WO2021255821A1 - Authentication server, facial image update recommendation method and storage medium - Google Patents

Authentication server, facial image update recommendation method and storage medium Download PDF

Info

Publication number
WO2021255821A1
WO2021255821A1 PCT/JP2020/023557 JP2020023557W WO2021255821A1 WO 2021255821 A1 WO2021255821 A1 WO 2021255821A1 JP 2020023557 W JP2020023557 W JP 2020023557W WO 2021255821 A1 WO2021255821 A1 WO 2021255821A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
user
authenticated
person
database
Prior art date
Application number
PCT/JP2020/023557
Other languages
French (fr)
Japanese (ja)
Inventor
美樹 大谷
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to JP2022531137A priority Critical patent/JPWO2021255821A5/en
Priority to PCT/JP2020/023557 priority patent/WO2021255821A1/en
Publication of WO2021255821A1 publication Critical patent/WO2021255821A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T7/00Image analysis

Definitions

  • the present invention relates to an authentication server, a face image update recommendation method, and a storage medium.
  • a terminal acquires a face image of a user and generates a feature amount (feature vector) that characterizes the face image.
  • the generated features are sent to a server on the network.
  • the server is equipped with a database that stores the biometric information and personal information (name, address, etc.) of the user who receives the service by face recognition.
  • the server searches (collates) the database and identifies the biometric information and personal information corresponding to the collation request from the terminal.
  • the server sends the specified personal information to the terminal, and the terminal installed at the airport or the like performs business based on the acquired personal information.
  • Patent Document 1 describes that a portable information terminal device capable of improving the authentication success rate is provided.
  • the characteristic information frailure characteristic
  • Information is added to the feature information storage unit as new registered feature information.
  • the authentication process is performed using the failed feature information in addition to the registered feature information already stored in the feature information storage unit.
  • Patent Document 2 describes that the habit of reading the biometric information of the user or the authentication error caused by the aging of the biometric information of the user is reduced.
  • the authentication device of Patent Document 2 includes a user table, a fingerprint image receiving unit, an authentication unit, a temporary storage unit, a comparison unit, and a replacement unit.
  • the user table stores the fingerprint image as an authentication image.
  • the fingerprint image receiving unit receives the fingerprint image.
  • the authentication unit compares the fingerprint image with the authentication image and authenticates the image.
  • the temporary storage unit temporarily stores the fingerprint image received until the authentication is successful as a temporary storage image.
  • the comparison unit compares the temporary storage image with the failed image associated with the authentication image, and when it is determined that they match, the comparison unit counts up the number of matches corresponding to the failed image.
  • the comparison unit stores the temporary storage image as a failure image in association with the authentication image.
  • the replacement unit replaces the authentication image with a failed image whose corresponding number of matches is equal to or greater than a predetermined value.
  • the main object of the present invention is to provide an authentication server, a face image update recommendation method, and a storage medium that contribute to maintaining the authentication accuracy.
  • the authentication unit that authenticates the authenticated person by referring to the first database that stores the biometric information about the faces of each of the plurality of users and the first database.
  • the authentication of the person to be authenticated fails, it is recommended to the user who is presumed to be the person to be authenticated among the plurality of users to update the biometric information stored in the first database.
  • An authentication unit, and an authentication server are provided.
  • the authenticated person is authenticated by referring to the first database.
  • the authentication of the authenticated person fails, it is recommended to the user who is presumed to be the authenticated person among the plurality of users to update the biometric information stored in the first database.
  • a method for recommending face image update is provided.
  • the computer mounted on the authentication server provided with the first database which stores the biometric information about the faces of each of the plurality of users, is referred to the first database.
  • the process of authenticating the person to be authenticated and the authentication of the person to be authenticated fail, the user who is presumed to be the person to be authenticated is stored in the first database among the plurality of users.
  • a computer-readable storage medium is provided that stores a process for recommending an update of biometric information and a program for executing the process.
  • an authentication server a face image update recommendation method, and a storage medium that contribute to maintaining the authentication accuracy are provided.
  • the effect of the present invention is not limited to the above. According to the present invention, other effects may be produced in place of or in combination with the effect.
  • the authentication server 100 includes a first database 101, an authentication unit 102, and a recommendation unit 103 (see FIG. 1).
  • the first database 101 stores biometric information about the faces of each of the plurality of users.
  • the authentication unit 102 authenticates the person to be authenticated with reference to the first database 101.
  • the recommendation unit 103 recommends the user who is presumed to be the authenticated person among the plurality of users to update the biometric information stored in the first database 101. ..
  • the authentication server 100 When it is determined that the authentication has failed due to, for example, a change in the appearance of the person to be authenticated, the authentication server 100 prompts a user presumed to be the person to be authenticated to update the face image. As a result, the user can update the face image registered in the authentication server 100 at an appropriate time, and the possibility that the authentication fails is reduced. That is, the authentication accuracy can be maintained for a long period of time.
  • FIG. 2 is a diagram showing an example of a schematic configuration of the authentication system according to the first embodiment. As shown in FIG. 2, the authentication system includes an authentication center and a plurality of service providers.
  • Each service provider participating in the authentication system provides services using biometric authentication.
  • services provided by service providers include payment services at retail stores and accommodation services at hotels and the like.
  • the service provided by the service provider may be immigration at an airport or port.
  • the service provider disclosed in the present application may be able to provide any service that can be provided by using biometric authentication.
  • the authentication server 10 is installed in the authentication center.
  • the authentication server 10 is an information processing device that operates as a certificate authority for authentication using biometric information.
  • the authentication server 10 may be a server installed on the site of the authentication center or a server installed on the cloud.
  • the biometric information of the user exemplifies data (feature amount) calculated from physical characteristics peculiar to an individual such as a face, a fingerprint, a voice print, a vein, a retina, and an iris pattern (pattern) of the pupil.
  • the biometric information of the user may be image data such as a face image and a fingerprint image.
  • the biometric information of the user may be any information that includes the physical characteristics of the user.
  • the authentication server 10 is a server device for realizing a service by biometric authentication.
  • the authentication server 10 processes the "authentication request" transmitted from each service provider, and transmits the result of the authentication process to the service provider.
  • Each service provider has a management server and an authentication terminal.
  • the service provider S1 is provided with a management server 20 and a plurality of authentication terminals 30.
  • the service provider S2 is provided with a management server 20 and a plurality of authentication terminals 31.
  • the devices shown in FIG. 2 are connected to each other.
  • the authentication server 10 and the management server 20 are connected by a wired or wireless communication means and are configured to be able to communicate with each other.
  • the management server 20 is a server that controls and manages the entire business of the service provider. For example, when the service provider is a retail store, the management server 20 manages inventory of products. Alternatively, if the service provider is a hotel operator, the management server 20 manages the reservation information of the guest.
  • the management server 20 has a control function and a management function related to biometric authentication of the user, in addition to the functions related to the above service provision.
  • the authentication terminal 30 is a device that serves as an interface for users (users) who visit the service provider.
  • the user receives various services via the authentication terminal 30. For example, when the service provider is a retail store, the user pays the price using the authentication terminal 30. Alternatively, if the service provider is a hotel operator, the user performs a check-in procedure using the authentication terminal 30.
  • FIG. 2 is an example, and does not mean to limit the configuration of the authentication system disclosed in the present application.
  • the authentication center may include two or more authentication servers 10.
  • the service provider may include at least one authentication terminal 30.
  • the functions of the management server 20 and the authentication terminal 30 may be integrated, and the integrated device may provide a service using biometric authentication.
  • a plurality of authentication terminals 30 may be connected to one management server 20, or one authentication terminal 30 may be connected to one management server 20. It may have been done.
  • the operation of the authentication system includes three phases.
  • the first phase is the phase for registering the user's system (user registration phase).
  • the second phase is the service registration phase (service registration phase).
  • the third phase is a phase (service provision phase) in which a service using biometric authentication is provided to a user.
  • FIG. 3 is a diagram for explaining the operation in the user registration phase of the authentication system according to the first embodiment.
  • the user determines the information (user ID (Identifier), password (PW; PassWord)) for identifying the user himself / herself in the authentication system, and registers the information in the system.
  • the user ID is referred to as "uID”.
  • the user registers his / her own biometric information (for example, face image), identity verification document (for example, passport, etc.), and contact information (for example, e-mail address, etc.) in the system.
  • biometric information for example, face image
  • identity verification document for example, passport, etc.
  • contact information for example, e-mail address, etc.
  • the user registers the above five pieces of information (user ID, password, biometric information, identity verification document, contact information) in the system by any means.
  • the user may input his / her own face image captured by operating the terminal 40 owned by the user, a user ID, a password, an identification document, and contact information into the authentication server 10.
  • the terminal 40 include mobile terminal devices such as smartphones, mobile phones, game machines, and tablets, computers (personal computers, notebook computers), and the like.
  • the authentication server 10 confirms the identity of the user using the acquired face image and identity verification document. Specifically, the authentication server 10 determines that the system registration application is made by the user himself / herself when the acquired face image and the face image described in the identification document are face images of the same person.
  • the authentication server 10 After that, the authentication server 10 generates a feature amount (feature vector consisting of a plurality of feature amounts) from the acquired face image, and associates the feature amount, the face image, a user ID, a password, and a contact information in the authentication information database.
  • a feature amount feature vector consisting of a plurality of feature amounts
  • the identity verification document acquired by the authentication server 10 may be destroyed after the completion of the identity verification, or may be stored in association with the user ID or the like.
  • the system user can update the face image registered in the system.
  • the user may have a desire to register the current face (face image) in the system.
  • the authentication server determines whether or not the face image can be updated, and changes the registered face image according to the result.
  • the authentication server 10 determines that it is better to update the registered face image from the result of biometric authentication, the authentication server 10 notifies the user (terminal 40) to that effect. The authentication server 10 prompts the user to update the registered face image.
  • a user ID and a password are used as an identifier uniquely defining a system user.
  • the user ID is used as the identifier. Is also possible.
  • FIG. 4 is a diagram for explaining the operation of the authentication system according to the first embodiment in the service registration phase.
  • the user who has completed user registration selects the service provider who wants to receive the service by biometric authentication, and registers the selected service provider in the system.
  • the user registers the personal information (for example, name, etc.) necessary for receiving the service from the selected service provider in the system.
  • the personal information include name, age, and gender.
  • the user registers the user ID and password determined in the user registration phase in the system.
  • personal information is defined as information that does not include the biometric information of the user (certified person). That is, the biometric information and the feature amount generated from the biometric information are excluded from the "personal information" disclosed in the present application.
  • the user inputs the above three pieces of information (personal information, user ID, password) to the service provider by any means.
  • the user may operate the terminal 40 to input the above three pieces of information into the management server 20.
  • the management server 20 When the management server 20 acquires the above three pieces of information (personal information, user ID, password), it sends a "service registration request" to the authentication server 10. Specifically, the management server 20 transmits a service registration request including a service provider ID, a user ID, and a password to the authentication server 10.
  • the service provider ID is identification information for uniquely identifying the service provider included in the authentication system (retail stores participating in the authentication platform using biometric authentication, etc.). In the example of FIG. 2, different service provider IDs are assigned to each of the service providers S1 and S2.
  • the service provider ID is an ID assigned to each service provider, not an ID assigned to each service. For example, in FIG. 2, even if service providers S1 and S2 are businesses that provide the same type of service (for example, accommodation service), different IDs are assigned to these service providers if the management entity is different. ..
  • the authentication server 10 and the management server 20 share the service provider ID by any method.
  • the authentication server 10 may generate a service provider ID and distribute (notify) the generated service provider ID to the service provider.
  • the service provider ID is referred to as "spID".
  • the authentication server 10 Upon receiving the service registration request, the authentication server 10 searches the authentication information database using the user ID and password included in the request as keys, and identifies the corresponding user. After that, the authentication server 10 generates a "service user ID".
  • the service user ID is identification information that uniquely defines the correspondence (combination) between the user and the service provider.
  • different values are set for the service user ID determined from the combination of the user U1 and the service provider S1 and the service user ID determined from the combination of the user U1 and the service provider S2.
  • the authentication server 10 stores the user ID, password, feature amount, face image, contact information, service provider ID, and the generated service user ID in association with each other.
  • the service user ID is referred to as "suID”.
  • the authentication server 10 transmits the service user ID generated above to the sender of the service registration request.
  • the management server 20 stores the service user ID acquired from the authentication server 10 in association with the personal information of the user.
  • the management server 20 adds a new entry to the user information database and stores the above information (personal information, service user ID).
  • the user repeats the above registration operation for each service provider who wants to receive the service using biometric authentication.
  • FIG. 5 is a diagram for explaining the operation of the authentication system according to the first embodiment in the service provision phase.
  • a user who has completed the service registration visits the service provider.
  • the user moves in front of the authentication terminal 30.
  • the authentication terminal 30 acquires biometric information from the user in front of it. Specifically, the authentication terminal 30 takes an image of the user and acquires a face image. The authentication terminal 30 transmits the acquired face image to the management server 20.
  • the management server 20 generates a feature amount from the acquired face image.
  • the management server 20 transmits an authentication request including the generated feature amount and the service provider ID to the authentication server 10.
  • the authentication server 10 extracts a feature amount from the authentication request and executes a collation process (1 to N collation; N is a positive integer, the same applies hereinafter) using the extracted feature amount and the feature amount registered in the authentication information database. do.
  • the authentication server 10 identifies a user by collation processing, and identifies a service user ID corresponding to a service provider ID included in an authentication request among a plurality of service user IDs associated with the specified user. ..
  • the authentication server 10 transmits the specified service user ID to the sender of the authentication request.
  • the authentication server 10 transmits a response (response to the authentication request) including the specified service user ID to the management server 20.
  • the management server 20 searches the user information database using the acquired service user ID as a key, and identifies personal information corresponding to the service user ID.
  • the service provider (management server 20, authentication terminal 30) provides the service (for example, payment settlement, check-in procedure, etc.) to the user based on the specified personal information.
  • FIG. 6 is a diagram showing an example of a processing configuration (processing module) of the authentication server 10 according to the first embodiment.
  • the authentication server 10 includes a communication control unit 201, a user management unit 202, a database management unit 203, a service registration unit 204, an authentication unit 205, a face image update recommendation unit 206, and storage.
  • a unit 207 is provided.
  • the communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the management server 20. Further, the communication control unit 201 transmits data to the management server 20. The communication control unit 201 passes the data received from the other device to the other processing module. The communication control unit 201 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 201.
  • the user management unit 202 is a means for realizing the above-mentioned user registration and face image update.
  • the user management unit 202 has a function as a registration unit for registering a user and a function as an update unit for updating the registered face image.
  • the user management unit 202 displays a menu as shown in FIG. 7.
  • the user management unit 202 When the user wishes to make a new registration, the user management unit 202 will send the user ID, password, and biometric information (face) of the user (user who wishes to provide services using biometric authentication; system user). Image), identity verification documents, and contact information.
  • the user management unit 202 acquires the above five pieces of information (user ID, password, biometric information, identity verification documents, contact information) by any means. For example, the user management unit 202 displays a GUI (Graphical User Interface) for determining a user ID and password and an input form on the terminal 40. For example, the user management unit 202 displays a GUI as shown in FIG. 8 on the terminal 40.
  • GUI Graphic User Interface
  • the user management unit 202 verifies that the user ID and password acquired by the GUI or the like do not overlap with the already registered user ID and password. If the duplication does not occur, the user management unit 202 displays a GUI for acquiring the user's biometric information, identification documents, and contact information on the terminal 40.
  • the user management unit 202 displays a GUI as shown in FIG. 9 on the terminal 40.
  • the user presses the "file selection” button shown in FIG. 9 and specifies the image data of the face image to be registered in the system.
  • the designated face image is displayed in the preview area (displayed as a selected face image in FIG. 9).
  • the user presses the "OK" button.
  • the user may operate the terminal 40 to attach the face image to an e-mail or the like.
  • the user management unit 202 may transmit information including the destination of the face image to the terminal 40, and the terminal 40 may transmit the face image to the destination of the face image.
  • the user management unit 202 and the terminal 40 may send and receive facial images using a communication tool such as chat.
  • the user management unit 202 may acquire (receive) the face image by any means.
  • the user management unit 202 acquires the identification document. For example, the user management unit 202 displays a GUI as shown in FIG. 10 on the terminal 40. For example, the user uses the camera of the terminal 40 to take an image of the identification document. The user presses the "File selection” button and specifies the image of the identity verification document taken. After that, the user presses the "OK” button and registers the identification document.
  • the identity verification documents that can be registered in the system include documents with facial images such as passports and driver's licenses (documents issued by public institutions that contribute to identity verification).
  • the identification documents include not only paper documents but also electronic documents.
  • the user management department 202 obtains the contact information. For example, the user management unit 202 displays a GUI as shown in FIG. 11 on the terminal 40. The user inputs the contact information (for example, the e-mail address of the account that can be received by the terminal 40), and presses the "OK" button.
  • the contact information for example, the e-mail address of the account that can be received by the terminal 40
  • the user management unit 202 confirms the identity of the user when, for example, the user ID, password, biometric information (face image), identity verification document, and contact information are acquired by the GUI as shown in FIGS. 8 to 11. Specifically, the user management unit 202 acquires a face image for identity verification (hereinafter referred to as a verification face image) from the identity confirmation document. The user management unit 202 extracts a verification face image from a predetermined area of the identification document by using a technique such as template matching.
  • the user management unit 202 At the time of identity verification, the user management unit 202 generates a feature amount (feature vector consisting of a plurality of feature amounts) from each of the acquired face image and the verified face image. Since existing techniques can be used for the feature point extraction process, detailed description thereof will be omitted. For example, the user management unit 202 extracts eyes, nose, mouth, and the like as feature points from the face image. After that, the user management unit 202 calculates the position of each feature point and the distance between each feature point as a feature amount, and generates a feature vector (vector information that characterizes the face image) composed of a plurality of feature amounts.
  • a feature vector vector consisting of a plurality of feature amounts
  • the user management unit 202 calculates the similarity between the two images. For the similarity, a chi-square distance, an Euclidean distance, or the like can be used. The farther the distance is, the lower the similarity is, and the closer the distance is, the higher the similarity is.
  • the user management unit 202 executes a threshold value process for the similarity, and determines the success or failure of the identity verification according to the result.
  • the user management unit 202 determines that the identity verification is successful. On the other hand, if the similarity is equal to or less than the threshold value TH1, the user management unit 202 determines that the identity verification has failed. In this case, the user management unit 202 takes measures such as encouraging the user to register a high-quality face image. As described above, when the identity verification is completed, the user management unit 202 may destroy the identity verification document.
  • the user management unit 202 hands over the user ID, password, face image, feature amount generated from the face image, and contact information to the database management unit 203.
  • the face image registered in the authentication information database will be referred to as "registered face image”.
  • FIG. 12 is a flowchart showing an example of the operation related to the face image update of the user management unit 202 according to the first embodiment.
  • a user who wishes to update the face image accesses the authentication server 10 using the terminal 40.
  • the user management unit 202 displays a menu screen as shown in FIG. 7 on the terminal 40.
  • the user who wants to update the face image presses the "update face image" button.
  • the user management unit 202 displays a GUI for the user to log in to the system. For example, the user management unit 202 performs the display as shown in FIG. 13 and acquires the user ID and password.
  • the user management unit 202 searches the authentication information database using the acquired user ID and password as keys, and if the corresponding entry exists, determines that the user is registered in the system and proceeds with the update process of the face image. In this case, the user management unit 202 reads the registered face image from the corresponding entry. On the other hand, if the above entry does not exist, the user management unit 202 determines that the user has failed to log in to the system. In this case, the user management unit 202 notifies the user to that effect.
  • the user management unit 202 may display the read face image (registered face image) so that the user can confirm it at the timing when the face image is read from the authentication information database.
  • the user management unit 202 After logging in to the user registered in the system, the user management unit 202 acquires an updated face image (hereinafter referred to as an updated face image) (step S101 in FIG. 12). For example, the user management unit 202 performs the display as shown in FIG. 14 in order to acquire the updated face image. The user selects the updated face image and presses the "OK" button.
  • an updated face image hereinafter referred to as an updated face image
  • the user management unit 202 determines whether or not the registered face image may be updated using the acquired updated face image.
  • the user management unit 202 calculates the similarity between the registered face image and the updated face image (step S102).
  • the user management unit 202 performs threshold processing on the calculated similarity, and determines whether or not the registered face image can be updated according to the result.
  • the user management unit 202 permits the update of the registered face image (step S108). Since it can be determined that the two face images having a high degree of similarity are face images acquired from substantially the same person, the user management unit 202 permits the update of the registered face image. In this case, the user management unit 202 displays as shown in FIG. 15 and notifies the user that the registered face image has been updated.
  • step S104 If the degree of similarity is smaller than the threshold value TH3 (step S104, Yes branch), the user management unit 202 refuses to update the registered face image. Since it can be determined that the two face images having a low degree of similarity are face images of other people, the user management unit 202 refuses to update the registered face images (step S109). In this case, since unauthorized use of the system is suspected, the user management unit 202 displays as shown in FIG.
  • the user management unit 202 acquires an identity confirmation document (step S105). For example, the user management unit 202 acquires an identification document using a GUI as shown in FIG. The user management unit 202 extracts the verification face image from the identity confirmation document.
  • the user management unit 202 skips the execution of step S105 and the identity verification document stored in the above database. May be used.
  • the user management unit 202 refuses to receive the old identity verification document (identity verification document issued before a predetermined period from the face image update date) based on the expiration date and issuance date of the acquired identity verification document. You may take measures such as. That is, the user management unit 202 may select the identity verification document for extracting the updated face image based on the description of the identity verification document (for example, the date and period described in the document). That is, the user management unit 202 may decide whether or not to extract the verification face image based on the description in the identity confirmation document. By making such selections and decisions, the user management unit 202 may acquire a verified face image that reflects the current appearance of the user.
  • the user management unit 202 calculates the similarity between the updated face image and the verified face image (step S106).
  • the user management unit 202 executes the threshold value processing for the calculated similarity, and determines whether or not the registered image can be updated according to the result.
  • step S107 If the degree of similarity is higher than the threshold value TH4 (step S107, Yes branch), the user management unit 202 permits the update of the registered face image (step S108). In this case, the user management unit 202 performs the display as shown in FIG.
  • step S107 if the similarity is equal to or less than the threshold value TH4 (step S107, No branch), the user management unit 202 refuses to update the registered face image with the updated face image (step S109). In this case, the user management unit 202 performs the display as shown in FIG.
  • the user management unit 202 may display as shown in FIG. 18 and prompt re-input of the updated face image or the like.
  • the user management unit 202 may repeat the determination process described above using the re-input face image.
  • the user management unit 202 When permitting the update of the registered face image, the user management unit 202 generates a feature amount from the updated face image.
  • the user management unit 202 delivers the user ID, password, generated feature amount, and updated face image to the database management unit 203, and instructs the database management unit 203 to update the biometric information (feature amount, face image).
  • the user management unit 202 which functions as an update unit for the face image, has the registered face image according to the degree of similarity between the registered face image (first face image) and the updated face image (second face image). Is determined by the updated face image.
  • the user management unit 202 updates the registered face image when the similarity between the registered face image and the updated face image is larger than the threshold value TH2.
  • the user management unit 202 does not update the registered face image when the similarity between the registered face image and the updated face image is smaller than the threshold value TH3.
  • the user management unit 202 acquires the user's identity confirmation document when the similarity between the registered face image and the updated face image is the threshold value TH3 or more and the threshold value TH2 or less.
  • the user management unit 202 extracts the verification face image (third face image) from the identity confirmation document, and determines whether or not to update the registered face image according to the similarity between the updated face image and the verified face image. do.
  • the user management unit 202 updates the registered face image when the similarity between the updated face image and the verified face image is larger than the threshold value TH4.
  • the user management unit 202 does not update the registered face image when the similarity between the updated face image and the verified face image is the threshold value TH4 or less.
  • the database management unit 203 is a means for managing the authentication information database.
  • the authentication information database contains information that identifies the system user (user ID, password), biometric information (feature amount, face image) of the user, service provider ID that identifies the service provider, and users in each service.
  • the service user ID to be specified is associated and stored. Further, the authentication information database also stores the user's contact information in association with the above information.
  • the authentication information database is a database that stores biometric information (registered face image, feature amount generated from the image) about each face of a plurality of users.
  • the database management unit 203 When the database management unit 203 acquires the above five information (user ID, password, feature amount, face image, contact information) from the user management unit 202, the database management unit 203 adds a new entry to the authentication information database. For example, when the above five pieces of information regarding the user U1 are acquired, the database management unit 203 adds the entry shown at the bottom of FIG. At the stage of user registration, since the service provider ID and the service user ID are not generated, nothing is set in these fields.
  • the database management unit 203 When the database management unit 203 acquires four pieces of information (user ID, password, feature amount, face image) accompanied by an instruction to update the face image from the user management unit 202, the database management unit 203 updates the feature amount and face image of the corresponding entry. (Overwrite.
  • the service registration unit 204 is a means for realizing individual service registration by system users.
  • the service registration unit 204 processes the service registration request acquired from the management server 20 of the service provider.
  • the service registration unit 204 searches the authentication information database using the user ID and password included in the acquired service registration request as keys.
  • the service registration unit 204 confirms the service provider ID field of the specified user (user specified from the set of user ID and password).
  • the service registration unit 204 determines whether or not the service provider ID included in the service registration request acquired from the management server 20 is set in the service provider ID field. If the service provider ID acquired from the management server 20 is already registered in the database, the service registration unit 204 notifies the management server 20 to that effect. In this case, since the service (service provider) that the user is trying to register is already registered in the authentication information database, the service registration unit 204 sends a "negative response" as a response to the service registration request.
  • the service registration unit 204 will perform the service corresponding to the user and the service provider. Generate a user ID.
  • the service user ID is identification information uniquely determined from the combination of the user and the service provider.
  • the service registration unit 204 calculates a hash value using a user ID, a password, and a service provider ID, and uses the calculated hash value as a service user ID.
  • the service registration unit 204 calculates a concatenated value of a user ID, a password, and a service provider ID, and generates a service user ID by calculating a hash value of the calculated concatenated value.
  • the service user ID may be any information as long as it can uniquely identify the combination of the system user and the service provider.
  • the service registration unit 204 may assign a unique value as a service user ID each time it processes a service registration request.
  • the service registration unit 204 hands over the service provider ID and the service user ID to the database management unit 203 together with the user ID and password.
  • the database management unit 203 registers two IDs (service provider ID and service user ID) in the authentication information database. For example, when the user U1 registers the service for the service provider S1, the above two IDs are added to the entry shown at the bottom of FIG. 20.
  • service registration is performed for each service provider, multiple service providers and service user IDs may be set for one user. For example, when the user U1 registers the service for each of the service providers S1 and S2, the entries in the second and third lines of FIG. 21 are generated. When the user U2 registers the service with respect to the service provider S1, the entry at the bottom of FIG. 21 is generated.
  • the service registration unit 204 When the service provider ID and the service user ID are registered in the authentication information database, the service registration unit 204 notifies the management server 20 that the service registration request has been processed normally. The service registration unit 204 transmits an “acceptance response” as a response to the service registration request. At that time, the service registration unit 204 sends a response including the service user ID to the management server 20.
  • the authentication unit 205 is a means for performing authentication processing for system users.
  • the authentication unit 205 processes the authentication request received from the management server 20 of the service provider.
  • the authentication unit 205 authenticates the person to be authenticated with reference to the authentication information database.
  • the authentication unit 205 retrieves the feature amount and the service provider ID included in the authentication request.
  • the authentication unit 205 searches the authentication information database using the extracted feature amount and the service provider ID as keys, and identifies the corresponding service user ID.
  • the authentication unit 205 sets the feature amount extracted from the authentication request as the feature amount on the matching side and the feature amount stored in the database as the feature amount on the registration side, and executes one-to-N matching.
  • FIG. 22 is a flowchart showing an example of the operation of the authentication unit 205 according to the first embodiment.
  • the authentication unit 205 calculates the degree of similarity between each of the plurality of feature amounts registered in the authentication information database and the feature amount to be collated (feature amount of the person to be authenticated) (step S201).
  • the authentication unit 205 determines whether or not there is a similarity larger than the threshold value TH5 among the calculated similarity (step S202).
  • the authentication unit 205 identifies the user (user ID, password) having the highest similarity degree (step S203).
  • the authentication unit 205 finds an entry matching the service provider ID included in the authentication request among at least one or more service provider IDs associated with the specified user (user ID, password). It is determined whether or not it exists (step S204).
  • step S204 If the above entry exists (step S204, Yes branch), the authentication unit 205 determines that the user authentication has been successful (step S205). In this case, the authentication unit 205 sends an “acceptance response” to the management server 20 that is the source of the authentication request. At that time, the authentication unit 205 generates a response (response to the authentication request) including the service user ID of the specified entry and sends it to the management server 20.
  • step S204 determines that the user's authentication has failed (step S206). In this case, the authentication unit 205 transmits a "negative response" to the management server 20 that is the source of the authentication request.
  • step S207 Even when there is no similarity larger than the threshold value TH5 (step S202, No branch), the authentication unit 205 determines that the user's authentication has failed (step S207).
  • the authentication unit 205 determines whether or not there is a similarity larger than the threshold value TH6 (however, TH6 ⁇ TH5) among the plurality of similarity calculated in step S201 (step S208).
  • the threshold value TH5 is a threshold value for determining the person to be authenticated as the person himself / herself
  • the threshold value TH6 is a threshold value for determining the person to be authenticated as another person.
  • the authentication unit 205 identifies the user with the highest similarity degree (step S209).
  • the authentication unit 205 updates the "authentication failure database" using the information of the specified user (step S210).
  • the operation related to the authentication failure database and the update of the database will be described later.
  • step S208 No branch
  • the authentication unit 205 does not perform any particular operation and ends the process.
  • the entry (user) in the second line and the third line is specified by the feature amount FV1.
  • the entry in the second line is specified by the service provider ID "S1".
  • the authentication request is processed normally, and an acknowledgment including the service user ID "U1S1" is transmitted to the management server 20.
  • the authentication unit 205 executes the threshold value processing for the calculated similarity of the user registered in the authentication information database.
  • the user who is presumed to be the authenticated person is specified (step S209).
  • the authentication unit 205 is authenticated by the change in the appearance of the person to be authenticated. Judge that it has failed.
  • the authentication unit 205 estimates that the user corresponding to the highest similarity among the similarity included in the above range is the authenticated person.
  • the authentication unit 205 stores the information of the user presumed to be the authenticated person in the authentication failure database (step S210).
  • the authentication failure database is a database that stores information on users who are assumed to have failed authentication due to changes in the appearance of the person being authenticated.
  • FIG. 23 is a diagram showing an example of an authentication failure database. Referring to FIG. 23, the authentication failure database stores the user ID, password, contact information, and the number of failures in association with each other.
  • the authentication failure database shown in FIG. 23 is an example, and does not mean to limit the items to be stored.
  • the contact can be obtained from the authentication information database based on the user ID and password, so it does not have to be included in the authentication failure database.
  • the face image and the feature amount may be stored in the authentication failure database.
  • the authentication unit 205 calculates the similarity between the feature amount included in the authentication request and the plurality of feature amounts stored in the authentication information database.
  • the authentication unit 205 updates the authentication failure database or adds an entry. ..
  • the authentication unit 205 determines that the person to be authenticated is authenticated due to the change in appearance. Judge that it failed. In this case, the authentication unit 205 registers the information of the user most similar to the authenticated person (the user with the closest similarity) in the authentication failure database. The user who most closely resembles the person to be authenticated is the user who is presumed to be the person to be authenticated.
  • the authentication unit 205 has a user ID, a password, and a contact from an entry (authentication information database entry) of a feature amount corresponding to the similarity having the largest value among the similarity included in the above range (TH6 ⁇ similarity ⁇ TH5). Is read. The authentication unit 205 searches the authentication failure database using the read user ID and password as keys. If the corresponding entry does not exist, the authentication unit 205 adds a new entry to the database. At that time, "1" is set for the number of failures.
  • the authentication unit 205 increments the value of the failure count field of the specified entry (adds 1).
  • the authentication unit 205 stores (registers) the number of times of authentication failure for the user presumed to be authenticated in the authentication failure database.
  • the face image update recommendation unit 206 is a means for recommending the update of the registered face image to the user.
  • the face image update recommendation unit 206 provides biometric information (face image) stored in the authentication information database for the user who is presumed to be the authenticated person among a plurality of users. I recommend updating. More specifically, when it is determined that the appearance of the user has changed and the face authentication has failed, the face image update recommendation unit 206 notifies the terminal 40 possessed by the user to that effect.
  • the face image update recommendation unit 206 refers to the authentication failure database periodically or at a predetermined timing, and acquires the value of the failure count field of each entry.
  • the face image update recommendation unit 206 determines whether or not to recommend the update of the face image for the user who is presumed to be the authenticated person, based on the number of times of authentication failure. More specifically, the face image update recommendation unit 206 executes the threshold value processing for the acquired number of failures, and sends a "face image update recommendation notification" to the terminal 40 according to the result.
  • the face image update recommendation unit 206 sends a "face image update recommendation notification" to the corresponding contact.
  • the terminal 40 that has received the notification displays as shown in FIG. 24 and urges the user to update the registered face image.
  • the face image update recommendation unit 206 may send a face image update recommendation notification including a face image (a face image registered in the authentication information database) of a user presumed to be the authenticated person to the terminal 40.
  • the terminal 40 can perform the display as shown in FIG. 25. The user who comes into contact with the display as shown in FIG. 25 is convinced that his / her face is displayed and updates the face image registered in the authentication server 10.
  • the face image update recommendation unit 206 can notify the face image update recommendation including such information. May be transmitted to the terminal 40.
  • the face image update recommendation unit 206 may send a face image update recommendation notification including the system registration period after the face image is registered (or updated) to the terminal 40. In this case, the user can recognize that the face image has not been updated for a long period of time, and may be a motivation for updating the face image.
  • the operation of the face image update recommendation unit 206 can be summarized as shown in the flowchart shown in FIG. 26.
  • the face image update recommendation unit 206 compares the number of failures of the authentication failure database with the threshold value TH7 (step S301).
  • the face image update recommendation unit 206 transmits a face image update recommendation notification to the terminal 40 (step S302).
  • step S301 If the number of failures is the threshold value TH7 or less (step S301, No branch), the face image update recommendation unit 206 does not perform any particular operation.
  • the storage unit 207 stores information necessary for the operation of the authentication server 10.
  • An authentication information database (first database) and an authentication failure database (second database) are constructed in the storage unit 207.
  • FIG. 27 is a diagram showing an example of a processing configuration (processing module) of the management server 20 according to the first embodiment.
  • the management server 20 includes a communication control unit 301, a personal information acquisition unit 302, a service registration request unit 303, a database management unit 304, an authentication request unit 305, and a storage unit 306. ..
  • the communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packets) from the authentication server 10 and the authentication terminal 30. Further, the communication control unit 301 transmits data to the authentication server 10 and the authentication terminal 30. The communication control unit 301 passes the data received from the other device to the other processing module. The communication control unit 301 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from another device via the communication control unit 301.
  • the personal information acquisition unit 302 is a means for acquiring personal information required when a service provider provides a service. For example, when the service provider is a "retail store”, the personal information acquisition unit 302 provides information related to payment (for example, credit card information, bank account information) in addition to the user's name and the like. get. Alternatively, when the service provider is a "hotel operator", the personal information acquisition unit 302 acquires reservation information (for example, accommodation date, etc.) related to accommodation in addition to the name and the like.
  • reservation information for example, accommodation date, etc.
  • the personal information acquisition unit 302 acquires the user ID and password determined when the user registers the system, in addition to the personal information such as the above name.
  • the personal information acquisition unit 302 acquires personal information, a user ID, and a password by any means.
  • the personal information acquisition unit 302 displays a GUI or a form for inputting the above information on the terminal 40 (see FIG. 28).
  • the information shown in FIG. 28 may be displayed on the WEB page managed and operated by the service provider.
  • the terminal 40 may download the application provided by the service provider and display as shown in FIG. 28 by the application.
  • the WEB page may be a WEB page that manages member information of a service provider. That is, the member of each service provider may register the service on the WEB page that manages his / her member information.
  • the personal information acquisition unit 302 delivers the personal information, user ID, and password acquired using the GUI or the like to the service registration request unit 303.
  • the service registration request unit 303 is a means for requesting (requesting) the authentication server 10 to register the user regarding the use of the service.
  • the service registration request unit 303 selects a user ID and password from the above three pieces of information (personal information, user ID, password) acquired from the personal information acquisition unit 302.
  • the service registration request unit 303 transmits a service registration request including the selected user ID, password and service provider ID to the authentication server 10.
  • the service registration request unit 303 acquires a response to the service registration request from the authentication server 10. If the acquired response is a "negative response", the service registration requesting unit 303 notifies the user to that effect. For example, the service registration request unit 303 notifies the user that the service registration has already been performed.
  • the service registration requesting unit 303 If the acquired response is an "affirmative response", the service registration requesting unit 303 notifies the user that the service registration has been successful. Further, the service registration request unit 303 passes the service user ID included in the response and the personal information acquired from the personal information acquisition unit 302 to the database management unit 304.
  • the database management unit 304 is a means for managing the user information database.
  • the user information database is a database that manages information on users (system users) who are the targets of service provision.
  • the user information database stores the personal information (for example, name, etc.) of the user in association with the service user ID acquired from the authentication server 10.
  • the database management unit 304 acquires the above information (personal information, service user ID) from the service registration request unit 303, it adds a new entry to the user information database. For example, when the management server 20 of the service provider S1 acquires the above information regarding the user U1, the entry shown at the bottom of FIG. 29 is added.
  • the authentication request unit 305 is a means for requesting the user's authentication from the authentication server 10.
  • the authentication request unit 305 When the authentication request unit 305 acquires biometric information (face image) from the authentication terminal 30, it generates a feature amount from the face image. The authentication request unit 305 transmits an authentication request including the generated feature amount and the service provider ID to the authentication server 10.
  • the authentication request unit 305 When the response from the authentication server 10 is a "negative response" (in the case of an authentication failure), the authentication request unit 305 notifies the authentication terminal 30 to that effect.
  • the authentication request unit 305 retrieves the service user ID included in the response from the authentication server 10.
  • the authentication request unit 305 searches the user information database using the service user ID as a key, and identifies the corresponding entry.
  • the authentication request unit 305 reads out the personal information set in the personal information field of the specified entry and sends it to the authentication terminal 30. For example, in the example of FIG. 29, if the service user ID is "U1S1", the personal information at the bottom is transmitted to the authentication terminal 30.
  • the storage unit 306 stores information necessary for the operation of the management server 20.
  • the user information database is built in the storage unit 306.
  • the authentication terminal 30 acquires the user's personal information from the management server 20 by transmitting the biometric information acquired from the user to the management server 20.
  • the authentication terminal 30 provides a service to the user by using the acquired personal information.
  • FIG. 30 is a diagram showing an example of a processing configuration (processing module) of the authentication terminal 30 according to the first embodiment.
  • the authentication terminal 30 includes a communication control unit 401, a biometric information acquisition unit 402, a service providing unit 403, a message output unit 404, and a storage unit 405.
  • the communication control unit 401 is a means for controlling communication with other devices. For example, the communication control unit 401 receives data (packets) from the management server 20. Further, the communication control unit 401 transmits data to the management server 20. The communication control unit 401 passes the data received from the other device to the other processing module. The communication control unit 401 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 401.
  • the biometric information acquisition unit 402 is a means for controlling the camera and acquiring the biometric information (face image) of the user.
  • the biological information acquisition unit 402 images the front of the own device at regular intervals or at predetermined timings.
  • the biological information acquisition unit 402 determines whether or not the acquired image includes a human face image, and if the acquired image includes a face image, extracts the face image from the acquired image data.
  • the biological information acquisition unit 402 may extract a face image (face region) from the image data by using a learning model learned by CNN (Convolutional Neural Network).
  • the biological information acquisition unit 402 may extract a face image by using a technique such as template matching.
  • the biometric information acquisition unit 402 delivers the extracted face image to the service provision unit 403.
  • the service providing unit 403 is a means for providing a predetermined service to the user.
  • the service providing unit 403 transmits the face image acquired from the biometric information acquisition unit 402 to the management server 20.
  • the management server 20 returns personal information (for example, name, etc.) corresponding to the face image.
  • the service providing unit 403 provides the service to the user by using the returned personal information.
  • the message output unit 404 is a means for outputting various messages to the user. For example, the message output unit 404 outputs a message regarding the user's authentication result and a message regarding service provision.
  • the message output unit 404 may display a message using a display device such as a liquid crystal monitor, or may reproduce a voice message using an audio device such as a speaker.
  • the storage unit 405 stores information necessary for the operation of the authentication terminal 30.
  • FIG. 31 is a sequence diagram showing an example of the operation related to the service registration phase of the authentication system according to the first embodiment.
  • the management server 20 acquires personal information (information necessary for providing the service), user ID, and password from the user (step S01).
  • the management server 20 transmits a service registration request including the acquired user ID, password, and service provider ID to the authentication server 10 (step S02).
  • the authentication server 10 generates a service user ID using the acquired user ID, password, and service provider ID (step S03).
  • the authentication server 10 stores the service provider ID and the service user ID in the authentication information database (step S04).
  • the authentication server 10 transmits a response including the service user ID (response to the service registration request) to the management server 20 (step S05).
  • the management server 20 associates the personal information acquired in step S01 with the service user ID acquired from the authentication server 10 and stores it in the user information database (step S06).
  • FIG. 32 is a sequence diagram showing an example of the operation related to the service provision phase of the authentication system according to the first embodiment.
  • the authentication terminal 30 acquires a user's face image (biological information) and transmits the acquired face image to the management server 20 (step S11).
  • the management server 20 generates a feature amount from the acquired face image (step S12).
  • the management server 20 transmits an authentication request including the generated feature amount and the service provider ID to the authentication server 10 (step S13).
  • the authentication server 10 executes an authentication process using the feature amount included in the authentication request and the service provider ID, and identifies the corresponding service user ID (step S14).
  • the authentication server 10 transmits a response (response to the authentication request) including the specified service user ID to the management server 20 (step S15).
  • the management server 20 searches the user information database using the acquired service user ID, and identifies the corresponding personal information (step S16).
  • the management server 20 transmits the specified personal information to the authentication terminal 30 (step S17).
  • the authentication terminal 30 provides a service using the acquired personal information (step S18).
  • the authentication system when the authentication system according to the first embodiment fails to authenticate the person to be authenticated, it determines whether or not the authentication has failed due to a change in the appearance of the person to be authenticated or the like. When it is determined that the authentication has failed due to a change in appearance or the like, the authentication server 10 identifies a user presumed to be the authenticated person from the users registered in the authentication information database. The authentication server 10 stores the information of such a person to be authenticated (the person to be authenticated who has failed in authentication but cannot be completely determined to be another person) in the authentication failure database.
  • the authentication server 10 fails to authenticate the same user (a user presumed to be the authenticated person) a plurality of times, the authentication server 10 prompts the user to update the face image.
  • the user can update the face image registered in the authentication server 10 at an appropriate time, and the possibility that the authentication fails is reduced. That is, the authentication accuracy of the authentication system is maintained at a high level for a long period of time.
  • the authentication server 10 determines whether or not the registered face image can be updated based on the similarity between the registered face image and the updated face image.
  • the authentication server 10 determines that the face image of the user initially registered in the system was used as the face image for updating, and updates the face image.
  • the authentication server 10 determines that the face image of a person different from the user initially registered in the system was used as the face image for updating, and the face image. Reject the update. For example, when the appearance of the user changes with the passage of time and the two facial images are slightly different, the authentication server 10 requests the user to submit an identification document.
  • the authentication server 10 updates the face image when the identity of the person in the face image used for updating can be confirmed by comparing the verified face image described in the identity confirmation document with the updated face image. That is, when it is unclear whether or not the registered face image and the updated face image match the system-registered user and the face image updater, the authentication server 10 uses the identification document to use the system user. And check the match of the updated face image provider. As a result, the authentication server 10 can prevent unauthorized updating of the registered face image.
  • the authentication server 10 identifies a person to be authenticated who has failed in authentication due to a change in appearance or the like among the users registered in the system. Further, the authentication server 10 is urging the face image to be updated via the terminal 40 possessed by the specified user. In the second embodiment, the case where the authentication server 10 prompts the person to be authenticated to update the face image via the authentication terminal 30 will be described.
  • the configuration of the authentication system according to the second embodiment can be the same as that of the first embodiment, the description corresponding to FIG. 2 will be omitted. Further, since the processing configuration of the authentication server 10, the management server 20, and the authentication terminal 30 according to the second embodiment can be the same as that of the first embodiment, the description thereof will be omitted.
  • the user does not need to register the contact information in the authentication server 10 at the time of system registration. That is, in the authentication information database shown in FIG. 19 and the like, the contact field does not have to exist. Further, the system may not include the terminal 40 as a means for receiving the face image update recommendation notification from the authentication server 10.
  • the authentication failure database stores the biometric information (feature amount) of the authenticated person who failed in authentication in association with the number of failures (see FIG. 33).
  • FIG. 34 is a flowchart showing an example of the operation of the authentication unit 205 according to the second embodiment.
  • the operation after the case where the similarity is larger than the threshold value TH5 may be the same as the operation of the authentication unit 205 according to the first embodiment described with reference to FIG. 22. Since it can be done, the explanation is omitted.
  • the authentication unit 205 determines whether or not the calculated similarity is larger than the threshold value TH6 (step S211). When the degree of similarity is larger than the threshold value TH6 (step S211 and Yes branch), the authentication unit 205 performs a collation process using the authentication failure database (step S212). Specifically, the authentication unit 205 sets the feature amount of the person to be authenticated on the collation side and the feature amount registered in the authentication failure database on the registration side, and executes one-to-N verification.
  • the authentication unit 205 updates the authentication failure database (step S213).
  • the authentication unit 205 adds a new entry to the authentication failure database and sets "1" in the failure count field. Set. Further, the authentication unit 205 sets the feature amount of the person to be authenticated in the added entry.
  • the authentication unit 205 adds "1" to the value of the failure count field of the corresponding entry.
  • the authentication unit 205 delivers the feature amount of the person to be authenticated to the face image update recommendation unit 206, and instructs the user corresponding to the feature amount to determine whether or not the face image update recommendation is necessary (step S214). ).
  • the face image update recommendation unit 206 performs threshold processing on the number of failures of the authenticated person, and determines whether or not a recommendation regarding face image update is necessary based on the result.
  • the face image update recommendation unit 206 responds to the authentication unit 205 with the determination result.
  • step S215 If the recommendation is not necessary (step S215, No branch), the authentication unit 205 notifies the sender of the authentication request of the authentication failure (step S216). Even when the calculated similarity is not larger than the threshold value TH6 (step S211, No branch), the authentication unit 205 notifies the sender of the authentication request of the authentication failure.
  • step S215 If a recommendation is required (step S215, Yes branch), the authentication unit 205 instructs the face image update recommendation unit 206 to send a face image update recommendation notification (step S217).
  • the face image update recommendation unit 206 that received the instruction sends a face image update recommendation notification to the management server 20 that is the sender of the authentication request.
  • the notification is forwarded to the authentication terminal 30 that has acquired the biometric information of the person to be authenticated.
  • the authentication terminal 30 performs the display as shown in FIG. 24 and urges the person to be authenticated to update the face image.
  • the authentication server 10 sends a face image update recommendation notification instead of the authentication result when it is necessary to prompt the face image update.
  • the authentication server 10 may include information (flag) in the negative response to the authentication request to the effect that the negative response corresponds to the "face image update recommendation notification".
  • the authentication terminal 30 can display different messages to the authenticated person who has failed in authentication depending on whether the authentication failure is received or the authentication failure corresponding to the face image update recommendation is received. ..
  • the authentication system can prompt the authenticated person to update the face image when the authenticated person fails to authenticate a predetermined number of times. That is, in the second embodiment, instead of the user presumed to be the authenticated person, it is recommended to update the face image to the authenticated person whose identity is verified in front of the authentication terminal 30. .. As a result, the authentication accuracy can be maintained as in the first embodiment.
  • FIG. 35 is a diagram showing an example of the hardware configuration of the authentication server 10.
  • the authentication server 10 can be configured by an information processing device (so-called computer), and includes the configuration illustrated in FIG. 35.
  • the authentication server 10 includes a processor 311, a memory 312, an input / output interface 313, a communication interface 314, and the like.
  • the components such as the processor 311 are connected by an internal bus or the like and are configured to be able to communicate with each other.
  • the configuration shown in FIG. 35 does not mean to limit the hardware configuration of the authentication server 10.
  • the authentication server 10 may include hardware (not shown) or may not include an input / output interface 313 if necessary.
  • the number of processors 311 and the like included in the authentication server 10 is not limited to the example shown in FIG. 35, and for example, a plurality of processors 311 may be included in the authentication server 10.
  • the processor 311 is a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), and a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
  • OS operating system
  • the memory 312 is a RAM (RandomAccessMemory), a ROM (ReadOnlyMemory), an HDD (HardDiskDrive), an SSD (SolidStateDrive), or the like.
  • the memory 312 stores an OS program, an application program, and various data.
  • the input / output interface 313 is an interface of a display device or an input device (not shown).
  • the display device is, for example, a liquid crystal display or the like.
  • the input device is, for example, a device that accepts user operations such as a keyboard and a mouse.
  • the communication interface 314 is a circuit, module, etc. that communicates with other devices.
  • the communication interface 314 includes a NIC (Network Interface Card) and the like.
  • the function of the authentication server 10 is realized by various processing modules.
  • the processing module is realized, for example, by the processor 311 executing a program stored in the memory 312.
  • the program can also be recorded on a computer-readable storage medium.
  • the storage medium may be a non-transient such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium. That is, the present invention can also be embodied as a computer program product. Further, the above program can be downloaded via a network or updated by using a storage medium in which the program is stored. Further, the processing module may be realized by a semiconductor chip.
  • the management server 20, the authentication terminal 30, and the terminal 40 can also be configured by an information processing device in the same manner as the authentication server 10, and the basic hardware configuration thereof is not different from that of the authentication server 10, so the description thereof will be omitted. ..
  • the authentication terminal 30 may be provided with a camera for photographing the user.
  • the authentication server 10 which is an information processing device is equipped with a computer, and the function of the authentication server 10 can be realized by causing the computer to execute a program. Further, the authentication server 10 executes the face image update recommendation method by the program.
  • the authentication system may determine an ID (identifier) that uniquely identifies the system user.
  • the authentication server 10 acquires the user's biometric information (face image, feature amount).
  • the authentication server 10 may generate the above ID based on the biometric information.
  • the authentication server 10 may calculate a hash value from the feature amount of the face image and use the calculated hash value as a substitute for the user ID and password. Since the feature amount of the face image differs for each user and the hash value generated from the feature amount also differs for each user, it can be used as an ID of the system user.
  • the user registration phase and the service registration phase are executed at different timings, but these phases may be executed at substantially the same timing.
  • the authentication terminal 30 installed in the service provider that the user wishes to provide the service may be used, and the above two registration phases may be executed.
  • the user performs user registration (input of biometric information, user ID, password) using the authentication terminal 30, and then continuously performs service registration (input of personal information, user ID, password). ) May be performed.
  • the authentication terminal 30 may be provided with a user registration function (user management unit 202) of the authentication server 10 and a personal information acquisition function (personal information acquisition unit 302) of the management server 20.
  • the plurality of authentication terminals 30 owned by the service provider do not have to be installed on the same site, building, or the like. If the service providers are common, each authentication terminal 30 may be installed in a spatially separated place.
  • one service provider ID is assigned to one service provider, but one service provider ID may be assigned to a plurality of service providers.
  • a plurality of service providers may be grouped together and a service provider ID may be issued for each group. For example, when the service providers S1 and S2 cooperate to provide the same service, a common service provider ID may be issued to the service providers S1 and S2.
  • the biometric information related to the "feature amount generated from the face image” is transmitted from the management server 20 to the authentication server 10 has been described.
  • the biometric information related to the "face image” may be transmitted from the management server 20 to the authentication server 10.
  • the authentication server 10 may generate a feature amount from the acquired face image and execute the authentication process (verification process).
  • the authentication terminal 30 acquires the face image and the management server 20 generates the feature amount from the face image has been described.
  • the authentication terminal 30 may generate a feature amount from the face image and transmit the generated feature amount to the management server 20. That is, the management server 20 does not have to generate the feature amount.
  • the authentication server 10 stores the user's biometric information (face image, feature amount) and the management server 20 stores the user's personal information (name, etc.) has been described.
  • these two servers may be integrated, and the integrated server may store biometric information and personal information. That is, the authentication terminal 30 may transmit the biometric information to the integrated server, and the server may transmit the corresponding personal information to the authentication terminal 30 as a result of the authentication process.
  • the authentication server 10 may generate a feature amount from the registered face image each time the authentication request is processed.
  • the identity verification using the identity verification document is performed at the time of the user's system registration, but the identity verification may be omitted.
  • the identity verification of the system user may be performed individually by the service provider. That is, the management server 20 may confirm the identity by using the biological information (face image) and the identity confirmation document. In this case, the management server 20 may delete the biometric information after the identity verification is completed.
  • the staff of the authentication center confirms the identity using the face image and the identity verification document obtained from the user, and inputs the user information (user ID, password, face image) whose identity is certain to the authentication server 10. You may.
  • the authentication server 10 may also use the old feature amount for the collation process.
  • the authentication server 10 may use the old feature amount for the collation process when the collation process using the new feature amount (updated feature amount) is not successful.
  • each device authentication server 10, management server 20, authentication terminal 30
  • the form of data transmission / reception between each device is not particularly limited, but the data transmitted / received between these devices may be encrypted.
  • Biometric information is transmitted and received between these devices, and it is desirable that encrypted data be transmitted and received in order to appropriately protect the biometric information.
  • the user's terminal 40 is used for updating the face image.
  • the terminal 40 may be used for purposes other than updating the facial image.
  • the user may update other information registered in the authentication server 10 by using the terminal 40.
  • the user may access the authentication server 10 using the terminal 40 and select a service provider who receives the service by biometric authentication. That is, the user may register the service via the authentication server 10.
  • the user may apply for withdrawal from the system or service by using the terminal 40.
  • the face image update recommendation unit 206 may determine whether or not to send the face image update recommendation notification instead of the number of failures or based on other information. For example, it may be determined whether or not to send the face image update recommendation notification according to the age of the user. For example, when the user is a minor, the face changes rapidly with the passage of time, so the face image update recommendation unit 206 may send the face image update recommendation notification with a small number of failures.
  • the face image update recommendation unit 206 may change the threshold value TH7 that determines the transmission of the face image update recommendation notification according to the age of the user (user registered in the authentication failure database).
  • the face image update recommendation unit 206 may change the threshold value TH7 according to the elapsed period from the time of system registration. Specifically, when the system registration period is short, the threshold value TH7 is set large, and when the period is long, the threshold value TH7 is set small. With such a response, the longer the system registration period, the higher the possibility that the face image update recommendation notification will be sent.
  • the authentication server 10 may prompt the authentication terminal 30 to update the face image when the authentication fails a plurality of times for the authentication request from the same authentication terminal 30 (management server 20). For example, when the authentication fails, the authentication server 10 retains the feature amount immediately before the person to be authenticated, and when it is recognized that the authentication fails for the same person, the management server 20 and the authentication terminal 30 are used. You may be prompted to update the face image via.
  • the authentication server 10 may change the threshold value TH6 for estimating the person to be authenticated who has failed in authentication according to the source of the authentication request (management server 20). For example, consider a case where the environment in which the authentication terminal 30 is installed is bad and there is a high tendency for authentication to fail. The reliability of the face image acquired in such an environment and the authentication result using the face image is low. Therefore, the authentication server 10 sets the threshold value TH6 high. As a result, it is possible to prevent unreliable results obtained in a poor environment from being registered in the authentication failure database.
  • the authentication server 10 may store the history related to the authentication of the user registered in the authentication failure database. Specifically, the information of the service provider (management server 20) that has succeeded in authenticating the user and the service provider that has failed in authentication may be stored in association with each other. If the authentication server 10 fails to authenticate a large number of specific service providers, the authentication server 10 may notify the service provider to that effect. For example, when the probabilities of successful authentication differ greatly among a plurality of service providers, the authentication server 10 notifies a large number of service providers who have failed in authentication to that effect, and a face image shooting environment or the like. May be encouraged to improve.
  • the authentication server 10 registers a user who is presumed to have failed in authentication due to a change in appearance or the like in the authentication failure database.
  • the authentication server 10 may notify the authentication terminal 30 via the management server 20 at the time of registration of the database.
  • the authentication terminal 30 that received the notification said, "Your authentication failed.
  • the face image registered in the system may be out of date. We recommend updating the face image.” May be displayed. In the case of urging (recommending) the update of the face image via the authentication terminal 30 in this way, the user does not need to register the contact information in the authentication server 10.
  • the authentication server 10 may uniformly store information for each authenticated person who has failed in authentication. When the authentication fails, the authentication server 10 may register the user information corresponding to the largest similarity in the authentication failure database.
  • the authentication unit 205 registers the feature amount of the person to be authenticated who has failed in authentication in the authentication failure database.
  • the authentication unit 205 may register the feature amount corresponding to the similarity having the largest value among the calculated similarities in the authentication failure database instead of the feature amount of the subject to be authenticated. That is, the authentication failure database may store the feature amount of the user presumed to be the authenticated person (the user with the maximum similarity) among a plurality of users in association with the number of authentication failures.
  • the authentication unit 205 performs a collation process using the feature amount stored in the authentication failure database and the feature amount of the authenticated person who failed in the authentication, and the authentication unit 205 fails in the authentication. Identifies the person's entry.
  • the authentication unit 205 updates the value in the failure count field of the identified entry.
  • each embodiment may be used alone or in combination. For example, it is possible to replace a part of the configuration of the embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of the embodiment. Further, it is possible to add, delete, or replace a part of the configuration of the embodiment with another configuration.
  • the present invention is suitably applicable to an authentication system for certifying customers such as retail stores and hotel operators.
  • the application destination of the disclosure of the present application is not limited to the authentication system, and the disclosure of the present application is suitable for a system for updating biometric information (particularly, a registered facial image).
  • [Appendix 1] A first database that stores biometric information about the faces of multiple users, With reference to the first database, the authentication unit that authenticates the person to be authenticated and When the authentication of the authenticated person fails, it is recommended to update the biometric information stored in the first database to the user who is presumed to be the authenticated person among the plurality of users. Department and An authentication server.
  • [Appendix 2] The authentication server according to Appendix 1, wherein the recommendation unit recommends updating the biometric information when it is determined that the authentication has failed due to a change in the appearance of the person to be authenticated.
  • the first database stores the feature quantities generated from the facial images of each of the plurality of users, and stores the features.
  • the certification unit The similarity between each of the plurality of feature quantities stored in the first database and the feature quantity of the subject to be authenticated is calculated. Based on the result of the threshold processing for the calculated similarity, the user presumed to be the authenticated person is identified.
  • the authentication server according to Appendix 1 or 2, which stores the specified user information in a second database.
  • the authentication unit estimates that the user corresponding to the similarity having the largest value among the calculated similarities larger than the first threshold value and equal to or less than the second threshold value is the authenticated person.
  • [Appendix 5] The authentication server according to Appendix 4, wherein the first threshold value is a threshold value for determining the person to be authenticated as the person himself / herself, and the second threshold value is a threshold value for determining the person to be authenticated as another person.
  • the authentication unit stores at least the number of times of failure in authentication regarding the user presumed to be authenticated in the second database.
  • [Appendix 7] The authentication server according to Appendix 6, wherein the recommendation unit recommends updating the biometric information based on the result of the threshold value processing for the number of times the authentication fails.
  • [Appendix 8] The authentication server according to any one of Supplementary note 3 to 7, wherein the second database stores the contact information of the user who is presumed to be the authenticated person.
  • [Appendix 9] The authentication server according to Appendix 8, wherein the recommendation unit sends a face image update recommendation notification to a contact stored in the second database.
  • [Appendix 10] The authentication according to Appendix 9, wherein the recommendation unit is a face image stored in the first database and transmits the face image update recommendation notification including the face image of the user presumed to be the authenticated person. server.
  • the recommendation unit determines whether or not to send the face image update recommendation notification according to the age of the user presumed to be the authenticated person or the system registration period.
  • the listed authentication server. [Appendix 13] The authentication server according to Appendix 1 recommends that the person to be authenticated update the biometric information stored in the first database on behalf of the user who is presumed to be the person to be authenticated. ..
  • a second database for storing the number of times the authentication for the person to be authenticated fails.
  • the recommendation unit is the authentication server of Appendix 13 that recommends the person to be authenticated to update the biometric information when the number of times the authentication of the person to be authenticated fails is larger than a predetermined value.
  • the second database stores the biometric information of the person to be authenticated in association with the number of times the authentication fails.
  • the authentication server of Appendix 14 that identifies the entry of the authenticated person and updates the number of times that the authentication of the specified entry fails.
  • the second database stores the biometric information of the user presumed to be the authenticated person among the plurality of users in association with the number of times the authentication fails.
  • the authentication unit fails in the authentication by a collation process using the biometric information stored in the second database and the biometric information of the authenticated person who failed in the authentication.
  • the authentication server of Appendix 14 that identifies the entry of the authenticated person and updates the number of times that the authentication of the specified entry fails.
  • [Appendix 17] In an authentication server equipped with a first database that stores biometric information about the faces of multiple users.
  • the person to be authenticated is authenticated.
  • the user who is presumed to be the authenticated person among the plurality of users is advised to update the biometric information stored in the first database.
  • Image update recommendation method. A computer installed in an authentication server equipped with a first database that stores biometric information about the faces of multiple users. The process of authenticating the person to be authenticated with reference to the first database, When the authentication of the authenticated person fails, the process of recommending the user who is presumed to be the authenticated person among the plurality of users to update the biometric information stored in the first database.
  • a computer-readable storage medium that stores programs for executing.
  • Authentication server 20 Management server 30 Authentication terminal 40 Terminal 101 First database 102, 205 Authentication unit 103 Recommendation unit 201, 301, 401 Communication control unit 202 User management unit 203, 304 Database (DB; Data Base) management Unit 204 Service registration unit 206 Face image update recommendation unit 207, 306, 405 Storage unit 302 Personal information acquisition unit 303 Service registration request unit 305 Authentication request unit 311 Processor 312 Memory 313 Input / output interface 314 Communication interface 402 Biometric information acquisition unit 403 Service Providing unit 404 Message output unit

