情報記憶部110に記憶されている生体情報と合致するか否かを判断する(ステップS511)。具体的には、端末IDに対応付けられた直近の生体情報を生体情報記憶部110から取得し、取得した生体情報と、携帯端末装置200から受信した生体情報とが合致するか否かを判断する。生体情報が生体情報記憶部110に記憶されている生体情報と合致すると判断した場合(ステップS511:Yes)、すなわち操作者が変わっていないと判断した場合は、ステップS516に進む。 The transmitting / receiving unit 101 of the server 100 receives the terminal ID, biological information, position information, and date / time information (step S510). The biometric information matching unit 104 determines whether the biometric information matches the biometric information stored in the biometric information storage unit 110 (step S511). Specifically, the latest biometric information associated with the terminal ID is acquired from the biometric information storage unit 110, and it is determined whether the acquired biometric information matches the biometric information received from the mobile terminal device 200. To do. When it is determined that the biological information matches the biological information stored in the biological information storage unit 110 (step S511: Yes), that is, when it is determined that the operator has not changed, the process proceeds to step S516.
 生体情報が生体情報記憶部110に記憶されている生体情報と合致しないと判断した場合(ステップS511:No)、すなわち操作者が変わったと判断した場合は、証明書生成部102は。新たな利用者証明書を生成する(ステップS512)。送受信部101は、利用者証明書を携帯端末装置200に送信する(ステップS513)。携帯端末装置200の送受信部201は、利用者証明書を受信し、証明書記憶部210に格納する(ステップS514)。 If it is determined that the biometric information does not match the biometric information stored in the biometric information storage unit 110 (step S511: No), that is, if it is determined that the operator has changed, the certificate generation unit 102. A new user certificate is generated (step S512). The transmission / reception unit 101 transmits the user certificate to the mobile terminal device 200 (step S513). The transmission / reception unit 201 of the mobile terminal device 200 receives the user certificate and stores it in the certificate storage unit 210 (step S514).
 サーバ100の証明書生成部102は、利用者ID、利用者証明書情報、発行日時を証明書情報記憶部120に格納する(ステップS515)。例えば、図3の31に示すように格納される。送受信部101は、端末ID、生体情報、位置情報、日時情報を生体情報記憶部110に格納する(ステップS516)。 The certificate generation unit 102 of the server 100 stores the user ID, user certificate information, and issue date / time in the certificate information storage unit 120 (step S515). For example, it is stored as indicated by 31 in FIG. The transmission / reception unit 101 stores the terminal ID, biometric information, position information, and date / time information in the biometric information storage unit 110 (step S516).
 このように、携帯端末装置200を端末証明書で認証したうえで、携帯端末装置200の操作で取得した生体情報が、サーバ100の生体情報記憶部110に記憶する生体情報と異なる場合は、新たな利用者証明書を生成する。これにより、携帯端末装置200の操作者がいつどこで入れ変わったかを記録に残すことができる。また、利用者証明書が発行された際の生体情報は、生体情報記憶部110に記憶されるため、事後に誰が操作したかを知ることもできる。 Thus, after authenticating the portable terminal device 200 with the terminal certificate, the biometric information acquired by the operation of the portable terminal device 200 is different from the biometric information stored in the biometric information storage unit 110 of the server 100. A valid user certificate. As a result, when and where the operator of the mobile terminal device 200 is changed can be recorded. Further, since the biometric information when the user certificate is issued is stored in the biometric information storage unit 110, it is possible to know who operated after the fact.
 上述した実施例では、生体情報として指紋を使用したが、操作者の音声や声紋を生体情報として取得してもよい。その場合、生体情報取得部203は、電話や音声入力する際に使用するマイクロフォンから音声を取得する。 In the above-described embodiments, fingerprints are used as biometric information. However, an operator's voice or voiceprint may be acquired as biometric information. In that case, the biometric information acquisition unit 203 acquires sound from a microphone used for telephone or voice input.
 次に、操作者確認システム10で実行する操作者確認処理について説明する。図6は、サーバ100で実行する操作者確認処理手順を示すフローチャートである。 Next, an operator confirmation process executed by the operator confirmation system 10 will be described. FIG. 6 is a flowchart showing an operator confirmation processing procedure executed by the server 100.
