WO2022044205A1 - Authentication system, terminal, management server, personal information providing method, and storage medium - Google Patents

Authentication system, terminal, management server, personal information providing method, and storage medium Download PDF

Info

Publication number
WO2022044205A1
WO2022044205A1 PCT/JP2020/032371 JP2020032371W WO2022044205A1 WO 2022044205 A1 WO2022044205 A1 WO 2022044205A1 JP 2020032371 W JP2020032371 W JP 2020032371W WO 2022044205 A1 WO2022044205 A1 WO 2022044205A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
authentication
service
user
personal information
Prior art date
Application number
PCT/JP2020/032371
Other languages
French (fr)
Japanese (ja)
Inventor
美樹 大谷
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to JP2022545002A priority Critical patent/JPWO2022044205A5/en
Priority to PCT/JP2020/032371 priority patent/WO2022044205A1/en
Publication of WO2022044205A1 publication Critical patent/WO2022044205A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • the present invention relates to an authentication system, a terminal, a management server, a personal information providing method, and a storage medium.
  • a terminal acquires a face image of a user and generates a feature amount (feature vector) that characterizes the face image.
  • the generated features are sent to a server on the network.
  • the server is equipped with a database that stores the biometric information and personal information (name, address, etc.) of the user who receives the service by face recognition.
  • the server searches (collates) the database and identifies the biometric information and personal information corresponding to the collation request from the terminal.
  • the server sends the specified personal information to the terminal, and the terminal installed at the airport or the like performs business based on the acquired personal information.
  • Patent Document 1 personal information is traded in a situation where a general user (ISP user) who is the original owner can be involved while responding to various demands of a company using the Internet and a general user. It is stated that the method and system are provided.
  • Patent Document 2 describes that it is not necessary to register authentication information in advance for an unspecified counterparty who requests safety confirmation, and it is possible to provide effective information for safety confirmation in a privacy-friendly manner. There is.
  • Patent Document 3 describes that services and products are provided as consideration for personal information related to consumer behavior.
  • Japanese Unexamined Patent Publication No. 2002-056111 Japanese Unexamined Patent Publication No. 2006-2437998 Japanese Unexamined Patent Publication No. 2008-243072
  • the personal information of the user is required.
  • the personal information creates great value. Specifically, data such as what kind of service is provided by users of what age group is a great factor in making a decision in corporate marketing.
  • the main object of the present invention is to provide an authentication system, a terminal, a management server, a personal information providing method and a storage medium, which contribute to the control and management of personal information related to the provision of services by biometric authentication. do.
  • an information server an authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information, and authentication by the biometric authentication.
  • Behavioral information including personal information for providing a service to a successful person and personal information of the authenticated successful person to whom the service is provided, including personal information that the authenticated successful person has permitted to be provided to a third party.
  • An authentication system is provided, including a management server, which sends the information to the information server.
  • the above-mentioned A terminal is provided that generates a GUI for a successful authentication person to enter personal information that is permitted to be provided to a third party.
  • the third viewpoint of the present invention is connected to an information server and an authentication server that stores biometric information of each of a plurality of users and performs bioauthentication using the stored biometric information.
  • the personal information for providing the service to the successful authentication person by bio-authentication is stored, and the personal information of the successful authentication person to whom the service is provided is the personal information that the successful authentication person permits to provide to the third party.
  • a management server is provided that sends behavioral information including the above to the information server.
  • the management connected to the information server and the authentication server that stores the biometric information of each of the plurality of users and performs the biometric authentication using the stored biometric information.
  • the personal information for providing the service to the successful authentication person by the biometric authentication is stored, and among the personal information of the successful authentication person to which the service is provided, the successful authentication person permits the provision to a third party.
  • a method for providing personal information is provided, in which behavioral information including personal information is transmitted to the information server.
  • a management connected to an information server and an authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information.
  • the process of storing personal information for providing a service to the successful authentication person by bio-authentication in the computer mounted on the server, and the personal information of the successful authentication person to which the service is provided, the successful authentication person is the first.
  • a computer-readable storage medium for storing a process for transmitting behavioral information including personal information permitted to be provided to the three parties to the information server and a program for executing the processing is provided.
  • an authentication system a terminal, a management server, a personal information providing method and a storage medium that contribute to the control and management of personal information related to the provision of services by biometric authentication are provided.
  • the effect of the present invention is not limited to the above. According to the present invention, other effects may be produced in place of or in combination with the effect.
  • the authentication system includes an information server 101, an authentication server 102, and a management server 103 (see FIG. 1).
  • the authentication server 102 stores biometric information of each of the plurality of users, and performs biometric authentication using the stored biometric information.
  • the management server 103 stores personal information for providing a service to a person who has succeeded in biometric authentication.
  • the management server 103 transmits to the information server 101 the behavioral information including the personal information of the successful authentication person to whom the service is provided, including the personal information that the successful authentication person has permitted to provide to the third party.
  • a user who has received the service by biometric authentication inputs personal information that is permitted to be provided to a third party to the management server 103 that stores and manages the personal information of the user. .. That is, the user can control and manage whether or not to provide personal information related to the provision of services by biometric authentication to a third party.
  • FIG. 2 is a diagram showing an example of a schematic configuration of the authentication system according to the first embodiment.
  • the authentication system includes an authentication center, an information center, and a plurality of service providers.
  • Each service provider participating in the authentication system provides services using biometric authentication.
  • services provided by service providers include payment services at retail stores and accommodation services at hotels and the like.
  • the service provided by the service provider may be immigration at an airport or port.
  • the service provider disclosed in the present application may be able to provide any service that can be provided by using biometric authentication.
  • the authentication server 10 is installed in the authentication center.
  • the authentication server 10 stores the biometric information of the user and performs biometric authentication of the user using the biometric information.
  • the authentication server 10 operates as a certificate authority for authentication using biometric information.
  • the authentication server 10 may be a server installed on the site of the authentication center or a server installed on the cloud.
  • the biometric information of the user exemplifies data (feature amount) calculated from physical characteristics peculiar to an individual such as a face, a fingerprint, a voice print, a vein, a retina, and an iris pattern (pattern) of the pupil.
  • the biometric information of the user may be image data such as a face image and a fingerprint image.
  • the biometric information of the user may be any information that includes the physical characteristics of the user. In the disclosure of the present application, a case where biometric information regarding a person's "face" is used will be described.
  • the authentication server 10 is a server device for realizing a service by biometric authentication.
  • the authentication server 10 processes the "authentication request" transmitted from each service provider, and transmits the result of the authentication process to the service provider.
  • the authentication server 10 stores biometric information of each of the plurality of users, and performs biometric authentication using the stored biometric information.
  • Each service provider has a management server and an authentication terminal.
  • the service provider S1 is provided with a management server 20 and a plurality of authentication terminals 30.
  • the service provider S2 is provided with a management server 20 and a plurality of authentication terminals 31.
  • the devices shown in FIG. 2 are connected to each other.
  • the authentication server 10 and the management server 20 are connected by a wired or wireless communication means and are configured to be able to communicate with each other.
  • the management server 20 is a server that controls and manages the entire business of the service provider. For example, when the service provider is a retail store, the management server 20 manages inventory of products. Alternatively, if the service provider is a hotel operator, the management server 20 manages the reservation information of the guest.
  • the management server 20 has a control function and a management function related to biometric authentication of the user, in addition to the functions related to the above service provision.
  • the management server 20 stores personal information (for example, name, etc.) of a user who uses the authentication system. That is, the management server 20 stores personal information for providing a service to a person who has succeeded in biometric authentication. Further, the management server 20 transmits to the information server 40 the personal information of the successful authentication person to whom the service is provided, which the successful authentication person permits to provide to a third party (information center, information server 40). ..
  • the authentication terminal 30 is a device that is connected to the management server 20 and serves as an interface for users (users) who visit the service provider.
  • the user receives various services via the authentication terminal 30. For example, when the service provider is a retail store, the user pays the price using the authentication terminal 30. Alternatively, if the service provider is a hotel operator, the user performs a check-in procedure using the authentication terminal 30.
  • An information server 40 is installed in the information center.
  • the information center and the information server 40 correspond to a "third party" from the user's point of view.
  • the information server 40 collects information on the behavior of the user who received the service from the service provider. For example, the information server 40 collects the type, name, age, gender, etc. of the service used by the user. The collected information will be transferred to other businesses. Alternatively, the information server 40 analyzes the collected information and transfers the analysis result to another business operator or the like. Other businesses will use the acquired analysis results for marketing.
  • the information server 40 gives the personal information provider a consideration and a profit for the provision of the personal information.
  • the terminal 50 is a terminal possessed by a user (a user who receives a service using biometric authentication; a successful authentication person).
  • FIG. 2 is an example, and does not mean to limit the configuration of the authentication system disclosed in the present application.
  • the authentication center may include two or more authentication servers 10.
  • the service provider may include at least one authentication terminal 30.
  • the functions of the management server 20 and the authentication terminal 30 may be integrated, and the integrated device may provide a service using biometric authentication.
  • a plurality of authentication terminals 30 may be connected to one management server 20, or one authentication terminal 30 may be connected to one management server 20. It may have been done.
  • the functions of the authentication server 10 and the information server 40 may be integrated. That is, the authentication server 10 can also correspond to a "third party" from the user's point of view.
  • the operation of the authentication system includes four phases.
  • the first phase is the phase for registering the user's system (user registration phase).
  • the second phase is the service registration phase (service registration phase).
  • the third phase is a phase (service provision phase) in which a service using biometric authentication is provided to a user.
  • the fourth phase is a phase (information gathering phase) for collecting information on the behavior of users who have received the service.
  • FIG. 3 is a diagram for explaining the operation in the user registration phase of the authentication system according to the first embodiment.
  • the user determines the information (user ID (Identifier), password (PW; PassWord)) for identifying the user himself / herself in the authentication system, and registers the information in the system.
  • the user ID is referred to as "uID”.
  • the user registers his / her own biometric information (for example, a face image) in the system.
  • his / her own biometric information for example, a face image
  • the user registers the above three pieces of information (user ID, password, biometric information) in the system by any means.
  • the user may mail a document containing the above three information to the authentication center, and an employee of the authentication center may input the above three information into the authentication server 10.
  • the user may mail an external storage device such as USB (Universal Serial Bus) in which the above three pieces of information are stored to the authentication center.
  • USB Universal Serial Bus
  • the user may input his / her own face image, a user ID, and a password captured by operating the terminal 50 owned by the user into the authentication server 10.
  • the terminal 50 include mobile terminal devices such as smartphones, mobile phones, game machines, and tablets, computers (personal computers, notebook computers), and the like.
  • the authentication server 10 generates a feature amount (feature vector consisting of a plurality of feature amounts) from the acquired face image, and stores the feature amount in association with a user ID and a password. Specifically, the authentication server 10 adds a new entry to the authentication information database, and stores the above three pieces of information in association with each other.
  • the first ID for example, user ID
  • the first biometric information used for user authentication are registered in the system.
  • first ID an example in which a user ID and a password are used as an identifier (first ID) uniquely defining a system user will be described.
  • first ID an identifier uniquely defining a system user
  • FIG. 4 is a diagram for explaining the operation of the authentication system according to the first embodiment in the service registration phase.
  • the user who has completed user registration selects the service provider who wants to receive the service by biometric authentication, and registers the selected service provider in the system. For example, in FIG. 2, when the user wishes to provide the service from the service provider S1, the service provider S1 is registered in the system.
  • the user registers the personal information necessary to receive the service from the selected service provider in the system.
  • Examples of personal information registered in the system include name, age, gender, contact information, and information for receiving consideration.
  • the contact information is, for example, an e-mail address of an account that can be received by the terminal 50.
  • the user registers the consideration receiving information for receiving the consideration (the consideration for the provision of personal information) in the system.
  • Examples of the consideration receipt information include a bank account, a virtual currency receipt account, and online shopping ID information.
  • the user registers the user ID and password determined in the user registration phase in the system.
  • personal information is defined as information that does not include the biometric information of the user (certified person). That is, the biometric information and the feature amount generated from the biometric information are excluded from the "personal information" disclosed in the present application.
  • the user inputs the above three pieces of information (personal information, user ID, password) to the service provider by any means.
  • the user mails a medium (paper medium, electronic medium) containing the above three pieces of information to the selected service provider.
  • An employee of the service provider inputs the above three pieces of information into the management server 20.
  • the user may operate the authentication terminal 30 installed in the service provider and input the above three information into the management server 20.
  • the user may operate the terminal 50 to input the above three pieces of information into the management server 20.
  • the user inputs the above three pieces of information on the WEB (web) page managed and operated by the service provider.
  • the management server 20 When the management server 20 acquires the above three pieces of information (personal information, user ID, password), it sends a "service registration request" to the authentication server 10. Specifically, the management server 20 transmits a service registration request including a service provider ID, a user ID, and a password to the authentication server 10.
  • the service provider ID is identification information for uniquely identifying the service provider included in the authentication system (retail stores participating in the authentication platform using biometric authentication, etc.). In the example of FIG. 2, different service provider IDs are assigned to each of the service providers S1 and S2.
  • the service provider ID is an ID assigned to each service provider, not an ID assigned to each service. For example, in FIG. 2, even if service providers S1 and S2 are businesses that provide the same type of service (for example, accommodation service), different IDs are assigned to these service providers if the management entity is different. ..
  • the authentication server 10 and the management server 20 share the service provider ID by any method.
  • the authentication server 10 may generate a service provider ID and distribute (notify) the generated service provider ID to the service provider.
  • the service provider ID is referred to as "spID".
  • the authentication server 10 Upon receiving the service registration request, the authentication server 10 searches the authentication information database using the user ID and password included in the request as keys, and identifies the corresponding user. After that, the authentication server 10 generates a "service user ID".
  • the service user ID is identification information that uniquely defines the correspondence (combination) between the user and the service provider. For example, in the example of FIG. 2, different values are set for the service user ID determined from the combination of the user U1 and the service provider S1 and the service user ID determined from the combination of the user U1 and the service provider S2. ..
  • the authentication server 10 stores the user ID, password, feature amount, service provider ID, and the generated service user ID in association with each other.
  • the service user ID is referred to as "suID”.
  • the authentication server 10 transmits the service user ID generated above to the sender of the service registration request.
  • the authentication server 10 sends a response including the service user ID to the management server 20, and issues the service user ID.
  • the management server 20 stores the service user ID acquired from the authentication server 10 in association with the user's personal information (personal information including consideration receipt information).
  • the management server 20 adds a new entry to the user information database and stores the above information (personal information, service user ID).
  • the user repeats the above registration operation for each service provider who wants to receive the service using biometric authentication. In other words, the user does not need to register the use of the service provider who does not need to provide the service.
  • a service registration including a first ID (for example, a user ID) and a second ID (for example, a service provider ID) is provided by the service provider of the service that the user desires to use.
  • the request is sent to the authentication server 10.
  • the authentication server 10 When processing the service registration request, the authentication server 10 generates a third ID (for example, a service user ID) uniquely determined by the combination of the user and the service provider.
  • the authentication server 10 transmits the third ID to the service provider.
  • the service provider (management server 20) stores the personal information of the user in association with the third ID.
  • FIG. 5 is a diagram for explaining the operation of the authentication system according to the first embodiment in the service provision phase.
  • a user who has completed the service registration visits the service provider.
  • the user moves in front of the authentication terminal 30.
  • the authentication terminal 30 acquires biometric information from the user in front of it. Specifically, the authentication terminal 30 takes an image of the user and acquires a face image. The authentication terminal 30 transmits the acquired face image to the management server 20.
  • the management server 20 generates a feature amount from the acquired face image.
  • the management server 20 transmits an authentication request including the generated feature amount and the service provider ID to the authentication server 10.
  • the authentication server 10 extracts a feature amount from the authentication request and executes a collation process (1 to N collation; N is a positive integer, the same applies hereinafter) using the extracted feature amount and the feature amount registered in the authentication information database. do.
  • the authentication server 10 identifies a user by a collation process, and identifies a service user ID corresponding to a service provider ID included in an authentication request among a plurality of service user IDs associated with the specified user. ..
  • the authentication server 10 transmits the specified service user ID to the sender of the authentication request.
  • the authentication server 10 transmits a response (response to the authentication request) including the specified service user ID to the management server 20.
  • the management server 20 searches the user information database using the acquired service user ID as a key, and identifies the user corresponding to the service user ID.
  • the management server 20 transmits the personal information of all or part of the specified user to the authentication terminal 30.
  • the authentication terminal 30 provides a service using the acquired personal information.
  • the authentication terminal 30 When the authentication terminal 30 ends the provision of the service, the authentication terminal 30 notifies the management server 20 to that effect. Specifically, the authentication terminal 30 transmits a "service provision end notification" to the management server 20.
  • the authentication terminal 30 acquires the second biometric information of the user and transmits the acquired second biometric information to the management server.
  • the authentication server 10 receives an authentication request including a user's biometric information and a second ID (service provider ID) from the service provider.
  • the authentication server 10 identifies a third ID (service user ID) by collation processing using the first and second biometric information and the second ID.
  • the authentication server 10 transmits the specified third ID to the service provider.
  • the management server 20 provides a service to the user
  • the management server 20 identifies the personal information of the user by using the third ID acquired by transmitting the authentication request to the authentication server 10.
  • the service provider provides the service to the user by using the specified personal information.
  • FIG. 6 is a diagram for explaining the operation in the information collection phase of the authentication system according to the first embodiment.
  • the information server 40 collects information on the behavior of the user (successful authentication person) who received the service from the service provider.
  • the information collected by the information server 40 (information provided by the management server 20 to the information server 40) is referred to as "behavior information”.
  • the service provider (management server 20) indicates the user's intention to provide the personal information of the user who received the service by biometric authentication to a third party. get. Specifically, the management server 20 transmits an inquiry regarding the availability of personal information (hereinafter referred to as an information provision inquiry) to the terminal 50 possessed by the user.
  • the information provision inquiry includes a list of personal information (for example, name, age, gender, address, etc.) stored in the management server 20 and a service user ID of a user who has enjoyed the service by biometric authentication.
  • the terminal 50 that has received the information provision inquiry acquires the user's intention regarding the provision of personal information.
  • the terminal 50 uses a GUI (Graphical User Interface) as shown in FIG. 7 to acquire whether or not personal information can be provided.
  • the terminal 50 may display so as to clearly indicate that the consideration can be obtained by providing the personal information.
  • the terminal 50 When the user refuses to provide personal information, the terminal 50 notifies the management server 20 to that effect (sends a negative response to the information provision inquiry).
  • the management server 20 transmits information about the outline of the service provided to the successful authentication person (hereinafter referred to as outline information) to the information server 40 as "behavior information".
  • outline information information about the outline of the service provided to the successful authentication person (hereinafter referred to as outline information) to the information server 40 as "behavior information”.
  • the schematic information exemplifies the type of industry (accommodation industry, retail industry) of the service provider, the place where the service is provided, the date and time, and the like.