Abstract

Provided is an authentication server that maintains authentication accuracy. The authentication server comprises a first database, an authentication unit, and a recommendation unit. The first database stores biological information related to the face of each of a plurality of users. The authentication unit refers to the first database to authenticate a person subject to authentication. If authentication of the person subject to authentication fails, the recommendation unit makes a recommendation to a user, out of the plurality of users, who is estimated to be the person subject to authentication, and recommends an update of the biological information stored in the first database.

Description

認証サーバ、顔画像更新勧告方法及び記憶媒体Authentication server, face image update recommendation method and storage medium
 本発明は、認証サーバ、顔画像更新勧告方法及び記憶媒体に関する。 The present invention relates to an authentication server, a face image update recommendation method, and a storage medium.
 近年、生体情報を利用した各種サービスの普及が始まっている。例えば、空港内で行われる各種手続き(チェックイン、手荷物預け入れ等)やホテルのチェックイン等に顔認証が用いられている。 In recent years, various services using biometric information have begun to spread. For example, face recognition is used for various procedures (check-in, baggage check-in, etc.) performed at the airport and hotel check-in.
 顔認証を利用したサービスでは、次のような流れで処理が行われる。まず、端末(空港やホテルに設置された端末)が利用客の顔画像を取得し、当該顔画像を特徴付ける特徴量(特徴ベクトル)を生成する。生成された特徴量は、ネットワーク上のサーバに送信される。 In the service using face recognition, the processing is performed in the following flow. First, a terminal (a terminal installed at an airport or a hotel) acquires a face image of a user and generates a feature amount (feature vector) that characterizes the face image. The generated features are sent to a server on the network.
 サーバは、顔認証によるサービスを受ける利用者の生体情報と個人情報(氏名、住所等)を格納するデータベースを備える。サーバは、端末から照合要求を取得すると、上記データベースを検索(照合)し、端末からの照合要求に対応する生体情報と個人情報を特定する。サーバは、特定した個人情報を端末に送信し、空港等に設置された端末は、取得した個人情報に基づいた業務を行う。 The server is equipped with a database that stores the biometric information and personal information (name, address, etc.) of the user who receives the service by face recognition. When the server acquires the collation request from the terminal, the server searches (collates) the database and identifies the biometric information and personal information corresponding to the collation request from the terminal. The server sends the specified personal information to the terminal, and the terminal installed at the airport or the like performs business based on the acquired personal information.
 生体情報を用いた認証に関する技術開発が進んでいる。 Technological development related to authentication using biometric information is in progress.
 例えば、特許文献1には、認証成功率を向上することができる携帯情報端末装置を提供する、と記載されている。特許文献1に開示された技術では、認証に成功した場合、一定の条件を満たすことを前提に、その認証処理よりも前に行われた認証処理において認証に失敗したときの特徴情報(失敗特徴情報)が新たな登録特徴情報として特徴情報記憶部に追加される。その後に行われる認証処理においては、特徴情報記憶部に既に記憶されている登録特徴情報に加えて、失敗特徴情報も用いて認証処理が行われる。 For example, Patent Document 1 describes that a portable information terminal device capable of improving the authentication success rate is provided. In the technique disclosed in Patent Document 1, if the authentication is successful, the characteristic information (failure characteristic) when the authentication fails in the authentication process performed before the authentication process on the premise that certain conditions are satisfied. Information) is added to the feature information storage unit as new registered feature information. In the subsequent authentication process, the authentication process is performed using the failed feature information in addition to the registered feature information already stored in the feature information storage unit.
 特許文献2には、ユーザの生体情報の読み取らせ方の癖、またはユーザの生体が経年変化することより発生する認証エラーを軽減させる、と記載されている。特許文献2の認証装置は、ユーザテーブルと、指紋画像受付部と、認証部と、一時記憶部と、比較部と、置換部と、を備える。ユーザテーブルは、指紋画像を認証用画像として記憶する。指紋画像受付部は、指紋画像を受け付ける。認証部は、指紋画像を認証用画像と比較し、認証する。一時記憶部は、認証に成功するまでに受け付けられた指紋画像を一時記憶画像として一時的に記憶する。比較部は、認証に成功した場合、一時記憶画像を認証用画像と関連付けられた失敗画像と比較し、一致すると判断された場合に失敗画像に対応する一致回数をカウントアップする。比較部は、一致しないと判断された場合に一時記憶画像を失敗画像として認証用画像に関連付けて記憶する。置換部は、対応する一致回数が所定の値以上の失敗画像で認証用画像を置き換える。 Patent Document 2 describes that the habit of reading the biometric information of the user or the authentication error caused by the aging of the biometric information of the user is reduced. The authentication device of Patent Document 2 includes a user table, a fingerprint image receiving unit, an authentication unit, a temporary storage unit, a comparison unit, and a replacement unit. The user table stores the fingerprint image as an authentication image. The fingerprint image receiving unit receives the fingerprint image. The authentication unit compares the fingerprint image with the authentication image and authenticates the image. The temporary storage unit temporarily stores the fingerprint image received until the authentication is successful as a temporary storage image. When the authentication is successful, the comparison unit compares the temporary storage image with the failed image associated with the authentication image, and when it is determined that they match, the comparison unit counts up the number of matches corresponding to the failed image. When it is determined that they do not match, the comparison unit stores the temporary storage image as a failure image in association with the authentication image. The replacement unit replaces the authentication image with a failed image whose corresponding number of matches is equal to or greater than a predetermined value.
特開2007-047931号公報Japanese Unexamined Patent Publication No. 2007-047931 特開2008-217442号公報Japanese Unexamined Patent Publication No. 2008-21742
 上述のように、端末が取得した顔画像とサーバに登録された顔画像の類似度により顔認証が行われる。つまり、端末がサーバに送信する顔画像とサーバに登録された顔画像が実質的に一致(同一人物)と判断されないと顔認証に失敗する。ここで、顔画像を登録してから長い時間が経過すると、容姿の変化等から上記2枚の顔画像の一致性が薄れ、認証に失敗することが多くなる。なお、特許文献1、2には容姿の変化に伴う認証精度の悪化を防止する技術は開示されていない。 As described above, face authentication is performed based on the degree of similarity between the face image acquired by the terminal and the face image registered in the server. That is, the face authentication fails unless it is determined that the face image transmitted by the terminal to the server and the face image registered in the server substantially match (the same person). Here, when a long time has passed since the face image was registered, the matching of the two face images is weakened due to a change in appearance or the like, and authentication often fails. It should be noted that Patent Documents 1 and 2 do not disclose a technique for preventing deterioration of authentication accuracy due to a change in appearance.
 本発明は、認証精度を維持することに寄与する、認証サーバ、顔画像更新勧告方法及び記憶媒体を提供することを主たる目的とする。 The main object of the present invention is to provide an authentication server, a face image update recommendation method, and a storage medium that contribute to maintaining the authentication accuracy.
 本発明の第1の視点によれば、複数の利用者それぞれの顔に関する生体情報を記憶する、第1のデータベースと、前記第1のデータベースを参照して、被認証者の認証を行う認証部と、前記被認証者の認証に失敗した場合に、前記複数の利用者のうち前記被認証者と推定される利用者に対して前記第1のデータベースに記憶された生体情報の更新を勧告する、勧告部と、を備える、認証サーバが提供される。 According to the first viewpoint of the present invention, the authentication unit that authenticates the authenticated person by referring to the first database that stores the biometric information about the faces of each of the plurality of users and the first database. When the authentication of the person to be authenticated fails, it is recommended to the user who is presumed to be the person to be authenticated among the plurality of users to update the biometric information stored in the first database. , An authentication unit, and an authentication server are provided.
 本発明の第2の視点によれば、複数の利用者それぞれの顔に関する生体情報を記憶する、第1のデータベースを備える認証サーバにおいて、前記第1のデータベースを参照して、被認証者の認証を行い、前記被認証者の認証に失敗した場合に、前記複数の利用者のうち前記被認証者と推定される利用者に対して前記第1のデータベースに記憶された生体情報の更新を勧告する、顔画像更新勧告方法が提供される。 According to the second viewpoint of the present invention, in the authentication server provided with the first database that stores the biometric information about the faces of each of the plurality of users, the authenticated person is authenticated by referring to the first database. When the authentication of the authenticated person fails, it is recommended to the user who is presumed to be the authenticated person among the plurality of users to update the biometric information stored in the first database. A method for recommending face image update is provided.
 本発明の第3の視点によれば、複数の利用者それぞれの顔に関する生体情報を記憶する、第1のデータベースを備える認証サーバに搭載されたコンピュータに、前記第1のデータベースを参照して、被認証者の認証を行う処理と、前記被認証者の認証に失敗した場合に、前記複数の利用者のうち前記被認証者と推定される利用者に対して前記第1のデータベースに記憶された生体情報の更新を勧告する処理と、を実行させるためのプログラムを記憶する、コンピュータ読取可能な記憶媒体が提供される。 According to the third viewpoint of the present invention, the computer mounted on the authentication server provided with the first database, which stores the biometric information about the faces of each of the plurality of users, is referred to the first database. When the process of authenticating the person to be authenticated and the authentication of the person to be authenticated fail, the user who is presumed to be the person to be authenticated is stored in the first database among the plurality of users. A computer-readable storage medium is provided that stores a process for recommending an update of biometric information and a program for executing the process.
 本発明の各視点によれば、認証精度を維持することに寄与する、認証サーバ、顔画像更新勧告方法及び記憶媒体が提供される。なお、本発明の効果は上記に限定されない。本発明により、当該効果の代わりに、又は当該効果と共に、他の効果が奏されてもよい。 According to each viewpoint of the present invention, an authentication server, a face image update recommendation method, and a storage medium that contribute to maintaining the authentication accuracy are provided. The effect of the present invention is not limited to the above. According to the present invention, other effects may be produced in place of or in combination with the effect.
一実施形態の概要を説明するための図である。It is a figure for demonstrating the outline of one Embodiment. 第1の実施形態に係る認証システムの概略構成の一例を示す図である。It is a figure which shows an example of the schematic structure of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの利用者登録フェーズにおける動作を説明するための図である。It is a figure for demonstrating the operation in the user registration phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムのサービス登録フェーズにおける動作を説明するための図である。It is a figure for demonstrating operation in the service registration phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムのサービス提供フェーズにおける動作を説明するための図である。It is a figure for demonstrating operation in the service provision phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの処理構成の一例を示す図である。It is a figure which shows an example of the processing configuration of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの利用者管理部の動作を説明するための図である。It is a figure for demonstrating the operation of the user management part of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの利用者管理部の動作を説明するための図である。It is a figure for demonstrating the operation of the user management part of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの利用者管理部の動作を説明するための図である。It is a figure for demonstrating the operation of the user management part of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの利用者管理部の動作を説明するための図である。It is a figure for demonstrating the operation of the user management part of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの利用者管理部の動作を説明するための図である。It is a figure for demonstrating the operation of the user management part of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る利用者管理部の顔画像更新に関する動作の一例を示すフローチャートである。It is a flowchart which shows an example of the operation about the face image update of the user management part which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの利用者管理部の動作を説明するための図である。It is a figure for demonstrating the operation of the user management part of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの利用者管理部の動作を説明するための図である。It is a figure for demonstrating the operation of the user management part of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの利用者管理部の動作を説明するための図である。It is a figure for demonstrating the operation of the user management part of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの利用者管理部の動作を説明するための図である。It is a figure for demonstrating the operation of the user management part of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの利用者管理部の動作を説明するための図である。It is a figure for demonstrating the operation of the user management part of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの利用者管理部の動作を説明するための図である。It is a figure for demonstrating the operation of the user management part of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る認証情報データベースの一例を示す図である。It is a figure which shows an example of the authentication information database which concerns on 1st Embodiment. 第1の実施形態に係る認証情報データベースの一例を示す図である。It is a figure which shows an example of the authentication information database which concerns on 1st Embodiment. 第1の実施形態に係る認証情報データベースの一例を示す図である。It is a figure which shows an example of the authentication information database which concerns on 1st Embodiment. 第1の実施形態に係る認証部の動作の一例を示すフローチャートである。It is a flowchart which shows an example of the operation of the authentication part which concerns on 1st Embodiment. 第1の実施形態に係る認証失敗データベースの一例を示す図である。It is a figure which shows an example of the authentication failure database which concerns on 1st Embodiment. 第1の実施形態に係る端末に表示される画面の一例を示す図である。It is a figure which shows an example of the screen displayed on the terminal which concerns on 1st Embodiment. 第1の実施形態に係る端末に表示される画面の一例を示す図である。It is a figure which shows an example of the screen displayed on the terminal which concerns on 1st Embodiment. 第1の実施形態に係る顔画像更新勧告部の動作の一例を示すフローチャートである。It is a flowchart which shows an example of the operation of the face image update recommendation part which concerns on 1st Embodiment. 第1の実施形態に係る管理サーバの処理構成の一例を示す図である。It is a figure which shows an example of the processing configuration of the management server which concerns on 1st Embodiment. 第1の実施形態に係る管理サーバの個人情報取得部の動作を説明するための図である。It is a figure for demonstrating the operation of the personal information acquisition part of the management server which concerns on 1st Embodiment. 第1の実施形態に係る利用者情報データベースの一例を示す図である。It is a figure which shows an example of the user information database which concerns on 1st Embodiment. 第1の実施形態に係る認証端末の処理構成の一例を示す図である。It is a figure which shows an example of the processing configuration of the authentication terminal which concerns on 1st Embodiment. 第1の実施形態に係る認証システムのサービス登録フェーズに関する動作の一例を示すシーケンス図である。It is a sequence diagram which shows an example of the operation about the service registration phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムのサービス提供フェーズに関する動作の一例を示すシーケンス図である。It is a sequence diagram which shows an example of the operation about the service provision phase of the authentication system which concerns on 1st Embodiment. 第2の実施形態に係る認証失敗データベースの一例を示す図である。It is a figure which shows an example of the authentication failure database which concerns on 2nd Embodiment. 第2の実施形態に係る認証部の動作の一例を示すフローチャートである。It is a flowchart which shows an example of the operation of the authentication part which concerns on 2nd Embodiment. 認証サーバのハードウェア構成の一例を示す図である。It is a figure which shows an example of the hardware configuration of an authentication server.
 はじめに、一実施形態の概要について説明する。なお、この概要に付記した図面参照符号は、理解を助けるための一例として各要素に便宜上付記したものであり、この概要の記載はなんらの限定を意図するものではない。また、特段の釈明がない場合には、各図面に記載されたブロックはハードウェア単位の構成ではなく、機能単位の構成を表す。各図におけるブロック間の接続線は、双方向及び単方向の双方を含む。一方向矢印については、主たる信号(データ)の流れを模式的に示すものであり、双方向性を排除するものではない。なお、本明細書及び図面において、同様に説明されることが可能な要素については、同一の符号を付することにより重複説明が省略され得る。 First, the outline of one embodiment will be explained. It should be noted that the drawing reference reference numerals added to this outline are added to each element for convenience as an example for assisting understanding, and the description of this outline is not intended to limit anything. Further, unless otherwise specified, the blocks described in each drawing represent not the configuration of hardware units but the configuration of functional units. Connection lines between blocks in each figure include both bidirectional and unidirectional. The one-way arrow schematically shows the flow of the main signal (data), and does not exclude bidirectionality. In the present specification and the drawings, the same reference numerals may be given to elements that can be similarly described, so that duplicate description may be omitted.
 一実施形態に係る認証サーバ100は、第1のデータベース101と、認証部102と、勧告部103と、を備える(図1参照)。第1のデータベース101は、複数の利用者それぞれの顔に関する生体情報を記憶する。認証部102は、第1のデータベース101を参照して、被認証者の認証を行う。勧告部103は、被認証者の認証に失敗した場合に、複数の利用者のうち被認証者と推定される利用者に対して第1のデータベース101に記憶された生体情報の更新を勧告する。 The authentication server 100 according to the embodiment includes a first database 101, an authentication unit 102, and a recommendation unit 103 (see FIG. 1). The first database 101 stores biometric information about the faces of each of the plurality of users. The authentication unit 102 authenticates the person to be authenticated with reference to the first database 101. When the authentication of the authenticated person fails, the recommendation unit 103 recommends the user who is presumed to be the authenticated person among the plurality of users to update the biometric information stored in the first database 101. ..
 認証サーバ100は、例えば、被認証者の容姿の変化等により認証に失敗したと判断される場合には、被認証者と推定される利用者に対して顔画像の更新を促す。その結果、利用者は適切な時期に、認証サーバ100に登録した顔画像を更新することができ、認証に失敗する可能性が減る。即ち、長期に亘り認証精度を維持することができる。 When it is determined that the authentication has failed due to, for example, a change in the appearance of the person to be authenticated, the authentication server 100 prompts a user presumed to be the person to be authenticated to update the face image. As a result, the user can update the face image registered in the authentication server 100 at an appropriate time, and the possibility that the authentication fails is reduced. That is, the authentication accuracy can be maintained for a long period of time.
 以下に具体的な実施形態について、図面を参照してさらに詳しく説明する。 The specific embodiments will be described in more detail below with reference to the drawings.
[第1の実施形態]
 第1の実施形態について、図面を用いてより詳細に説明する。 [First Embodiment]
The first embodiment will be described in more detail with reference to the drawings.
[システムの構成]
 図2は、第1の実施形態に係る認証システムの概略構成の一例を示す図である。図2に示すように、認証システムには、認証センターと複数のサービス提供者が含まれる。 [System configuration]
FIG. 2 is a diagram showing an example of a schematic configuration of the authentication system according to the first embodiment. As shown in FIG. 2, the authentication system includes an authentication center and a plurality of service providers.
 認証システムに参加する各サービス提供者は、生体認証を用いたサービスの提供を行う。サービス提供者により提供されるサービスとして、小売店等での代金決済サービスやホテル等での宿泊サービスが例示される。あるいは、サービス提供者により提供されるサービスは、空港や港における出入国審査等であってもよい。本願開示のサービス提供者は、生体認証を用いて提供できる任意のサービスが提供できればよい。 Each service provider participating in the authentication system provides services using biometric authentication. Examples of services provided by service providers include payment services at retail stores and accommodation services at hotels and the like. Alternatively, the service provided by the service provider may be immigration at an airport or port. The service provider disclosed in the present application may be able to provide any service that can be provided by using biometric authentication.
 認証センターには、認証サーバ10が設置されている。認証サーバ10は、生体情報を用いた認証の認証局として動作する情報処理装置である。認証サーバ10は、認証センターの敷地に設置されたサーバであってもよいし、クラウド上に設置されたサーバであってもよい。 The authentication server 10 is installed in the authentication center. The authentication server 10 is an information processing device that operates as a certificate authority for authentication using biometric information. The authentication server 10 may be a server installed on the site of the authentication center or a server installed on the cloud.
 なお、利用者の生体情報には、例えば、顔、指紋、声紋、静脈、網膜、瞳の虹彩の模様(パターン)といった個人に固有の身体的特徴から計算されるデータ(特徴量)が例示される。あるいは、利用者の生体情報は、顔画像、指紋画像等の画像データであってもよい。利用者の生体情報は、利用者の身体的特徴を情報として含むものであればよい。 In addition, the biometric information of the user exemplifies data (feature amount) calculated from physical characteristics peculiar to an individual such as a face, a fingerprint, a voice print, a vein, a retina, and an iris pattern (pattern) of the pupil. To. Alternatively, the biometric information of the user may be image data such as a face image and a fingerprint image. The biometric information of the user may be any information that includes the physical characteristics of the user.
 認証サーバ10は、生体認証によるサービスを実現するためのサーバ装置である。認証サーバ10は、各サービス提供者から送信される「認証要求」を処理し、認証処理の結果をサービス提供者に送信する。 The authentication server 10 is a server device for realizing a service by biometric authentication. The authentication server 10 processes the "authentication request" transmitted from each service provider, and transmits the result of the authentication process to the service provider.
 各サービス提供者は、管理サーバと認証端末を有する。 Each service provider has a management server and an authentication terminal.
 例えば、サービス提供者S1には、管理サーバ20と、複数の認証端末30が設置されている。サービス提供者S2には、管理サーバ20と、複数の認証端末31が設置されている。 For example, the service provider S1 is provided with a management server 20 and a plurality of authentication terminals 30. The service provider S2 is provided with a management server 20 and a plurality of authentication terminals 31.
 以降の説明において、各構成要素を区別する必要がある場合には、ハイフンより右側の符号を用いる。サービス提供者S1とサービス提供者S2に含まれる各装置の動作等は同一とすることができるので、以降の説明は、サービス提供者S1を中心に説明する。 In the following explanation, when it is necessary to distinguish each component, the code on the right side of the hyphen is used. Since the operation and the like of each device included in the service provider S1 and the service provider S2 can be the same, the following description will be centered on the service provider S1.
 図2に示す各装置は相互に接続されている。例えば、認証サーバ10と管理サーバ20は、有線又は無線の通信手段により接続され、相互に通信が可能となるように構成されている。 The devices shown in FIG. 2 are connected to each other. For example, the authentication server 10 and the management server 20 are connected by a wired or wireless communication means and are configured to be able to communicate with each other.
 管理サーバ20は、サービス提供者の業務全般を制御、管理するサーバである。例えば、サービス提供者が小売店である場合には、管理サーバ20は、商品の在庫管理等を行う。あるいは、サービス提供者がホテル事業者であれば、管理サーバ20は、宿泊客の予約情報の管理等を行う。 The management server 20 is a server that controls and manages the entire business of the service provider. For example, when the service provider is a retail store, the management server 20 manages inventory of products. Alternatively, if the service provider is a hotel operator, the management server 20 manages the reservation information of the guest.
 管理サーバ20は、上記サービス提供に係る機能に加え、利用者の生体認証に関する制御機能、管理機能を備える。 The management server 20 has a control function and a management function related to biometric authentication of the user, in addition to the functions related to the above service provision.
 認証端末30は、サービス提供者を訪れた利用者(利用客)のインターフェイスとなる装置である。利用者は、認証端末30を介して種々のサービス提供を受ける。例えば、サービス提供者が小売店である場合には、利用者は、認証端末30を用いて代金の決済を行う。あるいは、サービス提供者がホテル事業者であれば、利用者は認証端末30を用いてチェックイン手続きを行う。 The authentication terminal 30 is a device that serves as an interface for users (users) who visit the service provider. The user receives various services via the authentication terminal 30. For example, when the service provider is a retail store, the user pays the price using the authentication terminal 30. Alternatively, if the service provider is a hotel operator, the user performs a check-in procedure using the authentication terminal 30.
 図2は例示であって、本願開示の認証システムの構成等を限定する趣旨ではない。例えば、認証センターには2台以上の認証サーバ10が含まれていてもよい。あるいは、サービス提供者には少なくとも1台以上の認証端末30が含まれればよい。あるいは、管理サーバ20と認証端末30の機能が統合され、当該統合された1台の装置により生体認証を用いたサービスが提供されてもよい。あるいは、各サービス提供者において、図2に示すように1台の管理サーバ20に複数の認証端末30が接続されていてもよいし、1台の管理サーバ20に1台の認証端末30が接続されていてもよい。 FIG. 2 is an example, and does not mean to limit the configuration of the authentication system disclosed in the present application. For example, the authentication center may include two or more authentication servers 10. Alternatively, the service provider may include at least one authentication terminal 30. Alternatively, the functions of the management server 20 and the authentication terminal 30 may be integrated, and the integrated device may provide a service using biometric authentication. Alternatively, in each service provider, as shown in FIG. 2, a plurality of authentication terminals 30 may be connected to one management server 20, or one authentication terminal 30 may be connected to one management server 20. It may have been done.
[システムの動作概略]
 続いて、第1の実施形態に係る認証システムの概略動作について説明する。 [Overview of system operation]
Subsequently, the schematic operation of the authentication system according to the first embodiment will be described.
 認証システムの動作には、3つのフェーズが含まれる。 The operation of the authentication system includes three phases.
 第1のフェーズは、利用者のシステム登録を行うフェーズ(利用者登録フェーズ)である。 The first phase is the phase for registering the user's system (user registration phase).
 第2のフェーズは、サービスの登録を行うフェーズ(サービス登録フェーズ)である。 The second phase is the service registration phase (service registration phase).
 第3のフェーズは、利用者に生体認証を用いたサービスを提供するフェーズ(サービス提供フェーズ)である。 The third phase is a phase (service provision phase) in which a service using biometric authentication is provided to a user.
[利用者登録フェーズ]
 図3は、第1の実施形態に係る認証システムの利用者登録フェーズにおける動作を説明するための図である。 [User registration phase]
FIG. 3 is a diagram for explaining the operation in the user registration phase of the authentication system according to the first embodiment.
 生体認証を用いたサービスの提供を希望する利用者は、事前に利用者登録を行う。利用者は、認証システムにて利用者自身を特定するための情報(ユーザID(Identifier)、パスワード(PW;Pass Word))を決定し、システムに登録する。なお、図3を含む図面において、ユーザIDを「uID」と表記する。 Users who wish to provide services using biometric authentication should register as users in advance. The user determines the information (user ID (Identifier), password (PW; PassWord)) for identifying the user himself / herself in the authentication system, and registers the information in the system. In the drawings including FIG. 3, the user ID is referred to as "uID".
 また、利用者は、自身の生体情報(例えば、顔画像)、身元確認書類(例えば、パスポート等)、連絡先(例えば、メールアドレス等)をシステムに登録する。利用者は、任意の手段を用いて上記5つの情報(ユーザID、パスワード、生体情報、身元確認書類、連絡先)をシステムに登録する。 In addition, the user registers his / her own biometric information (for example, face image), identity verification document (for example, passport, etc.), and contact information (for example, e-mail address, etc.) in the system. The user registers the above five pieces of information (user ID, password, biometric information, identity verification document, contact information) in the system by any means.
 例えば、利用者は、所有する端末40を操作して撮像した自身の顔画像と、ユーザID、パスワード、身元確認書類、連絡先を認証サーバ10に入力してもよい。端末40には、スマートフォン、携帯電話機、ゲーム機、タブレット等の携帯端末装置やコンピュータ(パーソナルコンピュータ、ノートパソコン)等が例示される。 For example, the user may input his / her own face image captured by operating the terminal 40 owned by the user, a user ID, a password, an identification document, and contact information into the authentication server 10. Examples of the terminal 40 include mobile terminal devices such as smartphones, mobile phones, game machines, and tablets, computers (personal computers, notebook computers), and the like.
 認証サーバ10は、取得した顔画像及び身元確認書類を用いて利用者の本人確認を行う。具体的には、認証サーバ10は、取得した顔画像と身元確認書類に記載された顔画像が同一人物による顔画像の場合に、利用者本人によるシステム登録申請と判断する。 The authentication server 10 confirms the identity of the user using the acquired face image and identity verification document. Specifically, the authentication server 10 determines that the system registration application is made by the user himself / herself when the acquired face image and the face image described in the identification document are face images of the same person.
 その後、認証サーバ10は、取得した顔画像から特徴量(複数の特徴量からなる特徴ベクトル)を生成し、当該特徴量、顔画像、ユーザID、パスワード、連絡先を対応付けて認証情報データベースに記憶する。認証サーバ10が取得した身元確認書類は本人確認の終了後に破棄されてもよいし、ユーザID等と対応付けて記憶されてもよい。 After that, the authentication server 10 generates a feature amount (feature vector consisting of a plurality of feature amounts) from the acquired face image, and associates the feature amount, the face image, a user ID, a password, and a contact information in the authentication information database. Remember. The identity verification document acquired by the authentication server 10 may be destroyed after the completion of the identity verification, or may be stored in association with the user ID or the like.
 システム利用者は、システムに登録した顔画像を更新することができる。システムの利用を開始してから長時間経過した場合など、利用者は、今の顔(顔画像)をシステムに登録したいという希望を持つことがある。この場合、認証サーバは、顔画像の更新可否を判断し、その結果に応じて登録された顔画像を変更する。 The system user can update the face image registered in the system. When a long time has passed since the start of using the system, the user may have a desire to register the current face (face image) in the system. In this case, the authentication server determines whether or not the face image can be updated, and changes the registered face image according to the result.
 さらに、認証サーバ10は、生体認証の結果から登録された顔画像を更新した方がよいと判断した場合には、その旨を利用者(端末40)に通知する。認証サーバ10は、利用者に対して登録された顔画像の更新を促す。 Further, when the authentication server 10 determines that it is better to update the registered face image from the result of biometric authentication, the authentication server 10 notifies the user (terminal 40) to that effect. The authentication server 10 prompts the user to update the registered face image.
 顔画像更新の勧告や顔画像の更新可否に関する詳細な説明は後述する。 The recommendation for updating the face image and the detailed explanation regarding whether or not the face image can be updated will be described later.
 なお、第1の実施形態では、システム利用者を一意に定める識別子としてユーザIDとパスワードを用いる例を説明するが、利用者間でユーザIDの重複がなければ、上記識別子としてユーザIDを用いることも可能である。 In the first embodiment, an example in which a user ID and a password are used as an identifier uniquely defining a system user will be described. However, if there is no duplication of user IDs among users, the user ID is used as the identifier. Is also possible.
[サービス登録フェーズ]
 図4は、第1の実施形態に係る認証システムのサービス登録フェーズにおける動作を説明するための図である。 [Service registration phase]
FIG. 4 is a diagram for explaining the operation of the authentication system according to the first embodiment in the service registration phase.
 利用者登録を終えた利用者は、生体認証によりサービスを受けたいサービス提供者を選択し、当該選択したサービス提供者をシステムに登録する。 The user who has completed user registration selects the service provider who wants to receive the service by biometric authentication, and registers the selected service provider in the system.