 サーバ100の送受信部101は、利用者IDを携帯端末装置200または情報端末装置300から受信する(ステップS601)。操作者確認部105は、利用者IDに対応する端末IDを証明書情報記憶部120から取得する(ステップS602)。操作者確認部105は、端末IDに対応する端末証明書発行日時を証明書情報記憶部120から取得する(ステップS603)。操作者確認部105は、利用者IDに対応する直近の利用者証明書発行日時を証明書情報記憶部120から取得する(ステップS604)。 The transmission / reception unit 101 of the server 100 receives the user ID from the mobile terminal device 200 or the information terminal device 300 (step S601). The operator confirmation unit 105 acquires a terminal ID corresponding to the user ID from the certificate information storage unit 120 (step S602). The operator confirmation unit 105 acquires the terminal certificate issuance date and time corresponding to the terminal ID from the certificate information storage unit 120 (step S603). The operator confirmation unit 105 obtains the latest user certificate issuance date corresponding to the user ID from the certificate information storage unit 120 (step S604).
 操作者確認部105は、端末証明書発行日時と利用者証明書発行日時が合致するか否かを判断する(ステップS605)。端末証明書発行日時と利用者証明書発行日時が合致しないと判断した場合(ステップS605:No)、すなわち新たな利用者証明書が発行されたと判断した場合は、操作者変更ありと判断する(ステップS606)。端末証明書発行日時と利用者証明書発行日時が合致すると判断した場合(ステップS605:Yes)、すなわち新たな利用者証明書が発行されていないと判断した場合は、操作者変更なしと判断する(ステップS607)。送受信部101は、判断結果を携帯端末装置200または情報端末装置300に送信する(ステップS608)。 The operator confirmation unit 105 determines whether or not the terminal certificate issuance date / time and the user certificate issuance date / time match (step S605). If it is determined that the terminal certificate issuance date / time does not match the user certificate issuance date / time (step S605: No), that is, if it is determined that a new user certificate has been issued, it is determined that there is an operator change ( Step S606). If it is determined that the terminal certificate issuance date / time and the user certificate issuance date / time match (step S605: Yes), that is, if it is determined that a new user certificate has not been issued, it is determined that there is no change in the operator. (Step S607). The transmission / reception unit 101 transmits the determination result to the mobile terminal device 200 or the information terminal device 300 (step S608).
 例えば、図3において、利用者ID‘UID***62’は、端末証明書発行日時が‘2015.7.1 10:23:46’(図3の32)であり、直近の利用者証明書発行日時‘2015.7.28 21:38:38’(図3の31)であるから、端末証明書発行日時と利用者証明書発行日時が合致せず、操作者変更ありと判断される。なお、端末証明書発行日時と利用者証明書発行日時が合致するか否かの判断については、システム上発生するタイムラグが考慮される。 For example, in FIG. 3, the user ID “UID *** 62” has a terminal certificate issuance date and time of “2015.7.1 10:23:46” (32 in FIG. 3), and the most recent user certificate issuance Since the date and time is '2015.7.28 21:38:38' (31 in FIG. 3), the terminal certificate issuance date and the user certificate issuance date do not match, and it is determined that there is an operator change. Note that the time lag that occurs in the system is taken into account in determining whether the terminal certificate issuance date and time and the user certificate issuance date and time match.
 このように、確認対象である利用者の利用者IDに対し新たな利用者証明書が発行されたか否かを判断することによって、利用者が使用している携帯端末装置200を正当な利用者以外が操作した可能性を知ることができる。なお、操作者確認処理は、携帯端末装置200の利用者自身に加え、携帯端末装置200からの操作を受付けたクレジット会社やECサイトなど、利用者以外の者からの確認を受付けてもよい。 Thus, by determining whether or not a new user certificate has been issued for the user ID of the user to be checked, the mobile terminal device 200 used by the user is a legitimate user. It is possible to know the possibility that other users operated. Note that the operator confirmation process may accept confirmation from a person other than the user, such as a credit company or an EC site that accepts an operation from the portable terminal device 200, in addition to the user of the portable terminal device 200 itself.
 上述した実施例では、操作者変更の有無のみについて判断したが、証明書情報記憶部120に記憶された利用者証明書発行日時情報と、生体情報記憶部110に記憶された生体情報、位置情報、日時情報とを付き合わせることによって、どの生体情報の操作者がいつどこで携帯端末装置200を操作したかを知ることができる。 In the above-described embodiment, only the presence / absence of the operator change is determined, but the user certificate issuance date / time information stored in the certificate information storage unit 120 and the biometric information and position information stored in the biometric information storage unit 110 are determined. By associating the date and time information, it is possible to know when and where the operator of which biological information has operated the mobile terminal device 200.