  • the terminal 50 displays a GUI for inputting whether or not to provide each item (type) of personal information held by the management server 20 (see FIG. 8). ..
  • the terminal 50 may display the outline of the service received by biometric authentication on the input screen for whether or not to provide personal information.
  • the terminal 50 may display a GUI as shown in FIG.
  • the management server 20 may send an information provision inquiry including schematic information and a user's face image (face image acquired from the authentication terminal 30) to the terminal 50.
  • the terminal 50 transmits the information (type of personal information permitted to be provided to a third party) acquired by the GUI as shown in FIGS. 8 and 9 to the management server 20. Specifically, the terminal 50 transmits an acknowledgment including the information and the service user ID to the management server 20.
  • the management server 20 that received the affirmative response searches the user information database using the service user ID as a key, and identifies the corresponding user.
  • the management server 20 transmits "behavior information" including personal information permitted to be provided and summary information among the personal information of the specified user to the information server 40.
  • the information server 40 stores the received action information.
  • the information server 40 determines the consideration given to the personal information provider according to the type (item, item) of the provided personal information. Specifically, the information server 40 calculates the consideration according to a predetermined standard. For example, the information server 40 gives a high price to a user who provides high-value information such as name and age, and a low price to a user who provides low-value information such as gender. The information server 40 notifies the management server 20 of the calculated consideration.
  • the determination of the consideration by the information server 40 is an example, and the information server 40 can determine the consideration given to the personal information provider according to various methods and criteria.
  • the information server 40 may determine the consideration according to the demand for personal information (the number of companies wishing to purchase personal information). That is, the information server 40 may give a high price for personal information with high demand (high value) and a low price for personal information with low importance (low value).
  • the information server 40 may determine the consideration to be given to the personal information provider according to the amount presented (offer amount) from the company or the like that wishes to provide the information.
  • the information server 40 may give a high consideration to the user who provided the personal information with a large presentation amount.
  • the management server 20 refers to the consideration receipt information of the personal information provider, and pays the consideration (money, virtual currency, points) notified from the information server 40 to the personal information provider.
  • the provider of personal information can obtain compensation for the provision of personal information from the information center through the service provider.
  • the service provider may acquire a part of the consideration paid to the personal information provider from the information center (information server 40) as a brokerage fee.
  • the information center may pay the service provider a fee according to the total amount of personal information acquired in a predetermined period (for example, one month).
  • the service provider and the information center may conclude a contract regarding payment of consideration in advance, and the service provider may reimburse the consideration paid by the information center to the personal information provider.
  • an ID is assigned to the information (behavior information, notification of consideration) exchanged between the management server 20 and the information server 40, and the management server 20 manages the ID in association with the service user ID of the personal information provider. By doing so, it is possible to identify the user who pays the consideration.
  • the management server 20 makes an information provision inquiry (inquiry regarding whether or not the personal information can be provided, which is stored in the management server 20) to the terminal 50. Inquiries including a list of personal information items) will be sent.
  • the terminal 50 uses the acquired list of personal information to generate a GUI for a successful authentication person to input the type of personal information that is permitted to be provided to a third party.
  • the terminal 50 acquires the type of personal information permitted to be provided to a third party via the GUI, and transmits the acquired type of personal information to the management server 20.
  • the management server 20 receives the acknowledgment from the terminal 50, the management server 20 transmits the behavior information including the personal information permitted to be provided and the schematic information indicating the outline of the provided service to the information server 40.
  • FIG. 10 is a diagram showing an example of a processing configuration (processing module) of the authentication server 10 according to the first embodiment.
  • the authentication server 10 includes a communication control unit 201, a user registration unit 202, a database management unit 203, a service registration unit 204, an authentication unit 205, and a storage unit 206.
  • the communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the management server 20. Further, the communication control unit 201 transmits data to the management server 20. The communication control unit 201 passes the data received from the other device to the other processing module. The communication control unit 201 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 201.
  • the user registration unit 202 is a means for realizing the above-mentioned user registration.
  • the user registration unit 202 acquires a user ID, password, and biometric information (face image) of a user (a user who desires to provide a service using biometric authentication; a system user).
  • the user registration unit 202 acquires the above three pieces of information (user ID, password, biometric information) by any means. For example, the user registration unit 202 displays a GUI and an input form for determining a user ID and a password on the terminal 50. For example, the user registration unit 202 displays a GUI as shown in FIG. 11 on the terminal 50.
  • the user registration unit 202 verifies that the user ID and password acquired by the GUI or the like do not overlap with the already registered user ID and password. If the duplication does not occur, the user registration unit 202 displays a GUI for acquiring the biometric information of the user on the terminal 50.
  • the user registration unit 202 displays a GUI as shown in FIG. 12 on the terminal 50.
  • the user presses the "file selection" button shown in FIG. 12 and specifies the image data of the face image to be registered in the system.
  • the designated face image is displayed in the preview area (displayed as a selected face image in FIG. 12).
  • a feature amount (feature vector composed of a plurality of feature amounts) is obtained from the face image. To generate.
  • the user registration unit 202 extracts feature points from the acquired face image. Since existing techniques can be used for the feature point extraction process, detailed description thereof will be omitted. For example, the user registration unit 202 extracts eyes, nose, mouth, and the like as feature points from the face image. After that, the user registration unit 202 calculates the position of each feature point and the distance between each feature point as a feature amount, and generates a feature vector (vector information that characterizes the face image) composed of a plurality of feature amounts.
  • a feature vector vector information that characterizes the face image
  • the user registration unit 202 hands over the user ID, password, and the above-generated feature amount to the database management unit 203.
  • the database management unit 203 is a means for managing the authentication information database.
  • the authentication information database supports information that identifies system users (user ID, password), biometric information (features), service provider ID that identifies service providers, and service user IDs that identify users in each service. Attach and memorize.
  • the database management unit 203 When the database management unit 203 acquires the above three pieces of information (user ID, password, feature amount) from the user registration unit 202, the database management unit 203 adds a new entry to the authentication information database. For example, when the above three pieces of information regarding the user U1 are acquired, the database management unit 203 adds the entry shown at the bottom of FIG. At the stage of user registration, since the service provider ID and the service user ID are not generated, nothing is set in these fields.
  • the service registration unit 204 is a means for realizing individual service registration by system users.
  • the service registration unit 204 processes the service registration request acquired from the management server 20 of the service provider.
  • the service registration unit 204 searches the authentication information database using the user ID and password included in the acquired service registration request as keys.
  • the service registration unit 204 confirms the service provider ID field of the specified user (user specified from the set of user ID and password).
  • the service registration unit 204 determines whether or not the service provider ID included in the service registration request acquired from the management server 20 is set in the service provider ID field. If the service provider ID acquired from the management server 20 is already registered in the database, the service registration unit 204 notifies the management server 20 to that effect. In this case, since the service (service provider) that the user is trying to register is already registered in the authentication information database, the service registration unit 204 sends a "negative response" as a response to the service registration request.
  • the service registration unit 204 will perform the service corresponding to the user and the service provider. Generate a user ID.
  • the service user ID is identification information uniquely determined from the combination of the user and the service provider.
  • the service registration unit 204 calculates a hash value using a user ID, a password, and a service provider ID, and uses the calculated hash value as a service user ID.
  • the service registration unit 204 calculates a concatenated value of a user ID, a password, and a service provider ID, and generates a service user ID by calculating a hash value of the calculated concatenated value.
  • the service user ID may be any information as long as it can uniquely identify the combination of the system user and the service provider.
  • the service registration unit 204 may assign a unique value as a service user ID each time it processes a service registration request.
  • the service registration unit 204 hands over the service provider ID and the service user ID to the database management unit 203 together with the user ID and password.
  • the database management unit 203 registers two IDs (service provider ID and service user ID) in the authentication information database. For example, when the user U1 registers the service for the service provider S1, the above two IDs are added to the entry shown at the bottom of FIG.
  • service registration is performed for each service provider, multiple service providers and service user IDs may be set for one user. For example, when the user U1 registers the service for each of the service providers S1 and S2, the entries in the second and third lines of FIG. 15 are generated. When the user U2 registers the service with respect to the service provider S1, the entry at the bottom of FIG. 15 is generated.
  • the authentication information database shown in FIG. 15 and the like is an example, and does not mean to limit the information stored in the authentication information database.
  • the face image may be registered in the authentication information database instead of the feature amount for authentication. That is, each time the authentication is performed, the feature amount may be generated from the face image registered in the authentication information database.
  • the service registration unit 204 When the service provider ID and the service user ID are registered in the authentication information database, the service registration unit 204 notifies the management server 20 that the service registration request has been processed normally. The service registration unit 204 transmits an “acceptance response” as a response to the service registration request. At that time, the service registration unit 204 sends a response including the service user ID to the management server 20.
  • the authentication unit 205 is a means for performing authentication processing for system users.
  • the authentication unit 205 processes the authentication request received from the management server 20 of the service provider.
  • the authentication unit 205 retrieves the feature amount and the service provider ID included in the authentication request.
  • the authentication unit 205 searches the authentication information database using the extracted feature amount and the service provider ID as keys, and identifies the corresponding service user ID.
  • the authentication unit 205 sets the feature amount extracted from the authentication request as the feature amount on the collation side and the feature amount stored in the database as the feature amount on the registration side, and executes one-to-N verification. Specifically, the authentication unit 205 calculates the degree of similarity between the matching side and the feature quantities of each of the plurality of registered sides. For the similarity, a chi-square distance, an Euclidean distance, or the like can be used. The farther the distance is, the lower the similarity is, and the closer the distance is, the higher the similarity is.
  • the authentication unit 205 determines whether or not there is a feature amount whose similarity with the feature amount to be collated is equal to or higher than a predetermined value among a plurality of feature amounts registered in the database. When such a feature amount exists, the authentication unit 205 identifies a user (user ID, password) corresponding to the feature amount having the highest degree of similarity. Whether or not the authentication unit 205 has an entry matching the service provider ID included in the authentication request among at least one service provider ID associated with the user specified by the one-to-N collation. Is determined.
  • the authentication unit 205 determines that the user authentication has been successful. In this case, the authentication unit 205 sends an “acceptance response” to the management server 20 that is the source of the authentication request. At that time, the authentication unit 205 generates a response (response to the authentication request) including the service user ID of the specified entry and sends it to the management server 20.
  • the authentication unit 205 determines that the user's authentication has failed. In this case, the authentication unit 205 transmits a "negative response" to the management server 20 that is the source of the authentication request.
  • the entry (user) in the second line and the third line is specified by the feature amount FV1.
  • the entry in the second line is specified by the service provider ID "S1".
  • the authentication request is processed normally, and an acknowledgment including the service user ID "U1S1" is transmitted to the management server 20.
  • the storage unit 206 stores information necessary for the operation of the authentication server 10.
  • An authentication information database is constructed in the storage unit 206.
  • FIG. 16 is a diagram showing an example of a processing configuration (processing module) of the management server 20 according to the first embodiment.
  • the management server 20 includes a communication control unit 301, a personal information acquisition unit 302, a service registration request unit 303, a database management unit 304, an authentication request unit 305, and an action information provision unit 306.
  • a storage unit 307 is provided.
  • the communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packet) from the authentication server 10. Further, the communication control unit 301 transmits data to the authentication server 10. The communication control unit 301 passes the data received from the other device to the other processing module. The communication control unit 301 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from other devices via the communication control unit 301.
  • the personal information acquisition unit 302 is a means for acquiring personal information required when a service provider provides a service. For example, when the service provider is a "retail store”, the personal information acquisition unit 302 provides information related to payment (for example, credit card information, bank account information) in addition to the user's name and the like. get. Alternatively, when the service provider is a "hotel operator", the personal information acquisition unit 302 acquires reservation information (for example, accommodation date, etc.) related to accommodation in addition to the name and the like.
  • reservation information for example, accommodation date, etc.
  • the personal information acquisition unit 302 receives a contact (for example, an e-mail address that can be received by the terminal 50) for sending an inquiry (information provision inquiry) regarding whether or not personal information can be provided, and a consideration for receiving the consideration from the information server 40. Receipt information is also obtained from the user.
  • a contact for example, an e-mail address that can be received by the terminal 50
  • an inquiry information provision inquiry
  • Receipt information is also obtained from the user.
  • the personal information acquisition unit 302 acquires the user ID and password determined when the user registers the system, in addition to the personal information such as the above name.
  • the personal information acquisition unit 302 acquires personal information, a user ID, and a password by any means.
  • the personal information acquisition unit 302 displays a GUI or a form for inputting the above information on the terminal 50 (see FIG. 17).
  • the information shown in FIG. 17 may be displayed on the WEB page managed and operated by the service provider.
  • the terminal 50 may download the application provided by the service provider and display as shown in FIG. 17 by the application.
  • the WEB page may be a WEB page that manages member information of a service provider. That is, the member of each service provider may register the service on the WEB page that manages his / her member information.
  • the personal information acquisition unit 302 delivers the personal information (personal information including contact information and consideration receipt information), user ID, and password acquired using the GUI or the like to the service registration request unit 303.
  • the service registration request unit 303 is a means for requesting (requesting) the authentication server 10 to register the user regarding the use of the service.
  • the service registration request unit 303 selects a user ID and password from the above three pieces of information (personal information, user ID, password) acquired from the personal information acquisition unit 302.
  • the service registration request unit 303 transmits a service registration request including the selected user ID, password and service provider ID to the authentication server 10.
  • the service registration request unit 303 acquires a response to the service registration request from the authentication server 10. If the acquired response is a "negative response", the service registration requesting unit 303 notifies the user to that effect. For example, the service registration request unit 303 notifies the user that the service registration has already been performed.
  • the service registration requesting unit 303 If the acquired response is an "affirmative response", the service registration requesting unit 303 notifies the user that the service registration has been successful. Further, the service registration request unit 303 includes the service user ID included in the above response and personal information (name, gender, address, family structure, contact information, consideration receipt information, etc.) acquired from the personal information acquisition unit 302. Hand over to the database management unit 304.
  • the database management unit 304 is a means for managing the user information database.
  • the user information database is a database that manages information on users (system users) who are the targets of service provision.
  • the user information database stores the personal information (for example, name, etc.) of the user in association with the service user ID acquired from the authentication server 10.
  • the database management unit 304 acquires the above information (personal information, service user ID) from the service registration request unit 303, it adds a new entry to the user information database. For example, when the management server 20 of the service provider S1 acquires the above information regarding the user U1, the entry shown at the bottom of FIG. 18 is added.
  • the authentication request unit 305 is a means for requesting the user's authentication from the authentication server 10.
  • the authentication request unit 305 When the authentication request unit 305 acquires biometric information (face image) from the authentication terminal 30, it generates a feature amount from the face image. The authentication request unit 305 transmits an authentication request including the generated feature amount and the service provider ID to the authentication server 10.
  • the authentication request unit 305 When the response from the authentication server 10 is a "negative response" (in the case of an authentication failure), the authentication request unit 305 notifies the authentication terminal 30 to that effect.
  • the authentication request unit 305 retrieves the service user ID included in the response from the authentication server 10.
  • the authentication request unit 305 searches the user information database using the service user ID as a key, and identifies the corresponding entry.
  • the authentication request unit 305 reads out the personal information of the specified entry and sends it to the authentication terminal 30. For example, in the example of FIG. 18, if the service user ID is "U1S1", the personal information at the bottom is transmitted to the authentication terminal 30. The authentication requesting unit 305 does not need to transmit personal information unnecessary for providing the service by the authentication terminal 30 to the authentication terminal 30. For example, if the contact information for the information provision inquiry and the consideration receipt information are not necessary for providing the service, such information may not be transmitted to the authentication terminal 30.
  • the behavior information providing unit 306 is a means for providing information (behavior information) regarding the user's behavior at the time of providing a service by biometric authentication to the information server 40.
  • the behavior information providing unit 306 When the behavior information providing unit 306 receives the "service provision end notification" from the authentication terminal 30, the behavior information providing unit 306 "provides information" to the terminal 50 possessed by the user (authentication successful person; user who received the service provision by biometric authentication). Send an inquiry. As described above, the inquiry includes a list of personal information stored in the management server 20 and a service user ID.
  • the behavior information providing unit 306 When the response to the information provision inquiry is a negative response (denial of provision of personal information), the behavior information providing unit 306 generates schematic information and sends the schematic information to the information server 40 as "behavior information".
  • the schematic information does not include information that can identify the user, and is information for notifying the information server 40 of the fact that the service was provided by biometric authentication and its brief contents. Therefore, the management server 20 may include the user's product purchase price, accommodation record, and the like in the schematic information.
  • the behavior information providing unit 306 identifies the user by the service user ID included in the response. Further, the behavior information providing unit 306 reads out from the user information database the personal information permitted to be provided by the user among the personal information about the specified user. The action information providing unit 306 transmits the read personal information and the outline information to the information server 40 as "behavior information".
  • the behavior information providing unit 306 When transmitting behavior information including personal information and summary information, the behavior information providing unit 306 generates an ID (behavior information ID) that enables identification of the behavior information to be transmitted, and the behavior information including the ID is transmitted to the information server 40. (See FIG. 19).
  • the action information providing unit 306 stores the action information ID and the service user ID in association with each other.
  • the behavior information providing unit 306 When the behavior information providing unit 306 receives the notification regarding the consideration from the information server 40, the behavior information providing unit 306 extracts the behavior information ID included in the notification and identifies the corresponding user (service user ID). The behavior information providing unit 306 searches the user information database using the specified service user ID as a key, and identifies the corresponding entry. The action information providing unit 306 refers to the consideration receiving information of the specified entry and acquires the payee of the consideration. The behavior information providing unit 306 pays the payee the consideration notified from the information server 40.
  • the storage unit 307 stores information necessary for the operation of the management server 20.
  • the user information database is built in the storage unit 307.
  • the authentication terminal 30 acquires the user's personal information from the management server 20 by transmitting the biometric information acquired from the user to the management server 20.
  • the authentication terminal 30 provides a service to the user by using the acquired personal information.
  • FIG. 20 is a diagram showing an example of a processing configuration (processing module) of the authentication terminal 30 according to the first embodiment.
  • the authentication terminal 30 includes a communication control unit 401, a biometric information acquisition unit 402, a service providing unit 403, a message output unit 404, and a storage unit 405.
  • the communication control unit 401 is a means for controlling communication with other devices. For example, the communication control unit 401 receives data (packets) from the management server 20. Further, the communication control unit 401 transmits data to the management server 20. The communication control unit 401 passes the data received from the other device to the other processing module. The communication control unit 401 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from other devices via the communication control unit 401.
  • the biometric information acquisition unit 402 is a means for controlling the camera and acquiring the biometric information (face image) of the user.
  • the biological information acquisition unit 402 images the front of the own device at regular intervals or at predetermined timings.
  • the biological information acquisition unit 402 determines whether or not the acquired image includes a human face image, and if the acquired image includes a face image, extracts the face image from the acquired image data.