 利用者は、選択したサービス提供者からサービスを受けるために必要な個人情報(例えば、氏名等)をシステムに登録する。上記個人情報としては、氏名、年齢、性別等が例示される。また、利用者は、上記個人情報と併せて、利用者登録フェーズにて決定されたユーザID、パスワードをシステムに登録する。 The user registers the personal information (for example, name, etc.) necessary for receiving the service from the selected service provider in the system. Examples of the personal information include name, age, and gender. In addition to the above personal information, the user registers the user ID and password determined in the user registration phase in the system.
 なお、本願開示において、個人情報は、利用者(被認証者)の生体情報を含まない情報と定義される。即ち、生体情報及び当該生体情報から生成された特徴量は、本願開示の「個人情報」から除外される。 In the disclosure of the present application, personal information is defined as information that does not include the biometric information of the user (certified person). That is, the biometric information and the feature amount generated from the biometric information are excluded from the "personal information" disclosed in the present application.
 利用者は、上記3つの情報(個人情報、ユーザID、パスワード)を任意の手段を用いてサービス提供者に入力する。例えば、図4に示すように、利用者は端末40を操作して上記3つの情報を管理サーバ20に入力してもよい。 The user inputs the above three pieces of information (personal information, user ID, password) to the service provider by any means. For example, as shown in FIG. 4, the user may operate the terminal 40 to input the above three pieces of information into the management server 20.
 管理サーバ20は、上記3つの情報(個人情報、ユーザID、パスワード)を取得すると、認証サーバ10に対して「サービス登録要求」を送信する。具体的には、管理サーバ20は、サービス提供者ID、ユーザID及びパスワードを含むサービス登録要求を認証サーバ10に送信する。 When the management server 20 acquires the above three pieces of information (personal information, user ID, password), it sends a "service registration request" to the authentication server 10. Specifically, the management server 20 transmits a service registration request including a service provider ID, a user ID, and a password to the authentication server 10.
 サービス提供者IDは、認証システムに含まれるサービス提供者(生体認証を利用する認証基盤に参加している小売店等)を一意に識別するための識別情報である。図2の例では、サービス提供者S1、S2のそれぞれに異なるサービス提供者IDが割り当てられている。 The service provider ID is identification information for uniquely identifying the service provider included in the authentication system (retail stores participating in the authentication platform using biometric authentication, etc.). In the example of FIG. 2, different service provider IDs are assigned to each of the service providers S1 and S2.
 なお、サービス提供者IDは、サービス提供者ごとに割り当てられるIDであって、サービスごとに割り当てられるIDではない。例えば、図2において、サービス提供者S1とS2が同じ種類のサービス(例えば、宿泊サービス)を提供する事業者であっても、経営主体が異なればこれらのサービス提供者には異なるIDが割り当てられる。 The service provider ID is an ID assigned to each service provider, not an ID assigned to each service. For example, in FIG. 2, even if service providers S1 and S2 are businesses that provide the same type of service (for example, accommodation service), different IDs are assigned to these service providers if the management entity is different. ..
 認証サーバ10と管理サーバ20は、任意の方法によりサービス提供者IDを共有する。例えば、サービス提供者が認証基盤に参加する際、認証サーバ10がサービス提供者IDを生成し、当該生成したサービス提供者IDをサービス提供者に配付(通知)すればよい。図4を含む図面において、サービス提供者IDを「spID」と表記する。 The authentication server 10 and the management server 20 share the service provider ID by any method. For example, when the service provider participates in the authentication infrastructure, the authentication server 10 may generate a service provider ID and distribute (notify) the generated service provider ID to the service provider. In the drawings including FIG. 4, the service provider ID is referred to as "spID".
 サービス登録要求を受信すると、認証サーバ10は、当該要求に含まれるユーザIDとパスワードをキーとして認証情報データベースを検索し、対応する利用者を特定する。その後、認証サーバ10は、「サービスユーザID」を生成する。 Upon receiving the service registration request, the authentication server 10 searches the authentication information database using the user ID and password included in the request as keys, and identifies the corresponding user. After that, the authentication server 10 generates a "service user ID".
 サービスユーザIDは、利用者とサービス提供者の対応関係(組み合わせ)を一意に定める識別情報である。図2の例では、利用者U1とサービス提供者S1の組み合わせから定まるサービスユーザIDと、利用者U1とサービス提供者S2の組み合わせから定まるサービスユーザIDには、それぞれ異なる値が設定される。 The service user ID is identification information that uniquely defines the correspondence (combination) between the user and the service provider. In the example of FIG. 2, different values are set for the service user ID determined from the combination of the user U1 and the service provider S1 and the service user ID determined from the combination of the user U1 and the service provider S2.
 認証サーバ10は、ユーザID、パスワード、特徴量、顔画像、連絡先、サービス提供者ID、上記生成されたサービスユーザIDを対応付けて記憶する。図4を含む図面において、サービスユーザIDを「suID」と表記する。 The authentication server 10 stores the user ID, password, feature amount, face image, contact information, service provider ID, and the generated service user ID in association with each other. In the drawings including FIG. 4, the service user ID is referred to as "suID".
 認証サーバ10は、上記生成したサービスユーザIDを、サービス登録要求の送信元に送信する。 The authentication server 10 transmits the service user ID generated above to the sender of the service registration request.
 管理サーバ20は、認証サーバ10から取得したサービスユーザIDと利用者の個人情報を対応付けて記憶する。管理サーバ20は、利用者情報データベースに新規なエントリを追加し、上記情報(個人情報、サービスユーザID)を格納する。 The management server 20 stores the service user ID acquired from the authentication server 10 in association with the personal information of the user. The management server 20 adds a new entry to the user information database and stores the above information (personal information, service user ID).
 利用者は、生体認証を用いたサービスの提供を受けたいサービス提供者ごとに上記のような登録動作を繰り返す。 The user repeats the above registration operation for each service provider who wants to receive the service using biometric authentication.
[サービス提供フェーズ]
 図5は、第1の実施形態に係る認証システムのサービス提供フェーズにおける動作を説明するための図である。 [Service provision phase]
FIG. 5 is a diagram for explaining the operation of the authentication system according to the first embodiment in the service provision phase.
 サービスの登録(サービス登録フェーズ)を終了した利用者は、サービス提供者を訪問する。利用者は、認証端末30の前に移動する。 A user who has completed the service registration (service registration phase) visits the service provider. The user moves in front of the authentication terminal 30.
 認証端末30は、面前の利用者から生体情報を取得する。具体的には、認証端末30は、利用者を撮像し、顔画像を取得する。認証端末30は、取得した顔画像を管理サーバ20に送信する。 The authentication terminal 30 acquires biometric information from the user in front of it. Specifically, the authentication terminal 30 takes an image of the user and acquires a face image. The authentication terminal 30 transmits the acquired face image to the management server 20.
 管理サーバ20は、取得した顔画像から特徴量を生成する。管理サーバ20は、当該生成した特徴量とサービス提供者IDを含む認証要求を認証サーバ10に送信する。 The management server 20 generates a feature amount from the acquired face image. The management server 20 transmits an authentication request including the generated feature amount and the service provider ID to the authentication server 10.
 認証サーバ10は、認証要求から特徴量を取り出し、当該取り出した特徴量と認証情報データベースに登録された特徴量を用いた照合処理(1対N照合;Nは正の整数、以下同じ)を実行する。 The authentication server 10 extracts a feature amount from the authentication request and executes a collation process (1 to N collation; N is a positive integer, the same applies hereinafter) using the extracted feature amount and the feature amount registered in the authentication information database. do.
 認証サーバ10は、照合処理により利用者を特定し、当該特定した利用者に対応付けられている複数のサービスユーザIDのうち認証要求に含まれるサービス提供者IDに対応するサービスユーザIDを特定する。 The authentication server 10 identifies a user by collation processing, and identifies a service user ID corresponding to a service provider ID included in an authentication request among a plurality of service user IDs associated with the specified user. ..
 認証サーバ10は、特定したサービスユーザIDを認証要求の送信元に送信する。認証サーバ10は、特定したサービスユーザIDを含む応答(認証要求に対する応答)を管理サーバ20に送信する。 The authentication server 10 transmits the specified service user ID to the sender of the authentication request. The authentication server 10 transmits a response (response to the authentication request) including the specified service user ID to the management server 20.
 管理サーバ20は、取得したサービスユーザIDをキーとして利用者情報データベースを検索し、サービスユーザIDに対応する個人情報を特定する。サービス提供者(管理サーバ20、認証端末30)は、特定された個人情報に基づきサービス(例えば、代金精算、チェックイン手続き等)を利用者に提供する。 The management server 20 searches the user information database using the acquired service user ID as a key, and identifies personal information corresponding to the service user ID. The service provider (management server 20, authentication terminal 30) provides the service (for example, payment settlement, check-in procedure, etc.) to the user based on the specified personal information.
 続いて、第1の実施形態に係る認証システムに含まれる各装置の詳細について説明する。 Subsequently, the details of each device included in the authentication system according to the first embodiment will be described.
[認証サーバ]
 図6は、第1の実施形態に係る認証サーバ10の処理構成(処理モジュール)の一例を示す図である。図6を参照すると、認証サーバ10は、通信制御部201と、利用者管理部202と、データベース管理部203と、サービス登録部204と、認証部205と、顔画像更新勧告部206と、記憶部207と、を備える。 [Authentication server]
FIG. 6 is a diagram showing an example of a processing configuration (processing module) of the authentication server 10 according to the first embodiment. Referring to FIG. 6, the authentication server 10 includes a communication control unit 201, a user management unit 202, a database management unit 203, a service registration unit 204, an authentication unit 205, a face image update recommendation unit 206, and storage. A unit 207 is provided.
 通信制御部201は、他の装置との間の通信を制御する手段である。例えば、通信制御部201は、管理サーバ20からデータ(パケット)を受信する。また、通信制御部201は、管理サーバ20に向けてデータを送信する。通信制御部201は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部201は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部201を介して他の装置とデータの送受信を行う。 The communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the management server 20. Further, the communication control unit 201 transmits data to the management server 20. The communication control unit 201 passes the data received from the other device to the other processing module. The communication control unit 201 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 201.
 利用者管理部202は、上述の利用者登録や顔画像更新を実現する手段である。利用者管理部202は、利用者を登録する登録部としての機能と、登録された顔画像を更新する更新部としての機能を有する。 The user management unit 202 is a means for realizing the above-mentioned user registration and face image update. The user management unit 202 has a function as a registration unit for registering a user and a function as an update unit for updating the registered face image.
 利用者管理部202は、端末40が認証サーバ10にアクセスすると、図7に示すようなメニュー表示を行う。 When the terminal 40 accesses the authentication server 10, the user management unit 202 displays a menu as shown in FIG. 7.
 利用者が新規登録を希望する場合には、利用者管理部202は、利用者(生体認証を用いたサービスの提供を希望する利用者;システム利用者)のユーザID、パスワード、生体情報(顔画像)、身元確認書類、連絡先を取得する。 When the user wishes to make a new registration, the user management unit 202 will send the user ID, password, and biometric information (face) of the user (user who wishes to provide services using biometric authentication; system user). Image), identity verification documents, and contact information.
 利用者管理部202は、任意の手段を用いて上記5つの情報(ユーザID、パスワード、生体情報、身元確認書類、連絡先)を取得する。例えば、利用者管理部202は、ユーザID、パスワードを決定するためのGUI(Graphical User Interface)や入力フォームを端末40に表示する。例えば、利用者管理部202は、図8に示すようなGUIを端末40に表示する。 The user management unit 202 acquires the above five pieces of information (user ID, password, biometric information, identity verification documents, contact information) by any means. For example, the user management unit 202 displays a GUI (Graphical User Interface) for determining a user ID and password and an input form on the terminal 40. For example, the user management unit 202 displays a GUI as shown in FIG. 8 on the terminal 40.
 利用者管理部202は、GUI等により取得したユーザID、パスワードが既に登録されているユーザID、パスワードと重複していないことを検証する。当該重複が発生していなければ、利用者管理部202は、利用者の生体情報、身元確認書類及び連絡先を取得するためのGUIを端末40に表示する。 The user management unit 202 verifies that the user ID and password acquired by the GUI or the like do not overlap with the already registered user ID and password. If the duplication does not occur, the user management unit 202 displays a GUI for acquiring the user's biometric information, identification documents, and contact information on the terminal 40.
 例えば、利用者管理部202は、図9に示すようなGUIを端末40に表示する。例えば、利用者は、図9に示す「ファイル選択」ボタンを押下し、システムに登録する顔画像の画像データを指定する。指定された顔画像は、プレビュー領域に表示される(図9では選択顔画像として表示されている)。プレビューされた顔画像を登録する際には、利用者は「決定」ボタンを押下する。なお、顔画像をシステムに入力することに関し、利用者は、端末40を操作して顔画像をEメール等に添付してもよい。あるいは、利用者管理部202は、顔画像の送付先を含む情報を端末40に送信し、端末40は、当該顔画像の送付先に顔画像を送信してもよい。あるいは、利用者管理部202と端末40は、チャット等のコミュニケーションツールを利用して顔画像を送受信してもよい。利用者管理部202は、任意の手段で顔画像を取得(受信)すればよい。 For example, the user management unit 202 displays a GUI as shown in FIG. 9 on the terminal 40. For example, the user presses the "file selection" button shown in FIG. 9 and specifies the image data of the face image to be registered in the system. The designated face image is displayed in the preview area (displayed as a selected face image in FIG. 9). When registering the previewed face image, the user presses the "OK" button. Regarding inputting the face image into the system, the user may operate the terminal 40 to attach the face image to an e-mail or the like. Alternatively, the user management unit 202 may transmit information including the destination of the face image to the terminal 40, and the terminal 40 may transmit the face image to the destination of the face image. Alternatively, the user management unit 202 and the terminal 40 may send and receive facial images using a communication tool such as chat. The user management unit 202 may acquire (receive) the face image by any means.
 顔画像を取得すると、利用者管理部202は、身元確認書類を取得する。例えば、利用者管理部202は、図10に示すようなGUIを端末40に表示する。例えば、利用者は、端末40のカメラを用いて身元確認書類を撮像する。利用者は、「ファイル選択」ボタンを押下し、撮影した身元確認書類の画像を指定する。その後、利用者は「決定」ボタンを押下し、身元確認書類を登録する。 When the face image is acquired, the user management unit 202 acquires the identification document. For example, the user management unit 202 displays a GUI as shown in FIG. 10 on the terminal 40. For example, the user uses the camera of the terminal 40 to take an image of the identification document. The user presses the "File selection" button and specifies the image of the identity verification document taken. After that, the user presses the "OK" button and registers the identification document.
 なお、システムに登録が可能な身元確認書類には、パスポート、運転免許証等の顔画像が記載された書類(公的機関が発行した書類であって身元確認に資する書類)が例示される。また、身元確認書類には、紙媒体による書類だけでなく電子媒体による書類も含まれる。 The identity verification documents that can be registered in the system include documents with facial images such as passports and driver's licenses (documents issued by public institutions that contribute to identity verification). In addition, the identification documents include not only paper documents but also electronic documents.
 身元確認書類を取得すると、利用者管理部202は、連絡先を取得する。例えば、利用者管理部202は、図11に示すようなGUIを端末40に表示する。利用者は、連絡先(例えば、端末40で受信可能なアカウントのメールアドレス)を入力し、「決定」ボタンを押下する。 When the identity verification document is obtained, the user management department 202 obtains the contact information. For example, the user management unit 202 displays a GUI as shown in FIG. 11 on the terminal 40. The user inputs the contact information (for example, the e-mail address of the account that can be received by the terminal 40), and presses the "OK" button.
 利用者管理部202は、例えば、図8乃至図11に示すようなGUIによりユーザID、パスワード、生体情報(顔画像)、身元確認書類、連絡先を取得すると、利用者の本人確認を行う。具体的には、利用者管理部202は、身元確認書類から身元検証用の顔画像(以下、検証顔画像と表記する)を取得する。利用者管理部202は、テンプレートマッチング等の技術を用いて身元確認書類の所定領域から検証顔画像を抽出する。 The user management unit 202 confirms the identity of the user when, for example, the user ID, password, biometric information (face image), identity verification document, and contact information are acquired by the GUI as shown in FIGS. 8 to 11. Specifically, the user management unit 202 acquires a face image for identity verification (hereinafter referred to as a verification face image) from the identity confirmation document. The user management unit 202 extracts a verification face image from a predetermined area of the identification document by using a technique such as template matching.
 本人確認の際、利用者管理部202は、取得した顔画像及び検証顔画像のそれぞれから特徴量(複数の特徴量からなる特徴ベクトル)を生成する。なお、特徴点の抽出処理に関しては既存の技術を用いることができるのでその詳細な説明を省略する。例えば、利用者管理部202は、顔画像から目、鼻、口等を特徴点として抽出する。その後、利用者管理部202は、特徴点それぞれの位置や各特徴点間の距離を特徴量として計算し、複数の特徴量からなる特徴ベクトル(顔画像を特徴づけるベクトル情報)を生成する。 At the time of identity verification, the user management unit 202 generates a feature amount (feature vector consisting of a plurality of feature amounts) from each of the acquired face image and the verified face image. Since existing techniques can be used for the feature point extraction process, detailed description thereof will be omitted. For example, the user management unit 202 extracts eyes, nose, mouth, and the like as feature points from the face image. After that, the user management unit 202 calculates the position of each feature point and the distance between each feature point as a feature amount, and generates a feature vector (vector information that characterizes the face image) composed of a plurality of feature amounts.
 次に、利用者管理部202は、2枚の画像の類似度を計算する。当該類似度には、カイ二乗距離やユークリッド距離等を用いることができる。なお、距離が離れているほど類似度は低く、距離が近いほど類似度が高い。利用者管理部202は、当該類似度に対して閾値処理を実行し、その結果に応じて本人確認の成否を決定する。 Next, the user management unit 202 calculates the similarity between the two images. For the similarity, a chi-square distance, an Euclidean distance, or the like can be used. The farther the distance is, the lower the similarity is, and the closer the distance is, the higher the similarity is. The user management unit 202 executes a threshold value process for the similarity, and determines the success or failure of the identity verification according to the result.
 類似度が閾値TH1よりも高ければ、利用者管理部202は本人確認成功と判断する。 対して、類似度が閾値TH1以下であれば、利用者管理部202は、本人確認失敗と判断する。この場合、利用者管理部202は、利用者に対して品質の良い顔画像の登録を促す等の対応を行う。上述のように、本人確認が終了すると、利用者管理部202は、身元確認書類を破棄してもよい。 If the degree of similarity is higher than the threshold value TH1, the user management unit 202 determines that the identity verification is successful. On the other hand, if the similarity is equal to or less than the threshold value TH1, the user management unit 202 determines that the identity verification has failed. In this case, the user management unit 202 takes measures such as encouraging the user to register a high-quality face image. As described above, when the identity verification is completed, the user management unit 202 may destroy the identity verification document.
 本人確認に成功すると、利用者管理部202は、ユーザID、パスワード、顔画像、上記顔画像から生成された特徴量、連絡先をデータベース管理部203に引き渡す。なお、以降の説明において、認証情報データベースに登録された顔画像を「登録顔画像」と表記する。 If the identity verification is successful, the user management unit 202 hands over the user ID, password, face image, feature amount generated from the face image, and contact information to the database management unit 203. In the following description, the face image registered in the authentication information database will be referred to as "registered face image".
 続いて、顔画像(登録顔画像)を更新する場合の利用者管理部202の動作について説明する。図12は、第1の実施形態に係る利用者管理部202の顔画像更新に関する動作の一例を示すフローチャートである。 Next, the operation of the user management unit 202 when updating the face image (registered face image) will be described. FIG. 12 is a flowchart showing an example of the operation related to the face image update of the user management unit 202 according to the first embodiment.
 顔画像の更新を希望する利用者は、端末40を用いて認証サーバ10にアクセスする。利用者管理部202は、端末40に図7に示すようなメニュー画面を表示する。顔画像の更新を希望する利用者は、「顔画像の更新」ボタンを押下する。 A user who wishes to update the face image accesses the authentication server 10 using the terminal 40. The user management unit 202 displays a menu screen as shown in FIG. 7 on the terminal 40. The user who wants to update the face image presses the "update face image" button.
 顔画像の更新ボタンが押下されると、利用者管理部202は、利用者がシステムにログインするためのGUIを表示する。例えば、利用者管理部202は、図13に示すような表示を行い、ユーザID、パスワードを取得する。 When the face image update button is pressed, the user management unit 202 displays a GUI for the user to log in to the system. For example, the user management unit 202 performs the display as shown in FIG. 13 and acquires the user ID and password.
 利用者管理部202は、取得したユーザID、パスワードをキーとして認証情報データベースを検索し、対応するエントリが存在すれば、システムに登録された利用者と判断し、顔画像の更新処理を進める。この場合、利用者管理部202は、対応するエントリから登録顔画像を読み出す。対して、上記エントリが存在しなければ、利用者管理部202は、利用者はシステムへのログインに失敗したと判断する。この場合、利用者管理部202は、その旨を利用者に通知する。なお、利用者管理部202は、認証情報データベースから顔画像を読み出したタイミングにて、当該読み出した顔画像(登録顔画像)を利用者が確認できるような表示を行ってもよい。 The user management unit 202 searches the authentication information database using the acquired user ID and password as keys, and if the corresponding entry exists, determines that the user is registered in the system and proceeds with the update process of the face image. In this case, the user management unit 202 reads the registered face image from the corresponding entry. On the other hand, if the above entry does not exist, the user management unit 202 determines that the user has failed to log in to the system. In this case, the user management unit 202 notifies the user to that effect. The user management unit 202 may display the read face image (registered face image) so that the user can confirm it at the timing when the face image is read from the authentication information database.
 システムに登録された利用者のログイン後に、利用者管理部202は、更新用の顔画像(以下、更新顔画像と表記する)を取得する(図12のステップS101)。例えば、利用者管理部202は、更新顔画像を取得するため図14に示すような表示を行う。利用者は、更新顔画像を選択し、「決定」ボタンを押下する。 After logging in to the user registered in the system, the user management unit 202 acquires an updated face image (hereinafter referred to as an updated face image) (step S101 in FIG. 12). For example, the user management unit 202 performs the display as shown in FIG. 14 in order to acquire the updated face image. The user selects the updated face image and presses the "OK" button.
 利用者管理部202は、取得した更新顔画像を用いて登録顔画像を更新してもよいか判定する。 The user management unit 202 determines whether or not the registered face image may be updated using the acquired updated face image.
 利用者管理部202は、登録顔画像と更新顔画像の類似度を計算する(ステップS102)。利用者管理部202は、当該計算された類似度に対して閾値処理を実施し、その結果に応じて登録顔画像の更新可否を判定する。 The user management unit 202 calculates the similarity between the registered face image and the updated face image (step S102). The user management unit 202 performs threshold processing on the calculated similarity, and determines whether or not the registered face image can be updated according to the result.
 類似度が閾値TH2よりも大きければ(ステップS103、Yes分岐)、利用者管理部202は登録顔画像の更新を許可する(ステップS108)。類似度が高い2枚の顔画像は、実質的に同一人物から取得された顔画像と判断できるので、利用者管理部202は、登録顔画像の更新を許可する。この場合、利用者管理部202は、図15のような表示を行い、登録顔画像が更新された旨を利用者に通知する。 If the degree of similarity is larger than the threshold value TH2 (step S103, Yes branch), the user management unit 202 permits the update of the registered face image (step S108). Since it can be determined that the two face images having a high degree of similarity are face images acquired from substantially the same person, the user management unit 202 permits the update of the registered face image. In this case, the user management unit 202 displays as shown in FIG. 15 and notifies the user that the registered face image has been updated.
 類似度が閾値TH3よりも小さければ(ステップS104、Yes分岐)、利用者管理部202は登録顔画像の更新を拒否する。類似度が低い2枚の顔画像は、他人同士の顔画像と判断できるので、利用者管理部202は、登録顔画像の更新を拒否する(ステップS109)。この場合、システムの不正利用等も疑われるので、利用者管理部202は、図16のような表示を行う。 If the degree of similarity is smaller than the threshold value TH3 (step S104, Yes branch), the user management unit 202 refuses to update the registered face image. Since it can be determined that the two face images having a low degree of similarity are face images of other people, the user management unit 202 refuses to update the registered face images (step S109). In this case, since unauthorized use of the system is suspected, the user management unit 202 displays as shown in FIG.
 類似度が閾値TH3以上、且つ、閾値TH2以下の場合(ステップS103、No分岐;ステップS104、No分岐)、利用者管理部202は、身元確認書類を取得する(ステップS105)。例えば、利用者管理部202は、図17に示すようなGUIを用いて身元確認書類を取得する。利用者管理部202は、身元確認書類から検証顔画像を抽出する。 When the degree of similarity is the threshold value TH3 or more and the threshold value TH2 or less (step S103, No branch; step S104, No branch), the user management unit 202 acquires an identity confirmation document (step S105). For example, the user management unit 202 acquires an identification document using a GUI as shown in FIG. The user management unit 202 extracts the verification face image from the identity confirmation document.
 なお、利用者のシステム登録時に身元確認書類が破棄されず、データベースに記憶されている場合には、利用者管理部202は、ステップS105の実行を省略し、上記データベースに記憶された身元確認書類を用いてもよい。 If the identity verification document is not destroyed when the user is registered in the system and is stored in the database, the user management unit 202 skips the execution of step S105 and the identity verification document stored in the above database. May be used.
 あるいは、利用者管理部202は、取得した身元確認書類の有効期限や発行日等に基づき、古い身元確認書類(顔画像更新日よりも所定期間前に発行された身元確認書類)の受け取りを拒否する等の対応をしてもよい。即ち、利用者管理部202は、身元確認書類の記載(例えば、当該書類に記載された日付、期間)に基づき、更新顔画像を抽出する身元確認書類の選別を行ってもよい。即ち、利用者管理部202は、身元確認書類の記載に基づき、検証顔画像を抽出するか否かを決定してもよい。利用者管理部202は、このような選別や決定をすることで、利用者の現在の容姿等が反映された検証顔画像を取得してもよい。 Alternatively, the user management unit 202 refuses to receive the old identity verification document (identity verification document issued before a predetermined period from the face image update date) based on the expiration date and issuance date of the acquired identity verification document. You may take measures such as. That is, the user management unit 202 may select the identity verification document for extracting the updated face image based on the description of the identity verification document (for example, the date and period described in the document). That is, the user management unit 202 may decide whether or not to extract the verification face image based on the description in the identity confirmation document. By making such selections and decisions, the user management unit 202 may acquire a verified face image that reflects the current appearance of the user.
 利用者管理部202は、更新顔画像と検証顔画像の類似度を計算する(ステップS106)。利用者管理部202は、当該計算された類似度に対して閾値処理を実行し、その結果に応じて登録画像の更新可否を判定する。 The user management unit 202 calculates the similarity between the updated face image and the verified face image (step S106). The user management unit 202 executes the threshold value processing for the calculated similarity, and determines whether or not the registered image can be updated according to the result.
 類似度が閾値TH4よりも高ければ(ステップS107、Yes分岐)、利用者管理部202は登録顔画像の更新を許可する(ステップS108)。この場合、利用者管理部202は、図15に示すような表示を行う。 If the degree of similarity is higher than the threshold value TH4 (step S107, Yes branch), the user management unit 202 permits the update of the registered face image (step S108). In this case, the user management unit 202 performs the display as shown in FIG.
 対して、類似度が閾値TH4以下であれば(ステップS107、No分岐)、利用者管理部202は、登録顔画像を更新顔画像により更新することを拒否する(ステップS109)。この場合、利用者管理部202は、図16に示すような表示を行う。 On the other hand, if the similarity is equal to or less than the threshold value TH4 (step S107, No branch), the user management unit 202 refuses to update the registered face image with the updated face image (step S109). In this case, the user management unit 202 performs the display as shown in FIG.
 あるいは、利用者管理部202は、図18に示すような表示を行い、更新顔画像の再入力等を促してもよい。利用者管理部202は、再入力された顔画像を用いて上記説明した判定処理を繰り返してもよい。 Alternatively, the user management unit 202 may display as shown in FIG. 18 and prompt re-input of the updated face image or the like. The user management unit 202 may repeat the determination process described above using the re-input face image.
 登録顔画像の更新を許可する場合、利用者管理部202は、更新顔画像から特徴量を生成する。利用者管理部202は、ユーザID、パスワード、生成した特徴量、更新顔画像をデータベース管理部203に引き渡し、データベース管理部203に生体情報(特徴量、顔画像)の更新を指示する。 When permitting the update of the registered face image, the user management unit 202 generates a feature amount from the updated face image. The user management unit 202 delivers the user ID, password, generated feature amount, and updated face image to the database management unit 203, and instructs the database management unit 203 to update the biometric information (feature amount, face image).
 このように、顔画像の更新部として機能する利用者管理部202は、登録顔画像(第1の顔画像)及び更新顔画像(第2の顔画像)の類似度に応じて、登録顔画像を更新顔画像により更新するか否かを判定する。利用者管理部202は、登録顔画像及び更新顔画像の類似度が閾値TH2よりも大きい場合に、登録顔画像を更新する。利用者管理部202は、登録顔画像及び更新顔画像の類似度が閾値TH3よりも小さい場合に、登録顔画像を更新しない。 In this way, the user management unit 202, which functions as an update unit for the face image, has the registered face image according to the degree of similarity between the registered face image (first face image) and the updated face image (second face image). Is determined by the updated face image. The user management unit 202 updates the registered face image when the similarity between the registered face image and the updated face image is larger than the threshold value TH2. The user management unit 202 does not update the registered face image when the similarity between the registered face image and the updated face image is smaller than the threshold value TH3.
 さらに、利用者管理部202は、登録顔画像及び更新顔画像の類似度が閾値TH3以上、且つ、閾値TH2以下の場合、利用者の身元確認書類を取得する。利用者管理部202は、身元確認書類から検証顔画像(第3の顔画像)を抽出し、更新顔画像及び検証顔画像の類似度に応じて、登録顔画像を更新するか否かを判定する。利用者管理部202は、更新顔画像及び検証顔画像の類似度が閾値TH4より大きい場合に、登録顔画像を更新する。利用者管理部202は、更新顔画像及び検証顔画像の類似度が閾値TH4以下の場合に、登録顔画像を更新しない。 Further, the user management unit 202 acquires the user's identity confirmation document when the similarity between the registered face image and the updated face image is the threshold value TH3 or more and the threshold value TH2 or less. The user management unit 202 extracts the verification face image (third face image) from the identity confirmation document, and determines whether or not to update the registered face image according to the similarity between the updated face image and the verified face image. do. The user management unit 202 updates the registered face image when the similarity between the updated face image and the verified face image is larger than the threshold value TH4. The user management unit 202 does not update the registered face image when the similarity between the updated face image and the verified face image is the threshold value TH4 or less.
 データベース管理部203は、認証情報データベースを管理する手段である。認証情報データベースは、システム利用者を特定する情報(ユーザID、パスワード)、当該利用者の生体情報(特徴量、顔画像)、サービス提供者を特定するサービス提供者ID、各サービスにおいて利用者を特定するサービスユーザIDを対応付けて記憶する。さらに、認証情報データベースは、利用者の連絡先も上記情報と対応付けて記憶する。認証情報データベースは、複数の利用者それぞれの顔に関する生体情報(登録顔画像、当該画像から生成された特徴量)を記憶するデータベースである。 The database management unit 203 is a means for managing the authentication information database. The authentication information database contains information that identifies the system user (user ID, password), biometric information (feature amount, face image) of the user, service provider ID that identifies the service provider, and users in each service. The service user ID to be specified is associated and stored. Further, the authentication information database also stores the user's contact information in association with the above information. The authentication information database is a database that stores biometric information (registered face image, feature amount generated from the image) about each face of a plurality of users.