 また、生体情報取得部203は、携帯端末装置200から独立した機器としてもよい。個人を特定できるならば、例えば心拍数、心電図、血圧、体温、呼吸数、歩数、脳波等を計測する計測機器でもよい。独立した計測機器で生体情報を取得する場合は、Bluetooth(登録商標)やWiFi(WIreless  FIdelity)(登録商標)、NFC(Near  Field  Communication)等などの近距離無線通信方式によって携帯端末装置200との間でデータを送受信する。 Moreover, the biological information acquisition unit 203 may be a device independent of the mobile terminal device 200. As long as an individual can be identified, a measuring device that measures, for example, heart rate, electrocardiogram, blood pressure, body temperature, respiratory rate, number of steps, brain waves, and the like may be used. When biometric information is acquired by an independent measuring device, the mobile terminal device 200 is connected to the mobile terminal device 200 by a short-range wireless communication method such as Bluetooth (registered trademark), WiFi (WIreless®FIdelity) (registered trademark), or NFC (Near®Field®Communication). Send and receive data between them.
 上述した実施例にかかるサーバ100、携帯端末装置200、情報端末装置300のハードウェア構成は、CPU(Central Processing Unit)、ROM(Read Only Memory)やRAM(Random Access Memory)、HDD(Hard Disk Drive)等の外部記憶装置、通信制御装置等を備えた通常のコンピュータであり、ROMやRAM、HDD等に記憶されたプログラムをCPUが読み出し動作させることによって、上述した構成や機能を実現する。 The hardware configuration of the server 100, the portable terminal device 200, and the information terminal device 300 according to the above-described embodiments includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), an HDD (Hard Disk Drive). ) And the like, and the above-described configuration and functions are realized by the CPU reading and operating the program stored in the ROM, RAM, HDD, or the like.
 サーバ100、携帯端末装置200、情報端末装置300で動作するプログラムは、インターネット等のネットワークNに接続されたコンピュータ上に格納しておき、ネットワークN経由でダウンロードさせることにより提供したり、インストール可能な形式又は実行可能な形式のファイルでCD-ROM、DVD、USBメモリ、SDカード等のコンピュータで読取り可能な記録媒体に記録し提供してもよい。また、上述した機能や処理を実現するプログラムは、API(Application Programming Interface)やSaaS(Software as a Service)、クラウドコンピューティングという利用形態で提供してもよい。 Programs operating on the server 100, the mobile terminal device 200, and the information terminal device 300 are stored on a computer connected to the network N such as the Internet, and can be provided or installed by downloading via the network N A file in a format or an executable format may be recorded and provided on a computer-readable recording medium such as a CD-ROM, DVD, USB memory, or SD card. Further, the program that realizes the above-described functions and processes may be provided in a usage form such as API (Application Programming Interface), SaaS (Software as Service), or cloud computing.
 なお、本発明は、上述した実施例そのままに限定されるものではなく、必ずしも物理的に図示のように構成されている必要はない。また、本発明は、実施例で説明した構成要素の全部または一部を、各種の負荷や使用状況などに応じ、任意の単位で機能的または物理的に分割、統合、入替、変形または削除して構成することができる。 Note that the present invention is not limited to the above-described embodiments as they are, and does not necessarily have to be physically configured as illustrated. In addition, the present invention is configured to functionally or physically divide, integrate, replace, modify, or delete all or a part of the constituent elements described in the embodiments in arbitrary units according to various loads or usage conditions. Can be configured.
N…ネットワーク、10…操作者確認システム、100…サーバ、101…送受信部、102…証明書生成部、103…証明書認証部、104…生体情報照合部、105…操作者確認部、110…生体情報記憶部、120…証明書情報記憶部、200…携帯端末装置、201…送受信部、202…操作表示部、203…生体情報取得部、210…証明書記憶部、300…情報端末装置 DESCRIPTION OF SYMBOLS N ... Network, 10 ... Operator confirmation system, 100 ... Server, 101 ... Transmission / reception part, 102 ... Certificate generation part, 103 ... Certificate authentication part, 104 ... Biometric information collation part, 105 ... Operator confirmation part, 110 ... Biometric information storage unit, 120 ... Certificate information storage unit, 200 ... Mobile terminal device, 201 ... Transmission / reception unit, 202 ... Operation display unit, 203 ... Biometric information acquisition unit, 210 ... Certificate storage unit, 300 ... Information terminal device