  • the biological information acquisition unit 402 may extract a face image (face region) from the image data by using a learning model learned by CNN (Convolutional Neural Network).
  • the biological information acquisition unit 402 may extract a face image by using a technique such as template matching.
  • the biometric information acquisition unit 402 delivers the extracted face image to the service provision unit 403.
  • the service providing unit 403 is a means for providing a predetermined service to the user.
  • the service providing unit 403 transmits the face image acquired from the biometric information acquisition unit 402 to the management server 20.
  • the management server 20 returns personal information (for example, name, etc.) corresponding to the face image.
  • the service providing unit 403 provides the service to the user by using the returned personal information.
  • the service providing unit 403 sends a "service provision end notification" to the management server 20.
  • the message output unit 404 is a means for outputting various messages to the user. For example, the message output unit 404 outputs a message regarding the user's authentication result and a message regarding service provision.
  • the message output unit 404 may display a message using a display device such as a liquid crystal monitor, or may reproduce a voice message using an audio device such as a speaker.
  • the storage unit 405 stores information necessary for the operation of the authentication terminal 30.
  • FIG. 21 is a diagram showing an example of a processing configuration (processing module) of the information server 40 according to the first embodiment.
  • the information server 40 includes a communication control unit 501, an action information processing unit 502, and a storage unit 503.
  • the communication control unit 501 is a means for controlling communication with other devices. For example, the communication control unit 501 receives data (packets) from the management server 20. Further, the communication control unit 501 transmits data to the management server 20. The communication control unit 501 passes the data received from the other device to the other processing module. The communication control unit 501 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 501.
  • the behavior information processing unit 502 is a means for processing the behavior information acquired from the management server 20.
  • the behavior information processing unit 502 stores the acquired behavior information in the storage unit 503.
  • the behavior information processing unit 502 determines the consideration to be paid to the provider of the behavior information (personal information provider). For example, the behavior information processing unit 502 determines the consideration by referring to the table information that defines the type of the obtained personal information and the consideration (amount, points, etc.) to be paid as shown in FIG. 22. The behavior information processing unit 502 calculates the total amount of consideration corresponding to each type of personal information provided, and uses it as the consideration to be paid to the personal information provider. The information center determines the amount of consideration according to the value of the information provided.
  • personal information provider for example, name, age, etc.
  • the behavior information processing unit 502 notifies the management server 20 of the determined consideration.
  • the storage unit 503 is a means for storing information necessary for the operation of the information server 40.
  • the information server 40 analyzes the accumulated behavior information and generates information for selling to a business operator or the like. However, since the function is different from the purpose of the present application, the description of the function will be omitted.
  • the information server 40 determines the consideration to be paid to the user according to the type of personal information provided by the user (authentication successful person who received the service provision). Further, the information server 40 notifies the management server 20 of the consideration paid to the user. The management server 20 pays the consideration notified based on the consideration receipt information of the user.
  • FIG. 23 is a diagram showing an example of a processing configuration (processing module) of the terminal 50 according to the first embodiment.
  • the terminal 50 includes a communication control unit 601, a personal information control unit 602, and a storage unit 603.
  • the communication control unit 601 is a means for controlling communication with other devices. For example, the communication control unit 601 receives data (packets) from the management server 20. Further, the communication control unit 601 transmits data to the management server 20. The communication control unit 601 passes the data received from the other device to the other processing module. The communication control unit 601 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 601.
  • the personal information control unit 602 is a means for controlling whether or not to provide the personal information held by the service provider to the information server 40 according to the intention of the user.
  • the personal information control unit 602 When the personal information control unit 602 receives the information provision inquiry from the management server 20, the personal information control unit 602 acquires the user's intention as to whether or not to consent to provide the personal information stored in the management server 20 to the information server 40. Specifically, the personal information control unit 602 displays a GUI as shown in FIG. 7 and acquires a comprehensive (overall) user's intention to provide personal information.
  • the personal information control unit 602 notifies the management server 20 to that effect. Specifically, the personal information control unit 602 sends a negative response to the information provision inquiry to the management server 20.
  • the personal information control unit 602 displays a GUI as shown in FIGS. 8 and 9, and personal information is permitted to be provided to the information center (third party). Get the type of.
  • the personal information control unit 602 determines the types of personal information shown in FIGS. 8 and 9 based on a list of items of personal information acquired from the management server 20. 8 and 9 show an interface for selecting personal information that can be provided to a third party by the user, but an interface for setting provision permission and provision refusal (YES, NO) for each personal information. May be used.
  • the service provider (management server 20)
  • the personal information stored in the management server 20 will also be different. Therefore, by referring to the item list of personal information acquired from the management server 20, the personal information control unit 602 does not request the user to select personal information that cannot be provided to the information server 40.
  • the personal information control unit 602 transmits the type of personal information acquired by the GUI shown in FIGS. 8 and 9 to the management server 20. Specifically, the personal information control unit 602 transmits an acknowledgment including the type of personal information permitted by the user to the management server 20.
  • the storage unit 603 stores information necessary for the operation of the terminal 50.
  • FIG. 24 is a sequence diagram showing an example of the operation related to the service registration phase of the authentication system according to the first embodiment.
  • the management server 20 acquires personal information (information necessary for providing the service), user ID, and password from the user (step S01).
  • the management server 20 transmits a service registration request including the acquired user ID, password, and service provider ID to the authentication server 10 (step S02).
  • the authentication server 10 generates a service user ID using the acquired user ID, password, and service provider ID (step S03).
  • the authentication server 10 stores the service provider ID and the service user ID in the authentication information database (step S04).
  • the authentication server 10 transmits a response including the service user ID (response to the service registration request) to the management server 20 (step S05).
  • the management server 20 associates the personal information acquired in step S01 with the service user ID acquired from the authentication server 10 and stores it in the user information database (step S06).
  • the management server 20 acquires the service user ID by transmitting the authentication request including the user ID, password, and service provider ID to the authentication server 10.
  • the management server 20 stores the acquired service user ID in association with the personal information of the user.
  • FIG. 25 is a sequence diagram showing an example of the operation related to the service provision phase of the authentication system according to the first embodiment.
  • the authentication terminal 30 acquires a user's face image (biological information) and transmits the acquired face image to the management server 20 (step S11).
  • the management server 20 generates a feature amount from the acquired face image (step S12).
  • the management server 20 transmits an authentication request including the generated feature amount and the service provider ID to the authentication server 10 (step S13).
  • the authentication server 10 executes an authentication process using the feature amount included in the authentication request and the service provider ID, and identifies the corresponding service user ID (step S14).
  • the authentication server 10 transmits a response (response to the authentication request) including the specified service user ID to the management server 20 (step S15).
  • the management server 20 searches the user information database using the acquired service user ID, and identifies the corresponding personal information (step S16).
  • the management server 20 transmits the specified personal information to the authentication terminal 30 (step S17).
  • the authentication terminal 30 provides a service using the acquired personal information (step S18).
  • the authentication terminal 30 sends a service provision end notification to the management server 20 (step S19).
  • FIG. 26 is a sequence diagram showing an example of the operation related to the information collection phase of the authentication system according to the first embodiment.
  • the management server 20 Upon receiving the service provision end notification from the authentication terminal 30, the management server 20 sends an information provision inquiry to the terminal 50 (step S21).
  • the terminal 50 Upon receiving the information provision inquiry, the terminal 50 generates a GUI for acquiring the user's intention to provide personal information to a third party (information center, information server 40) (whether or not personal information can be provided). Acquisition; step S22).
  • the terminal 50 If the user agrees to provide personal information, the terminal 50 generates a GUI for selecting the type of personal information that can be provided to a third party (selection of personal information to be provided; step S23).
  • the terminal 50 generates a response (response to an information provision inquiry) including the type of personal information selected by the user and sends it to the management server 20 (step S24).
  • the management server 20 transmits behavior information including personal information and outline information permitted to be provided to the information server 40 (step S25).
  • the information server 40 stores the acquired behavior information (step S26) and determines the consideration to be paid to the personal information provider (step S27).
  • the information server 40 notifies the management server 20 of the determined consideration. (Step S28).
  • the management server 20 refers to the consideration receipt information of the personal information provider, and pays the consideration notified from the management server 20 to the user (step S29).
  • the service when a service is provided to a user, the service is provided in addition to the information generated by the provision of the service (schematic information indicating the outline of the service).
  • the personal information of the received user is sent to the information center.
  • the user since the user can select an item of his / her personal information that is permitted to be provided to a third party, he / she can refuse to provide personal information that he / she does not intend. That is, the user can control the provision or refusal of personal information based on his / her own idea.
  • the information center that collects and utilizes personal information facilitates the collection of such personal information by giving a high price to personal information with high utility value (for example, name, address, etc.). That is, since a large amount of consideration can be obtained, the user consents (convinces) to provide personal information with high utility value to a third party.
  • high utility value for example, name, address, etc.
  • different service providers have different personal information that can be collected by the information center, and the information center can collect more diverse data. For example, the information center can obtain the age of the user as well as the payment amount of the user from the retail business, or can obtain the accommodation period and the age, gender, etc. of the user from the hotel operator.
  • the contact information of the user required in the first embodiment is unnecessary.
  • the authentication terminal 30 acquires whether or not to provide personal information.
  • FIG. 27 is a diagram for explaining the operation of the authentication system according to the second embodiment.
  • the authentication terminal 30 uses the personal information to provide a service.
  • the authentication terminal 30 displays a GUI asking whether or not the personal information can be provided.
  • the authentication terminal 30 generates a GUI as shown in FIG. 7 and acquires whether or not personal information can be provided.
  • the authentication terminal 30 When the user agrees to provide personal information, the authentication terminal 30 generates a GUI (for example, a GUI as shown in FIGS. 8 and 9) for inputting personal information that can be provided to a third party.
  • the authentication terminal 30 transmits the provideable personal information acquired via the GUI to the management server 20.
  • the management server 20 transmits (provides) behavior information (behavior information including personal information and summary information) to the information server 40 based on the received personal information.
  • the authentication terminal 30 may include the "personal information control function" of the terminal 50 according to the first embodiment. That is, as shown in FIG. 28, the authentication terminal 30 according to the second embodiment may include the personal information control unit 406.
  • the authentication successful person when the authentication terminal 30 ends the provision of the service to the authentication successful person, the authentication successful person permits the provision of personal information to a third party. Generate a GUI to enter the type.
  • the management server 20 acquires the user's intention regarding the provision of personal information via the authentication terminal 30.
  • the second embodiment also allows the user to appropriately control and manage personal information regarding the biometric authentication service.
  • FIG. 29 is a diagram showing an example of the hardware configuration of the management server 20.
  • the management server 20 can be configured by an information processing device (so-called computer), and includes the configuration illustrated in FIG. 29.
  • the management server 20 includes a processor 311, a memory 312, an input / output interface 313, a communication interface 314, and the like.
  • the components such as the processor 311 are connected by an internal bus or the like and are configured to be able to communicate with each other.
  • the configuration shown in FIG. 29 does not mean to limit the hardware configuration of the management server 20.
  • the management server 20 may include hardware (not shown).
  • the number of processors 311 and the like included in the management server 20 is not limited to the example of FIG. 29, and for example, a plurality of processors 311 may be included in the management server 20.
  • the processor 311 is a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), and a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
  • OS operating system
  • the memory 312 is a RAM (RandomAccessMemory), a ROM (ReadOnlyMemory), an HDD (HardDiskDrive), an SSD (SolidStateDrive), or the like.
  • the memory 312 stores an OS program, an application program, and various data.
  • the input / output interface 313 is an interface of a display device or an input device (not shown).
  • the display device is, for example, a liquid crystal display or the like.
  • the input device is, for example, a device that accepts user operations such as a keyboard and a mouse.
  • the communication interface 314 is a circuit, module, etc. that communicates with other devices.
  • the communication interface 314 includes a wireless communication circuit, a NIC (Network Interface Card), and the like.
  • the function of the management server 20 is realized by various processing modules.
  • the processing module is realized, for example, by the processor 311 executing a program stored in the memory 312.
  • the program can also be recorded on a computer-readable storage medium.
  • the storage medium may be a non-transient such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium. That is, the present invention can also be embodied as a computer program product. Further, the above program can be downloaded via a network or updated by using a storage medium in which the program is stored. Further, the processing module may be realized by a semiconductor chip.
  • the authentication server 10, the authentication terminal 30, the information server 40, the terminal 50, and the like can also be configured by the information processing device in the same manner as the management server 20, and the basic hardware configuration thereof is not different from that of the management server 20. Therefore, the explanation is omitted.
  • the authentication terminal 30 may be provided with a camera for photographing the user.
  • the management server 20 is equipped with a computer, and the function of the management server 20 can be realized by causing the computer to execute a program. Further, the management server 20 executes the personal information providing method by the program.
  • the authentication system may determine an ID (identifier) that uniquely identifies the system user.
  • the authentication server 10 acquires the user's biometric information (face image, feature amount).
  • the authentication server 10 may generate the above ID based on the biometric information.
  • the authentication server 10 may calculate a hash value from the feature amount of the face image and use the calculated hash value as a substitute for the user ID and password. Since the feature amount of the face image differs for each user and the hash value generated from the feature amount also differs for each user, it can be used as an ID of the system user.
  • the user registration phase and the service registration phase are executed at different timings, but these phases may be executed at substantially the same timing.
  • the authentication terminal 30 installed in the service provider that the user wishes to provide the service may be used, and the above two registration phases may be executed.
  • the user may perform user registration using the authentication terminal 30, and then continuously perform service registration.
  • the authentication terminal 30 may be provided with a user registration function (user registration unit 202) of the authentication server 10 and a personal information acquisition function (personal information acquisition unit 302) of the management server 20.
  • the plurality of authentication terminals 30 owned by the service provider do not have to be installed on the same site, building, or the like. If the service providers are common, each authentication terminal 30 may be installed in a spatially separated place.
  • one service provider ID is assigned to one service provider, but one service provider ID may be assigned to a plurality of service providers.
  • a plurality of service providers may be grouped together and a service provider ID may be issued for each group. For example, when the service providers S1 and S2 cooperate to provide the same service, a common service provider ID may be issued to the service providers S1 and S2.
  • the biometric information related to the "feature amount generated from the face image” is transmitted from the management server 20 to the authentication server 10 has been described.
  • the biometric information related to the "face image” may be transmitted from the management server 20 to the authentication server 10.
  • the authentication server 10 may generate a feature amount from the acquired face image and execute the authentication process (verification process).
  • the authentication terminal 30 acquires the face image and the management server 20 generates the feature amount from the face image has been described.
  • the authentication terminal 30 may generate a feature amount from the face image and transmit the generated feature amount to the management server 20. That is, the management server 20 does not have to generate the feature amount.
  • the management server 20 transmits a service registration request including the feature amount generated from the face image and the service provider ID to the authentication server 10.
  • the authentication server 10 executes a collation process using the feature amount included in the request and the feature amount registered in the authentication information database, and identifies the corresponding user.
  • the authentication server 10 issues a service user ID when the user is successfully identified (authentication).
  • the service provider may acquire the biometric information (face image) of the user in addition to the user ID and password.
  • the authentication server 10 may issue the service user ID when the user ID, password, and biometric information match (two-factor authentication using the biometric information and password may be executed).
  • the service provider may cache (temporarily hold) the information acquired from the authentication server 10 and the information acquired from the authentication terminal 30.
  • the management server 20 caches the biometric information acquired from the authentication terminal 30 and the authentication result (service user ID) based on the biometric information for a predetermined period.
  • the management server 20 confirms the cached data first, and if there is cache data that hits the acquired biometric information, the management server 20 does not send the authentication request to the authentication server 10.
  • the management server 20 identifies personal information using the service user ID included in the cache data.
  • the management server 20 may cache a combination of biometric information and personal information.
  • the conditions for deleting the cached data may be changed according to the type of service. For example, when the accommodation service is provided by the hotel operator, the management server 20 may delete the cache data at the timing when the guest's stay period ends.
  • each device authentication server 10, management server 20, authentication terminal 30
  • the form of data transmission / reception between each device is not particularly limited, but the data transmitted / received between these devices may be encrypted.
  • Biometric information is transmitted and received between these devices, and it is desirable that encrypted data be transmitted and received in order to appropriately protect the biometric information.
  • the terminal 50 may prepare a GUI for inputting whether or not to provide personal information for the entire authentication system.
  • the service provider it is determined whether or not personal information can be provided after the service is provided by the service provider. However, whether or not personal information is provided may be determined before the service is provided. That is, if the authentication is performed by the authentication server 10, it may be determined at any time before the service is provided or after the service is provided whether or not the personal information can be provided.
  • the terminal 50 may be used for a purpose different from that used.
  • the user may use the terminal 50 to update other information registered in the authentication server 10.
  • the user may access the authentication server 10 using the terminal 50 and select a service provider who receives the service by biometric authentication. That is, the user may register the service via the authentication server 10.
  • the user may apply for withdrawal from the system or service by using the terminal 50.
  • the management server 20 acquires in advance information about the consideration given to each personal information provided by the information server 40, and transfers the information about the consideration returned to the user based on the acquired information to the terminal 50 and the authentication terminal 30. You may notify. For example, the management server 20 may notify the terminal 50 of the item list of personal information included in the information provision notification and the consideration given when each item is provided. In this case, the terminal 50 can display the GUI as shown in FIG. As shown in FIG. 30, the terminal 50 may specify that the consideration (money, virtual currency, points that can be used for online shopping, etc.) obtained differs depending on the type of personal information provided. Further, as shown in FIG. 30, the terminal 50 may display the total consideration obtained by providing the selected personal information to a third party.
  • the consideration money, virtual currency, points that can be used for online shopping, etc.
  • the terminal 50 or the authentication terminal 30 may display a GUI for inputting the provision period of the provided data for each of the personal information permitted to be provided to a third party (see FIG. 31).
  • the terminal 50 and the authentication terminal 30 display a GUI that allows the provision period (for example, 1 month, 1 year, 10 years, indefinite period) to be selected.
  • the terminal 50 or the authentication terminal 30 may display a GUI for inputting the start and end of the provision period (the user may display the provision period in a format such as 20XX / YY / ZZ to 20ZZ / YY / XX. May be entered).
  • the terminal 50 and the authentication terminal 30 notify the management server 20 of the provision period together with the personal information permitted to be provided.
  • the management server 20 transmits behavior information including these information to the information server 40.
  • the information server 40 determines the consideration according to the type of personal information provided and the length of the data provision period for each type of personal information provided.
  • the information server 40 discards the stored personal information when the designated provision period has passed.
  • one information center is exemplified as a destination for providing personal information.
  • personal information may be provided to a plurality of information centers (information banks).
  • the user may select an information center that permits the provision of personal information from a plurality of information centers.
  • the management server 20 transmits the status provision inquiry, the management server 20 also transmits information about the affiliated information center (information server 40) to the terminal 50 or the like.
  • the management server 20 transmits the name of the information center or the like to the terminal 50 or the like.