 データベース管理部203は、利用者管理部202から上記5つの情報(ユーザID、パスワード、特徴量、顔画像、連絡先)を取得した場合、認証情報データベースに新規エントリを追加する。例えば、利用者U1に関する上記5つの情報を取得した場合には、データベース管理部203は、図19の最下段に示されるエントリを追加する。なお、利用者登録の段階では、サービス提供者IDやサービスユーザIDは生成されていないのでこれらのフィールドには何も設定されない。 When the database management unit 203 acquires the above five information (user ID, password, feature amount, face image, contact information) from the user management unit 202, the database management unit 203 adds a new entry to the authentication information database. For example, when the above five pieces of information regarding the user U1 are acquired, the database management unit 203 adds the entry shown at the bottom of FIG. At the stage of user registration, since the service provider ID and the service user ID are not generated, nothing is set in these fields.
 データベース管理部203は、利用者管理部202から顔画像更新の指示を伴う4つの情報(ユーザID、パスワード、特徴量、顔画像)を取得した場合、対応するエントリの特徴量、顔画像を更新(上書き)する。 When the database management unit 203 acquires four pieces of information (user ID, password, feature amount, face image) accompanied by an instruction to update the face image from the user management unit 202, the database management unit 203 updates the feature amount and face image of the corresponding entry. (Overwrite.
 サービス登録部204は、システム利用者による個別のサービス登録を実現する手段である。サービス登録部204は、サービス提供者の管理サーバ20から取得するサービス登録要求を処理する。 The service registration unit 204 is a means for realizing individual service registration by system users. The service registration unit 204 processes the service registration request acquired from the management server 20 of the service provider.
 サービス登録部204は、取得したサービス登録要求に含まれるユーザID、パスワードをキーとして認証情報データベースを検索する。サービス登録部204は、特定した利用者(ユーザID、パスワードの組から特定される利用者)のサービス提供者IDフィールドを確認する。 The service registration unit 204 searches the authentication information database using the user ID and password included in the acquired service registration request as keys. The service registration unit 204 confirms the service provider ID field of the specified user (user specified from the set of user ID and password).
 サービス登録部204は、サービス提供者IDフィールドに、管理サーバ20から取得したサービス登録要求に含まれるサービス提供者IDが設定されているか否かを判定する。管理サーバ20から取得したサービス提供者IDが既にデータベースに登録されていれば、サービス登録部204は、その旨を管理サーバ20に通知する。この場合、認証情報データベースには、利用者が登録しようとしているサービス(サービス提供者)は既に登録されているので、サービス登録部204は、サービス登録要求に対する応答として「否定応答」を送信する。 The service registration unit 204 determines whether or not the service provider ID included in the service registration request acquired from the management server 20 is set in the service provider ID field. If the service provider ID acquired from the management server 20 is already registered in the database, the service registration unit 204 notifies the management server 20 to that effect. In this case, since the service (service provider) that the user is trying to register is already registered in the authentication information database, the service registration unit 204 sends a "negative response" as a response to the service registration request.
 対して、特定された利用者のサービス提供者IDフィールドに、サービス登録要求に含まれるサービス提供者IDが設定されていなければ、サービス登録部204は、当該利用者とサービス提供者に対応するサービスユーザIDを生成する。 On the other hand, if the service provider ID included in the service registration request is not set in the service provider ID field of the specified user, the service registration unit 204 will perform the service corresponding to the user and the service provider. Generate a user ID.
 上述のように、サービスユーザIDは、利用者とサービス提供者の組み合わせから一意に定まる識別情報である。例えば、サービス登録部204は、ユーザID、パスワード及びサービス提供者IDを用いてハッシュ値を計算し、当該計算されたハッシュ値をサービスユーザIDとする。具体的には、サービス登録部204は、ユーザID、パスワード及びサービス提供者IDの連結値を計算し、当該計算された連結値のハッシュ値を計算することで、サービスユーザIDを生成する。 As described above, the service user ID is identification information uniquely determined from the combination of the user and the service provider. For example, the service registration unit 204 calculates a hash value using a user ID, a password, and a service provider ID, and uses the calculated hash value as a service user ID. Specifically, the service registration unit 204 calculates a concatenated value of a user ID, a password, and a service provider ID, and generates a service user ID by calculating a hash value of the calculated concatenated value.
 なお、上記ハッシュ値を用いたサービスユーザIDの生成は例示であって、サービスユーザIDの生成方法を限定する趣旨ではない。サービスユーザIDは、システム利用者とサービス提供者の組み合わせを一意に識別できる情報であればどのような情報であってもよい。例えば、サービス登録部204は、サービス登録要求を処理するたびに一意な値を採番しサービスユーザIDとしてもよい。 Note that the generation of the service user ID using the above hash value is an example, and does not mean that the method of generating the service user ID is limited. The service user ID may be any information as long as it can uniquely identify the combination of the system user and the service provider. For example, the service registration unit 204 may assign a unique value as a service user ID each time it processes a service registration request.
 サービスユーザIDを生成すると、サービス登録部204は、ユーザID及びパスワードと共に、サービス提供者IDとサービスユーザIDをデータベース管理部203に引き渡す。データベース管理部203は、2つのID(サービス提供者ID、サービスユーザID)を認証情報データベースに登録する。例えば、利用者U1がサービス提供者S1についてサービス登録をすると、図20の最下段に示されるエントリに上記2つのIDが追加される。 When the service user ID is generated, the service registration unit 204 hands over the service provider ID and the service user ID to the database management unit 203 together with the user ID and password. The database management unit 203 registers two IDs (service provider ID and service user ID) in the authentication information database. For example, when the user U1 registers the service for the service provider S1, the above two IDs are added to the entry shown at the bottom of FIG. 20.
 サービス登録はサービス提供者ごとに行われるため、1人の利用者に複数のサービス提供者、サービスユーザIDが設定されることがある。例えば、利用者U1がサービス提供者S1、S2のそれぞれに関してサービス登録を行った場合には、図21の2行目、3行目のエントリが生成される。なお、利用者U2がサービス提供者S1に関してサービス登録を行った場合には、図21の最下段のエントリが生成される。 Since service registration is performed for each service provider, multiple service providers and service user IDs may be set for one user. For example, when the user U1 registers the service for each of the service providers S1 and S2, the entries in the second and third lines of FIG. 21 are generated. When the user U2 registers the service with respect to the service provider S1, the entry at the bottom of FIG. 21 is generated.
 サービス提供者ID、サービスユーザIDが認証情報データベースに登録されると、サービス登録部204は、サービス登録要求が正常に処理されたことを管理サーバ20に通知する。サービス登録部204は、サービス登録要求に対する応答として「肯定応答」を送信する。その際、サービス登録部204は、サービスユーザIDを含む応答を管理サーバ20に送信する。 When the service provider ID and the service user ID are registered in the authentication information database, the service registration unit 204 notifies the management server 20 that the service registration request has been processed normally. The service registration unit 204 transmits an “acceptance response” as a response to the service registration request. At that time, the service registration unit 204 sends a response including the service user ID to the management server 20.
 認証部205は、システム利用者の認証処理を行う手段である。認証部205は、サービス提供者の管理サーバ20から受信する認証要求を処理する。認証部205は、認証情報データベースを参照して被認証者の認証を行う。 The authentication unit 205 is a means for performing authentication processing for system users. The authentication unit 205 processes the authentication request received from the management server 20 of the service provider. The authentication unit 205 authenticates the person to be authenticated with reference to the authentication information database.
 認証部205は、認証要求に含まれる特徴量とサービス提供者IDを取り出す。認証部205は、取り出した特徴量とサービス提供者IDをキーとして認証情報データベースを検索し、対応するサービスユーザIDを特定する。認証部205は、認証要求から取り出した特徴量を照合側の特徴量、データベースに格納された特徴量を登録側の特徴量にそれぞれ設定し、1対N照合を実行する。 The authentication unit 205 retrieves the feature amount and the service provider ID included in the authentication request. The authentication unit 205 searches the authentication information database using the extracted feature amount and the service provider ID as keys, and identifies the corresponding service user ID. The authentication unit 205 sets the feature amount extracted from the authentication request as the feature amount on the matching side and the feature amount stored in the database as the feature amount on the registration side, and executes one-to-N matching.
 図22は、第1の実施形態に係る認証部205の動作の一例を示すフローチャートである。 FIG. 22 is a flowchart showing an example of the operation of the authentication unit 205 according to the first embodiment.
 認証部205は、認証情報データベースに登録された複数の特徴量それぞれと照合対象の特徴量(被認証者の特徴量)との間で類似度を計算する(ステップS201)。 The authentication unit 205 calculates the degree of similarity between each of the plurality of feature amounts registered in the authentication information database and the feature amount to be collated (feature amount of the person to be authenticated) (step S201).
 認証部205は、当該計算された複数の類似度のうち閾値TH5よりも大きい類似度が存在するか否かを判定する(ステップS202)。 The authentication unit 205 determines whether or not there is a similarity larger than the threshold value TH5 among the calculated similarity (step S202).
 閾値TH5よりも大きい類似度が少なくとも1以上存在すれば(ステップS202、Yes分岐)、認証部205は、類似度が最も大きい利用者(ユーザID、パスワード)を特定する(ステップS203)。 If at least one similarity degree larger than the threshold value TH5 exists (step S202, Yes branch), the authentication unit 205 identifies the user (user ID, password) having the highest similarity degree (step S203).
 その後、認証部205は、上記特定された利用者(ユーザID、パスワード)に対応付けられている少なくとも1以上のサービス提供者IDのうち、認証要求に含まれるサービス提供者IDに一致するエントリが存在するか否かを判定する(ステップS204)。 After that, the authentication unit 205 finds an entry matching the service provider ID included in the authentication request among at least one or more service provider IDs associated with the specified user (user ID, password). It is determined whether or not it exists (step S204).
 上記のようなエントリが存在する場合(ステップS204、Yes分岐)、認証部205は、利用者の認証に成功したと判断する(ステップS205)。この場合、認証部205は、認証要求の送信元である管理サーバ20に「肯定応答」を送信する。その際、認証部205は、特定したエントリのサービスユーザIDを含む応答(認証要求に対する応答)を生成し、管理サーバ20に送信する。 If the above entry exists (step S204, Yes branch), the authentication unit 205 determines that the user authentication has been successful (step S205). In this case, the authentication unit 205 sends an “acceptance response” to the management server 20 that is the source of the authentication request. At that time, the authentication unit 205 generates a response (response to the authentication request) including the service user ID of the specified entry and sends it to the management server 20.
 上記のようなエントリが存在しない場合(ステップS204、No分岐)、認証部205は、利用者の認証に失敗したと判断する(ステップS206)。この場合、認証部205は、認証要求の送信元である管理サーバ20に「否定応答」を送信する。 If the above entry does not exist (step S204, No branch), the authentication unit 205 determines that the user's authentication has failed (step S206). In this case, the authentication unit 205 transmits a "negative response" to the management server 20 that is the source of the authentication request.
 閾値TH5よりも大きい類似度が存在しない場合にも(ステップS202、No分岐)、認証部205は、利用者の認証に失敗したと判断する(ステップS207)。 Even when there is no similarity larger than the threshold value TH5 (step S202, No branch), the authentication unit 205 determines that the user's authentication has failed (step S207).
 その後、認証部205は、上記ステップS201で計算された複数の類似度のうち閾値TH6(ただし、TH6<TH5)よりも大きい類似度が存在するか否かを判定する(ステップS208)。なお、閾値TH5は、被認証者を本人と判断するための閾値であり、閾値TH6は被認証者を他人と判断するための閾値である。 After that, the authentication unit 205 determines whether or not there is a similarity larger than the threshold value TH6 (however, TH6 <TH5) among the plurality of similarity calculated in step S201 (step S208). The threshold value TH5 is a threshold value for determining the person to be authenticated as the person himself / herself, and the threshold value TH6 is a threshold value for determining the person to be authenticated as another person.
 閾値TH6よりも大きい類似度が少なくとも1以上存在すれば(ステップS208、Yes分岐)、認証部205は、類似度が最も大きい利用者を特定する(ステップS209)。 If at least one similarity degree larger than the threshold value TH6 exists (step S208, Yes branch), the authentication unit 205 identifies the user with the highest similarity degree (step S209).
 認証部205は、当該特定された利用者の情報を用いて「認証失敗データベース」を更新する(ステップS210)。なお、認証失敗データベース及び当該データベースの更新に関する動作は後述する。 The authentication unit 205 updates the "authentication failure database" using the information of the specified user (step S210). The operation related to the authentication failure database and the update of the database will be described later.
 閾値TH6よりも大きい類似度が存在しなければ(ステップS208、No分岐)、認証部205は、特段の動作を行わず処理を終了する。 If there is no similarity larger than the threshold value TH6 (step S208, No branch), the authentication unit 205 does not perform any particular operation and ends the process.
 例えば、図21の例では、「FV1」の特徴量と「S1」のサービス提供者IDが認証要求に含まれる場合、特徴量FV1により2行目、3行目のエントリ(利用者)が特定され、サービス提供者ID「S1」により2行目のエントリが特定される。その結果、上記認証要求は正常に処理され、「U1S1」というサービスユーザIDを含む肯定応答が、管理サーバ20に送信される。 For example, in the example of FIG. 21, when the feature amount of "FV1" and the service provider ID of "S1" are included in the authentication request, the entry (user) in the second line and the third line is specified by the feature amount FV1. Then, the entry in the second line is specified by the service provider ID "S1". As a result, the authentication request is processed normally, and an acknowledgment including the service user ID "U1S1" is transmitted to the management server 20.
 また、被認証者の認証に失敗した場合(ステップS202、No分岐)、認証部205は、計算された類似度に対して閾値処理を実行することで、認証情報データベースに登録された利用者のうち被認証者と推定される利用者を特定する(ステップS209)。具体的には、計算された類似度が第1の閾値(閾値TH6)から第2の閾値(閾値TH5)の範囲に含まれる場合、認証部205は、被認証者の容姿の変化により認証が失敗していると判断する。認証部205は、上記範囲に含まれる類似度のうち最も値が大きい類似度に相当する利用者が被認証者であると推定する。認証部205は、被認証者と推定された利用者の情報を認証失敗データベースに記憶する(ステップS210)。 Further, when the authentication of the authenticated person fails (step S202, No branch), the authentication unit 205 executes the threshold value processing for the calculated similarity of the user registered in the authentication information database. Among them, the user who is presumed to be the authenticated person is specified (step S209). Specifically, when the calculated similarity is included in the range from the first threshold value (threshold value TH6) to the second threshold value (threshold value TH5), the authentication unit 205 is authenticated by the change in the appearance of the person to be authenticated. Judge that it has failed. The authentication unit 205 estimates that the user corresponding to the highest similarity among the similarity included in the above range is the authenticated person. The authentication unit 205 stores the information of the user presumed to be the authenticated person in the authentication failure database (step S210).
 続いて、認証失敗データベース及び当該データベースの更新制御について説明する。 Next, the authentication failure database and the update control of the database will be described.
 認証失敗データベースは、被認証者の容姿等が変わったことに起因し認証に失敗したと想定される利用者の情報を記憶するデータベースである。図23は、認証失敗データベースの一例を示す図である。図23を参照すると、認証失敗データベースは、ユーザID、パスワード、連絡先及び失敗回数を対応づけて記憶する。 The authentication failure database is a database that stores information on users who are assumed to have failed authentication due to changes in the appearance of the person being authenticated. FIG. 23 is a diagram showing an example of an authentication failure database. Referring to FIG. 23, the authentication failure database stores the user ID, password, contact information, and the number of failures in association with each other.
 なお、図23に示す認証失敗データベースは例示であって、記憶する項目等を限定する趣旨ではない。例えば、連絡先は、ユーザID、パスワードに基づき認証情報データベースから取得可能であるので、認証失敗データベースに含まれていなくともよい。あるいは、認証失敗データベースに、顔画像や特徴量が記憶されていてもよい。 Note that the authentication failure database shown in FIG. 23 is an example, and does not mean to limit the items to be stored. For example, the contact can be obtained from the authentication information database based on the user ID and password, so it does not have to be included in the authentication failure database. Alternatively, the face image and the feature amount may be stored in the authentication failure database.
 認証部205は、認証要求を処理した際、当該認証要求に含まれる特徴量と認証情報データベースに記憶された複数の特徴量との間で類似度を計算する。計算された類似度のうち、閾値TH6より大きく閾値TH5以下の類似度が少なくとも1以上存在する場合(TH6<類似度≦TH5)、認証部205は、認証失敗データベースを更新する又はエントリを追加する。 When the authentication request is processed, the authentication unit 205 calculates the similarity between the feature amount included in the authentication request and the plurality of feature amounts stored in the authentication information database. When at least one of the calculated similarities has a similarity larger than the threshold value TH6 and a threshold value TH5 or less (TH6 <similarity ≤ TH5), the authentication unit 205 updates the authentication failure database or adds an entry. ..
 即ち、計算された類似度が本人と認められる閾値TH5は超えないが、完全に別人と判断される類似度TH6を超えている場合、認証部205は、被認証者は容姿の変化により認証に失敗したと判断する。この場合、認証部205は、被認証者に最も似ている利用者(類似度が最も近い利用者)の情報を認証失敗データベースに登録する。なお、被認証者に最も似ている利用者が被認証者と推定される利用者である。 That is, when the calculated similarity does not exceed the threshold value TH5 recognized as the person but exceeds the similarity degree TH6 judged to be a completely different person, the authentication unit 205 determines that the person to be authenticated is authenticated due to the change in appearance. Judge that it failed. In this case, the authentication unit 205 registers the information of the user most similar to the authenticated person (the user with the closest similarity) in the authentication failure database. The user who most closely resembles the person to be authenticated is the user who is presumed to be the person to be authenticated.
 認証部205は、上記範囲(TH6<類似度≦TH5)に含まれる類似度のうち最も値が大きい類似度に対応する特徴量のエントリ(認証情報データベースのエントリ)からユーザID、パスワード、連絡先を読み出す。認証部205は、当該読み出したユーザID、パスワードをキーとして認証失敗データベースを検索する。対応するエントリが存在しなければ、認証部205は、当該データベースに新規エントリを追加する。その際、失敗回数には「1」が設定される。 The authentication unit 205 has a user ID, a password, and a contact from an entry (authentication information database entry) of a feature amount corresponding to the similarity having the largest value among the similarity included in the above range (TH6 <similarity ≤ TH5). Is read. The authentication unit 205 searches the authentication failure database using the read user ID and password as keys. If the corresponding entry does not exist, the authentication unit 205 adds a new entry to the database. At that time, "1" is set for the number of failures.
 ユーザID、パスワードをキーとして認証失敗データベースを検索した結果、対応するエントリが存在すれば、認証部205は、特定されたエントリの失敗回数フィールドの値をインクリメントする(1を加算する)。 If the corresponding entry exists as a result of searching the authentication failure database using the user ID and password as keys, the authentication unit 205 increments the value of the failure count field of the specified entry (adds 1).
 このように、認証部205は、被認証者と推定される利用者に関する認証に失敗した回数を認証失敗データベースに記憶(登録)する。 In this way, the authentication unit 205 stores (registers) the number of times of authentication failure for the user presumed to be authenticated in the authentication failure database.
 顔画像更新勧告部206は、利用者に対して登録されている顔画像の更新を勧告する手段である。顔画像更新勧告部206は、被認証者の認証に失敗した場合に、複数の利用者のうち被認証者と推定される利用者に対して認証情報データベースに記憶された生体情報(顔画像)の更新を勧告する。より具体的には、利用者の容姿等が変わり顔認証に失敗していると判断される場合に、顔画像更新勧告部206は、その旨を利用者が所持する端末40に通知する。 The face image update recommendation unit 206 is a means for recommending the update of the registered face image to the user. When the authentication of the authenticated person fails, the face image update recommendation unit 206 provides biometric information (face image) stored in the authentication information database for the user who is presumed to be the authenticated person among a plurality of users. I recommend updating. More specifically, when it is determined that the appearance of the user has changed and the face authentication has failed, the face image update recommendation unit 206 notifies the terminal 40 possessed by the user to that effect.
 顔画像更新勧告部206は、認証失敗データベースを定期的又は所定のタイミングで参照し、各エントリの失敗回数フィールドの値を取得する。顔画像更新勧告部206は、被認証者と推定される利用者に関し、認証に失敗した回数に基づいて顔画像の更新を勧告するか否かを決定する。より具体的には、顔画像更新勧告部206は、当該取得された失敗回数に対して閾値処理を実行し、その結果に応じて「顔画像更新勧告通知」を端末40に送信する。 The face image update recommendation unit 206 refers to the authentication failure database periodically or at a predetermined timing, and acquires the value of the failure count field of each entry. The face image update recommendation unit 206 determines whether or not to recommend the update of the face image for the user who is presumed to be the authenticated person, based on the number of times of authentication failure. More specifically, the face image update recommendation unit 206 executes the threshold value processing for the acquired number of failures, and sends a "face image update recommendation notification" to the terminal 40 according to the result.
 失敗回数が閾値TH7よりも大きい場合、顔画像更新勧告部206は対応する連絡先に「顔画像更新勧告通知」を送信する。当該通知を受信した端末40は、図24に示すような表示を行い、利用者に登録顔画像の更新を促す。 When the number of failures is larger than the threshold value TH7, the face image update recommendation unit 206 sends a "face image update recommendation notification" to the corresponding contact. The terminal 40 that has received the notification displays as shown in FIG. 24 and urges the user to update the registered face image.
 なお、顔画像更新勧告通知には、種々の情報を含めることができる。例えば、顔画像更新勧告部206は、被認証者と推定される利用者の顔画像(認証情報データベースに登録された顔画像)を含む顔画像更新勧告通知を端末40に送信してもよい。この場合、端末40は、図25に示すような表示を行うことができる。図25に示すような表示に接した利用者は、自分の顔が表示されていれば納得して認証サーバ10に登録されている顔画像を更新する。 In addition, various information can be included in the face image update recommendation notification. For example, the face image update recommendation unit 206 may send a face image update recommendation notification including a face image (a face image registered in the authentication information database) of a user presumed to be the authenticated person to the terminal 40. In this case, the terminal 40 can perform the display as shown in FIG. 25. The user who comes into contact with the display as shown in FIG. 25 is convinced that his / her face is displayed and updates the face image registered in the authentication server 10.
 あるいは、利用者のシステム登録時に、システム登録日や登録時の年齢等も併せて認証情報データベースに記憶しておくことで、顔画像更新勧告部206は、これらの情報を含む顔画像更新勧告通知を端末40に送信してもよい。あるいは、顔画像更新勧告部206は、顔画像が登録(又は更新)されてからのシステム登録期間を含む顔画像更新勧告通知を端末40に送信してもよい。この場合、利用者は、長い期間に亘り顔画像が更新されていないことを認識でき、顔画像を更新する動機となり得る。 Alternatively, when the user's system is registered, the system registration date, the age at the time of registration, etc. are also stored in the authentication information database, so that the face image update recommendation unit 206 can notify the face image update recommendation including such information. May be transmitted to the terminal 40. Alternatively, the face image update recommendation unit 206 may send a face image update recommendation notification including the system registration period after the face image is registered (or updated) to the terminal 40. In this case, the user can recognize that the face image has not been updated for a long period of time, and may be a motivation for updating the face image.
 顔画像更新勧告部206の動作をまとめると図26に示すようなフローチャートのとおりとなる。 The operation of the face image update recommendation unit 206 can be summarized as shown in the flowchart shown in FIG. 26.
 顔画像更新勧告部206は、認証失敗データベースの失敗回数と閾値TH7を比較する(ステップS301)。 The face image update recommendation unit 206 compares the number of failures of the authentication failure database with the threshold value TH7 (step S301).
 失敗回数が閾値TH7よりも大きければ(ステップS301、Yes分岐)、顔画像更新勧告部206は、端末40に対して顔画像更新勧告通知を送信する(ステップS302)。 If the number of failures is larger than the threshold value TH7 (step S301, Yes branch), the face image update recommendation unit 206 transmits a face image update recommendation notification to the terminal 40 (step S302).
 失敗回数が閾値TH7以下であれば(ステップS301、No分岐)、顔画像更新勧告部206は、特段の動作を行わない。 If the number of failures is the threshold value TH7 or less (step S301, No branch), the face image update recommendation unit 206 does not perform any particular operation.
 記憶部207は、認証サーバ10の動作に必要な情報を記憶する。記憶部207には、認証情報データベース(第1のデータベース)や認証失敗データベース(第2のデータベース)が構築される。 The storage unit 207 stores information necessary for the operation of the authentication server 10. An authentication information database (first database) and an authentication failure database (second database) are constructed in the storage unit 207.
[管理サーバ]
 図27は、第1の実施形態に係る管理サーバ20の処理構成(処理モジュール)の一例を示す図である。図27を参照すると、管理サーバ20は、通信制御部301と、個人情報取得部302と、サービス登録要求部303と、データベース管理部304と、認証要求部305と、記憶部306と、を備える。 [Management server]
FIG. 27 is a diagram showing an example of a processing configuration (processing module) of the management server 20 according to the first embodiment. Referring to FIG. 27, the management server 20 includes a communication control unit 301, a personal information acquisition unit 302, a service registration request unit 303, a database management unit 304, an authentication request unit 305, and a storage unit 306. ..
 通信制御部301は、他の装置との間の通信を制御する手段である。例えば、通信制御部301は、認証サーバ10、認証端末30からデータ(パケット)を受信する。また、通信制御部301は、認証サーバ10、認証端末30に向けてデータを送信する。通信制御部301は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部301は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部301を介して他の装置とデータの送受信を行う。 The communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packets) from the authentication server 10 and the authentication terminal 30. Further, the communication control unit 301 transmits data to the authentication server 10 and the authentication terminal 30. The communication control unit 301 passes the data received from the other device to the other processing module. The communication control unit 301 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from another device via the communication control unit 301.
 個人情報取得部302は、サービス提供者がサービスを提供する際に必要となる個人情報を取得する手段である。例えば、サービス提供者が「小売店」である場合には、個人情報取得部302は、利用者の氏名等に加えて、代金決済に関する情報(例えば、クレジットカードの情報、銀行口座の情報)を取得する。あるいは、サービス提供者が「ホテル事業者」である場合には、個人情報取得部302は、氏名等に加え、宿泊に関する予約情報(例えば、宿泊日等)を取得する。 The personal information acquisition unit 302 is a means for acquiring personal information required when a service provider provides a service. For example, when the service provider is a "retail store", the personal information acquisition unit 302 provides information related to payment (for example, credit card information, bank account information) in addition to the user's name and the like. get. Alternatively, when the service provider is a "hotel operator", the personal information acquisition unit 302 acquires reservation information (for example, accommodation date, etc.) related to accommodation in addition to the name and the like.
 個人情報取得部302は、上記氏名等の個人情報に加え、利用者がシステム登録する際に決定したユーザID、パスワードを取得する。 The personal information acquisition unit 302 acquires the user ID and password determined when the user registers the system, in addition to the personal information such as the above name.
 個人情報取得部302は、個人情報、ユーザID、パスワードを任意の手段を用いて取得する。例えば、個人情報取得部302は、上記情報を入力するためのGUIやフォームを端末40に表示する(図28参照)。あるいは、図28に示すような情報が、サービス提供者が管理、運営するWEBページに表示されていてもよい。あるいは、端末40が、サービス提供者が提供するアプリケーションをダウンロードし、当該アプリケーションにより図28に示すような表示が行われてもよい。とりわけ、当該WEBページは、サービス提供者の会員情報を管理するWEBページであってもよい。即ち、各サービス提供者の会員が、自身の会員情報を管理するWEBページにてサービス登録が行われてもよい。 The personal information acquisition unit 302 acquires personal information, a user ID, and a password by any means. For example, the personal information acquisition unit 302 displays a GUI or a form for inputting the above information on the terminal 40 (see FIG. 28). Alternatively, the information shown in FIG. 28 may be displayed on the WEB page managed and operated by the service provider. Alternatively, the terminal 40 may download the application provided by the service provider and display as shown in FIG. 28 by the application. In particular, the WEB page may be a WEB page that manages member information of a service provider. That is, the member of each service provider may register the service on the WEB page that manages his / her member information.
 個人情報取得部302は、GUI等を用いて取得した個人情報、ユーザID、パスワードをサービス登録要求部303に引き渡す。 The personal information acquisition unit 302 delivers the personal information, user ID, and password acquired using the GUI or the like to the service registration request unit 303.
 サービス登録要求部303は、認証サーバ10に対して、利用者のサービス利用に関する登録を要求(依頼)する手段である。 The service registration request unit 303 is a means for requesting (requesting) the authentication server 10 to register the user regarding the use of the service.
 サービス登録要求部303は、個人情報取得部302から取得した上記3つの情報(個人情報、ユーザID、パスワード)のうち、ユーザIDとパスワードを選択する。サービス登録要求部303は、当該選択したユーザID、パスワードとサービス提供者IDを含むサービス登録要求を認証サーバ10に送信する。 The service registration request unit 303 selects a user ID and password from the above three pieces of information (personal information, user ID, password) acquired from the personal information acquisition unit 302. The service registration request unit 303 transmits a service registration request including the selected user ID, password and service provider ID to the authentication server 10.
 サービス登録要求部303は、認証サーバ10からサービス登録要求に対する応答を取得する。取得した応答が「否定応答」である場合には、サービス登録要求部303は、その旨を利用者に通知する。例えば、サービス登録要求部303は、サービス登録は既に行われている旨を利用者に通知する。 The service registration request unit 303 acquires a response to the service registration request from the authentication server 10. If the acquired response is a "negative response", the service registration requesting unit 303 notifies the user to that effect. For example, the service registration request unit 303 notifies the user that the service registration has already been performed.
 取得した応答が「肯定応答」である場合には、サービス登録要求部303は、サービス登録に成功した旨を利用者に通知する。また、サービス登録要求部303は、上記応答に含まれるサービスユーザIDと、個人情報取得部302から取得した個人情報と、をデータベース管理部304に引き渡す。 If the acquired response is an "affirmative response", the service registration requesting unit 303 notifies the user that the service registration has been successful. Further, the service registration request unit 303 passes the service user ID included in the response and the personal information acquired from the personal information acquisition unit 302 to the database management unit 304.
 データベース管理部304は、利用者情報データベースを管理する手段である。利用者情報データベースは、サービス提供の対象となっている利用者(システム利用者)の情報を管理するデータベースである。利用者情報データベースは、当該利用者の個人情報(例えば、氏名等)と認証サーバ10から取得したサービスユーザIDを対応付けて記憶する。 The database management unit 304 is a means for managing the user information database. The user information database is a database that manages information on users (system users) who are the targets of service provision. The user information database stores the personal information (for example, name, etc.) of the user in association with the service user ID acquired from the authentication server 10.
 データベース管理部304は、サービス登録要求部303から上記情報(個人情報、サービスユーザID)を取得すると、利用者情報データベースに新規エントリを追加する。例えば、サービス提供者S1の管理サーバ20が、利用者U1に関する上記情報を取得した場合には、図29の最下段に示されるエントリが追加される。 When the database management unit 304 acquires the above information (personal information, service user ID) from the service registration request unit 303, it adds a new entry to the user information database. For example, when the management server 20 of the service provider S1 acquires the above information regarding the user U1, the entry shown at the bottom of FIG. 29 is added.