Claims (6)

  1.  携帯端末装置とネットワークを介して接続する操作者確認サーバにおいて、
     前記携帯端末装置を識別する端末識別情報と、生体情報と、日時情報とを対応付けて記憶する生体情報記憶手段と、
     前記携帯端末装置から送信された、前記端末識別情報および生体情報を受信する受信手段と、
     前記受信手段によって受信した前記生体情報と、前記端末識別情報に対応付けられた、前記生体情報記憶手段に記憶された直近の前記生体情報とを照合する生体情報照合手段と、
     前記生体情報照合手段によって生体情報が合致しないと判断した場合、前記携帯端末装置の利用者に対応する電子証明書である利用者証明書を生成する証明書生成手段と、
     前記証明書生成手段によって生成された前記利用者証明書を前記携帯端末装置に送信する送信手段と、
     を備えることを特徴とする操作者確認サーバ。     In the operator confirmation server connected to the mobile terminal device via the network,
    Biometric information storage means for storing terminal identification information for identifying the portable terminal device, biometric information, and date / time information in association with each other;
    Receiving means for receiving the terminal identification information and biometric information transmitted from the portable terminal device;
    Biometric information collating means for collating the biometric information received by the receiving means with the latest biometric information stored in the biometric information storage means, which is associated with the terminal identification information;
    A certificate generation unit that generates a user certificate that is an electronic certificate corresponding to a user of the mobile terminal device when the biometric information collating unit determines that the biometric information does not match;
    Transmitting means for transmitting the user certificate generated by the certificate generating means to the portable terminal device;
    An operator confirmation server comprising:
  2.  前記受信手段は、前記携帯端末装置に対応する電子証明書である端末証明書を前記携帯端末装置から受信し、
     前記受信手段によって受信した前記端末証明書を認証する証明書認証手段と、をさらに備え、
     前記受信手段は、前記端末証明書を認証した場合に、前記端末識別情報と、前記生体情報を前記携帯端末装置から受信すること、を特徴とする請求項1に記載の操作者確認サーバ。     The receiving means receives a terminal certificate, which is an electronic certificate corresponding to the mobile terminal device, from the mobile terminal device,
    Certificate authenticating means for authenticating the terminal certificate received by the receiving means,
    The operator confirmation server according to claim 1, wherein the receiving unit receives the terminal identification information and the biological information from the portable terminal device when the terminal certificate is authenticated.
  3.  前記携帯端末装置の利用者を識別する利用者識別情報と、利用者証明書発行日時情報と、前記端末識別情報と、端末証明書発行日時情報と、を対応付けて記憶する証明書情報記憶手段、を備え、
     前記受信手段は、前記利用者識別情報を受信し、
     前記利用者識別情報に対応付けられた直近の前記利用者証明書発行日時情報と、前記利用者識別情報に対応する前記端末識別情報に対応付けられた前記端末証明書発行日時情報と、が合致するか否かによって、前記携帯端末装置の操作者が変更したか否かを判断する操作者確認手段と、をさらに備えることを特徴とする請求項1または請求項2に記載の操作者確認サーバ。     Certificate information storage means for storing user identification information for identifying a user of the portable terminal device, user certificate issuance date / time information, the terminal identification information, and terminal certificate issuance date / time information in association with each other. With
    The receiving means receives the user identification information;
    The most recent user certificate issuance date / time information associated with the user identification information matches the terminal certificate issuance date / time information associated with the terminal identification information corresponding to the user identification information. The operator confirmation server according to claim 1, further comprising: an operator confirmation unit that determines whether or not the operator of the portable terminal device has changed depending on whether or not to perform the operation. .
  4.  携帯端末装置と、サーバとをネットワークを介して接続する操作者確認システムにおいて、
     前記携帯端末装置は、
     操作者の生体情報を取得する生体情報取得手段と、
     前記生体情報取得手段によって取得した前記生体情報および前記携帯端末装置を識別する端末識別情報を前記サーバに送信する第1の送信手段と、を備え、
     前記サーバは、
     前記端末識別情報と、生体情報と、日時情報とを対応付けて記憶する生体情報記憶手段と、
     前記生体情報および前記端末識別情報を前記携帯端末装置から受信する第1の受信手段と、
     前記第1の受信手段によって受信した前記生体情報と、前記端末識別情報に対応付けられた、前記生体情報記憶手段に記憶された直近の前記生体情報と、を照合する生体情報照合手段と、
     前記生体情報照合手段によって生体情報が合致しないと判断した場合、前記携帯端末装置の利用者に対応する電子証明書である利用者証明書を生成する証明書生成手段と、
     前記証明書生成手段によって生成された前記利用者証明書を前記携帯端末装置に送信する第2の送信手段と、を備え、