  • the terminal 50 or the authentication terminal 30 may display a GUI as shown in FIG. 32 using the acquired information, and individually acquire whether or not to provide personal information for each information center. That is, the terminal 50 and the authentication terminal 30 may generate a GUI for inputting whether or not to permit the provision of personal information for each of the plurality of information centers.
  • the terminal 50 and the authentication terminal 30 display a GUI (GUI as shown in FIGS. 8, 9, 30, and 31) for selecting personal information to be provided for each information center permitted to provide information. You may.
  • the terminal 50 and the authentication terminal 30 may also display the consideration obtained from each information center (the consideration obtained may differ depending on the destination to which the personal information is provided).
  • the terminal 50 and the authentication terminal 30 may display the personal information of the user (successful authentication person) as it is, instead of displaying the type of personal information (see FIG. 33). ..
  • the identity confirmation of the user is not mentioned, but the identity confirmation of the user may be performed by any of the authentication systems.
  • the authentication server 10 may confirm the identity of the user.
  • the user registration unit 202 of the authentication server 10 acquires the user's identity verification document (for example, a passport, etc.) from the terminal 50, and uses the user's face image and the face image described in the identity verification document. The one-to-one collation may be performed.
  • the authentication server 10 may perform user registration for a user who has succeeded in the verification. Alternatively, the same identity verification may be performed at the time of service registration. By confirming the identity of the user in any of the authentication systems, the reliability of the personal information provided to the information center is guaranteed.
  • the management server 20 sends an information provision inquiry to the terminal 50 to notify the user of the fact that biometric authentication has been executed.
  • the authentication server 10 may notify the terminal 50 of the fact.
  • the terminal 50 may display a GUI or the like regarding whether or not information can be provided, triggered by a notification from the authentication server 10.
  • each embodiment may be used alone or in combination. For example, it is possible to replace a part of the configuration of the embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of the embodiment. Further, it is possible to add, delete, or replace a part of the configuration of the embodiment with another configuration.
  • the present invention is suitably applicable to an authentication system for authenticating customers such as retail stores and hotel operators.
  • the personal information for providing the service to the successful authentication person by biometric authentication is stored, and among the personal information of the successful authentication person to which the service is provided, the individual who the successful authentication person permits to provide to a third party.
  • [Appendix 2] Including the terminal owned by the successful authentication person, When the provision of the service to the successful authentication person is completed, the management server makes an inquiry to the terminal regarding whether or not the personal information can be provided, and includes an inquiry including a list of personal information stored in the own device. Send and The authentication system according to Appendix 1, wherein the terminal uses the list of personal information to generate a GUI for the successful authentication person to input the type of personal information permitted to be provided to the third party. [Appendix 3] The authentication system according to Appendix 2, wherein when the management server receives an acknowledgment to an inquiry regarding whether or not the personal information can be provided from the terminal, the management server transmits the action information to the information server.
  • the management server uses the information server to provide the behavioral information including personal information that the successful authentication person has authorized to provide to a third party and outline information about the outline of the service provided to the successful authentication person.
  • the authentication system according to any one of Supplementary note 1 to 3 to be transmitted to [Appendix 5].
  • the authentication system according to any one of Supplementary note 1 to 4, wherein the information server determines the consideration to be paid to the successful authentication person according to the type of personal information provided by the successful authentication person.
  • the management server stores the consideration receipt information for receiving the consideration, and the management server stores the consideration receipt information.
  • the information server notifies the management server of the consideration to be paid to the successful authentication person, and the information server notifies the management server.
  • the authentication system according to Appendix 5 wherein the management server pays the notified consideration based on the consideration receipt information of the authentication successful person.
  • Appendix 7 The authentication system according to Appendix 2 or 3, wherein the terminal generates a GUI displaying the consideration obtained by providing personal information to the third party.
  • Appendix 8 The authentication according to any one of Supplementary note 2, 3 or 7, wherein the terminal generates a GUI for inputting the provision period of the provided data for each type of personal information permitted to be provided to the third party. system.
  • the information server determines the type of personal information provided, the length of the data provision period for each type of personal information provided, and the consideration paid to the successful authentication person, Appendix 5. Authentication system described in.
  • [Appendix 10] The authentication system according to any one of Supplementary Provisions 2, 3, 7, and 8, wherein the terminal generates a GUI for inputting whether or not to permit the provision of personal information to each of the plurality of third parties.
  • Appendix 11 It further includes an authentication terminal that is connected to the management server, acquires biometric information of the authenticated person, and provides a service to the authenticated successful person. When the authentication terminal ends the provision of the service to the authentication successful person, the authentication terminal generates a GUI for inputting the type of personal information that the authentication successful person permits to provide to the third party. The authentication system described.
  • [Appendix 12] The authentication system according to any one of Supplementary note 1 to 11, wherein the biometric information is a face image or a feature amount generated from the face image.
  • [Appendix 13] Connected to a management server that stores personal information for providing services to successful biometric authentication
  • a terminal that generates a GUI for inputting personal information of a successful authentication person to whom the service is provided, which is permitted to be provided to a third party by the successful authentication person.
  • Information server and It is connected to an authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information.
  • the personal information for providing the service to the successful authentication person by the biometric authentication is stored, and among the personal information of the successful authentication person to which the service is provided, the individual who the successful authentication person permits to provide to a third party.
  • a management server that sends behavioral information including information to the information server.
  • Appendix 15 Information server and In a management server connected to an authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information. Store personal information for providing services to those who have succeeded in biometric authentication. A method for providing personal information, in which behavioral information including personal information of a successful authentication person to whom the service is provided is permitted to be provided to a third party is transmitted to the information server.
  • Appendix 16 Information server and A computer installed in a management server connected to an authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information.
  • the process of storing personal information for providing services to those who have succeeded in biometric authentication A process of transmitting behavioral information including personal information of a successful authentication person to whom the service is provided, including personal information that the successful authentication person has permitted to be provided to a third party, to the information server.
  • a computer-readable storage medium that stores programs for executing.
  • Authentication terminal 40 101 Information server 50 Terminal 201, 301, 401, 501, 601 Communication control unit 202 User registration unit 203, 304 Database (DB; Data Base) management unit 204 Service registration unit 205 Authentication unit 206, 307, 405, 503, 603 Storage unit 302 Personal information acquisition unit 303 Service registration request Unit 305 Authentication request unit 306 Behavior information provision unit 311 Processor 312 Memory 313 Input / output interface 314 Communication interface 402 Biometric information acquisition unit 403 Service provision unit 404 Message output unit 406, 602 Personal information control unit 502 Behavior information processing unit

Abstract

Provided is an authentication system by which a user controls and manages personal information related to service provision by means of biometric authentication. The authentication system comprises an information server, an authentication server, and a management server. The authentication server stores biological information about each of a plurality of users, and performs biometric authentication by using the stored biological information. The management server stores personal information for providing a service to a person who is successfully authenticated by means of biometric authentication. The management server transmits, to an information server, behavior information including personal information, which is allowed to be provided to a third party by the successfully authenticated person, among the personal information about the successfully authenticated person to whom the service has been provided.

Description

認証システム、端末、管理サーバ、個人情報提供方法及び記憶媒体Authentication system, terminal, management server, personal information provision method and storage medium
 本発明は、認証システム、端末、管理サーバ、個人情報提供方法及び記憶媒体に関する。 The present invention relates to an authentication system, a terminal, a management server, a personal information providing method, and a storage medium.
 近年、生体情報を利用した各種サービスの普及が始まっている。例えば、空港内で行われる各種手続き(チェックイン、手荷物預け入れ等)やホテルのチェックイン等に顔認証が用いられている。 In recent years, various services using biometric information have begun to spread. For example, face recognition is used for various procedures (check-in, baggage check-in, etc.) performed at the airport and hotel check-in.
 顔認証を利用したサービスでは、次のような流れで処理が行われる。まず、端末(空港やホテルに設置された端末)が利用客の顔画像を取得し、当該顔画像を特徴付ける特徴量(特徴ベクトル)を生成する。生成された特徴量は、ネットワーク上のサーバに送信される。 In the service using face recognition, the processing is performed in the following flow. First, a terminal (a terminal installed at an airport or a hotel) acquires a face image of a user and generates a feature amount (feature vector) that characterizes the face image. The generated features are sent to a server on the network.
 サーバは、顔認証によるサービスを受ける利用者の生体情報と個人情報(氏名、住所等)を格納するデータベースを備える。サーバは、端末から照合要求を取得すると、上記データベースを検索(照合)し、端末からの照合要求に対応する生体情報と個人情報を特定する。サーバは、特定した個人情報を端末に送信し、空港等に設置された端末は、取得した個人情報に基づいた業務を行う。 The server is equipped with a database that stores the biometric information and personal information (name, address, etc.) of the user who receives the service by face recognition. When the server acquires the collation request from the terminal, the server searches (collates) the database and identifies the biometric information and personal information corresponding to the collation request from the terminal. The server sends the specified personal information to the terminal, and the terminal installed at the airport or the like performs business based on the acquired personal information.
 また、認証情報や個人情報に関する様々な利活用が検討されている。 In addition, various utilizations related to authentication information and personal information are being considered.
 例えば、特許文献1には、インターネットを利用する企業、一般ユーザの多様な要求に応えつつ、本来の所有者である一般ユーザ(ISPの利用者)の関与可能な状況下で、個人情報を取引する方法、システムを提供する、と記載されている。 For example, in Patent Document 1, personal information is traded in a situation where a general user (ISP user) who is the original owner can be involved while responding to various demands of a company using the Internet and a general user. It is stated that the method and system are provided.
 特許文献2には、安否確認を要求する不特定の相手方に対し予め認証情報を登録させる必要なく、かつプライバシに配慮した形で安否確認に有効な情報を提供できるようにする、と記載されている。 Patent Document 2 describes that it is not necessary to register authentication information in advance for an unspecified counterparty who requests safety confirmation, and it is possible to provide effective information for safety confirmation in a privacy-friendly manner. There is.
 特許文献3には、消費行動に関連する個人情報の対価として、サービスや商品を提供する、と記載されている。 Patent Document 3 describes that services and products are provided as consideration for personal information related to consumer behavior.
特開2002-056111号公報Japanese Unexamined Patent Publication No. 2002-056111 特開2006-243798号公報Japanese Unexamined Patent Publication No. 2006-2437998 特開2008-243072号公報Japanese Unexamined Patent Publication No. 2008-243072
 上述のように、生体認証を用いてサービスを提供する際、利用者の個人情報が必要となる。ここで、多数の個人情報を収集し蓄積することで当該個人情報は大きな価値を生む。具体的には、どのような年齢層の利用者がどのようなサービスの提供を受けているといったデータは、企業のマーケティングにおける大きな判断材料となる。 As mentioned above, when providing a service using biometric authentication, the personal information of the user is required. Here, by collecting and accumulating a large amount of personal information, the personal information creates great value. Specifically, data such as what kind of service is provided by users of what age group is a great factor in making a decision in corporate marketing.
 しかし、生体認証によるサービス提供時に用いられた個人情報は、利用者のプライバシ保護の観点から、利用者の同意なく第三者に提供することは困難である。とりわけ、氏名や住所等の個人情報を第三者に提供することに強い抵抗を覚える利用者も多い。 However, it is difficult to provide the personal information used when providing the service by biometric authentication to a third party without the consent of the user from the viewpoint of protecting the privacy of the user. In particular, many users are strongly reluctant to provide personal information such as name and address to a third party.
 本発明は、生体認証によるサービス提供に関連した個人情報を利用者が制御、管理することに寄与する、認証システム、端末、管理サーバ、個人情報提供方法及び記憶媒体を提供することを主たる目的とする。 The main object of the present invention is to provide an authentication system, a terminal, a management server, a personal information providing method and a storage medium, which contribute to the control and management of personal information related to the provision of services by biometric authentication. do.
 本発明の第1の視点によれば、情報サーバと、複数の利用者それぞれの生体情報を記憶し、前記記憶された生体情報を用いて生体認証を行う、認証サーバと、前記生体認証による認証成功者にサービスを提供するための個人情報を記憶すると共に、前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可した個人情報を含む行動情報を前記情報サーバに送信する、管理サーバと、を含む、認証システムが提供される。 According to the first aspect of the present invention, an information server, an authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information, and authentication by the biometric authentication. Behavioral information including personal information for providing a service to a successful person and personal information of the authenticated successful person to whom the service is provided, including personal information that the authenticated successful person has permitted to be provided to a third party. An authentication system is provided, including a management server, which sends the information to the information server.
 本発明の第2の視点によれば、生体認証による認証成功者にサービスを提供するための個人情報を記憶する管理サーバと接続され、前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可する個人情報を入力するためのGUIを生成する、端末が提供される。 According to the second viewpoint of the present invention, among the personal information of the authentication successful person who is connected to the management server for storing the personal information for providing the service to the authentication successful person by biometric authentication and the service is provided, the above-mentioned A terminal is provided that generates a GUI for a successful authentication person to enter personal information that is permitted to be provided to a third party.
 本発明の第3の視点によれば、情報サーバと、複数の利用者それぞれの生体情報を記憶し、前記記憶された生体情報を用いて生体認証を行う、認証サーバと、に接続され、前記生体認証による認証成功者にサービスを提供するための個人情報を記憶すると共に、前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可した個人情報を含む行動情報を前記情報サーバに送信する、管理サーバが提供される。 According to the third viewpoint of the present invention, it is connected to an information server and an authentication server that stores biometric information of each of a plurality of users and performs bioauthentication using the stored biometric information. The personal information for providing the service to the successful authentication person by bio-authentication is stored, and the personal information of the successful authentication person to whom the service is provided is the personal information that the successful authentication person permits to provide to the third party. A management server is provided that sends behavioral information including the above to the information server.
 本発明の第4の視点によれば、情報サーバと、複数の利用者それぞれの生体情報を記憶し、前記記憶された生体情報を用いて生体認証を行う、認証サーバと、に接続された管理サーバにおいて、前記生体認証による認証成功者にサービスを提供するための個人情報を記憶し、前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可した個人情報を含む行動情報を前記情報サーバに送信する、個人情報提供方法が提供される。 According to the fourth viewpoint of the present invention, the management connected to the information server and the authentication server that stores the biometric information of each of the plurality of users and performs the biometric authentication using the stored biometric information. In the server, the personal information for providing the service to the successful authentication person by the biometric authentication is stored, and among the personal information of the successful authentication person to which the service is provided, the successful authentication person permits the provision to a third party. A method for providing personal information is provided, in which behavioral information including personal information is transmitted to the information server.
 本発明の第5の視点によれば、情報サーバと、複数の利用者それぞれの生体情報を記憶し、前記記憶された生体情報を用いて生体認証を行う、認証サーバと、に接続された管理サーバに搭載されたコンピュータに、前記生体認証による認証成功者にサービスを提供するための個人情報を記憶する処理と、前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可した個人情報を含む行動情報を前記情報サーバに送信する処理と、を実行させるためのプログラムを記憶する、コンピュータ読取可能な記憶媒体が提供される。 According to the fifth viewpoint of the present invention, a management connected to an information server and an authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information. The process of storing personal information for providing a service to the successful authentication person by bio-authentication in the computer mounted on the server, and the personal information of the successful authentication person to which the service is provided, the successful authentication person is the first. A computer-readable storage medium for storing a process for transmitting behavioral information including personal information permitted to be provided to the three parties to the information server and a program for executing the processing is provided.
 本発明の各視点によれば、生体認証によるサービス提供に関連した個人情報を利用者が制御、管理することに寄与する、認証システム、端末、管理サーバ、個人情報提供方法及び記憶媒体が提供される。なお、本発明の効果は上記に限定されない。本発明により、当該効果の代わりに、又は当該効果と共に、他の効果が奏されてもよい。 According to each viewpoint of the present invention, an authentication system, a terminal, a management server, a personal information providing method and a storage medium that contribute to the control and management of personal information related to the provision of services by biometric authentication are provided. To. The effect of the present invention is not limited to the above. According to the present invention, other effects may be produced in place of or in combination with the effect.
一実施形態の概要を説明するための図である。It is a figure for demonstrating the outline of one Embodiment. 第1の実施形態に係る認証システムの概略構成の一例を示す図である。It is a figure which shows an example of the schematic structure of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの利用者登録フェーズにおける動作を説明するための図である。It is a figure for demonstrating the operation in the user registration phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムのサービス登録フェーズにおける動作を説明するための図である。It is a figure for demonstrating operation in the service registration phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムのサービス提供フェーズにおける動作を説明するための図である。It is a figure for demonstrating operation in the service provision phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの情報収集フェーズにおける動作を説明するための図である。It is a figure for demonstrating operation in the information gathering phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの情報収集フェーズにおける動作を説明するための図である。It is a figure for demonstrating operation in the information gathering phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの情報収集フェーズにおける動作を説明するための図である。It is a figure for demonstrating operation in the information gathering phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの情報収集フェーズにおける動作を説明するための図である。It is a figure for demonstrating operation in the information gathering phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの処理構成の一例を示す図である。It is a figure which shows an example of the processing configuration of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの利用者登録部の動作を説明するための図である。It is a figure for demonstrating the operation of the user registration part of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの利用者登録部の動作を説明するための図である。It is a figure for demonstrating the operation of the user registration part of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る認証情報データベースの一例を示す図である。It is a figure which shows an example of the authentication information database which concerns on 1st Embodiment. 第1の実施形態に係る認証情報データベースの一例を示す図である。It is a figure which shows an example of the authentication information database which concerns on 1st Embodiment. 第1の実施形態に係る認証情報データベースの一例を示す図である。It is a figure which shows an example of the authentication information database which concerns on 1st Embodiment. 第1の実施形態に係る管理サーバの処理構成の一例を示す図である。It is a figure which shows an example of the processing configuration of the management server which concerns on 1st Embodiment. 第1の実施形態に係る管理サーバの個人情報取得部の動作を説明するための図である。It is a figure for demonstrating the operation of the personal information acquisition part of the management server which concerns on 1st Embodiment. 第1の実施形態に係る利用者情報データベースの一例を示す図である。It is a figure which shows an example of the user information database which concerns on 1st Embodiment. 第1の実施形態に係る管理サーバから送信される行動情報の一例を示す図である。It is a figure which shows an example of the action information transmitted from the management server which concerns on 1st Embodiment. 第1の実施形態に係る認証端末の処理構成の一例を示す図である。It is a figure which shows an example of the processing configuration of the authentication terminal which concerns on 1st Embodiment. 第1の実施形態に係る情報サーバの処理構成の一例を示す図である。It is a figure which shows an example of the processing configuration of the information server which concerns on 1st Embodiment. 第1の実施形態に係る情報サーバの動作を説明するための図である。It is a figure for demonstrating the operation of the information server which concerns on 1st Embodiment. 第1の実施形態に係る端末の処理構成の一例を示す図である。It is a figure which shows an example of the processing structure of the terminal which concerns on 1st Embodiment. 第1の実施形態に係る認証システムのサービス登録フェーズに関する動作の一例を示すシーケンス図である。It is a sequence diagram which shows an example of the operation about the service registration phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムのサービス提供フェーズに関する動作の一例を示すシーケンス図である。It is a sequence diagram which shows an example of the operation about the service provision phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの情報収集フェーズに関する動作の一例を示すシーケンス図である。It is a sequence diagram which shows an example of the operation about the information gathering phase of the authentication system which concerns on 1st Embodiment. 第2の実施形態に係る認証システムの動作を説明するための図である。It is a figure for demonstrating the operation of the authentication system which concerns on 2nd Embodiment. 第2の実施形態に係る認証端末の処理構成の一例を示す図である。It is a figure which shows an example of the processing configuration of the authentication terminal which concerns on 2nd Embodiment. 管理サーバのハードウェア構成の一例を示す図である。It is a figure which shows an example of the hardware configuration of a management server. 変形例に係る個人情報の提供可否に関する動作を説明するための図である。It is a figure for demonstrating operation about whether or not the personal information which concerns on a modification is provided. 変形例に係る個人情報の提供可否に関する動作を説明するための図である。It is a figure for demonstrating operation about whether or not the personal information which concerns on a modification is provided. 変形例に係る個人情報の提供可否に関する動作を説明するための図である。It is a figure for demonstrating operation about whether or not the personal information which concerns on a modification is provided. 変形例に係る個人情報の提供可否に関する動作を説明するための図である。It is a figure for demonstrating operation about whether or not the personal information which concerns on a modification is provided.