 認証要求部305は、認証サーバ10に対して利用者の認証を要求する手段である。 The authentication request unit 305 is a means for requesting the user's authentication from the authentication server 10.
 認証要求部305は、認証端末30から生体情報(顔画像)を取得すると、当該顔画像から特徴量を生成する。認証要求部305は、生成した特徴量とサービス提供者IDを含む認証要求を認証サーバ10に送信する。 When the authentication request unit 305 acquires biometric information (face image) from the authentication terminal 30, it generates a feature amount from the face image. The authentication request unit 305 transmits an authentication request including the generated feature amount and the service provider ID to the authentication server 10.
 認証サーバ10からの応答が「否定応答」の場合(認証失敗の場合)には、認証要求部305は、その旨を認証端末30に通知する。 When the response from the authentication server 10 is a "negative response" (in the case of an authentication failure), the authentication request unit 305 notifies the authentication terminal 30 to that effect.
 認証サーバ10からの応答が「肯定応答」の場合(認証成功の場合)には、認証要求部305は、認証サーバ10からの応答に含まれるサービスユーザIDを取り出す。認証要求部305は、当該サービスユーザIDをキーとして利用者情報データベースを検索し、対応するエントリを特定する。 When the response from the authentication server 10 is an "affirmative response" (when the authentication is successful), the authentication request unit 305 retrieves the service user ID included in the response from the authentication server 10. The authentication request unit 305 searches the user information database using the service user ID as a key, and identifies the corresponding entry.
 認証要求部305は、当該特定したエントリの個人情報フィールドに設定された個人情報を読み出し、認証端末30に送信する。例えば、図29の例では、サービスユーザIDが「U1S1」であれば、最下段の個人情報が認証端末30に送信される。 The authentication request unit 305 reads out the personal information set in the personal information field of the specified entry and sends it to the authentication terminal 30. For example, in the example of FIG. 29, if the service user ID is "U1S1", the personal information at the bottom is transmitted to the authentication terminal 30.
 記憶部306は、管理サーバ20の動作に必要な情報を記憶する。利用者情報データベースは記憶部306に構築される。 The storage unit 306 stores information necessary for the operation of the management server 20. The user information database is built in the storage unit 306.
[認証端末]
 認証端末30は、利用者から取得した生体情報を管理サーバ20に送信することで、当該管理サーバ20から利用者の個人情報を取得する。認証端末30は、当該取得した個人情報を用いて利用者にサービスを提供する。 [Authentication terminal]
The authentication terminal 30 acquires the user's personal information from the management server 20 by transmitting the biometric information acquired from the user to the management server 20. The authentication terminal 30 provides a service to the user by using the acquired personal information.
 図30は、第1の実施形態に係る認証端末30の処理構成(処理モジュール)の一例を示す図である。図30を参照すると、認証端末30は、通信制御部401と、生体情報取得部402と、サービス提供部403と、メッセージ出力部404と、記憶部405と、を備える。 FIG. 30 is a diagram showing an example of a processing configuration (processing module) of the authentication terminal 30 according to the first embodiment. Referring to FIG. 30, the authentication terminal 30 includes a communication control unit 401, a biometric information acquisition unit 402, a service providing unit 403, a message output unit 404, and a storage unit 405.
 通信制御部401は、他の装置との間の通信を制御する手段である。例えば、通信制御部401は、管理サーバ20からデータ(パケット)を受信する。また、通信制御部401は、管理サーバ20に向けてデータを送信する。通信制御部401は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部401は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部401を介して他の装置とデータの送受信を行う。 The communication control unit 401 is a means for controlling communication with other devices. For example, the communication control unit 401 receives data (packets) from the management server 20. Further, the communication control unit 401 transmits data to the management server 20. The communication control unit 401 passes the data received from the other device to the other processing module. The communication control unit 401 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 401.
 生体情報取得部402は、カメラを制御し、利用者の生体情報(顔画像)を取得する手段である。生体情報取得部402は、定期的又は所定のタイミングにおいて自装置の前方を撮像する。生体情報取得部402は、取得した画像に人の顔画像が含まれるか否かを判定し、顔画像が含まれる場合には取得した画像データから顔画像を抽出する。 The biometric information acquisition unit 402 is a means for controlling the camera and acquiring the biometric information (face image) of the user. The biological information acquisition unit 402 images the front of the own device at regular intervals or at predetermined timings. The biological information acquisition unit 402 determines whether or not the acquired image includes a human face image, and if the acquired image includes a face image, extracts the face image from the acquired image data.
 なお、生体情報取得部402による顔画像の検出処理や顔画像の抽出処理には既存の技術を用いることができるので詳細な説明を省略する。例えば、生体情報取得部402は、CNN(Convolutional Neural Network)により学習された学習モデルを用いて、画像データの中から顔画像(顔領域)を抽出してもよい。あるいは、生体情報取得部402は、テンプレートマッチング等の手法を用いて顔画像を抽出してもよい。 Since the existing technology can be used for the face image detection process and the face image extraction process by the biological information acquisition unit 402, detailed description thereof will be omitted. For example, the biological information acquisition unit 402 may extract a face image (face region) from the image data by using a learning model learned by CNN (Convolutional Neural Network). Alternatively, the biological information acquisition unit 402 may extract a face image by using a technique such as template matching.
 生体情報取得部402は、抽出した顔画像をサービス提供部403に引き渡す。 The biometric information acquisition unit 402 delivers the extracted face image to the service provision unit 403.
 サービス提供部403は、所定のサービスを利用者に提供する手段である。サービス提供部403は、生体情報取得部402から取得した顔画像を管理サーバ20に送信する。管理サーバ20は、当該顔画像に対応する個人情報(例えば、氏名等)を返信する。サービス提供部403は、当該返信された個人情報を用いて、利用者にサービスを提供する。 The service providing unit 403 is a means for providing a predetermined service to the user. The service providing unit 403 transmits the face image acquired from the biometric information acquisition unit 402 to the management server 20. The management server 20 returns personal information (for example, name, etc.) corresponding to the face image. The service providing unit 403 provides the service to the user by using the returned personal information.
 メッセージ出力部404は、利用者に対して種々のメッセージを出力する手段である。例えば、メッセージ出力部404は、利用者の認証結果に関するメッセージや、サービス提供に関するメッセージを出力する。メッセージ出力部404は、液晶モニタ等の表示デバイスを用いてメッセージを表示してもよいし、スピーカー等の音響機器を用いて音声メッセージを再生してもよい。 The message output unit 404 is a means for outputting various messages to the user. For example, the message output unit 404 outputs a message regarding the user's authentication result and a message regarding service provision. The message output unit 404 may display a message using a display device such as a liquid crystal monitor, or may reproduce a voice message using an audio device such as a speaker.
 記憶部405は、認証端末30の動作に必要な情報を記憶する。 The storage unit 405 stores information necessary for the operation of the authentication terminal 30.
[システムの動作]
 続いて、第1の実施形態に係る認証システムの動作について説明する。なお、動作の説明は、サービス登録フェーズとサービス提供フェーズについて行い、利用者登録フェーズに関する説明を省略する。 [System operation]
Subsequently, the operation of the authentication system according to the first embodiment will be described. The operation will be described for the service registration phase and the service provision phase, and the description regarding the user registration phase will be omitted.
 図31は、第1の実施形態に係る認証システムのサービス登録フェーズに関する動作の一例を示すシーケンス図である。 FIG. 31 is a sequence diagram showing an example of the operation related to the service registration phase of the authentication system according to the first embodiment.
 管理サーバ20は、利用者から個人情報(サービスを提供するために必要な情報)、ユーザID、パスワードを取得する(ステップS01)。 The management server 20 acquires personal information (information necessary for providing the service), user ID, and password from the user (step S01).
 管理サーバ20は、取得したユーザID及びパスワードとサービス提供者IDを含むサービス登録要求を認証サーバ10に送信する(ステップS02)。 The management server 20 transmits a service registration request including the acquired user ID, password, and service provider ID to the authentication server 10 (step S02).
 認証サーバ10は、取得したユーザID、パスワード及びサービス提供者IDを用いてサービスユーザIDを生成する(ステップS03)。 The authentication server 10 generates a service user ID using the acquired user ID, password, and service provider ID (step S03).
 認証サーバ10は、サービス提供者IDとサービスユーザIDを認証情報データベースに格納する(ステップS04)。 The authentication server 10 stores the service provider ID and the service user ID in the authentication information database (step S04).
 認証サーバ10は、サービスユーザIDを含む応答(サービス登録要求に対する応答)を管理サーバ20に送信する(ステップS05)。 The authentication server 10 transmits a response including the service user ID (response to the service registration request) to the management server 20 (step S05).
 管理サーバ20は、ステップS01にて取得した個人情報と、認証サーバ10から取得したサービスユーザIDを対応付けて、利用者情報データベースに格納する(ステップS06)。 The management server 20 associates the personal information acquired in step S01 with the service user ID acquired from the authentication server 10 and stores it in the user information database (step S06).
 図32は、第1の実施形態に係る認証システムのサービス提供フェーズに関する動作の一例を示すシーケンス図である。 FIG. 32 is a sequence diagram showing an example of the operation related to the service provision phase of the authentication system according to the first embodiment.
 認証端末30は、利用者の顔画像(生体情報)を取得し、当該取得した顔画像を管理サーバ20に送信する(ステップS11)。 The authentication terminal 30 acquires a user's face image (biological information) and transmits the acquired face image to the management server 20 (step S11).
 管理サーバ20は、取得した顔画像から特徴量を生成する(ステップS12)。 The management server 20 generates a feature amount from the acquired face image (step S12).
 管理サーバ20は、当該生成された特徴量とサービス提供者IDを含む認証要求を認証サーバ10に送信する(ステップS13)。 The management server 20 transmits an authentication request including the generated feature amount and the service provider ID to the authentication server 10 (step S13).
 認証サーバ10は、認証要求に含まれる特徴量とサービス提供者IDを用いた認証処理を実行し、対応するサービスユーザIDを特定する(ステップS14)。 The authentication server 10 executes an authentication process using the feature amount included in the authentication request and the service provider ID, and identifies the corresponding service user ID (step S14).
 認証サーバ10は、特定したサービスユーザIDを含む応答(認証要求に対する応答)を管理サーバ20に送信する(ステップS15)。 The authentication server 10 transmits a response (response to the authentication request) including the specified service user ID to the management server 20 (step S15).
 管理サーバ20は、取得したサービスユーザIDを用いて利用者情報データベースを検索し、対応する個人情報を特定する(ステップS16)。 The management server 20 searches the user information database using the acquired service user ID, and identifies the corresponding personal information (step S16).
 管理サーバ20は、特定した個人情報を認証端末30に送信する(ステップS17)。 The management server 20 transmits the specified personal information to the authentication terminal 30 (step S17).
 認証端末30は、取得した個人情報を用いてサービスを提供する(ステップS18)。 The authentication terminal 30 provides a service using the acquired personal information (step S18).
 以上のように、第1の実施形態に係る認証システムは、被認証者の認証に失敗した場合、当該被認証者の容姿の変化等により認証に失敗しているのか否かを判定する。容姿の変化等により認証に失敗したと判定された場合には、認証サーバ10は、認証情報データベースに登録された利用者の中から被認証者と推定される利用者を特定する。認証サーバ10は、このような被認証者(認証には失敗したが、完全に他人とは断定できない被認証者)の情報を認証失敗データベースに蓄積する。その上で、認証サーバ10は、同一の利用者(被認証者と推定される利用者)に関して複数回、認証に失敗した場合に、当該利用者に対して顔画像の更新を促す。その結果、利用者は適切な時期に、認証サーバ10に登録した顔画像を更新することができ、認証に失敗する可能性が減る。即ち、認証システムの認証精度は、長期間に亘り高い水準で維持される。 As described above, when the authentication system according to the first embodiment fails to authenticate the person to be authenticated, it determines whether or not the authentication has failed due to a change in the appearance of the person to be authenticated or the like. When it is determined that the authentication has failed due to a change in appearance or the like, the authentication server 10 identifies a user presumed to be the authenticated person from the users registered in the authentication information database. The authentication server 10 stores the information of such a person to be authenticated (the person to be authenticated who has failed in authentication but cannot be completely determined to be another person) in the authentication failure database. Then, when the authentication server 10 fails to authenticate the same user (a user presumed to be the authenticated person) a plurality of times, the authentication server 10 prompts the user to update the face image. As a result, the user can update the face image registered in the authentication server 10 at an appropriate time, and the possibility that the authentication fails is reduced. That is, the authentication accuracy of the authentication system is maintained at a high level for a long period of time.
 また、第1の実施形態に係る認証システムでは、認証サーバ10は、登録顔画像と更新顔画像の類似度に基づいて、登録顔画像の更新可否を決定する。2枚の顔画像の類似度が極めて高い場合には、認証サーバ10は、当初システム登録した利用者の顔画像が更新用の顔画像として用いられたと判断し、顔画像の更新を行う。対して、2枚の顔画像の類似度が極めて低い場合には、認証サーバ10は、当初システム登録した利用者とは別人の顔画像が更新用の顔画像として用いられたと判断し、顔画像の更新を拒否する。例えば、時間の経過と共に、利用者の容姿等が変化し2枚の顔画像が多少異なる場合には、認証サーバ10は、身元確認書類の提出を利用者に要求する。認証サーバ10は、当該身元確認書類に記載された検証顔画像と更新顔画像を比較することで、更新に用いられる顔画像の人物の身元が確認できた場合に顔画像の更新を行う。即ち、登録顔画像と更新顔画像だけでは、システム登録された利用者と顔画像の更新者が一致するか否か不明である場合に、認証サーバ10は、身元確認書類を用いてシステム利用者と更新顔画像提供者の一致性を確認する。その結果、認証サーバ10は、登録された顔画像の不正更新を防止できる。 Further, in the authentication system according to the first embodiment, the authentication server 10 determines whether or not the registered face image can be updated based on the similarity between the registered face image and the updated face image. When the similarity between the two face images is extremely high, the authentication server 10 determines that the face image of the user initially registered in the system was used as the face image for updating, and updates the face image. On the other hand, when the similarity between the two face images is extremely low, the authentication server 10 determines that the face image of a person different from the user initially registered in the system was used as the face image for updating, and the face image. Reject the update. For example, when the appearance of the user changes with the passage of time and the two facial images are slightly different, the authentication server 10 requests the user to submit an identification document. The authentication server 10 updates the face image when the identity of the person in the face image used for updating can be confirmed by comparing the verified face image described in the identity confirmation document with the updated face image. That is, when it is unclear whether or not the registered face image and the updated face image match the system-registered user and the face image updater, the authentication server 10 uses the identification document to use the system user. And check the match of the updated face image provider. As a result, the authentication server 10 can prevent unauthorized updating of the registered face image.
[第2の実施形態]
 続いて、第2の実施形態について図面を参照して詳細に説明する。 [Second Embodiment]
Subsequently, the second embodiment will be described in detail with reference to the drawings.
 第1の実施形態では、認証サーバ10は、システム登録された利用者のうち容姿の変化等により認証に失敗した被認証者を特定している。さらに、認証サーバ10は、当該特定した利用者が所持する端末40を介して顔画像の更新を促している。第2の実施形態では、認証サーバ10は、被認証者に対して認証端末30を介して顔画像の更新を促す場合について説明する。 In the first embodiment, the authentication server 10 identifies a person to be authenticated who has failed in authentication due to a change in appearance or the like among the users registered in the system. Further, the authentication server 10 is urging the face image to be updated via the terminal 40 possessed by the specified user. In the second embodiment, the case where the authentication server 10 prompts the person to be authenticated to update the face image via the authentication terminal 30 will be described.
 なお、第2の実施形態に係る認証システムの構成は第1の実施形態と同一とすることができるので図2に相当する説明を省略する。また、第2の実施形態に係る認証サーバ10、管理サーバ20、認証端末30の処理構成も第1の実施形態と同一とすることができるのでその説明を省略する。 Since the configuration of the authentication system according to the second embodiment can be the same as that of the first embodiment, the description corresponding to FIG. 2 will be omitted. Further, since the processing configuration of the authentication server 10, the management server 20, and the authentication terminal 30 according to the second embodiment can be the same as that of the first embodiment, the description thereof will be omitted.
 以下、第1及び第2の実施形態の相違点を中心に説明する。 Hereinafter, the differences between the first and second embodiments will be mainly described.
 第2の実施形態では、利用者はシステム登録の際に、連絡先を認証サーバ10に登録する必要はない。つまり、図19等に示す認証情報データベースにおいて、連絡先フィールドは存在しなくともよい。また、認証サーバ10から顔画像更新勧告通知を受信する手段としての端末40もシステムに含まれていなくともよい。 In the second embodiment, the user does not need to register the contact information in the authentication server 10 at the time of system registration. That is, in the authentication information database shown in FIG. 19 and the like, the contact field does not have to exist. Further, the system may not include the terminal 40 as a means for receiving the face image update recommendation notification from the authentication server 10.
 第2の実施形態に係る認証失敗データベースは、認証に失敗した被認証者の生体情報(特徴量)と失敗回数を対応付けて記憶する(図33参照)。 The authentication failure database according to the second embodiment stores the biometric information (feature amount) of the authenticated person who failed in authentication in association with the number of failures (see FIG. 33).
 図34は、第2の実施形態に係る認証部205の動作の一例を示すフローチャートである。図34において、類似度が閾値TH5よりも大きい場合(ステップS202、Yes分岐)以降の動作は図22を参照して説明した第1の実施形態に係る認証部205の動作と同一とすることができるので説明を省略する。 FIG. 34 is a flowchart showing an example of the operation of the authentication unit 205 according to the second embodiment. In FIG. 34, the operation after the case where the similarity is larger than the threshold value TH5 (step S202, Yes branch) may be the same as the operation of the authentication unit 205 according to the first embodiment described with reference to FIG. 22. Since it can be done, the explanation is omitted.
 認証部205は、被認証者の認証に失敗すると、計算された類似度が閾値TH6よりも大きいか否かを判定する(ステップS211)。類似度が閾値TH6よりも大きい場合(ステップS211、Yes分岐)、認証部205は、認証失敗データベースを用いた照合処理を行う(ステップS212)。具体的には、認証部205は、被認証者の特徴量を照合側、認証失敗データベースに登録された特徴量を登録側にそれぞれ設定し、1対N照合を実行する。 If the authentication of the person to be authenticated fails, the authentication unit 205 determines whether or not the calculated similarity is larger than the threshold value TH6 (step S211). When the degree of similarity is larger than the threshold value TH6 (step S211 and Yes branch), the authentication unit 205 performs a collation process using the authentication failure database (step S212). Specifically, the authentication unit 205 sets the feature amount of the person to be authenticated on the collation side and the feature amount registered in the authentication failure database on the registration side, and executes one-to-N verification.
 その後、認証部205は、認証失敗データベースを更新する(ステップS213)。 After that, the authentication unit 205 updates the authentication failure database (step S213).
 上記照合処理の結果、被認証者の特徴量と実質的に一致する特徴量が存在しなければ、認証部205は、認証失敗データベースに新たなエントリを追加し、失敗回数フィールドに「1」を設定する。また、認証部205は、追加したエントリに被認証者の特徴量を設定する。 As a result of the above collation process, if there is no feature amount that substantially matches the feature amount of the person to be authenticated, the authentication unit 205 adds a new entry to the authentication failure database and sets "1" in the failure count field. Set. Further, the authentication unit 205 sets the feature amount of the person to be authenticated in the added entry.
 上記照合処理の結果、被認証者の特徴量と実質的に一致する特徴量が存在すれば、認証部205は、対応するエントリの失敗回数フィールドの値に「1」を加算する。 As a result of the above collation process, if there is a feature amount that substantially matches the feature amount of the person to be authenticated, the authentication unit 205 adds "1" to the value of the failure count field of the corresponding entry.
 その後、認証部205は、被認証者の特徴量を顔画像更新勧告部206に引き渡し、当該特徴量に対応する利用者に顔画像更新の勧告が必要か否かの判定を指示する(ステップS214)。顔画像更新勧告部206は、第1の実施形態と同様に、被認証者の失敗回数に閾値処理を施し、その結果に基づいて顔画像更新に関する勧告が必要か否かを判定する。顔画像更新勧告部206は、判定結果を認証部205に応答する。 After that, the authentication unit 205 delivers the feature amount of the person to be authenticated to the face image update recommendation unit 206, and instructs the user corresponding to the feature amount to determine whether or not the face image update recommendation is necessary (step S214). ). Similar to the first embodiment, the face image update recommendation unit 206 performs threshold processing on the number of failures of the authenticated person, and determines whether or not a recommendation regarding face image update is necessary based on the result. The face image update recommendation unit 206 responds to the authentication unit 205 with the determination result.
 勧告が必要でなければ(ステップS215、No分岐)、認証部205は、認証失敗を認証要求の送信元に通知する(ステップS216)。なお、計算された類似度が閾値TH6よりも大きくない場合(ステップS211、No分岐)にも、認証部205は、認証失敗を認証要求の送信元に通知する。 If the recommendation is not necessary (step S215, No branch), the authentication unit 205 notifies the sender of the authentication request of the authentication failure (step S216). Even when the calculated similarity is not larger than the threshold value TH6 (step S211, No branch), the authentication unit 205 notifies the sender of the authentication request of the authentication failure.
 勧告が必要であれば(ステップS215、Yes分岐)、認証部205は、顔画像更新勧告部206に対して、顔画像更新勧告通知を送信するように指示する(ステップS217)。 If a recommendation is required (step S215, Yes branch), the authentication unit 205 instructs the face image update recommendation unit 206 to send a face image update recommendation notification (step S217).
 当該指示を受けた顔画像更新勧告部206は、認証要求の送信元である管理サーバ20に対して顔画像更新勧告通知を送信する。当該通知は、被認証者の生体情報を取得した認証端末30に転送される。認証端末30は、図24に示すような表示を行い、被認証者に対して顔画像の更新を促す。 The face image update recommendation unit 206 that received the instruction sends a face image update recommendation notification to the management server 20 that is the sender of the authentication request. The notification is forwarded to the authentication terminal 30 that has acquired the biometric information of the person to be authenticated. The authentication terminal 30 performs the display as shown in FIG. 24 and urges the person to be authenticated to update the face image.
 このように、第2の実施形態に係る認証サーバ10は、顔画像更新を促す必要がある場合に、認証結果に代えて顔画像更新勧告通知を送信する。あるいは、認証サーバ10は、認証要求に対する否定応答に当該否定応答は「顔画像更新勧告通知」に相当する旨の情報(フラグ)を含ませてもよい。この場合、認証端末30は、通常の認証失敗を受信した場合と、顔画像更新勧告に相当する認証失敗を受信した場合とで、認証に失敗した被認証者に異なるメッセージを表示することができる。 As described above, the authentication server 10 according to the second embodiment sends a face image update recommendation notification instead of the authentication result when it is necessary to prompt the face image update. Alternatively, the authentication server 10 may include information (flag) in the negative response to the authentication request to the effect that the negative response corresponds to the "face image update recommendation notification". In this case, the authentication terminal 30 can display different messages to the authenticated person who has failed in authentication depending on whether the authentication failure is received or the authentication failure corresponding to the face image update recommendation is received. ..
 以上のように、第2の実施形態に係る認証システムは、所定の回数、被認証者が認証に失敗した場合、当該被認証者に対して顔画像の更新を促すことができる。即ち、第2の実施形態では、被認証者と推定される利用者に代えて、認証端末30の面前で本人か否か検証されている被認証者に対して顔画像の更新が勧告される。その結果、第1の実施形態と同様に、認証精度を維持できる。 As described above, the authentication system according to the second embodiment can prompt the authenticated person to update the face image when the authenticated person fails to authenticate a predetermined number of times. That is, in the second embodiment, instead of the user presumed to be the authenticated person, it is recommended to update the face image to the authenticated person whose identity is verified in front of the authentication terminal 30. .. As a result, the authentication accuracy can be maintained as in the first embodiment.
 続いて、認証システムを構成する各装置のハードウェアについて説明する。図35は、認証サーバ10のハードウェア構成の一例を示す図である。 Next, the hardware of each device that constitutes the authentication system will be described. FIG. 35 is a diagram showing an example of the hardware configuration of the authentication server 10.
 認証サーバ10は、情報処理装置(所謂、コンピュータ)により構成可能であり、図35に例示する構成を備える。例えば、認証サーバ10は、プロセッサ311、メモリ312、入出力インターフェイス313及び通信インターフェイス314等を備える。上記プロセッサ311等の構成要素は内部バス等により接続され、相互に通信可能に構成されている。 The authentication server 10 can be configured by an information processing device (so-called computer), and includes the configuration illustrated in FIG. 35. For example, the authentication server 10 includes a processor 311, a memory 312, an input / output interface 313, a communication interface 314, and the like. The components such as the processor 311 are connected by an internal bus or the like and are configured to be able to communicate with each other.
 但し、図35に示す構成は、認証サーバ10のハードウェア構成を限定する趣旨ではない。認証サーバ10は、図示しないハードウェアを含んでもよいし、必要に応じて入出力インターフェイス313を備えていなくともよい。また、認証サーバ10に含まれるプロセッサ311等の数も図35の例示に限定する趣旨ではなく、例えば、複数のプロセッサ311が認証サーバ10に含まれていてもよい。 However, the configuration shown in FIG. 35 does not mean to limit the hardware configuration of the authentication server 10. The authentication server 10 may include hardware (not shown) or may not include an input / output interface 313 if necessary. Further, the number of processors 311 and the like included in the authentication server 10 is not limited to the example shown in FIG. 35, and for example, a plurality of processors 311 may be included in the authentication server 10.
 プロセッサ311は、例えば、CPU(Central Processing Unit)、MPU(Micro Processing Unit)、DSP(Digital Signal Processor)等のプログラマブルなデバイスである。あるいは、プロセッサ311は、FPGA(Field Programmable Gate Array)、ASIC(Application Specific Integrated Circuit)等のデバイスであってもよい。プロセッサ311は、オペレーティングシステム(OS;Operating System)を含む各種プログラムを実行する。 The processor 311 is a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), and a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
 メモリ312は、RAM(Random Access Memory)、ROM(Read Only Memory)、HDD(Hard Disk Drive)、SSD(Solid State Drive)等である。メモリ312は、OSプログラム、アプリケーションプログラム、各種データを格納する。 The memory 312 is a RAM (RandomAccessMemory), a ROM (ReadOnlyMemory), an HDD (HardDiskDrive), an SSD (SolidStateDrive), or the like. The memory 312 stores an OS program, an application program, and various data.
 入出力インターフェイス313は、図示しない表示装置や入力装置のインターフェイスである。表示装置は、例えば、液晶ディスプレイ等である。入力装置は、例えば、キーボードやマウス等のユーザ操作を受け付ける装置である。 The input / output interface 313 is an interface of a display device or an input device (not shown). The display device is, for example, a liquid crystal display or the like. The input device is, for example, a device that accepts user operations such as a keyboard and a mouse.
 通信インターフェイス314は、他の装置と通信を行う回路、モジュール等である。例えば、通信インターフェイス314は、NIC(Network Interface Card)等を備える。 The communication interface 314 is a circuit, module, etc. that communicates with other devices. For example, the communication interface 314 includes a NIC (Network Interface Card) and the like.
 認証サーバ10の機能は、各種処理モジュールにより実現される。当該処理モジュールは、例えば、メモリ312に格納されたプログラムをプロセッサ311が実行することで実現される。また、当該プログラムは、コンピュータが読み取り可能な記憶媒体に記録することができる。記憶媒体は、半導体メモリ、ハードディスク、磁気記録媒体、光記録媒体等の非トランジェント(non-transitory)なものとすることができる。即ち、本発明は、コンピュータプログラム製品として具現することも可能である。また、上記プログラムは、ネットワークを介してダウンロードするか、あるいは、プログラムを記憶した記憶媒体を用いて、更新することができる。さらに、上記処理モジュールは、半導体チップにより実現されてもよい。 The function of the authentication server 10 is realized by various processing modules. The processing module is realized, for example, by the processor 311 executing a program stored in the memory 312. The program can also be recorded on a computer-readable storage medium. The storage medium may be a non-transient such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium. That is, the present invention can also be embodied as a computer program product. Further, the above program can be downloaded via a network or updated by using a storage medium in which the program is stored. Further, the processing module may be realized by a semiconductor chip.
 なお、管理サーバ20、認証端末30、端末40も認証サーバ10と同様に情報処理装置により構成可能であり、その基本的なハードウェア構成は認証サーバ10と相違する点はないので説明を省略する。例えば、認証端末30は、利用者を撮像するためのカメラを備えていればよい。 The management server 20, the authentication terminal 30, and the terminal 40 can also be configured by an information processing device in the same manner as the authentication server 10, and the basic hardware configuration thereof is not different from that of the authentication server 10, so the description thereof will be omitted. .. For example, the authentication terminal 30 may be provided with a camera for photographing the user.
 情報処理装置である認証サーバ10は、コンピュータを搭載し、当該コンピュータにプログラムを実行させることで認証サーバ10の機能が実現できる。また、認証サーバ10は、当該プログラムにより顔画像更新勧告方法を実行する。 The authentication server 10 which is an information processing device is equipped with a computer, and the function of the authentication server 10 can be realized by causing the computer to execute a program. Further, the authentication server 10 executes the face image update recommendation method by the program.
[変形例]
 なお、上記実施形態にて説明した認証システムの構成、動作等は例示であって、システムの構成等を限定する趣旨ではない。 [Modification example]
The configuration, operation, and the like of the authentication system described in the above embodiment are examples, and are not intended to limit the system configuration and the like.
 上記実施形態では、利用者がユーザID、パスワードを決定し、当該ユーザID、パスワードを用いてシステムに登録された利用者(システム利用者)を特定することを説明した。しかし、認証システムが、システム利用者を一意に特定するID(識別子)を決定してもよい。例えば、利用者登録フェーズにおいて、認証サーバ10は利用者の生体情報(顔画像、特徴量)を取得する。認証サーバ10は、当該生体情報に基づき上記IDを生成してもよい。例えば、認証サーバ10は、顔画像の特徴量からハッシュ値を計算し、当該計算されたハッシュ値を、ユーザID、パスワードの代わりとして用いてもよい。顔画像の特徴量は利用者ごとに異なり、当該特徴量から生成されたハッシュ値も利用者ごとに異なるため、システム利用者のIDとして用いることができる。 In the above embodiment, it has been described that the user determines the user ID and password, and identifies the user (system user) registered in the system by using the user ID and password. However, the authentication system may determine an ID (identifier) that uniquely identifies the system user. For example, in the user registration phase, the authentication server 10 acquires the user's biometric information (face image, feature amount). The authentication server 10 may generate the above ID based on the biometric information. For example, the authentication server 10 may calculate a hash value from the feature amount of the face image and use the calculated hash value as a substitute for the user ID and password. Since the feature amount of the face image differs for each user and the hash value generated from the feature amount also differs for each user, it can be used as an ID of the system user.