     前記携帯端末装置は、
     前記利用者証明書を前記サーバから受信し、受信した前記利用者証明書を証明書記憶部に格納する第2の受信手段と、
     を備えることを特徴とする操作者確認システム。     In an operator confirmation system that connects a mobile terminal device and a server via a network,
    The portable terminal device
    Biometric information acquisition means for acquiring biometric information of the operator;
    First transmission means for transmitting the biometric information acquired by the biometric information acquisition means and terminal identification information for identifying the mobile terminal device to the server;
    The server
    Biometric information storage means for storing the terminal identification information, biometric information, and date / time information in association with each other;
    First receiving means for receiving the biological information and the terminal identification information from the portable terminal device;
    Biometric information collating means for collating the biometric information received by the first receiving means with the most recent biometric information stored in the biometric information storage means associated with the terminal identification information;
    A certificate generation unit that generates a user certificate that is an electronic certificate corresponding to a user of the mobile terminal device when the biometric information collating unit determines that the biometric information does not match;
    Second transmission means for transmitting the user certificate generated by the certificate generation means to the portable terminal device,
    The portable terminal device
    Second receiving means for receiving the user certificate from the server and storing the received user certificate in a certificate storage unit;
    An operator confirmation system comprising:
  5.  携帯端末装置とネットワークを介して接続する操作者確認サーバで実行される操作者確認方法であって、
     前記携帯端末装置を識別する端末識別情報と、生体情報と、日時情報とを対応付けて記憶する生体情報記憶手段、を備え、
     前記携帯端末装置から送信された、前記端末識別情報および生体情報を受信する受信ステップと、
     前記受信ステップによって受信した前記生体情報と、前記端末識別情報に対応付けられた、前記生体情報記憶手段に記憶された直近の前記生体情報とを照合する生体情報照合ステップと、
     前記生体情報照合ステップによって生体情報が合致しないと判断した場合、前記携帯端末装置の利用者に対応する電子証明書である利用者証明書を生成する証明書生成ステップと、
     前記証明書生成ステップによって生成された前記利用者証明書を前記携帯端末装置に送信する送信ステップと、
     を含むことを特徴とする操作者確認方法。     An operator confirmation method executed by an operator confirmation server connected to a mobile terminal device via a network,
    Biometric information storage means for storing terminal identification information for identifying the portable terminal device, biometric information, and date / time information in association with each other,
    A receiving step of receiving the terminal identification information and biometric information transmitted from the mobile terminal device;
    A biometric information collating step for collating the biometric information received in the receiving step with the most recent biometric information stored in the biometric information storage unit associated with the terminal identification information;
    A certificate generation step of generating a user certificate, which is an electronic certificate corresponding to the user of the mobile terminal device, when the biometric information is determined not to match in the biometric information matching step;
    A transmission step of transmitting the user certificate generated by the certificate generation step to the mobile terminal device;
    The operator confirmation method characterized by including this.
  6.  請求項5に記載の操作者確認方法をコンピュータに実行させることを特徴とする操作者確認プログラム。 An operator confirmation program for causing a computer to execute the operator confirmation method according to claim 5.
PCT/JP2016/003191 2015-07-07 2016-07-04 Operator confirmation server, operator confirmation system, operator confirmation method, and operator confirmation program WO2017006559A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015136514A JP6367157B2 (en) 2015-07-07 2015-07-07 Operator confirmation server, operator confirmation system, operator confirmation method, and operator confirmation program
JP2015-136514 2015-07-07