 はじめに、一実施形態の概要について説明する。なお、この概要に付記した図面参照符号は、理解を助けるための一例として各要素に便宜上付記したものであり、この概要の記載はなんらの限定を意図するものではない。また、特段の釈明がない場合には、各図面に記載されたブロックはハードウェア単位の構成ではなく、機能単位の構成を表す。各図におけるブロック間の接続線は、双方向及び単方向の双方を含む。一方向矢印については、主たる信号(データ)の流れを模式的に示すものであり、双方向性を排除するものではない。なお、本明細書及び図面において、同様に説明されることが可能な要素については、同一の符号を付することにより重複説明が省略され得る。 First, the outline of one embodiment will be explained. It should be noted that the drawing reference reference numerals added to this outline are added to each element for convenience as an example for assisting understanding, and the description of this outline is not intended to limit anything. Further, unless otherwise specified, the blocks described in each drawing represent not the configuration of hardware units but the configuration of functional units. Connection lines between blocks in each figure include both bidirectional and unidirectional. The one-way arrow schematically shows the flow of the main signal (data), and does not exclude bidirectionality. In the present specification and the drawings, the same reference numerals may be given to elements that can be similarly described, so that duplicate description may be omitted.
 一実施形態に係る認証システムは、情報サーバ101と、認証サーバ102と、管理サーバ103と、を含む(図1参照)。認証サーバ102は、複数の利用者それぞれの生体情報を記憶し、記憶された生体情報を用いて生体認証を行う。管理サーバ103は、生体認証による認証成功者にサービスを提供するための個人情報を記憶する。管理サーバ103は、サービスが提供された認証成功者の個人情報のうち認証成功者が第三者への提供を許可した個人情報を含む行動情報を情報サーバ101に送信する。 The authentication system according to one embodiment includes an information server 101, an authentication server 102, and a management server 103 (see FIG. 1). The authentication server 102 stores biometric information of each of the plurality of users, and performs biometric authentication using the stored biometric information. The management server 103 stores personal information for providing a service to a person who has succeeded in biometric authentication. The management server 103 transmits to the information server 101 the behavioral information including the personal information of the successful authentication person to whom the service is provided, including the personal information that the successful authentication person has permitted to provide to the third party.
 生体認証によりサービスの提供を受けた利用者(認証成功者)は、当該利用者の個人情報を記憶、管理する管理サーバ103に対して第三者に提供することを許可する個人情報を入力する。即ち、利用者は、生体認証によるサービス提供に関連した個人情報を第三者に提供するか否かを制御、管理することができる。 A user (successful authentication person) who has received the service by biometric authentication inputs personal information that is permitted to be provided to a third party to the management server 103 that stores and manages the personal information of the user. .. That is, the user can control and manage whether or not to provide personal information related to the provision of services by biometric authentication to a third party.
 以下に具体的な実施形態について、図面を参照してさらに詳しく説明する。 The specific embodiments will be described in more detail below with reference to the drawings.
[第1の実施形態]
 第1の実施形態について、図面を用いてより詳細に説明する。 [First Embodiment]
The first embodiment will be described in more detail with reference to the drawings.
[システムの構成]
 図2は、第1の実施形態に係る認証システムの概略構成の一例を示す図である。図2に示すように、認証システムには、認証センター、情報センター及び複数のサービス提供者が含まれる。 [System configuration]
FIG. 2 is a diagram showing an example of a schematic configuration of the authentication system according to the first embodiment. As shown in FIG. 2, the authentication system includes an authentication center, an information center, and a plurality of service providers.
 認証システムに参加する各サービス提供者は、生体認証を用いたサービスの提供を行う。サービス提供者により提供されるサービスとして、小売店等での代金決済サービスやホテル等での宿泊サービスが例示される。あるいは、サービス提供者により提供されるサービスは、空港や港における出入国審査等であってもよい。本願開示のサービス提供者は、生体認証を用いて提供できる任意のサービスが提供できればよい。 Each service provider participating in the authentication system provides services using biometric authentication. Examples of services provided by service providers include payment services at retail stores and accommodation services at hotels and the like. Alternatively, the service provided by the service provider may be immigration at an airport or port. The service provider disclosed in the present application may be able to provide any service that can be provided by using biometric authentication.
 認証センターには、認証サーバ10が設置されている。認証サーバ10は、利用者の生体情報を記憶し、当該生体情報を用いて利用者の生体認証を行う。認証サーバ10は、生体情報を用いた認証の認証局として動作する。認証サーバ10は、認証センターの敷地に設置されたサーバであってもよいし、クラウド上に設置されたサーバであってもよい。 The authentication server 10 is installed in the authentication center. The authentication server 10 stores the biometric information of the user and performs biometric authentication of the user using the biometric information. The authentication server 10 operates as a certificate authority for authentication using biometric information. The authentication server 10 may be a server installed on the site of the authentication center or a server installed on the cloud.
 なお、利用者の生体情報には、例えば、顔、指紋、声紋、静脈、網膜、瞳の虹彩の模様(パターン)といった個人に固有の身体的特徴から計算されるデータ(特徴量)が例示される。あるいは、利用者の生体情報は、顔画像、指紋画像等の画像データであってもよい。利用者の生体情報は、利用者の身体的特徴を情報として含むものであればよい。本願開示では、人の「顔」に関する生体情報を用いる場合について説明する。 In addition, the biometric information of the user exemplifies data (feature amount) calculated from physical characteristics peculiar to an individual such as a face, a fingerprint, a voice print, a vein, a retina, and an iris pattern (pattern) of the pupil. To. Alternatively, the biometric information of the user may be image data such as a face image and a fingerprint image. The biometric information of the user may be any information that includes the physical characteristics of the user. In the disclosure of the present application, a case where biometric information regarding a person's "face" is used will be described.
 認証サーバ10は、生体認証によるサービスを実現するためのサーバ装置である。認証サーバ10は、各サービス提供者から送信される「認証要求」を処理し、認証処理の結果をサービス提供者に送信する。認証サーバ10は、複数の利用者それぞれの生体情報を記憶し、当該記憶された生体情報を用いて生体認証を行う。 The authentication server 10 is a server device for realizing a service by biometric authentication. The authentication server 10 processes the "authentication request" transmitted from each service provider, and transmits the result of the authentication process to the service provider. The authentication server 10 stores biometric information of each of the plurality of users, and performs biometric authentication using the stored biometric information.
 各サービス提供者は、管理サーバと認証端末を有する。 Each service provider has a management server and an authentication terminal.
 例えば、サービス提供者S1には、管理サーバ20と、複数の認証端末30が設置されている。サービス提供者S2には、管理サーバ20と、複数の認証端末31が設置されている。 For example, the service provider S1 is provided with a management server 20 and a plurality of authentication terminals 30. The service provider S2 is provided with a management server 20 and a plurality of authentication terminals 31.
 以降の説明において、各構成要素を区別する必要がある場合には、ハイフンより右側の符号を用いる。サービス提供者S1とサービス提供者S2に含まれる各装置の動作等は同一とすることができるので、以降の説明は、サービス提供者S1を中心に説明する。 In the following explanation, when it is necessary to distinguish each component, the code on the right side of the hyphen is used. Since the operation and the like of each device included in the service provider S1 and the service provider S2 can be the same, the following description will be centered on the service provider S1.
 図2に示す各装置は相互に接続されている。例えば、認証サーバ10と管理サーバ20は、有線又は無線の通信手段により接続され、相互に通信が可能となるように構成されている。 The devices shown in FIG. 2 are connected to each other. For example, the authentication server 10 and the management server 20 are connected by a wired or wireless communication means and are configured to be able to communicate with each other.
 管理サーバ20は、サービス提供者の業務全般を制御、管理するサーバである。例えば、サービス提供者が小売店である場合には、管理サーバ20は、商品の在庫管理等を行う。あるいは、サービス提供者がホテル事業者であれば、管理サーバ20は、宿泊客の予約情報の管理等を行う。 The management server 20 is a server that controls and manages the entire business of the service provider. For example, when the service provider is a retail store, the management server 20 manages inventory of products. Alternatively, if the service provider is a hotel operator, the management server 20 manages the reservation information of the guest.
 管理サーバ20は、上記サービス提供に係る機能に加え、利用者の生体認証に関する制御機能、管理機能を備える。管理サーバ20は、認証システムを利用する利用者の個人情報(例えば、氏名等)を記憶する。即ち、管理サーバ20は、生体認証による認証成功者にサービスを提供するための個人情報を記憶する。また、管理サーバ20は、サービスが提供された認証成功者の個人情報のうち認証成功者が第三者(情報センター、情報サーバ40)への提供を許可した個人情報を情報サーバ40に送信する。 The management server 20 has a control function and a management function related to biometric authentication of the user, in addition to the functions related to the above service provision. The management server 20 stores personal information (for example, name, etc.) of a user who uses the authentication system. That is, the management server 20 stores personal information for providing a service to a person who has succeeded in biometric authentication. Further, the management server 20 transmits to the information server 40 the personal information of the successful authentication person to whom the service is provided, which the successful authentication person permits to provide to a third party (information center, information server 40). ..
 認証端末30は、管理サーバ20と接続され、サービス提供者を訪れた利用者(利用客)のインターフェイスとなる装置である。利用者は、認証端末30を介して種々のサービス提供を受ける。例えば、サービス提供者が小売店である場合には、利用者は、認証端末30を用いて代金の決済を行う。あるいは、サービス提供者がホテル事業者であれば、利用者は認証端末30を用いてチェックイン手続きを行う。 The authentication terminal 30 is a device that is connected to the management server 20 and serves as an interface for users (users) who visit the service provider. The user receives various services via the authentication terminal 30. For example, when the service provider is a retail store, the user pays the price using the authentication terminal 30. Alternatively, if the service provider is a hotel operator, the user performs a check-in procedure using the authentication terminal 30.
 情報センターには、情報サーバ40が設置されている。情報センター及び情報サーバ40は、利用者からみた「第三者」に相当する。情報サーバ40は、サービス提供者からサービスを受けた利用者の行動に関する情報を収集する。例えば、情報サーバ40は、利用者が利用したサービスの種類、氏名、年齢、性別等を収集する。収集された情報は、他の事業者に譲渡等される。または、情報サーバ40は、収集した情報を解析し、解析結果を他の事業者等に譲渡する。他の事業者は、取得した解析結果等をマーケティング等に役立てる。 An information server 40 is installed in the information center. The information center and the information server 40 correspond to a "third party" from the user's point of view. The information server 40 collects information on the behavior of the user who received the service from the service provider. For example, the information server 40 collects the type, name, age, gender, etc. of the service used by the user. The collected information will be transferred to other businesses. Alternatively, the information server 40 analyzes the collected information and transfers the analysis result to another business operator or the like. Other businesses will use the acquired analysis results for marketing.
 上記利用者の行動に関する情報に利用者の個人情報(例えば、氏名、年齢等)が含まれる場合には、情報サーバ40は、当該個人情報の提供に対する対価、利益を個人情報提供者に与える。 When the information regarding the behavior of the user includes the personal information of the user (for example, name, age, etc.), the information server 40 gives the personal information provider a consideration and a profit for the provision of the personal information.
 端末50は、利用者(生体認証を用いたサービスの提供を受ける利用者;認証成功者)が所持する端末である。 The terminal 50 is a terminal possessed by a user (a user who receives a service using biometric authentication; a successful authentication person).
 図2は例示であって、本願開示の認証システムの構成等を限定する趣旨ではない。例えば、認証センターには2台以上の認証サーバ10が含まれていてもよい。あるいは、サービス提供者には少なくとも1台以上の認証端末30が含まれればよい。あるいは、管理サーバ20と認証端末30の機能が統合され、当該統合された1台の装置により生体認証を用いたサービスが提供されてもよい。あるいは、各サービス提供者において、図2に示すように1台の管理サーバ20に複数の認証端末30が接続されていてもよいし、1台の管理サーバ20に1台の認証端末30が接続されていてもよい。あるいは、認証サーバ10と情報サーバ40の機能が統合されていてもよい。つまり、認証サーバ10も利用者からみた「第三者」に該当し得る。 FIG. 2 is an example, and does not mean to limit the configuration of the authentication system disclosed in the present application. For example, the authentication center may include two or more authentication servers 10. Alternatively, the service provider may include at least one authentication terminal 30. Alternatively, the functions of the management server 20 and the authentication terminal 30 may be integrated, and the integrated device may provide a service using biometric authentication. Alternatively, in each service provider, as shown in FIG. 2, a plurality of authentication terminals 30 may be connected to one management server 20, or one authentication terminal 30 may be connected to one management server 20. It may have been done. Alternatively, the functions of the authentication server 10 and the information server 40 may be integrated. That is, the authentication server 10 can also correspond to a "third party" from the user's point of view.
[システムの動作概略]
 続いて、第1の実施形態に係る認証システムの概略動作について説明する。 [Overview of system operation]
Subsequently, the schematic operation of the authentication system according to the first embodiment will be described.
 認証システムの動作には、4つのフェーズが含まれる。 The operation of the authentication system includes four phases.
 第1のフェーズは、利用者のシステム登録を行うフェーズ(利用者登録フェーズ)である。 The first phase is the phase for registering the user's system (user registration phase).
 第2のフェーズは、サービスの登録を行うフェーズ(サービス登録フェーズ)である。 The second phase is the service registration phase (service registration phase).
 第3のフェーズは、利用者に生体認証を用いたサービスを提供するフェーズ(サービス提供フェーズ)である。 The third phase is a phase (service provision phase) in which a service using biometric authentication is provided to a user.
 第4のフェーズは、サービスの提供を受けた利用者の行動に関する情報を収集するフェーズ(情報収集フェーズ)である。 The fourth phase is a phase (information gathering phase) for collecting information on the behavior of users who have received the service.
[利用者登録フェーズ]
 図3は、第1の実施形態に係る認証システムの利用者登録フェーズにおける動作を説明するための図である。 [User registration phase]
FIG. 3 is a diagram for explaining the operation in the user registration phase of the authentication system according to the first embodiment.
 生体認証を用いたサービスの提供を希望する利用者は、事前に利用者登録を行う。利用者は、認証システムにて利用者自身を特定するための情報(ユーザID(Identifier)、パスワード(PW;Pass Word))を決定し、システムに登録する。なお、図3を含む図面において、ユーザIDを「uID」と表記する。 Users who wish to provide services using biometric authentication should register as users in advance. The user determines the information (user ID (Identifier), password (PW; PassWord)) for identifying the user himself / herself in the authentication system, and registers the information in the system. In the drawings including FIG. 3, the user ID is referred to as "uID".
 また、利用者は、自身の生体情報(例えば、顔画像)をシステムに登録する。 In addition, the user registers his / her own biometric information (for example, a face image) in the system.
 利用者は、任意の手段を用いて上記3つの情報(ユーザID、パスワード、生体情報)をシステムに登録する。例えば、利用者は、上記3つの情報が記載された書類を認証センターに郵送し、認証センターの従業員が上記3つの情報を認証サーバ10に入力してもよい。あるいは、利用者は、上記3つの情報が格納された、USB(Universal Serial Bus)等の外部記憶装置を認証センターに郵送してもよい。 The user registers the above three pieces of information (user ID, password, biometric information) in the system by any means. For example, the user may mail a document containing the above three information to the authentication center, and an employee of the authentication center may input the above three information into the authentication server 10. Alternatively, the user may mail an external storage device such as USB (Universal Serial Bus) in which the above three pieces of information are stored to the authentication center.
 あるいは、利用者は、所有する端末50を操作して撮像した自身の顔画像と、ユーザID、パスワードを認証サーバ10に入力してもよい。端末50には、スマートフォン、携帯電話機、ゲーム機、タブレット等の携帯端末装置やコンピュータ(パーソナルコンピュータ、ノートパソコン)等が例示される。 Alternatively, the user may input his / her own face image, a user ID, and a password captured by operating the terminal 50 owned by the user into the authentication server 10. Examples of the terminal 50 include mobile terminal devices such as smartphones, mobile phones, game machines, and tablets, computers (personal computers, notebook computers), and the like.
 認証サーバ10は、取得した顔画像から特徴量(複数の特徴量からなる特徴ベクトル)を生成し、当該特徴量とユーザID、パスワードを対応付けて記憶する。具体的には、認証サーバ10は、認証情報データベースに新規なエントリを追加し、上記3つの情報を対応付けて記憶する。 The authentication server 10 generates a feature amount (feature vector consisting of a plurality of feature amounts) from the acquired face image, and stores the feature amount in association with a user ID and a password. Specifically, the authentication server 10 adds a new entry to the authentication information database, and stores the above three pieces of information in association with each other.
 このように、利用者登録フェーズにて、システムにおいて利用者を一意に定める第1のID(例えば、ユーザID)と利用者の認証に用いられる第1の生体情報がシステムに登録される。なお、第1の実施形態では、システム利用者を一意に定める識別子(第1のID)としてユーザIDとパスワードを用いる例を説明するが、利用者間でユーザIDの重複がなければ、上記識別子(第1のID)としてユーザIDを用いることも可能である。 In this way, in the user registration phase, the first ID (for example, user ID) that uniquely defines the user in the system and the first biometric information used for user authentication are registered in the system. In the first embodiment, an example in which a user ID and a password are used as an identifier (first ID) uniquely defining a system user will be described. However, if there is no duplication of user IDs among users, the above identifier It is also possible to use a user ID as (first ID).