 上記実施形態では、利用者登録フェーズとサービス登録フェーズが異なるタイミングで実行されることを説明したが、これらのフェーズは実質的に同タイミングにて実行されてもよい。例えば、利用者がサービスの提供を希望するサービス提供者に設置された認証端末30が用いられ、上記2つの登録フェーズが実行されてもよい。具体的には、利用者は、認証端末30を用いて利用者登録(生体情報、ユーザID、パスワードの入力)を行い、その後、連続して、サービス登録(個人情報、ユーザID、パスワードの入力)を行ってもよい。この場合、認証端末30は、認証サーバ10の利用者登録機能(利用者管理部202)と管理サーバ20の個人情報取得機能(個人情報取得部302)を備えればよい。 In the above embodiment, it has been explained that the user registration phase and the service registration phase are executed at different timings, but these phases may be executed at substantially the same timing. For example, the authentication terminal 30 installed in the service provider that the user wishes to provide the service may be used, and the above two registration phases may be executed. Specifically, the user performs user registration (input of biometric information, user ID, password) using the authentication terminal 30, and then continuously performs service registration (input of personal information, user ID, password). ) May be performed. In this case, the authentication terminal 30 may be provided with a user registration function (user management unit 202) of the authentication server 10 and a personal information acquisition function (personal information acquisition unit 302) of the management server 20.
 サービス提供者が有する複数の認証端末30は、同じ敷地や建物等に設置されていなくともよい。サービス提供者が共通すれば、各認証端末30は空間的に離れた場所に設置されていてもよい。 The plurality of authentication terminals 30 owned by the service provider do not have to be installed on the same site, building, or the like. If the service providers are common, each authentication terminal 30 may be installed in a spatially separated place.
 上記実施形態では、1つのサービス提供者に1つのサービス提供者IDを割り当てることを説明したが、複数のサービス提供者に対して1つのサービス提供者IDが割り当てられてもよい。複数のサービス提供者をグループとしてまとめ、グループごとにサービス提供者IDが発行されてもよい。例えば、サービス提供者S1とS2が連携し、同じサービスを提供するような場合には、これらのサービス提供者S1、S2に対して共通のサービス提供者IDが発行されてもよい。 In the above embodiment, one service provider ID is assigned to one service provider, but one service provider ID may be assigned to a plurality of service providers. A plurality of service providers may be grouped together and a service provider ID may be issued for each group. For example, when the service providers S1 and S2 cooperate to provide the same service, a common service provider ID may be issued to the service providers S1 and S2.
 上記実施形態では、管理サーバ20から認証サーバ10に「顔画像から生成された特徴量」に係る生体情報が送信される場合について説明した。しかし、管理サーバ20から認証サーバ10に「顔画像」に係る生体情報が送信されてもよい。この場合、認証サーバ10は、取得した顔画像から特徴量を生成し、認証処理(照合処理)を実行すればよい。 In the above embodiment, the case where the biometric information related to the "feature amount generated from the face image" is transmitted from the management server 20 to the authentication server 10 has been described. However, the biometric information related to the "face image" may be transmitted from the management server 20 to the authentication server 10. In this case, the authentication server 10 may generate a feature amount from the acquired face image and execute the authentication process (verification process).
 上記実施形態では、認証端末30が顔画像を取得し、管理サーバ20が当該顔画像から特徴量を生成する場合について説明した。しかし、認証端末30が顔画像から特徴量を生成し、当該生成した特徴量を管理サーバ20に送信してもよい。即ち、管理サーバ20が特徴量の生成を行わなくてもよい。 In the above embodiment, the case where the authentication terminal 30 acquires the face image and the management server 20 generates the feature amount from the face image has been described. However, the authentication terminal 30 may generate a feature amount from the face image and transmit the generated feature amount to the management server 20. That is, the management server 20 does not have to generate the feature amount.
 上記実施形態では、認証サーバ10が利用者の生体情報(顔画像、特徴量)を記憶し、管理サーバ20が利用者の個人情報(氏名等)を記憶する場合について説明した。しかし、これら2つのサーバが統合され、当該統合されたサーバが、生体情報、個人情報を記憶していてもよい。即ち、認証端末30が生体情報を上記統合されたサーバに送信し、当該サーバが認証処理の結果として対応する個人情報を認証端末30に送信してもよい。 In the above embodiment, the case where the authentication server 10 stores the user's biometric information (face image, feature amount) and the management server 20 stores the user's personal information (name, etc.) has been described. However, these two servers may be integrated, and the integrated server may store biometric information and personal information. That is, the authentication terminal 30 may transmit the biometric information to the integrated server, and the server may transmit the corresponding personal information to the authentication terminal 30 as a result of the authentication process.
 上記実施形態では、登録顔画像から生成された特徴量が認証情報データベースに記憶される場合について説明したが、特徴量は当該データベースに記憶されていなくともよい。認証サーバ10は、認証要求を処理するたびに、登録顔画像から特徴量を生成してもよい。 In the above embodiment, the case where the feature amount generated from the registered face image is stored in the authentication information database has been described, but the feature amount does not have to be stored in the database. The authentication server 10 may generate a feature amount from the registered face image each time the authentication request is processed.
 上記実施形態では、利用者のシステム登録時に身元確認書類を用いた本人確認が行われることを説明したが、当該本人確認は省略されてもよい。システム利用者の本人確認は、サービス提供事業者にて個別に行われてもよい。即ち、管理サーバ20が、生体情報(顔画像)と身元確認書類を用いて本人確認をしてもよい。この場合、管理サーバ20は、本人確認が終了した後に、生体情報を削除してもよい。 In the above embodiment, it has been explained that the identity verification using the identity verification document is performed at the time of the user's system registration, but the identity verification may be omitted. The identity verification of the system user may be performed individually by the service provider. That is, the management server 20 may confirm the identity by using the biological information (face image) and the identity confirmation document. In this case, the management server 20 may delete the biometric information after the identity verification is completed.
 あるいは、認証センターの職員が、利用者から取得した顔画像と身元確認書類を用いて本人確認を行い、身元が確かな利用者の情報(ユーザID、パスワード、顔画像)を認証サーバ10に入力してもよい。 Alternatively, the staff of the authentication center confirms the identity using the face image and the identity verification document obtained from the user, and inputs the user information (user ID, password, face image) whose identity is certain to the authentication server 10. You may.
 上記実施形態では、顔画像の更新時に古い特徴量、顔画像を削除(新しい特徴量、顔画像で上書き)することを説明したが、古い特徴量、顔画像もデータベースに残しておいてもよい。また、古い特徴量が残っている場合には、認証サーバ10は、当該古い特徴量も照合処理に用いてもよい。例えば、認証サーバ10は、新しい特徴量(更新後の特徴量)を用いた照合処理に成功しない場合に、古い特徴量を照合処理に用いてもよい。このような対応により、僅かな容姿の変化等を吸収し、認証精度を高めることができる。 In the above embodiment, it has been described that the old feature amount and the face image are deleted (overwritten with the new feature amount and the face image) when the face image is updated, but the old feature amount and the face image may also be left in the database. .. Further, when the old feature amount remains, the authentication server 10 may also use the old feature amount for the collation process. For example, the authentication server 10 may use the old feature amount for the collation process when the collation process using the new feature amount (updated feature amount) is not successful. By such measures, it is possible to absorb slight changes in appearance and improve the authentication accuracy.
 各装置(認証サーバ10、管理サーバ20、認証端末30)間のデータ送受信の形態は特に限定されないが、これら装置間で送受信されるデータは暗号化されていてもよい。これらの装置間では、生体情報が送受信され、当該生体情報を適切に保護するためには、暗号化されたデータが送受信されることが望ましい。 The form of data transmission / reception between each device (authentication server 10, management server 20, authentication terminal 30) is not particularly limited, but the data transmitted / received between these devices may be encrypted. Biometric information is transmitted and received between these devices, and it is desirable that encrypted data be transmitted and received in order to appropriately protect the biometric information.
 上記実施形態では、利用者の端末40を顔画像の更新に用いることを説明した。端末40は、顔画像の更新以外の用途に用いられてもよい。例えば、利用者は、端末40を利用して認証サーバ10に登録された他の情報を更新してもよい。例えば、利用者は、端末40を用いて認証サーバ10にアクセスし、生体認証によりサービスの提供を受けるサービス提供者を選択してもよい。即ち、利用者は、認証サーバ10を介してサービス登録を行ってもよい。その際、サービス提供者の数が多ければ、利用頻度の低いサービス提供者や最近利用していないサービス提供者が優先して表示されてもよい。あるいは、利用者は、端末40を用いて、システムやサービスからの退会を申し込んでもよい。 In the above embodiment, it has been described that the user's terminal 40 is used for updating the face image. The terminal 40 may be used for purposes other than updating the facial image. For example, the user may update other information registered in the authentication server 10 by using the terminal 40. For example, the user may access the authentication server 10 using the terminal 40 and select a service provider who receives the service by biometric authentication. That is, the user may register the service via the authentication server 10. At that time, if the number of service providers is large, service providers that are infrequently used or service providers that have not been used recently may be displayed with priority. Alternatively, the user may apply for withdrawal from the system or service by using the terminal 40.
 上記実施形態では、顔画像更新勧告部206が、被認証者と推定される利用者の認証失敗回数に基づいて顔画像更新勧告通知を送信する場合について説明した。しかし、顔画像更新勧告部206は、失敗回数に代えて、又は、加えて他の情報に基づいて顔画像更新勧告通知の送信要否を判定してもよい。例えば、利用者の年齢に応じて顔画像更新勧告通知を送信するか否かが判定されてもよい。例えば、利用者が未成年の場合には、時間の経過に伴う顔の変化が速いため、顔画像更新勧告部206は、少ない失敗回数で顔画像更新勧告通知を送信してもよい。即ち、顔画像更新勧告部206は、利用者(認証失敗データベースに登録された利用者)の年齢に応じて、顔画像更新勧告通知の送信を定める閾値TH7を変更してもよい。あるいは、顔画像更新勧告部206は、システム登録時からの経過期間に応じて上記閾値TH7を変更してもよい。具体的には、システム登録の期間が短い場合には、閾値TH7は大きく設定され、当該期間が長い場合には閾値TH7は小さく設定される。このような対応により、システム登録期間が長くなればなるほど、顔画像更新勧告通知が送信される可能性が高まる。 In the above embodiment, the case where the face image update recommendation unit 206 transmits the face image update recommendation notification based on the number of authentication failures of the user presumed to be the authenticated person has been described. However, the face image update recommendation unit 206 may determine whether or not to send the face image update recommendation notification instead of the number of failures or based on other information. For example, it may be determined whether or not to send the face image update recommendation notification according to the age of the user. For example, when the user is a minor, the face changes rapidly with the passage of time, so the face image update recommendation unit 206 may send the face image update recommendation notification with a small number of failures. That is, the face image update recommendation unit 206 may change the threshold value TH7 that determines the transmission of the face image update recommendation notification according to the age of the user (user registered in the authentication failure database). Alternatively, the face image update recommendation unit 206 may change the threshold value TH7 according to the elapsed period from the time of system registration. Specifically, when the system registration period is short, the threshold value TH7 is set large, and when the period is long, the threshold value TH7 is set small. With such a response, the longer the system registration period, the higher the possibility that the face image update recommendation notification will be sent.
 認証サーバ10は、同じ認証端末30(管理サーバ20)からの認証要求について複数回、認証に失敗した場合に、当該認証端末30から顔画像の更新を促してもよい。例えば、認証サーバ10は、認証に失敗した場合に、被認証者の直前の特徴量を保持しておき、同一人物について認証に失敗したと認められた場合には、管理サーバ20、認証端末30を介して顔画像の更新を促してもよい。 The authentication server 10 may prompt the authentication terminal 30 to update the face image when the authentication fails a plurality of times for the authentication request from the same authentication terminal 30 (management server 20). For example, when the authentication fails, the authentication server 10 retains the feature amount immediately before the person to be authenticated, and when it is recognized that the authentication fails for the same person, the management server 20 and the authentication terminal 30 are used. You may be prompted to update the face image via.
 認証サーバ10は、認証要求の送信元(管理サーバ20)に応じて認証に失敗した被認証者を推定するための閾値TH6を変更してもよい。例えば、認証端末30が設置された環境が悪く認証に失敗する傾向が高い場合を考える。そのような環境下で取得された顔画像や当該顔画像を用いた認証結果の信頼性は低い。そこで、認証サーバ10は閾値TH6を高く設定する。その結果、劣悪な環境下で得られた信頼性の低い結果が認証失敗データベースに登録されることを防止できる。 The authentication server 10 may change the threshold value TH6 for estimating the person to be authenticated who has failed in authentication according to the source of the authentication request (management server 20). For example, consider a case where the environment in which the authentication terminal 30 is installed is bad and there is a high tendency for authentication to fail. The reliability of the face image acquired in such an environment and the authentication result using the face image is low. Therefore, the authentication server 10 sets the threshold value TH6 high. As a result, it is possible to prevent unreliable results obtained in a poor environment from being registered in the authentication failure database.
 認証サーバ10は、認証失敗データベースに登録された利用者に関し、当該利用者の認証に関する履歴を記憶してもよい。具体的には、当該利用者の認証に成功したサービス提供者(管理サーバ20)や認証に失敗したサービス提供者の情報を対応付けて記憶してもよい。認証サーバ10は、特定のサービス提供者について数多く認証に失敗している場合には、当該サービス提供者に対してその旨を通知してもよい。例えば、複数のサービス提供者の間で、認証に成功する確率が大きく異なる場合には、認証サーバ10は、数多く認証に失敗しているサービス提供者にその旨を通知し、顔画像撮影環境等を改善するように促してもよい。 The authentication server 10 may store the history related to the authentication of the user registered in the authentication failure database. Specifically, the information of the service provider (management server 20) that has succeeded in authenticating the user and the service provider that has failed in authentication may be stored in association with each other. If the authentication server 10 fails to authenticate a large number of specific service providers, the authentication server 10 may notify the service provider to that effect. For example, when the probabilities of successful authentication differ greatly among a plurality of service providers, the authentication server 10 notifies a large number of service providers who have failed in authentication to that effect, and a face image shooting environment or the like. May be encouraged to improve.
 上記実施形態では、認証サーバ10は、容姿の変化等により認証に失敗したと推定される利用者を認証失敗データベースに登録している。認証サーバ10は、当該データベースの登録時にその旨を、管理サーバ20を介して認証端末30に通知してもよい。例えば、当該通知を受信した認証端末30は、「お客様の認証に失敗しました。システムに登録している顔画像が古くなっている可能性があります。顔画像の更新をお勧めします。」といったメッセージを表示してもよい。このように認証端末30を介して顔画像の更新を督促(勧告)する場合には、利用者は、連絡先を認証サーバ10に登録する必要はない。 In the above embodiment, the authentication server 10 registers a user who is presumed to have failed in authentication due to a change in appearance or the like in the authentication failure database. The authentication server 10 may notify the authentication terminal 30 via the management server 20 at the time of registration of the database. For example, the authentication terminal 30 that received the notification said, "Your authentication failed. The face image registered in the system may be out of date. We recommend updating the face image." May be displayed. In the case of urging (recommending) the update of the face image via the authentication terminal 30 in this way, the user does not need to register the contact information in the authentication server 10.
 上記実施形態では、認証に失敗した被認証者について、類似度が所定の範囲(TH6<類似度≦TH5)に含まれる利用者について認証失敗データベースを用いて当該利用者の情報を記憶する場合について説明した。しかし、認証サーバ10は、認証に失敗した各被認証者について一律に情報を記憶するようにしてもよい。認証サーバ10は、認証に失敗した場合、最も大きい類似度に対応する利用者の情報を認証失敗データベースに登録してもよい。 In the above embodiment, for the authenticated person who has failed in authentication, the information of the user whose similarity is within a predetermined range (TH6 <similarity ≤ TH5) is stored by using the authentication failure database. explained. However, the authentication server 10 may uniformly store information for each authenticated person who has failed in authentication. When the authentication fails, the authentication server 10 may register the user information corresponding to the largest similarity in the authentication failure database.
 上記第2の実施形態では、認証部205は、認証に失敗した被認証者の特徴量を認証失敗データベースに登録している。しかし、認証部205は、被認証者の特徴量に代えて、計算された類似度のうち値が最も大きい類似度に対応する特徴量を認証失敗データベースに登録してもよい。即ち、認証失敗データベースは、複数の利用者のうち被認証者と推定される利用者(類似度が最大の利用者)の特徴量と認証失敗回数を対応付けて記憶してもよい。さらに、認証部205は、被認証者の認証に失敗した場合、認証失敗データベースに記憶された特徴量と認証に失敗した被認証者の特徴量を用いた照合処理により、認証に失敗した被認証者のエントリを特定する。認証部205は、当該特定されたエントリの失敗回数フィールドの値を更新する。 In the second embodiment described above, the authentication unit 205 registers the feature amount of the person to be authenticated who has failed in authentication in the authentication failure database. However, the authentication unit 205 may register the feature amount corresponding to the similarity having the largest value among the calculated similarities in the authentication failure database instead of the feature amount of the subject to be authenticated. That is, the authentication failure database may store the feature amount of the user presumed to be the authenticated person (the user with the maximum similarity) among a plurality of users in association with the number of authentication failures. Further, when the authentication of the authenticated person fails, the authentication unit 205 performs a collation process using the feature amount stored in the authentication failure database and the feature amount of the authenticated person who failed in the authentication, and the authentication unit 205 fails in the authentication. Identifies the person's entry. The authentication unit 205 updates the value in the failure count field of the identified entry.
 上記説明で用いた流れ図(フローチャート、シーケンス図)では、複数の工程(処理)が順番に記載されているが、実施形態で実行される工程の実行順序は、その記載の順番に制限されない。実施形態では、例えば各処理を並行して実行する等、図示される工程の順番を内容的に支障のない範囲で変更することができる。 In the flow chart (flow chart, sequence diagram) used in the above description, a plurality of processes (processes) are described in order, but the execution order of the processes executed in the embodiment is not limited to the order of description. In the embodiment, the order of the illustrated processes can be changed within a range that does not hinder the contents, for example, each process is executed in parallel.
 上記の実施形態は本願開示の理解を容易にするために詳細に説明したものであり、上記説明したすべての構成が必要であることを意図したものではない。また、複数の実施形態について説明した場合には、各実施形態は単独で用いてもよいし、組み合わせて用いてもよい。例えば、実施形態の構成の一部を他の実施形態の構成に置き換えることや、実施形態の構成に他の実施形態の構成を加えることも可能である。さらに、実施形態の構成の一部について他の構成の追加、削除、置換が可能である。 The above embodiment has been described in detail in order to facilitate understanding of the disclosure of the present application, and is not intended to require all the configurations described above. Moreover, when a plurality of embodiments are described, each embodiment may be used alone or in combination. For example, it is possible to replace a part of the configuration of the embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of the embodiment. Further, it is possible to add, delete, or replace a part of the configuration of the embodiment with another configuration.
 上記の説明により、本発明の産業上の利用可能性は明らかであるが、本発明は、小売店やホテル業者等の顧客を認証する認証システムなどに好適に適用可能である。但し、本願開示の適用先は認証システムに限定されず、本願開示は、生体情報(とりわけ、登録された顔画像)の更新を行うシステムに好適である。 Although the industrial applicability of the present invention is clear from the above description, the present invention is suitably applicable to an authentication system for certifying customers such as retail stores and hotel operators. However, the application destination of the disclosure of the present application is not limited to the authentication system, and the disclosure of the present application is suitable for a system for updating biometric information (particularly, a registered facial image).
 上記の実施形態の一部又は全部は、以下の付記のようにも記載され得るが、以下には限られない。
[付記1]
 複数の利用者それぞれの顔に関する生体情報を記憶する、第1のデータベースと、
 前記第1のデータベースを参照して、被認証者の認証を行う認証部と、
 前記被認証者の認証に失敗した場合に、前記複数の利用者のうち前記被認証者と推定される利用者に対して前記第1のデータベースに記憶された生体情報の更新を勧告する、勧告部と、
 を備える、認証サーバ。
[付記2]
 前記勧告部は、前記被認証者の容姿の変化により認証が失敗していると判断される場合に、前記生体情報の更新を勧告する、付記1に記載の認証サーバ。
[付記3]
 前記第1のデータベースは、前記複数の利用者それぞれの顔画像から生成された特徴量を記憶し、
 前記認証部は、
 前記第1のデータベースに記憶された複数の特徴量それぞれと前記被認証者の特徴量の間の類似度を計算し、
 前記計算された類似度に対する閾値処理の結果に基づいて前記被認証者と推定される利用者を特定し、
 前記特定された利用者の情報を第2のデータベースに記憶する、付記1又は2に記載の認証サーバ。
[付記4]
 前記認証部は、第1の閾値よりも大きく、且つ、第2の閾値以下の前記計算された類似度のうち最も値が大きい類似度に対応する利用者を前記被認証者と推定する、付記3に記載の認証サーバ。
[付記5]
 前記第1の閾値は、被認証者を本人と判断するための閾値であり、第2の閾値は、被認証者を他人と判断するための閾値である、付記4に記載の認証サーバ。
[付記6]
 前記認証部は、少なくとも、前記被認証者と推定される利用者に関する認証に失敗した回数を前記第2のデータベースに記憶し、
 前記勧告部は、前記認証に失敗した回数に基づいて前記生体情報の更新を勧告するか否かを決定する、付記3乃至5のいずれか一に記載の認証サーバ。
[付記7]
 前記勧告部は、前記認証に失敗した回数に対する閾値処理の結果に基づき前記生体情報の更新を勧告する、付記6に記載の認証サーバ。
[付記8]
 前記第2のデータベースは、前記被認証者と推定される利用者の連絡先を記憶する、付記3乃至7のいずれか一に記載の認証サーバ。
[付記9]
 前記勧告部は、前記第2のデータベースに記憶された連絡先に顔画像更新勧告通知を送信する、付記8に記載の認証サーバ。
[付記10]
 前記勧告部は、第1のデータベースに記憶された顔画像であって、前記被認証者と推定される利用者の顔画像を含む前記顔画像更新勧告通知を送信する、付記9に記載の認証サーバ。
[付記11]
 前記勧告部は、前記被認証者と推定される利用者の年齢、システム登録日及びシステム登録期間のうち少なく1つを含む前記顔画像更新勧告通知を送信する、付記9又は10に記載の認証サーバ。
[付記12]
 前記勧告部は、前記被認証者と推定される利用者の年齢又はシステム登録期間に応じて、前記顔画像更新勧告通知を送信するか否かを決定する、付記9乃至11のいずれか一に記載の認証サーバ。
[付記13]
 前記勧告部は、前記被認証者と推定される利用者に代えて、前記被認証者に対して前記第1のデータベースに記憶された生体情報の更新を勧告する、付記1に記載の認証サーバ。
[付記14]
 前記被認証者の認証に失敗した場合、前記被認証者に関する認証に失敗した回数を記憶する第2のデータベースをさらに備え、
 前記勧告部は、前記被認証者の認証に失敗した回数が所定の値よりも大きい場合に、前記被認証者に対して前記生体情報の更新を勧告する、付記13の認証サーバ。
[付記15]
 前記第2のデータベースは、前記被認証者の生体情報と前記認証に失敗した回数を対応付けて記憶し、
 前記認証部は、前記被認証者の認証に失敗した場合、前記第2のデータベースに記憶された生体情報と前記認証に失敗した被認証者の生体情報を用いた照合処理により、前記認証に失敗した被認証者のエントリを特定すると共に、前記特定されたエントリの認証に失敗した回数を更新する、付記14の認証サーバ。
[付記16]
 前記第2のデータベースは、前記複数の利用者のうち前記被認証者と推定される利用者の生体情報と前記認証に失敗した回数を対応付けて記憶し、
 前記認証部は、前記被認証者の認証に失敗した場合、前記第2のデータベースに記憶された生体情報と前記認証に失敗した被認証者の生体情報を用いた照合処理により、前記認証に失敗した被認証者のエントリを特定すると共に、前記特定されたエントリの認証に失敗した回数を更新する、付記14の認証サーバ。
[付記17]
 複数の利用者それぞれの顔に関する生体情報を記憶する、第1のデータベースを備える認証サーバにおいて、
 前記第1のデータベースを参照して、被認証者の認証を行い、
 前記被認証者の認証に失敗した場合に、前記複数の利用者のうち前記被認証者と推定される利用者に対して前記第1のデータベースに記憶された生体情報の更新を勧告する、顔画像更新勧告方法。
[付記18]
 複数の利用者それぞれの顔に関する生体情報を記憶する、第1のデータベースを備える認証サーバに搭載されたコンピュータに、
 前記第1のデータベースを参照して、被認証者の認証を行う処理と、
 前記被認証者の認証に失敗した場合に、前記複数の利用者のうち前記被認証者と推定される利用者に対して前記第1のデータベースに記憶された生体情報の更新を勧告する処理と、
 を実行させるためのプログラムを記憶する、コンピュータ読取可能な記憶媒体。 Some or all of the above embodiments may also be described, but not limited to:
[Appendix 1]
A first database that stores biometric information about the faces of multiple users,
With reference to the first database, the authentication unit that authenticates the person to be authenticated and
When the authentication of the authenticated person fails, it is recommended to update the biometric information stored in the first database to the user who is presumed to be the authenticated person among the plurality of users. Department and
An authentication server.
[Appendix 2]
The authentication server according to Appendix 1, wherein the recommendation unit recommends updating the biometric information when it is determined that the authentication has failed due to a change in the appearance of the person to be authenticated.
[Appendix 3]
The first database stores the feature quantities generated from the facial images of each of the plurality of users, and stores the features.
The certification unit
The similarity between each of the plurality of feature quantities stored in the first database and the feature quantity of the subject to be authenticated is calculated.
Based on the result of the threshold processing for the calculated similarity, the user presumed to be the authenticated person is identified.
The authentication server according to Appendix 1 or 2, which stores the specified user information in a second database.
[Appendix 4]
The authentication unit estimates that the user corresponding to the similarity having the largest value among the calculated similarities larger than the first threshold value and equal to or less than the second threshold value is the authenticated person. The authentication server according to 3.
[Appendix 5]
The authentication server according to Appendix 4, wherein the first threshold value is a threshold value for determining the person to be authenticated as the person himself / herself, and the second threshold value is a threshold value for determining the person to be authenticated as another person.
[Appendix 6]
The authentication unit stores at least the number of times of failure in authentication regarding the user presumed to be authenticated in the second database.
The authentication server according to any one of Supplementary note 3 to 5, wherein the recommendation unit determines whether or not to recommend the update of the biometric information based on the number of times the authentication fails.
[Appendix 7]
The authentication server according to Appendix 6, wherein the recommendation unit recommends updating the biometric information based on the result of the threshold value processing for the number of times the authentication fails.
[Appendix 8]
The authentication server according to any one of Supplementary note 3 to 7, wherein the second database stores the contact information of the user who is presumed to be the authenticated person.
[Appendix 9]
The authentication server according to Appendix 8, wherein the recommendation unit sends a face image update recommendation notification to a contact stored in the second database.
[Appendix 10]
The authentication according to Appendix 9, wherein the recommendation unit is a face image stored in the first database and transmits the face image update recommendation notification including the face image of the user presumed to be the authenticated person. server.
[Appendix 11]
The authentication according to Appendix 9 or 10, wherein the recommendation unit transmits the face image update recommendation notification including at least one of the age, system registration date, and system registration period of the user presumed to be the person to be authenticated. server.
[Appendix 12]
In any one of the appendices 9 to 11, the recommendation unit determines whether or not to send the face image update recommendation notification according to the age of the user presumed to be the authenticated person or the system registration period. The listed authentication server.
[Appendix 13]
The authentication server according to Appendix 1 recommends that the person to be authenticated update the biometric information stored in the first database on behalf of the user who is presumed to be the person to be authenticated. ..
[Appendix 14]
If the authentication of the person to be authenticated fails, a second database for storing the number of times the authentication for the person to be authenticated fails is further provided.
The recommendation unit is the authentication server of Appendix 13 that recommends the person to be authenticated to update the biometric information when the number of times the authentication of the person to be authenticated fails is larger than a predetermined value.
[Appendix 15]
The second database stores the biometric information of the person to be authenticated in association with the number of times the authentication fails.
When the authentication of the authenticated person fails, the authentication unit fails in the authentication by a collation process using the biometric information stored in the second database and the biometric information of the authenticated person who failed in the authentication. The authentication server of Appendix 14 that identifies the entry of the authenticated person and updates the number of times that the authentication of the specified entry fails.
[Appendix 16]
The second database stores the biometric information of the user presumed to be the authenticated person among the plurality of users in association with the number of times the authentication fails.
When the authentication of the authenticated person fails, the authentication unit fails in the authentication by a collation process using the biometric information stored in the second database and the biometric information of the authenticated person who failed in the authentication. The authentication server of Appendix 14 that identifies the entry of the authenticated person and updates the number of times that the authentication of the specified entry fails.
[Appendix 17]
In an authentication server equipped with a first database that stores biometric information about the faces of multiple users.
With reference to the first database, the person to be authenticated is authenticated.
When the authentication of the authenticated person fails, the user who is presumed to be the authenticated person among the plurality of users is advised to update the biometric information stored in the first database. Image update recommendation method.
[Appendix 18]
A computer installed in an authentication server equipped with a first database that stores biometric information about the faces of multiple users.
The process of authenticating the person to be authenticated with reference to the first database,
When the authentication of the authenticated person fails, the process of recommending the user who is presumed to be the authenticated person among the plurality of users to update the biometric information stored in the first database. ,
A computer-readable storage medium that stores programs for executing.
 なお、引用した上記の先行技術文献の各開示は、本書に引用をもって繰り込むものとする。以上、本発明の実施形態を説明したが、本発明はこれらの実施形態に限定されるものではない。これらの実施形態は例示にすぎないということ、及び、本発明のスコープ及び精神から逸脱することなく様々な変形が可能であるということは、当業者に理解されるであろう。即ち、本発明は、請求の範囲を含む全開示、技術的思想にしたがって当業者であればなし得る各種変形、修正を含むことは勿論である。 The disclosures of the above-mentioned prior art documents cited shall be incorporated into this document by citation. Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments. It will be appreciated by those skilled in the art that these embodiments are merely exemplary and that various modifications are possible without departing from the scope and spirit of the invention. That is, it goes without saying that the present invention includes all disclosure including claims, various modifications and modifications that can be made by those skilled in the art in accordance with the technical idea.
10、100 認証サーバ
20 管理サーバ
30 認証端末
40 端末
101 第1のデータベース
102、205 認証部
103 勧告部
201、301、401 通信制御部
202 利用者管理部
203、304 データベース(DB;Data Base)管理部
204 サービス登録部
206 顔画像更新勧告部
207、306、405 記憶部
302 個人情報取得部
303 サービス登録要求部
305 認証要求部
311 プロセッサ
312 メモリ
313 入出力インターフェイス
314 通信インターフェイス
402 生体情報取得部
403 サービス提供部
404 メッセージ出力部 10, 100 Authentication server 20 Management server 30 Authentication terminal 40 Terminal 101 First database 102, 205 Authentication unit 103 Recommendation unit 201, 301, 401 Communication control unit 202 User management unit 203, 304 Database (DB; Data Base) management Unit 204 Service registration unit 206 Face image update recommendation unit 207, 306, 405 Storage unit 302 Personal information acquisition unit 303 Service registration request unit 305 Authentication request unit 311 Processor 312 Memory 313 Input / output interface 314 Communication interface 402 Biometric information acquisition unit 403 Service Providing unit 404 Message output unit