Publications (1)

Publication Number Publication Date
WO2017006559A1 true WO2017006559A1 (en) 2017-01-12

Family

ID=57685426

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/003191 WO2017006559A1 (en) 2015-07-07 2016-07-04 Operator confirmation server, operator confirmation system, operator confirmation method, and operator confirmation program

Country Status (2)

Country Link
JP (1) JP6367157B2 (en)
WO (1) WO2017006559A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022054240A1 (en) * 2020-09-11 2022-03-17 日本電気株式会社 Server device, system, method for controlling server device, and recording medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006011766A (en) * 2004-06-25 2006-01-12 Hitachi Ltd Electronic administration system using digital pen
JP2014089746A (en) * 2013-12-26 2014-05-15 Fujitsu Ltd Information processor, authentication system, authentication method, authentication device, and program

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006011766A (en) * 2004-06-25 2006-01-12 Hitachi Ltd Electronic administration system using digital pen
JP2014089746A (en) * 2013-12-26 2014-05-15 Fujitsu Ltd Information processor, authentication system, authentication method, authentication device, and program

Also Published As

Publication number Publication date
JP6367157B2 (en) 2018-08-01
JP2017021452A (en) 2017-01-26

Similar Documents

Publication Publication Date Title
US11012438B2 (en) Biometric device pairing
US10440019B2 (en) Method, computer program, and system for identifying multiple users based on their behavior
EP3127033B1 (en) Method and apparatus that facilitates a wearable identity manager
US8799666B2 (en) Secure user authentication using biometric information
EP4354311A2 (en) Blockchain-based identity and transaction platform
US10110574B1 (en) Biometric identification
EP2343679A1 (en) Secure transaction systems and methods
US20170316408A1 (en) Bionumerical Authentication Systems
KR101575687B1 (en) Biometrics user authentication method
CN104811308A (en) Authentication apparatus with a Bluetooth interface
US20180373919A1 (en) Fingerprint Lock Control Method and Fingerprint Lock System
US20170006066A1 (en) Electronic security container
TWI739778B (en) The login mechanism of the operating system
JP2019070980A5 (en)
TWI330032B (en) Method for authorized-user verification and related apparatus
JP6367157B2 (en) Operator confirmation server, operator confirmation system, operator confirmation method, and operator confirmation program
JP6367156B2 (en) Delivery management system, delivery management method, and delivery management program
JP4698502B2 (en) Terminal device authentication system, authentication method and program using mobile phone
JP2016071598A (en) Authentication device, authentication system and program
JP6475114B2 (en) Biological information management system, biological information management method, and biological information management program
KR102339949B1 (en) method and apparatus for processing authentication information and user terminal including the same
US20220321347A1 (en) System, method and apparatus for transaction access and security
JP6962676B2 (en) Authentication-related information transmission control program, authentication-related information transmission control device, and authentication-related information transmission control method
KR20170111942A (en) Electronic commercial transaction authentication method and system by specific infomation related otp
JP6413627B2 (en) User authentication system and user authentication method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16821034

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16821034

Country of ref document: EP

Kind code of ref document: A1