[サービス登録フェーズ]
 図4は、第1の実施形態に係る認証システムのサービス登録フェーズにおける動作を説明するための図である。 [Service registration phase]
FIG. 4 is a diagram for explaining the operation of the authentication system according to the first embodiment in the service registration phase.
 利用者登録を終えた利用者は、生体認証によりサービスを受けたいサービス提供者を選択し、当該選択したサービス提供者をシステムに登録する。例えば、図2において、利用者がサービス提供者S1からサービスの提供を希望する場合には、サービス提供者S1をシステムに登録する。 The user who has completed user registration selects the service provider who wants to receive the service by biometric authentication, and registers the selected service provider in the system. For example, in FIG. 2, when the user wishes to provide the service from the service provider S1, the service provider S1 is registered in the system.
 利用者は、選択したサービス提供者からサービスを受けるために必要な個人情報をシステムに登録する。当該システムに登録される個人情報としては、氏名、年齢、性別、連絡先、対価を受け取るための情報等が例示される。連絡先は、例えば、端末50が受信可能なアカウントのメールアドレスである。また、利用者は、対価(個人情報提供に対する対価)を受け取るための対価受取情報をシステムに登録する。対価受取情報として、銀行口座、仮想通貨の受取口座、オンラインショッピングのID情報等が例示される。また、利用者は、上記個人情報と併せて、利用者登録フェーズにて決定されたユーザID、パスワードをシステムに登録する。 The user registers the personal information necessary to receive the service from the selected service provider in the system. Examples of personal information registered in the system include name, age, gender, contact information, and information for receiving consideration. The contact information is, for example, an e-mail address of an account that can be received by the terminal 50. In addition, the user registers the consideration receiving information for receiving the consideration (the consideration for the provision of personal information) in the system. Examples of the consideration receipt information include a bank account, a virtual currency receipt account, and online shopping ID information. In addition to the above personal information, the user registers the user ID and password determined in the user registration phase in the system.
 なお、本願開示において、個人情報は、利用者(被認証者)の生体情報を含まない情報と定義される。即ち、生体情報及び当該生体情報から生成された特徴量は、本願開示の「個人情報」から除外される。 In the disclosure of the present application, personal information is defined as information that does not include the biometric information of the user (certified person). That is, the biometric information and the feature amount generated from the biometric information are excluded from the "personal information" disclosed in the present application.
 利用者は、上記3つの情報(個人情報、ユーザID、パスワード)を任意の手段を用いてサービス提供者に入力する。例えば、利用者は、上記3つの情報を記載した媒体(紙媒体、電子媒体)を、選択したサービス提供者に郵送する。サービス提供者の従業員が上記3つの情報を管理サーバ20に入力する。利用者は、サービス提供者に設置された認証端末30を操作して、上記3つの情報を管理サーバ20に入力してもよい。 The user inputs the above three pieces of information (personal information, user ID, password) to the service provider by any means. For example, the user mails a medium (paper medium, electronic medium) containing the above three pieces of information to the selected service provider. An employee of the service provider inputs the above three pieces of information into the management server 20. The user may operate the authentication terminal 30 installed in the service provider and input the above three information into the management server 20.
 あるいは、図4に示すように、利用者は端末50を操作して上記3つの情報を管理サーバ20に入力してもよい。この場合、利用者は、サービス提供者が管理、運営するWEB(ウェブ)ページ上にて上記3つの情報を入力する。 Alternatively, as shown in FIG. 4, the user may operate the terminal 50 to input the above three pieces of information into the management server 20. In this case, the user inputs the above three pieces of information on the WEB (web) page managed and operated by the service provider.
 管理サーバ20は、上記3つの情報(個人情報、ユーザID、パスワード)を取得すると、認証サーバ10に対して「サービス登録要求」を送信する。具体的には、管理サーバ20は、サービス提供者ID、ユーザID及びパスワードを含むサービス登録要求を認証サーバ10に送信する。 When the management server 20 acquires the above three pieces of information (personal information, user ID, password), it sends a "service registration request" to the authentication server 10. Specifically, the management server 20 transmits a service registration request including a service provider ID, a user ID, and a password to the authentication server 10.
 サービス提供者IDは、認証システムに含まれるサービス提供者(生体認証を利用する認証基盤に参加している小売店等)を一意に識別するための識別情報である。図2の例では、サービス提供者S1、S2のそれぞれに異なるサービス提供者IDが割り当てられている。 The service provider ID is identification information for uniquely identifying the service provider included in the authentication system (retail stores participating in the authentication platform using biometric authentication, etc.). In the example of FIG. 2, different service provider IDs are assigned to each of the service providers S1 and S2.
 なお、サービス提供者IDは、サービス提供者ごとに割り当てられるIDであって、サービスごとに割り当てられるIDではない。例えば、図2において、サービス提供者S1とS2が同じ種類のサービス(例えば、宿泊サービス)を提供する事業者であっても、経営主体が異なればこれらのサービス提供者には異なるIDが割り当てられる。 The service provider ID is an ID assigned to each service provider, not an ID assigned to each service. For example, in FIG. 2, even if service providers S1 and S2 are businesses that provide the same type of service (for example, accommodation service), different IDs are assigned to these service providers if the management entity is different. ..
 認証サーバ10と管理サーバ20は、任意の方法によりサービス提供者IDを共有する。例えば、サービス提供者が認証基盤に参加する際、認証サーバ10がサービス提供者IDを生成し、当該生成したサービス提供者IDをサービス提供者に配付(通知)すればよい。図4を含む図面において、サービス提供者IDを「spID」と表記する。 The authentication server 10 and the management server 20 share the service provider ID by any method. For example, when the service provider participates in the authentication infrastructure, the authentication server 10 may generate a service provider ID and distribute (notify) the generated service provider ID to the service provider. In the drawings including FIG. 4, the service provider ID is referred to as "spID".
 サービス登録要求を受信すると、認証サーバ10は、当該要求に含まれるユーザIDとパスワードをキーとして認証情報データベースを検索し、対応する利用者を特定する。その後、認証サーバ10は、「サービスユーザID」を生成する。 Upon receiving the service registration request, the authentication server 10 searches the authentication information database using the user ID and password included in the request as keys, and identifies the corresponding user. After that, the authentication server 10 generates a "service user ID".
 サービスユーザIDは、利用者とサービス提供者の対応関係(組み合わせ)を一意に定める識別情報である。例えば、図2の例では、利用者U1とサービス提供者S1の組み合わせから定まるサービスユーザIDと、利用者U1とサービス提供者S2の組み合わせから定まるサービスユーザIDには、それぞれ異なる値が設定される。 The service user ID is identification information that uniquely defines the correspondence (combination) between the user and the service provider. For example, in the example of FIG. 2, different values are set for the service user ID determined from the combination of the user U1 and the service provider S1 and the service user ID determined from the combination of the user U1 and the service provider S2. ..
 認証サーバ10は、ユーザID、パスワード、特徴量、サービス提供者ID、上記生成されたサービスユーザIDを対応付けて記憶する。図4を含む図面において、サービスユーザIDを「suID」と表記する。 The authentication server 10 stores the user ID, password, feature amount, service provider ID, and the generated service user ID in association with each other. In the drawings including FIG. 4, the service user ID is referred to as "suID".
 認証サーバ10は、上記生成したサービスユーザIDを、サービス登録要求の送信元に送信する。認証サーバ10は、サービスユーザIDを含む応答を管理サーバ20に送信し、サービスユーザIDの払い出しを行う。 The authentication server 10 transmits the service user ID generated above to the sender of the service registration request. The authentication server 10 sends a response including the service user ID to the management server 20, and issues the service user ID.
 管理サーバ20は、認証サーバ10から取得したサービスユーザIDと利用者の個人情報(対価受取情報を含む個人情報)を対応付けて記憶する。管理サーバ20は、利用者情報データベースに新規なエントリを追加し、上記情報(個人情報、サービスユーザID)を格納する。 The management server 20 stores the service user ID acquired from the authentication server 10 in association with the user's personal information (personal information including consideration receipt information). The management server 20 adds a new entry to the user information database and stores the above information (personal information, service user ID).
 利用者は、生体認証を用いたサービスの提供を受けたいサービス提供者ごとに上記のような登録動作を繰り返す。換言すれば、利用者は、サービスの提供が不要なサービス提供者についての利用登録を行う必要はない。 The user repeats the above registration operation for each service provider who wants to receive the service using biometric authentication. In other words, the user does not need to register the use of the service provider who does not need to provide the service.
 このように、サービス登録フェーズにおいて、利用者が利用を希望するサービスのサービス提供者から、第1のID(例えば、ユーザID)と第2のID(例えば、サービス提供者ID)を含むサービス登録要求が認証サーバ10に送信される。認証サーバ10は、当該サービス登録要求を処理する際、利用者とサービス提供者の組み合わせにより一意に定まる第3のID(例えば、サービスユーザID)を生成する。認証サーバ10は、当該第3のIDをサービス提供者に送信する。サービス提供者(管理サーバ20)は、利用者の個人情報と第3のIDを対応付けて記憶する。 As described above, in the service registration phase, a service registration including a first ID (for example, a user ID) and a second ID (for example, a service provider ID) is provided by the service provider of the service that the user desires to use. The request is sent to the authentication server 10. When processing the service registration request, the authentication server 10 generates a third ID (for example, a service user ID) uniquely determined by the combination of the user and the service provider. The authentication server 10 transmits the third ID to the service provider. The service provider (management server 20) stores the personal information of the user in association with the third ID.
[サービス提供フェーズ]
 図5は、第1の実施形態に係る認証システムのサービス提供フェーズにおける動作を説明するための図である。 [Service provision phase]
FIG. 5 is a diagram for explaining the operation of the authentication system according to the first embodiment in the service provision phase.
 サービスの登録(サービス登録フェーズ)を終了した利用者は、サービス提供者を訪問する。利用者は、認証端末30の前に移動する。 A user who has completed the service registration (service registration phase) visits the service provider. The user moves in front of the authentication terminal 30.
 認証端末30は、面前の利用者から生体情報を取得する。具体的には、認証端末30は、利用者を撮像し、顔画像を取得する。認証端末30は、取得した顔画像を管理サーバ20に送信する。 The authentication terminal 30 acquires biometric information from the user in front of it. Specifically, the authentication terminal 30 takes an image of the user and acquires a face image. The authentication terminal 30 transmits the acquired face image to the management server 20.
 管理サーバ20は、取得した顔画像から特徴量を生成する。管理サーバ20は、当該生成した特徴量とサービス提供者IDを含む認証要求を認証サーバ10に送信する。 The management server 20 generates a feature amount from the acquired face image. The management server 20 transmits an authentication request including the generated feature amount and the service provider ID to the authentication server 10.
 認証サーバ10は、認証要求から特徴量を取り出し、当該取り出した特徴量と認証情報データベースに登録された特徴量を用いた照合処理(1対N照合;Nは正の整数、以下同じ)を実行する。 The authentication server 10 extracts a feature amount from the authentication request and executes a collation process (1 to N collation; N is a positive integer, the same applies hereinafter) using the extracted feature amount and the feature amount registered in the authentication information database. do.
 認証サーバ10は、照合処理により利用者を特定し、当該特定した利用者に対応付けられている複数のサービスユーザIDのうち認証要求に含まれるサービス提供者IDに対応するサービスユーザIDを特定する。 The authentication server 10 identifies a user by a collation process, and identifies a service user ID corresponding to a service provider ID included in an authentication request among a plurality of service user IDs associated with the specified user. ..
 認証サーバ10は、特定したサービスユーザIDを認証要求の送信元に送信する。認証サーバ10は、特定したサービスユーザIDを含む応答(認証要求に対する応答)を管理サーバ20に送信する。 The authentication server 10 transmits the specified service user ID to the sender of the authentication request. The authentication server 10 transmits a response (response to the authentication request) including the specified service user ID to the management server 20.
 管理サーバ20は、取得したサービスユーザIDをキーとして利用者情報データベースを検索し、サービスユーザIDに対応する利用者を特定する。管理サーバ20は、特定された利用者の全部又は一部の個人情報を認証端末30に送信する。認証端末30は、取得した個人情報を用いてサービスを提供する。 The management server 20 searches the user information database using the acquired service user ID as a key, and identifies the user corresponding to the service user ID. The management server 20 transmits the personal information of all or part of the specified user to the authentication terminal 30. The authentication terminal 30 provides a service using the acquired personal information.
 認証端末30は、サービスの提供を終了すると、その旨を管理サーバ20に通知する。具体的には、認証端末30は、「サービス提供終了通知」を管理サーバ20に送信する。 When the authentication terminal 30 ends the provision of the service, the authentication terminal 30 notifies the management server 20 to that effect. Specifically, the authentication terminal 30 transmits a "service provision end notification" to the management server 20.
 このように、サービス提供フェーズにおいて、認証端末30は、利用者の第2の生体情報を取得すると共に、取得した第2の生体情報を管理サーバに送信する。認証サーバ10は、サービス提供者から利用者の生体情報と第2のID(サービス提供者ID)を含む認証要求を受信する。認証サーバ10は、第1及び第2の生体情報と第2のIDを用いた照合処理により第3のID(サービスユーザID)を特定する。認証サーバ10は、特定した第3のIDをサービス提供者に送信する。管理サーバ20は、利用者にサービスを提供する際、認証要求を認証サーバ10に送信することで取得した第3のIDを用いて利用者の個人情報を特定する。サービス提供者は、特定された個人情報を用いて利用者にサービスを提供する。 As described above, in the service provision phase, the authentication terminal 30 acquires the second biometric information of the user and transmits the acquired second biometric information to the management server. The authentication server 10 receives an authentication request including a user's biometric information and a second ID (service provider ID) from the service provider. The authentication server 10 identifies a third ID (service user ID) by collation processing using the first and second biometric information and the second ID. The authentication server 10 transmits the specified third ID to the service provider. When the management server 20 provides a service to the user, the management server 20 identifies the personal information of the user by using the third ID acquired by transmitting the authentication request to the authentication server 10. The service provider provides the service to the user by using the specified personal information.
[情報収集フェーズ]
 図6は、第1の実施形態に係る認証システムの情報収集フェーズにおける動作を説明するための図である。 [Information gathering phase]
FIG. 6 is a diagram for explaining the operation in the information collection phase of the authentication system according to the first embodiment.
 情報収集フェーズにおいて、情報サーバ40が、サービス提供者からサービスの提供を受けた利用者(認証成功者)の行動に関する情報を収集する。以降の説明において、情報サーバ40が収集する情報(管理サーバ20が情報サーバ40に提供する情報)を「行動情報」と表記する。 In the information collection phase, the information server 40 collects information on the behavior of the user (successful authentication person) who received the service from the service provider. In the following description, the information collected by the information server 40 (information provided by the management server 20 to the information server 40) is referred to as "behavior information".
 生体認証を用いたサービスの提供が終了すると、サービス提供者(管理サーバ20)は、生体認証によりサービスの提供を受けた利用者の個人情報を第三者に提供することに関する利用者の意思を取得する。具体的には、管理サーバ20は、利用者が所持する端末50に対して個人情報の提供可否に関する照会(以下、情報提供照会と表記する)を送信する。情報提供照会には、管理サーバ20が記憶している個人情報(例えば、氏名、年齢、性別、住所等)のリストと、生体認証によるサービスを享受した利用者のサービスユーザIDが含まれる。 When the provision of the service using biometric authentication is completed, the service provider (management server 20) indicates the user's intention to provide the personal information of the user who received the service by biometric authentication to a third party. get. Specifically, the management server 20 transmits an inquiry regarding the availability of personal information (hereinafter referred to as an information provision inquiry) to the terminal 50 possessed by the user. The information provision inquiry includes a list of personal information (for example, name, age, gender, address, etc.) stored in the management server 20 and a service user ID of a user who has enjoyed the service by biometric authentication.
 情報提供照会を受信した端末50は、個人情報の提供に関する利用者の意思を取得する。例えば、端末50は、図7に示すようなGUI(Graphical User Interface)を用いて個人情報提供の可否を取得する。なお、端末50は、個人情報を提供することで対価が得られることを明示するような表示を行ってもよい。 The terminal 50 that has received the information provision inquiry acquires the user's intention regarding the provision of personal information. For example, the terminal 50 uses a GUI (Graphical User Interface) as shown in FIG. 7 to acquire whether or not personal information can be provided. In addition, the terminal 50 may display so as to clearly indicate that the consideration can be obtained by providing the personal information.
 利用者が個人情報の提供を拒否した場合には、端末50は、管理サーバ20に対してその旨を通知する(情報提供照会に対する否定応答を送信する)。この場合、管理サーバ20は、認証成功者に対して提供されたサービスの概略に関する情報(以下、概略情報と表記する)を「行動情報」として情報サーバ40に送信する。概略情報には、サービス提供者の業種(宿泊業、小売業)、サービスを提供した場所、日時等が例示される。 When the user refuses to provide personal information, the terminal 50 notifies the management server 20 to that effect (sends a negative response to the information provision inquiry). In this case, the management server 20 transmits information about the outline of the service provided to the successful authentication person (hereinafter referred to as outline information) to the information server 40 as "behavior information". The schematic information exemplifies the type of industry (accommodation industry, retail industry) of the service provider, the place where the service is provided, the date and time, and the like.
 利用者が個人情報の提供を承諾する場合には、端末50は、管理サーバ20が保持する個人情報の各項目(種類)についての提供可否を入力するためのGUIを表示する(図8参照)。なお、端末50は、生体認証により受けたサービスの概略等を個人情報提供可否の入力画面に表示してもよい。例えば、端末50は、図9に示すようなGUIを表示してもよい。この場合、管理サーバ20は、概略情報や利用者の顔画像(認証端末30から取得した顔画像)を含む情報提供照会を端末50に送信してもよい。 When the user consents to the provision of personal information, the terminal 50 displays a GUI for inputting whether or not to provide each item (type) of personal information held by the management server 20 (see FIG. 8). .. The terminal 50 may display the outline of the service received by biometric authentication on the input screen for whether or not to provide personal information. For example, the terminal 50 may display a GUI as shown in FIG. In this case, the management server 20 may send an information provision inquiry including schematic information and a user's face image (face image acquired from the authentication terminal 30) to the terminal 50.
 端末50は、図8や図9に示すようなGUIにより取得した情報(第三者に提供を許可する個人情報の種類)を管理サーバ20に送信する。具体的には、端末50は、当該情報とサービスユーザIDを含む肯定応答を管理サーバ20に送信する。 The terminal 50 transmits the information (type of personal information permitted to be provided to a third party) acquired by the GUI as shown in FIGS. 8 and 9 to the management server 20. Specifically, the terminal 50 transmits an acknowledgment including the information and the service user ID to the management server 20.