Claims (18)

  1.  複数の利用者それぞれの顔に関する生体情報を記憶する、第1のデータベースと、
     前記第1のデータベースを参照して、被認証者の認証を行う認証部と、
     前記被認証者の認証に失敗した場合に、前記複数の利用者のうち前記被認証者と推定される利用者に対して前記第1のデータベースに記憶された生体情報の更新を勧告する、勧告部と、
     を備える、認証サーバ。     A first database that stores biometric information about the faces of multiple users,
    With reference to the first database, the authentication unit that authenticates the person to be authenticated and
    When the authentication of the authenticated person fails, it is recommended to update the biometric information stored in the first database to the user who is presumed to be the authenticated person among the plurality of users. Department and
    An authentication server.
  2.  前記勧告部は、前記被認証者の容姿の変化により認証が失敗していると判断される場合に、前記生体情報の更新を勧告する、請求項1に記載の認証サーバ。 The authentication server according to claim 1, wherein the recommendation unit recommends updating the biometric information when it is determined that the authentication has failed due to a change in the appearance of the person to be authenticated.
  3.  前記第1のデータベースは、前記複数の利用者それぞれの顔画像から生成された特徴量を記憶し、
     前記認証部は、
     前記第1のデータベースに記憶された複数の特徴量それぞれと前記被認証者の特徴量の間の類似度を計算し、
     前記計算された類似度に対する閾値処理の結果に基づいて前記被認証者と推定される利用者を特定し、
     前記特定された利用者の情報を第2のデータベースに記憶する、請求項1又は2に記載の認証サーバ。     The first database stores the feature quantities generated from the facial images of each of the plurality of users, and stores the features.
    The certification unit
    The similarity between each of the plurality of feature quantities stored in the first database and the feature quantity of the subject to be authenticated is calculated.
    Based on the result of the threshold processing for the calculated similarity, the user presumed to be the authenticated person is identified.
    The authentication server according to claim 1 or 2, which stores the specified user information in a second database.
  4.  前記認証部は、第1の閾値よりも大きく、且つ、第2の閾値以下の前記計算された類似度のうち最も値が大きい類似度に対応する利用者を前記被認証者と推定する、請求項3に記載の認証サーバ。 The authentication unit estimates that the user corresponding to the similarity having the largest value among the calculated similarities larger than the first threshold value and equal to or less than the second threshold value is the authenticated person. The authentication server according to item 3.
  5.  前記第1の閾値は、被認証者を本人と判断するための閾値であり、第2の閾値は、被認証者を他人と判断するための閾値である、請求項4に記載の認証サーバ。 The authentication server according to claim 4, wherein the first threshold value is a threshold value for determining the person to be authenticated as the person himself / herself, and the second threshold value is a threshold value for determining the person to be authenticated as another person.
  6.  前記認証部は、少なくとも、前記被認証者と推定される利用者に関する認証に失敗した回数を前記第2のデータベースに記憶し、
     前記勧告部は、前記認証に失敗した回数に基づいて前記生体情報の更新を勧告するか否かを決定する、請求項3乃至5のいずれか一項に記載の認証サーバ。     The authentication unit stores at least the number of times of failure in authentication regarding the user presumed to be authenticated in the second database.
    The authentication server according to any one of claims 3 to 5, wherein the recommendation unit determines whether or not to recommend the update of the biometric information based on the number of times the authentication fails.
  7.  前記勧告部は、前記認証に失敗した回数に対する閾値処理の結果に基づき前記生体情報の更新を勧告する、請求項6に記載の認証サーバ。 The authentication server according to claim 6, wherein the recommendation unit recommends updating the biometric information based on the result of threshold processing for the number of times the authentication fails.
  8.  前記第2のデータベースは、前記被認証者と推定される利用者の連絡先を記憶する、請求項3乃至7のいずれか一項に記載の認証サーバ。 The authentication server according to any one of claims 3 to 7, wherein the second database stores the contact information of the user who is presumed to be the authenticated person.
  9.  前記勧告部は、前記第2のデータベースに記憶された連絡先に顔画像更新勧告通知を送信する、請求項8に記載の認証サーバ。 The authentication server according to claim 8, wherein the recommendation unit sends a face image update recommendation notification to the contact stored in the second database.
  10.  前記勧告部は、第1のデータベースに記憶された顔画像であって、前記被認証者と推定される利用者の顔画像を含む前記顔画像更新勧告通知を送信する、請求項9に記載の認証サーバ。 The recommendation unit is the face image stored in the first database, and the face image update recommendation notice including the face image of the user presumed to be the authenticated person is transmitted, according to claim 9. Authentication server.
  11.  前記勧告部は、前記被認証者と推定される利用者の年齢、システム登録日及びシステム登録期間のうち少なく1つを含む前記顔画像更新勧告通知を送信する、請求項9又は10に記載の認証サーバ。 The recommendation unit according to claim 9 or 10, wherein the recommendation unit transmits the face image update recommendation notification including at least one of the age, system registration date, and system registration period of the user presumed to be authenticated. Authentication server.
  12.  前記勧告部は、前記被認証者と推定される利用者の年齢又はシステム登録期間に応じて、前記顔画像更新勧告通知を送信するか否かを決定する、請求項9乃至11のいずれか一項に記載の認証サーバ。 One of claims 9 to 11, wherein the recommendation unit determines whether or not to send the face image update recommendation notification according to the age of the user presumed to be the authenticated person or the system registration period. The authentication server described in the section.
  13.  前記勧告部は、前記被認証者と推定される利用者に代えて、前記被認証者に対して前記第1のデータベースに記憶された生体情報の更新を勧告する、請求項1に記載の認証サーバ。 The authentication according to claim 1, wherein the recommendation unit recommends the person to be authenticated to update the biometric information stored in the first database on behalf of the user who is presumed to be the person to be authenticated. server.
  14.  前記被認証者の認証に失敗した場合、前記被認証者に関する認証に失敗した回数を記憶する第2のデータベースをさらに備え、
     前記勧告部は、前記被認証者の認証に失敗した回数が所定の値よりも大きい場合に、前記被認証者に対して前記生体情報の更新を勧告する、請求項13の認証サーバ。     If the authentication of the person to be authenticated fails, a second database for storing the number of times the authentication for the person to be authenticated fails is further provided.
    The authentication server according to claim 13, wherein the recommendation unit recommends the person to be authenticated to update the biometric information when the number of times the authentication of the person to be authenticated fails is larger than a predetermined value.
  15.  前記第2のデータベースは、前記被認証者の生体情報と前記認証に失敗した回数を対応付けて記憶し、
     前記認証部は、前記被認証者の認証に失敗した場合、前記第2のデータベースに記憶された生体情報と前記認証に失敗した被認証者の生体情報を用いた照合処理により、前記認証に失敗した被認証者のエントリを特定すると共に、前記特定されたエントリの認証に失敗した回数を更新する、請求項14の認証サーバ。     The second database stores the biometric information of the person to be authenticated in association with the number of times the authentication fails.
    When the authentication of the authenticated person fails, the authentication unit fails in the authentication by a collation process using the biometric information stored in the second database and the biometric information of the authenticated person who failed in the authentication. The authentication server according to claim 14, which identifies the entry of the authenticated person and updates the number of times the authentication of the specified entry fails.
  16.  前記第2のデータベースは、前記複数の利用者のうち前記被認証者と推定される利用者の生体情報と前記認証に失敗した回数を対応付けて記憶し、
     前記認証部は、前記被認証者の認証に失敗した場合、前記第2のデータベースに記憶された生体情報と前記認証に失敗した被認証者の生体情報を用いた照合処理により、前記認証に失敗した被認証者のエントリを特定すると共に、前記特定されたエントリの認証に失敗した回数を更新する、請求項14の認証サーバ。     The second database stores the biometric information of the user presumed to be the authenticated person among the plurality of users in association with the number of times the authentication fails.
    When the authentication of the authenticated person fails, the authentication unit fails in the authentication by a collation process using the biometric information stored in the second database and the biometric information of the authenticated person who failed in the authentication. The authentication server according to claim 14, which identifies the entry of the authenticated person and updates the number of times the authentication of the specified entry fails.
  17.  複数の利用者それぞれの顔に関する生体情報を記憶する、第1のデータベースを備える認証サーバにおいて、
     前記第1のデータベースを参照して、被認証者の認証を行い、
     前記被認証者の認証に失敗した場合に、前記複数の利用者のうち前記被認証者と推定される利用者に対して前記第1のデータベースに記憶された生体情報の更新を勧告する、顔画像更新勧告方法。     In an authentication server equipped with a first database that stores biometric information about the faces of multiple users.
    With reference to the first database, the person to be authenticated is authenticated.
    When the authentication of the authenticated person fails, the user who is presumed to be the authenticated person among the plurality of users is advised to update the biometric information stored in the first database. Image update recommendation method.
  18.  複数の利用者それぞれの顔に関する生体情報を記憶する、第1のデータベースを備える認証サーバに搭載されたコンピュータに、
     前記第1のデータベースを参照して、被認証者の認証を行う処理と、
     前記被認証者の認証に失敗した場合に、前記複数の利用者のうち前記被認証者と推定される利用者に対して前記第1のデータベースに記憶された生体情報の更新を勧告する処理と、
     を実行させるためのプログラムを記憶する、コンピュータ読取可能な記憶媒体。     A computer installed in an authentication server equipped with a first database that stores biometric information about the faces of multiple users.
    The process of authenticating the person to be authenticated with reference to the first database,
    When the authentication of the authenticated person fails, the process of recommending the user who is presumed to be the authenticated person among the plurality of users to update the biometric information stored in the first database. ,
    A computer-readable storage medium that stores programs for executing.
PCT/JP2020/023557 2020-06-16 2020-06-16 Authentication server, facial image update recommendation method and storage medium WO2021255821A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2022531137A JPWO2021255821A5 (en) 2020-06-16 AUTHENTICATION SERVER, FACE IMAGE UPDATE RECOMMENDATION METHOD, AND COMPUTER PROGRAM
PCT/JP2020/023557 WO2021255821A1 (en) 2020-06-16 2020-06-16 Authentication server, facial image update recommendation method and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/023557 WO2021255821A1 (en) 2020-06-16 2020-06-16 Authentication server, facial image update recommendation method and storage medium