 肯定応答を受信した管理サーバ20は、サービスユーザIDをキーとして利用者情報データベースを検索し、対応する利用者を特定する。管理サーバ20は、特定した利用者の個人情報のうち提供が許可された個人情報と概略情報を含む「行動情報」を情報サーバ40に送信する。 The management server 20 that received the affirmative response searches the user information database using the service user ID as a key, and identifies the corresponding user. The management server 20 transmits "behavior information" including personal information permitted to be provided and summary information among the personal information of the specified user to the information server 40.
 情報サーバ40は、受信した行動情報を記憶する。行動情報に利用者の個人情報が含まれる場合には、情報サーバ40は、提供された個人情報の種類(項目、アイテム)に応じて、個人情報提供者に与える対価を決定する。具体的には、情報サーバ40は、予め定められた基準に従い対価を算出する。例えば、情報サーバ40は、氏名や年齢等の価値の高い情報を提供した利用者には高い対価を与え、性別等の価値の低い情報を提供した利用者には低い対価を与える。情報サーバ40は、算出した対価を管理サーバ20に通知する。 The information server 40 stores the received action information. When the behavior information includes the personal information of the user, the information server 40 determines the consideration given to the personal information provider according to the type (item, item) of the provided personal information. Specifically, the information server 40 calculates the consideration according to a predetermined standard. For example, the information server 40 gives a high price to a user who provides high-value information such as name and age, and a low price to a user who provides low-value information such as gender. The information server 40 notifies the management server 20 of the calculated consideration.
 なお、上記情報サーバ40による対価の決定は例示であって、情報サーバ40は種々の方法、基準に従って個人情報提供者に与える対価を決定することができる。例えば、情報サーバ40は、個人情報の需要(個人情報の購入を希望する企業の数)に応じて対価を決定してもよい。即ち、情報サーバ40は、需要の大きい(価値の高い)個人情報については高い対価を与え、重要の小さい(価値の低い)個人情報については低い対価を与えてもよい。あるいは、情報サーバ40は、情報提供を希望する企業等からの提示金額(オファー金額)に応じて個人情報提供者に与える対価を決定してもよい。情報サーバ40は、提示金額が大きい個人情報を提供した利用者に高い対価を与えてもよい。 The determination of the consideration by the information server 40 is an example, and the information server 40 can determine the consideration given to the personal information provider according to various methods and criteria. For example, the information server 40 may determine the consideration according to the demand for personal information (the number of companies wishing to purchase personal information). That is, the information server 40 may give a high price for personal information with high demand (high value) and a low price for personal information with low importance (low value). Alternatively, the information server 40 may determine the consideration to be given to the personal information provider according to the amount presented (offer amount) from the company or the like that wishes to provide the information. The information server 40 may give a high consideration to the user who provided the personal information with a large presentation amount.
 管理サーバ20は、個人情報提供者の対価受取情報を参照し、情報サーバ40から通知された対価(金銭、仮想通貨、ポイント)を個人情報提供者に支払う。個人情報の提供者は、サービス提供者を介して情報センターから個人情報提供に対する対価を得ることができる。なお、サービス提供者は、情報センター(情報サーバ40)から個人情報提供者に支払われる対価の一部を仲介手数料として取得してもよい。あるいは、情報センターは、所定期間(例えば、1か月)に取得した個人情報の総量等に応じた手数料をサービス提供者に支払ってもよい。 The management server 20 refers to the consideration receipt information of the personal information provider, and pays the consideration (money, virtual currency, points) notified from the information server 40 to the personal information provider. The provider of personal information can obtain compensation for the provision of personal information from the information center through the service provider. The service provider may acquire a part of the consideration paid to the personal information provider from the information center (information server 40) as a brokerage fee. Alternatively, the information center may pay the service provider a fee according to the total amount of personal information acquired in a predetermined period (for example, one month).
 なお、サービス提供者と情報センターの間で対価の支払いに関する契約を事前に結び、情報センターが個人情報提供者に支払う対価をサービス提供者が立て替えるような対応をすればよい。また、管理サーバ20と情報サーバ40の間でやり取りされる情報(行動情報、対価の通知)にIDを付与し、管理サーバ20は当該IDと個人情報提供者のサービスユーザIDを対応付けて管理することで、対価を支払う利用者を特定できる。 It should be noted that the service provider and the information center may conclude a contract regarding payment of consideration in advance, and the service provider may reimburse the consideration paid by the information center to the personal information provider. Further, an ID is assigned to the information (behavior information, notification of consideration) exchanged between the management server 20 and the information server 40, and the management server 20 manages the ID in association with the service user ID of the personal information provider. By doing so, it is possible to identify the user who pays the consideration.
 このように、管理サーバ20は、認証成功者に対してサービスの提供が終了すると、端末50に対して、情報提供照会(個人情報の提供可否に関する照会であって、管理サーバ20に記憶された個人情報の項目リストを含む照会)を送信する。端末50は、取得した個人情報のリストを用いて、認証成功者が第三者に提供を許可する個人情報の種類を入力するためのGUIを生成する。端末50は、当該GUIを介して、第三者への提供が許可された個人情報の種類を取得し、当該取得した個人情報の種類を管理サーバ20に送信する。管理サーバ20は、端末50から肯定応答を受信すると、提供が許可された個人情報と提供したサービスの概略を示す概略情報を含む行動情報を情報サーバ40に送信する。 As described above, when the provision of the service to the successful authentication person is completed, the management server 20 makes an information provision inquiry (inquiry regarding whether or not the personal information can be provided, which is stored in the management server 20) to the terminal 50. Inquiries including a list of personal information items) will be sent. The terminal 50 uses the acquired list of personal information to generate a GUI for a successful authentication person to input the type of personal information that is permitted to be provided to a third party. The terminal 50 acquires the type of personal information permitted to be provided to a third party via the GUI, and transmits the acquired type of personal information to the management server 20. When the management server 20 receives the acknowledgment from the terminal 50, the management server 20 transmits the behavior information including the personal information permitted to be provided and the schematic information indicating the outline of the provided service to the information server 40.
 続いて、第1の実施形態に係る認証システムに含まれる各装置の詳細について説明する。 Subsequently, the details of each device included in the authentication system according to the first embodiment will be described.
[認証サーバ]
 図10は、第1の実施形態に係る認証サーバ10の処理構成(処理モジュール)の一例を示す図である。図10を参照すると、認証サーバ10は、通信制御部201と、利用者登録部202と、データベース管理部203と、サービス登録部204と、認証部205と、記憶部206と、を備える。 [Authentication server]
FIG. 10 is a diagram showing an example of a processing configuration (processing module) of the authentication server 10 according to the first embodiment. Referring to FIG. 10, the authentication server 10 includes a communication control unit 201, a user registration unit 202, a database management unit 203, a service registration unit 204, an authentication unit 205, and a storage unit 206.
 通信制御部201は、他の装置との間の通信を制御する手段である。例えば、通信制御部201は、管理サーバ20からデータ(パケット)を受信する。また、通信制御部201は、管理サーバ20に向けてデータを送信する。通信制御部201は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部201は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部201を介して他の装置とデータの送受信を行う。 The communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the management server 20. Further, the communication control unit 201 transmits data to the management server 20. The communication control unit 201 passes the data received from the other device to the other processing module. The communication control unit 201 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 201.
 利用者登録部202は、上述の利用者登録を実現する手段である。利用者登録部202は、利用者(生体認証を用いたサービスの提供を希望する利用者;システム利用者)のユーザID、パスワード、生体情報(顔画像)を取得する。 The user registration unit 202 is a means for realizing the above-mentioned user registration. The user registration unit 202 acquires a user ID, password, and biometric information (face image) of a user (a user who desires to provide a service using biometric authentication; a system user).
 利用者登録部202は、任意の手段を用いて上記3つの情報(ユーザID、パスワード、生体情報)を取得する。例えば、利用者登録部202は、ユーザID、パスワードを決定するためのGUIや入力フォームを端末50に表示する。例えば、利用者登録部202は、図11に示すようなGUIを端末50に表示する。 The user registration unit 202 acquires the above three pieces of information (user ID, password, biometric information) by any means. For example, the user registration unit 202 displays a GUI and an input form for determining a user ID and a password on the terminal 50. For example, the user registration unit 202 displays a GUI as shown in FIG. 11 on the terminal 50.
 利用者登録部202は、GUI等により取得したユーザID、パスワードが既に登録されているユーザID、パスワードと重複していないことを検証する。当該重複が発生していなければ、利用者登録部202は、利用者の生体情報を取得するためのGUIを端末50に表示する。 The user registration unit 202 verifies that the user ID and password acquired by the GUI or the like do not overlap with the already registered user ID and password. If the duplication does not occur, the user registration unit 202 displays a GUI for acquiring the biometric information of the user on the terminal 50.
 例えば、利用者登録部202は、図12に示すようなGUIを端末50に表示する。例えば、利用者は、図12に示す「ファイル選択」ボタンを押下し、システムに登録する顔画像の画像データを指定する。指定された顔画像は、プレビュー領域に表示される(図12では選択顔画像として表示されている)。 For example, the user registration unit 202 displays a GUI as shown in FIG. 12 on the terminal 50. For example, the user presses the "file selection" button shown in FIG. 12 and specifies the image data of the face image to be registered in the system. The designated face image is displayed in the preview area (displayed as a selected face image in FIG. 12).
 利用者登録部202は、例えば、図11、図12に示すようなGUIによりユーザID、パスワード、生体情報(顔画像)を取得すると、顔画像から特徴量(複数の特徴量からなる特徴ベクトル)を生成する。 When the user registration unit 202 acquires a user ID, password, and biometric information (face image) by a GUI as shown in FIGS. 11 and 12, for example, a feature amount (feature vector composed of a plurality of feature amounts) is obtained from the face image. To generate.
 具体的には、利用者登録部202は、取得した顔画像から特徴点を抽出する。なお、特徴点の抽出処理に関しては既存の技術を用いることができるのでその詳細な説明を省略する。例えば、利用者登録部202は、顔画像から目、鼻、口等を特徴点として抽出する。その後、利用者登録部202は、特徴点それぞれの位置や各特徴点間の距離を特徴量として計算し、複数の特徴量からなる特徴ベクトル(顔画像を特徴づけるベクトル情報)を生成する。 Specifically, the user registration unit 202 extracts feature points from the acquired face image. Since existing techniques can be used for the feature point extraction process, detailed description thereof will be omitted. For example, the user registration unit 202 extracts eyes, nose, mouth, and the like as feature points from the face image. After that, the user registration unit 202 calculates the position of each feature point and the distance between each feature point as a feature amount, and generates a feature vector (vector information that characterizes the face image) composed of a plurality of feature amounts.
 利用者登録部202は、ユーザID、パスワード及び上記生成した特徴量をデータベース管理部203に引き渡す。 The user registration unit 202 hands over the user ID, password, and the above-generated feature amount to the database management unit 203.
 データベース管理部203は、認証情報データベースを管理する手段である。認証情報データベースは、システム利用者を特定する情報(ユーザID、パスワード)、生体情報(特徴量)、サービス提供者を特定するサービス提供者ID、各サービスにおいて利用者を特定するサービスユーザIDを対応付けて記憶する。 The database management unit 203 is a means for managing the authentication information database. The authentication information database supports information that identifies system users (user ID, password), biometric information (features), service provider ID that identifies service providers, and service user IDs that identify users in each service. Attach and memorize.
 データベース管理部203は、利用者登録部202から上記3つの情報(ユーザID、パスワード、特徴量)を取得した場合、認証情報データベースに新規エントリを追加する。例えば、利用者U1に関する上記3つの情報を取得した場合には、データベース管理部203は、図13の最下段に示されるエントリを追加する。なお、利用者登録の段階では、サービス提供者IDやサービスユーザIDは生成されていないのでこれらのフィールドには何も設定されない。 When the database management unit 203 acquires the above three pieces of information (user ID, password, feature amount) from the user registration unit 202, the database management unit 203 adds a new entry to the authentication information database. For example, when the above three pieces of information regarding the user U1 are acquired, the database management unit 203 adds the entry shown at the bottom of FIG. At the stage of user registration, since the service provider ID and the service user ID are not generated, nothing is set in these fields.
 サービス登録部204は、システム利用者による個別のサービス登録を実現する手段である。サービス登録部204は、サービス提供者の管理サーバ20から取得するサービス登録要求を処理する。 The service registration unit 204 is a means for realizing individual service registration by system users. The service registration unit 204 processes the service registration request acquired from the management server 20 of the service provider.
 サービス登録部204は、取得したサービス登録要求に含まれるユーザID、パスワードをキーとして認証情報データベースを検索する。サービス登録部204は、特定した利用者(ユーザID、パスワードの組から特定される利用者)のサービス提供者IDフィールドを確認する。 The service registration unit 204 searches the authentication information database using the user ID and password included in the acquired service registration request as keys. The service registration unit 204 confirms the service provider ID field of the specified user (user specified from the set of user ID and password).
 サービス登録部204は、サービス提供者IDフィールドに、管理サーバ20から取得したサービス登録要求に含まれるサービス提供者IDが設定されているか否かを判定する。管理サーバ20から取得したサービス提供者IDが既にデータベースに登録されていれば、サービス登録部204は、その旨を管理サーバ20に通知する。この場合、認証情報データベースには、利用者が登録しようとしているサービス(サービス提供者)は既に登録されているので、サービス登録部204は、サービス登録要求に対する応答として「否定応答」を送信する。 The service registration unit 204 determines whether or not the service provider ID included in the service registration request acquired from the management server 20 is set in the service provider ID field. If the service provider ID acquired from the management server 20 is already registered in the database, the service registration unit 204 notifies the management server 20 to that effect. In this case, since the service (service provider) that the user is trying to register is already registered in the authentication information database, the service registration unit 204 sends a "negative response" as a response to the service registration request.
 対して、特定された利用者のサービス提供者IDフィールドに、サービス登録要求に含まれるサービス提供者IDが設定されていなければ、サービス登録部204は、当該利用者とサービス提供者に対応するサービスユーザIDを生成する。 On the other hand, if the service provider ID included in the service registration request is not set in the service provider ID field of the specified user, the service registration unit 204 will perform the service corresponding to the user and the service provider. Generate a user ID.
 上述のように、サービスユーザIDは、利用者とサービス提供者の組み合わせから一意に定まる識別情報である。例えば、サービス登録部204は、ユーザID、パスワード及びサービス提供者IDを用いてハッシュ値を計算し、当該計算されたハッシュ値をサービスユーザIDとする。具体的には、サービス登録部204は、ユーザID、パスワード及びサービス提供者IDの連結値を計算し、当該計算された連結値のハッシュ値を計算することで、サービスユーザIDを生成する。 As described above, the service user ID is identification information uniquely determined from the combination of the user and the service provider. For example, the service registration unit 204 calculates a hash value using a user ID, a password, and a service provider ID, and uses the calculated hash value as a service user ID. Specifically, the service registration unit 204 calculates a concatenated value of a user ID, a password, and a service provider ID, and generates a service user ID by calculating a hash value of the calculated concatenated value.
 なお、上記ハッシュ値を用いたサービスユーザIDの生成は例示であって、サービスユーザIDの生成方法を限定する趣旨ではない。サービスユーザIDは、システム利用者とサービス提供者の組み合わせを一意に識別できる情報であればどのような情報であってもよい。例えば、サービス登録部204は、サービス登録要求を処理するたびに一意な値を採番しサービスユーザIDとしてもよい。 Note that the generation of the service user ID using the above hash value is an example, and does not mean that the method of generating the service user ID is limited. The service user ID may be any information as long as it can uniquely identify the combination of the system user and the service provider. For example, the service registration unit 204 may assign a unique value as a service user ID each time it processes a service registration request.
 サービスユーザIDを生成すると、サービス登録部204は、ユーザID及びパスワード等と共に、サービス提供者IDとサービスユーザIDをデータベース管理部203に引き渡す。データベース管理部203は、2つのID(サービス提供者ID、サービスユーザID)を認証情報データベースに登録する。例えば、利用者U1がサービス提供者S1についてサービス登録をすると、図14の最下段に示されるエントリに上記2つのIDが追加される。 When the service user ID is generated, the service registration unit 204 hands over the service provider ID and the service user ID to the database management unit 203 together with the user ID and password. The database management unit 203 registers two IDs (service provider ID and service user ID) in the authentication information database. For example, when the user U1 registers the service for the service provider S1, the above two IDs are added to the entry shown at the bottom of FIG.
 サービス登録はサービス提供者ごとに行われるため、1人の利用者に複数のサービス提供者、サービスユーザIDが設定されることがある。例えば、利用者U1がサービス提供者S1、S2のそれぞれに関してサービス登録を行った場合には、図15の2行目、3行目のエントリが生成される。なお、利用者U2がサービス提供者S1に関してサービス登録を行った場合には、図15の最下段のエントリが生成される。 Since service registration is performed for each service provider, multiple service providers and service user IDs may be set for one user. For example, when the user U1 registers the service for each of the service providers S1 and S2, the entries in the second and third lines of FIG. 15 are generated. When the user U2 registers the service with respect to the service provider S1, the entry at the bottom of FIG. 15 is generated.
 図15等に示す認証情報データベースは例示であって、認証情報データベースが記憶する情報を制限する趣旨ではない。例えば、認証用の特徴量に替えて顔画像が認証情報データベースに登録されていてもよい。即ち、認証の都度、認証情報データベースに登録された顔画像から特徴量が生成されてもよい。 The authentication information database shown in FIG. 15 and the like is an example, and does not mean to limit the information stored in the authentication information database. For example, the face image may be registered in the authentication information database instead of the feature amount for authentication. That is, each time the authentication is performed, the feature amount may be generated from the face image registered in the authentication information database.
 サービス提供者ID、サービスユーザIDが認証情報データベースに登録されると、サービス登録部204は、サービス登録要求が正常に処理されたことを管理サーバ20に通知する。サービス登録部204は、サービス登録要求に対する応答として「肯定応答」を送信する。その際、サービス登録部204は、サービスユーザIDを含む応答を管理サーバ20に送信する。 When the service provider ID and the service user ID are registered in the authentication information database, the service registration unit 204 notifies the management server 20 that the service registration request has been processed normally. The service registration unit 204 transmits an “acceptance response” as a response to the service registration request. At that time, the service registration unit 204 sends a response including the service user ID to the management server 20.
 認証部205は、システム利用者の認証処理を行う手段である。認証部205は、サービス提供者の管理サーバ20から受信する認証要求を処理する。 The authentication unit 205 is a means for performing authentication processing for system users. The authentication unit 205 processes the authentication request received from the management server 20 of the service provider.
 認証部205は、認証要求に含まれる特徴量とサービス提供者IDを取り出す。認証部205は、取り出した特徴量とサービス提供者IDをキーとして認証情報データベースを検索し、対応するサービスユーザIDを特定する。 The authentication unit 205 retrieves the feature amount and the service provider ID included in the authentication request. The authentication unit 205 searches the authentication information database using the extracted feature amount and the service provider ID as keys, and identifies the corresponding service user ID.