Publications (1)

Publication Number Publication Date
WO2021255821A1 true WO2021255821A1 (en) 2021-12-23

Family

ID=79268650

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/023557 WO2021255821A1 (en) 2020-06-16 2020-06-16 Authentication server, facial image update recommendation method and storage medium

Country Status (1)

Country Link
WO (1) WO2021255821A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7243900B1 (en) 2022-06-17 2023-03-22 三菱電機株式会社 Authentication system and authentication device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008250829A (en) * 2007-03-30 2008-10-16 Toshiba Corp Pedestrian collation system and pedestrian collation method
JP2014059687A (en) * 2012-09-18 2014-04-03 Nec Biglobe Ltd Dictionary update method, dictionary update system, and dictionary update program
JP2014081796A (en) * 2012-10-17 2014-05-08 Hitachi Ltd Biometric authentication server and method of administering and managing biometric authentication
JP2014182485A (en) * 2013-03-18 2014-09-29 Canon Inc Image processing device and method and program, and imaging device provided with image processing device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008250829A (en) * 2007-03-30 2008-10-16 Toshiba Corp Pedestrian collation system and pedestrian collation method
JP2014059687A (en) * 2012-09-18 2014-04-03 Nec Biglobe Ltd Dictionary update method, dictionary update system, and dictionary update program
JP2014081796A (en) * 2012-10-17 2014-05-08 Hitachi Ltd Biometric authentication server and method of administering and managing biometric authentication
JP2014182485A (en) * 2013-03-18 2014-09-29 Canon Inc Image processing device and method and program, and imaging device provided with image processing device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7243900B1 (en) 2022-06-17 2023-03-22 三菱電機株式会社 Authentication system and authentication device
JP2023184029A (en) * 2022-06-17 2023-12-28 三菱電機株式会社 Authentication system and authentication apparatus

Also Published As

Publication number Publication date
JPWO2021255821A1 (en) 2021-12-23

Similar Documents

Publication Publication Date Title
JP6925439B2 (en) Methods and devices for acquiring and recording tracking information on the blockchain
US10897461B2 (en) Pharmacy database access methods and systems
US20170019400A1 (en) Methods and systems for providing online verification and security
CN104303483A (en) User-based identification system for social networks
JP5549456B2 (en) Biometric authentication device and biometric authentication method
KR20170040122A (en) Enhanced security for registration of authentication devices
CN113892099A (en) Information processing apparatus, information processing method, and computer program
JP2003099404A (en) Identification server device, client device, user identification system using them, and user identification method, its computer program and recording medium having the program recorded thereon
WO2021214970A1 (en) Information processing device, system, facial image updating method, and storage medium
JP2022171928A (en) Terminal device, authentication server, terminal device control method, authentication method, and program
WO2021205660A1 (en) Authentication server, authentication system, authentication server control method, and storage medium
WO2021255821A1 (en) Authentication server, facial image update recommendation method and storage medium
JP2010072688A (en) Personal identification system using optical reading code
WO2021260856A1 (en) Authentication system, authentication server, registration method, and storage medium
WO2022137954A1 (en) Authentication server, authentication system, and authentication server control method and storage medium
WO2022118639A1 (en) Authentication server, system, authentication server control method, and recording medium
WO2021205661A1 (en) Authentication server, authentication system, authentication server control method, and storage medium
WO2022024281A1 (en) Authentication server, authentication system, authentication request processing method, and storage medium
JP7036280B1 (en) Servers, systems, server control methods, programs, terminals, and terminal control methods
JP7428240B2 (en) Authentication system, terminal, terminal control method and computer program
JP2004013865A (en) Personal identification method by associative memory
WO2021205659A1 (en) Authentication server, authentication system, method for controlling authentication server, and storage medium
WO2022044205A1 (en) Authentication system, terminal, management server, personal information providing method, and storage medium
JP2020013288A (en) Authentication program, authentication method and authentication device
JP7341207B2 (en) Terminal, its control method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20940552

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2022531137

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20940552

Country of ref document: EP

Kind code of ref document: A1