 認証部205は、認証要求から取り出した特徴量を照合側の特徴量、データベースに格納された特徴量を登録側の特徴量にそれぞれ設定し、1対N照合を実行する。具体的には、認証部205は、照合側と複数の登録側それぞれの特徴量との間の類似度を計算する。当該類似度には、カイ二乗距離やユークリッド距離等を用いることができる。なお、距離が離れているほど類似度は低く、距離が近いほど類似度が高い。 The authentication unit 205 sets the feature amount extracted from the authentication request as the feature amount on the collation side and the feature amount stored in the database as the feature amount on the registration side, and executes one-to-N verification. Specifically, the authentication unit 205 calculates the degree of similarity between the matching side and the feature quantities of each of the plurality of registered sides. For the similarity, a chi-square distance, an Euclidean distance, or the like can be used. The farther the distance is, the lower the similarity is, and the closer the distance is, the higher the similarity is.
 認証部205は、データベースに登録された複数の特徴量のうち、照合対象の特徴量との間の類似度が所定の値以上の特徴量が存在するか否かを判定する。そのような特徴量が存在する場合、認証部205は、最も類似度が高い特徴量に対応する利用者(ユーザID、パスワード)を特定する。認証部205は、上記1対N照合により特定した利用者に対応付けられている少なくとも1以上のサービス提供者IDのうち、認証要求に含まれるサービス提供者IDに一致するエントリが存在するか否かを判定する。 The authentication unit 205 determines whether or not there is a feature amount whose similarity with the feature amount to be collated is equal to or higher than a predetermined value among a plurality of feature amounts registered in the database. When such a feature amount exists, the authentication unit 205 identifies a user (user ID, password) corresponding to the feature amount having the highest degree of similarity. Whether or not the authentication unit 205 has an entry matching the service provider ID included in the authentication request among at least one service provider ID associated with the user specified by the one-to-N collation. Is determined.
 上記のようなエントリが存在する場合(上記2つの判定に成功した場合)、認証部205は、利用者の認証に成功したと判断する。この場合、認証部205は、認証要求の送信元である管理サーバ20に「肯定応答」を送信する。その際、認証部205は、特定したエントリのサービスユーザIDを含む応答(認証要求に対する応答)を生成し、管理サーバ20に送信する。 If the above entry exists (successful in the above two determinations), the authentication unit 205 determines that the user authentication has been successful. In this case, the authentication unit 205 sends an “acceptance response” to the management server 20 that is the source of the authentication request. At that time, the authentication unit 205 generates a response (response to the authentication request) including the service user ID of the specified entry and sends it to the management server 20.
 上記2つの判定のうち少なくとも一方の判定に失敗した場合、認証部205は、利用者の認証に失敗したと判断する。この場合、認証部205は、認証要求の送信元である管理サーバ20に「否定応答」を送信する。 If at least one of the above two determinations fails, the authentication unit 205 determines that the user's authentication has failed. In this case, the authentication unit 205 transmits a "negative response" to the management server 20 that is the source of the authentication request.
 例えば、図15の例では、「FV1」の特徴量と「S1」のサービス提供者IDが認証要求に含まれる場合、特徴量FV1により2行目、3行目のエントリ(利用者)が特定され、サービス提供者ID「S1」により2行目のエントリが特定される。その結果、上記認証要求は正常に処理され、「U1S1」というサービスユーザIDを含む肯定応答が、管理サーバ20に送信される。 For example, in the example of FIG. 15, when the feature amount of "FV1" and the service provider ID of "S1" are included in the authentication request, the entry (user) in the second line and the third line is specified by the feature amount FV1. Then, the entry in the second line is specified by the service provider ID "S1". As a result, the authentication request is processed normally, and an acknowledgment including the service user ID "U1S1" is transmitted to the management server 20.
 対して、「FV2」の特徴量と「S2」のサービス提供者IDが認証要求に含まれる場合、特徴量により最下段のエントリが特定されるが、当該エントリのサービス提供者IDは「S2」ではなく「S1」であるので、上記認証要求は正常に処理されない。その結果、管理サーバ20には否定応答が送信される。 On the other hand, when the feature amount of "FV2" and the service provider ID of "S2" are included in the authentication request, the entry at the bottom is specified by the feature amount, but the service provider ID of the entry is "S2". Since it is "S1" instead of "S1", the above authentication request is not processed normally. As a result, a negative response is transmitted to the management server 20.
 記憶部206は、認証サーバ10の動作に必要な情報を記憶する。記憶部206には、認証情報データベースが構築される。 The storage unit 206 stores information necessary for the operation of the authentication server 10. An authentication information database is constructed in the storage unit 206.
[管理サーバ]
 図16は、第1の実施形態に係る管理サーバ20の処理構成(処理モジュール)の一例を示す図である。図16を参照すると、管理サーバ20は、通信制御部301と、個人情報取得部302と、サービス登録要求部303と、データベース管理部304と、認証要求部305と、行動情報提供部306と、記憶部307と、を備える。 [Management server]
FIG. 16 is a diagram showing an example of a processing configuration (processing module) of the management server 20 according to the first embodiment. Referring to FIG. 16, the management server 20 includes a communication control unit 301, a personal information acquisition unit 302, a service registration request unit 303, a database management unit 304, an authentication request unit 305, and an action information provision unit 306. A storage unit 307 is provided.
 通信制御部301は、他の装置との間の通信を制御する手段である。例えば、通信制御部301は、認証サーバ10からデータ(パケット)を受信する。また、通信制御部301は、認証サーバ10に向けてデータを送信する。通信制御部301は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部301は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部301を介して他の装置とデータの送受信を行う。 The communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packet) from the authentication server 10. Further, the communication control unit 301 transmits data to the authentication server 10. The communication control unit 301 passes the data received from the other device to the other processing module. The communication control unit 301 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from other devices via the communication control unit 301.
 個人情報取得部302は、サービス提供者がサービスを提供する際に必要となる個人情報を取得する手段である。例えば、サービス提供者が「小売店」である場合には、個人情報取得部302は、利用者の氏名等に加えて、代金決済に関する情報(例えば、クレジットカードの情報、銀行口座の情報)を取得する。あるいは、サービス提供者が「ホテル事業者」である場合には、個人情報取得部302は、氏名等に加え、宿泊に関する予約情報(例えば、宿泊日等)を取得する。 The personal information acquisition unit 302 is a means for acquiring personal information required when a service provider provides a service. For example, when the service provider is a "retail store", the personal information acquisition unit 302 provides information related to payment (for example, credit card information, bank account information) in addition to the user's name and the like. get. Alternatively, when the service provider is a "hotel operator", the personal information acquisition unit 302 acquires reservation information (for example, accommodation date, etc.) related to accommodation in addition to the name and the like.
 個人情報取得部302は、個人情報提供可否に関する照会(情報提供照会)を送信するための連絡先(例えば、端末50で受信可能なメールアドレス)と、情報サーバ40からの対価を受け取るための対価受取情報も利用者から取得する。 The personal information acquisition unit 302 receives a contact (for example, an e-mail address that can be received by the terminal 50) for sending an inquiry (information provision inquiry) regarding whether or not personal information can be provided, and a consideration for receiving the consideration from the information server 40. Receipt information is also obtained from the user.
 さらに、個人情報取得部302は、上記氏名等の個人情報に加え、利用者がシステム登録する際に決定したユーザID、パスワードを取得する。 Further, the personal information acquisition unit 302 acquires the user ID and password determined when the user registers the system, in addition to the personal information such as the above name.
 個人情報取得部302は、個人情報、ユーザID、パスワードを任意の手段を用いて取得する。例えば、個人情報取得部302は、上記情報を入力するためのGUIやフォームを端末50に表示する(図17参照)。あるいは、図17に示すような情報が、サービス提供者が管理、運営するWEBページに表示されていてもよい。あるいは、端末50が、サービス提供者が提供するアプリケーションをダウンロードし、当該アプリケーションにより図17に示すような表示が行われてもよい。とりわけ、当該WEBページは、サービス提供者の会員情報を管理するWEBページであってもよい。即ち、各サービス提供者の会員が、自身の会員情報を管理するWEBページにてサービス登録が行われてもよい。 The personal information acquisition unit 302 acquires personal information, a user ID, and a password by any means. For example, the personal information acquisition unit 302 displays a GUI or a form for inputting the above information on the terminal 50 (see FIG. 17). Alternatively, the information shown in FIG. 17 may be displayed on the WEB page managed and operated by the service provider. Alternatively, the terminal 50 may download the application provided by the service provider and display as shown in FIG. 17 by the application. In particular, the WEB page may be a WEB page that manages member information of a service provider. That is, the member of each service provider may register the service on the WEB page that manages his / her member information.
 個人情報取得部302は、GUI等を用いて取得した個人情報(連絡先、対価受取情報を含む個人情報)、ユーザID、パスワードをサービス登録要求部303に引き渡す。 The personal information acquisition unit 302 delivers the personal information (personal information including contact information and consideration receipt information), user ID, and password acquired using the GUI or the like to the service registration request unit 303.
 サービス登録要求部303は、認証サーバ10に対して、利用者のサービス利用に関する登録を要求(依頼)する手段である。 The service registration request unit 303 is a means for requesting (requesting) the authentication server 10 to register the user regarding the use of the service.
 サービス登録要求部303は、個人情報取得部302から取得した上記3つの情報(個人情報、ユーザID、パスワード)のうち、ユーザIDとパスワードを選択する。サービス登録要求部303は、当該選択したユーザID、パスワードとサービス提供者IDを含むサービス登録要求を認証サーバ10に送信する。 The service registration request unit 303 selects a user ID and password from the above three pieces of information (personal information, user ID, password) acquired from the personal information acquisition unit 302. The service registration request unit 303 transmits a service registration request including the selected user ID, password and service provider ID to the authentication server 10.
 サービス登録要求部303は、認証サーバ10からサービス登録要求に対する応答を取得する。取得した応答が「否定応答」である場合には、サービス登録要求部303は、その旨を利用者に通知する。例えば、サービス登録要求部303は、サービス登録は既に行われている旨を利用者に通知する。 The service registration request unit 303 acquires a response to the service registration request from the authentication server 10. If the acquired response is a "negative response", the service registration requesting unit 303 notifies the user to that effect. For example, the service registration request unit 303 notifies the user that the service registration has already been performed.
 取得した応答が「肯定応答」である場合には、サービス登録要求部303は、サービス登録に成功した旨を利用者に通知する。また、サービス登録要求部303は、上記応答に含まれるサービスユーザIDと、個人情報取得部302から取得した個人情報(氏名、性別、住所、家族構成、連絡先、対価受取情報等)と、をデータベース管理部304に引き渡す。 If the acquired response is an "affirmative response", the service registration requesting unit 303 notifies the user that the service registration has been successful. Further, the service registration request unit 303 includes the service user ID included in the above response and personal information (name, gender, address, family structure, contact information, consideration receipt information, etc.) acquired from the personal information acquisition unit 302. Hand over to the database management unit 304.
 データベース管理部304は、利用者情報データベースを管理する手段である。利用者情報データベースは、サービス提供の対象となっている利用者(システム利用者)の情報を管理するデータベースである。利用者情報データベースは、当該利用者の個人情報(例えば、氏名等)と認証サーバ10から取得したサービスユーザIDを対応付けて記憶する。 The database management unit 304 is a means for managing the user information database. The user information database is a database that manages information on users (system users) who are the targets of service provision. The user information database stores the personal information (for example, name, etc.) of the user in association with the service user ID acquired from the authentication server 10.
 データベース管理部304は、サービス登録要求部303から上記情報(個人情報、サービスユーザID)を取得すると、利用者情報データベースに新規エントリを追加する。例えば、サービス提供者S1の管理サーバ20が、利用者U1に関する上記情報を取得した場合には、図18の最下段に示されるエントリが追加される。 When the database management unit 304 acquires the above information (personal information, service user ID) from the service registration request unit 303, it adds a new entry to the user information database. For example, when the management server 20 of the service provider S1 acquires the above information regarding the user U1, the entry shown at the bottom of FIG. 18 is added.
 認証要求部305は、認証サーバ10に対して利用者の認証を要求する手段である。 The authentication request unit 305 is a means for requesting the user's authentication from the authentication server 10.
 認証要求部305は、認証端末30から生体情報(顔画像)を取得すると、当該顔画像から特徴量を生成する。認証要求部305は、生成した特徴量とサービス提供者IDを含む認証要求を認証サーバ10に送信する。 When the authentication request unit 305 acquires biometric information (face image) from the authentication terminal 30, it generates a feature amount from the face image. The authentication request unit 305 transmits an authentication request including the generated feature amount and the service provider ID to the authentication server 10.
 認証サーバ10からの応答が「否定応答」の場合(認証失敗の場合)には、認証要求部305は、その旨を認証端末30に通知する。 When the response from the authentication server 10 is a "negative response" (in the case of an authentication failure), the authentication request unit 305 notifies the authentication terminal 30 to that effect.
 認証サーバ10からの応答が「肯定応答」の場合(認証成功の場合)には、認証要求部305は、認証サーバ10からの応答に含まれるサービスユーザIDを取り出す。認証要求部305は、当該サービスユーザIDをキーとして利用者情報データベースを検索し、対応するエントリを特定する。 When the response from the authentication server 10 is an "affirmative response" (when the authentication is successful), the authentication request unit 305 retrieves the service user ID included in the response from the authentication server 10. The authentication request unit 305 searches the user information database using the service user ID as a key, and identifies the corresponding entry.
 認証要求部305は、当該特定したエントリの個人情報を読み出し、認証端末30に送信する。例えば、図18の例では、サービスユーザIDが「U1S1」であれば、最下段の個人情報が認証端末30に送信される。なお、認証要求部305は、認証端末30によるサービスの提供に不要な個人情報は認証端末30に送信する必要はない。例えば、情報提供照会の連絡先や対価受取情報がサービスの提供に必要なければ、これらの情報が認証端末30に送信されなくともよい。 The authentication request unit 305 reads out the personal information of the specified entry and sends it to the authentication terminal 30. For example, in the example of FIG. 18, if the service user ID is "U1S1", the personal information at the bottom is transmitted to the authentication terminal 30. The authentication requesting unit 305 does not need to transmit personal information unnecessary for providing the service by the authentication terminal 30 to the authentication terminal 30. For example, if the contact information for the information provision inquiry and the consideration receipt information are not necessary for providing the service, such information may not be transmitted to the authentication terminal 30.
 行動情報提供部306は、生体認証によるサービス提供時における利用者の行動に関する情報(行動情報)を情報サーバ40に提供する手段である。 The behavior information providing unit 306 is a means for providing information (behavior information) regarding the user's behavior at the time of providing a service by biometric authentication to the information server 40.
 行動情報提供部306は、認証端末30から「サービス提供終了通知」を受信すると、利用者(認証成功者;生体認証によるサービス提供を受けた利用者)の所持する端末50に対して「情報提供照会」を送信する。上述のように、当該照会には、管理サーバ20が記憶している個人情報の一覧とサービスユーザIDが含まれる。 When the behavior information providing unit 306 receives the "service provision end notification" from the authentication terminal 30, the behavior information providing unit 306 "provides information" to the terminal 50 possessed by the user (authentication successful person; user who received the service provision by biometric authentication). Send an inquiry. As described above, the inquiry includes a list of personal information stored in the management server 20 and a service user ID.
 情報提供照会に対する応答が否定応答(個人情報の提供を拒否)の場合には、行動情報提供部306は、概略情報を生成し、当該概略情報を「行動情報」として情報サーバ40に送信する。なお、概略情報は、利用者を特定できるような情報を含まず、生体認証によりサービスの提供が行われた事実とその簡潔な内容を情報サーバ40に通知するための情報である。そのため、管理サーバ20は、利用者の商品購入代金や宿泊の実績等を概略情報に含めてもよい。 When the response to the information provision inquiry is a negative response (denial of provision of personal information), the behavior information providing unit 306 generates schematic information and sends the schematic information to the information server 40 as "behavior information". The schematic information does not include information that can identify the user, and is information for notifying the information server 40 of the fact that the service was provided by biometric authentication and its brief contents. Therefore, the management server 20 may include the user's product purchase price, accommodation record, and the like in the schematic information.
 情報提供照会に対する応答が肯定応答(個人情報の提供を承諾)の場合には、行動情報提供部306は、当該応答に含まれるサービスユーザIDにより利用者を特定する。さらに、行動情報提供部306は、当該特定した利用者に関する個人情報のうち、利用者により提供が許可された個人情報を利用者情報データベースから読み出す。行動情報提供部306は、当該読み出した個人情報と概略情報を「行動情報」として情報サーバ40に送信する。 When the response to the information provision inquiry is an acknowledgment (acceptance of provision of personal information), the behavior information providing unit 306 identifies the user by the service user ID included in the response. Further, the behavior information providing unit 306 reads out from the user information database the personal information permitted to be provided by the user among the personal information about the specified user. The action information providing unit 306 transmits the read personal information and the outline information to the information server 40 as "behavior information".
 個人情報と概略情報を含む行動情報を送信する際、行動情報提供部306は、送信する行動情報を識別可能とするID(行動情報ID)を生成し、当該IDを含む行動情報を情報サーバ40に送信する(図19参照)。行動情報提供部306は、行動情報IDとサービスユーザIDを対応付けて記憶する。 When transmitting behavior information including personal information and summary information, the behavior information providing unit 306 generates an ID (behavior information ID) that enables identification of the behavior information to be transmitted, and the behavior information including the ID is transmitted to the information server 40. (See FIG. 19). The action information providing unit 306 stores the action information ID and the service user ID in association with each other.
 行動情報提供部306は、対価に関する通知を情報サーバ40から受信すると、当該通知に含まれる行動情報IDを取り出し、対応する利用者(サービスユーザID)を特定する。行動情報提供部306は、特定したサービスユーザIDをキーとして利用者情報データベースを検索し、対応するエントリを特定する。行動情報提供部306は、特定したエントリの対価受取情報を参照し、対価の支払先を取得する。行動情報提供部306は、当該支払先に情報サーバ40から通知された対価を支払う。 When the behavior information providing unit 306 receives the notification regarding the consideration from the information server 40, the behavior information providing unit 306 extracts the behavior information ID included in the notification and identifies the corresponding user (service user ID). The behavior information providing unit 306 searches the user information database using the specified service user ID as a key, and identifies the corresponding entry. The action information providing unit 306 refers to the consideration receiving information of the specified entry and acquires the payee of the consideration. The behavior information providing unit 306 pays the payee the consideration notified from the information server 40.
 記憶部307は、管理サーバ20の動作に必要な情報を記憶する。利用者情報データベースは記憶部307に構築される。 The storage unit 307 stores information necessary for the operation of the management server 20. The user information database is built in the storage unit 307.
[認証端末]
 認証端末30は、利用者から取得した生体情報を管理サーバ20に送信することで、管理サーバ20から利用者の個人情報を取得する。認証端末30は、当該取得した個人情報を用いて利用者にサービスを提供する。 [Authentication terminal]
The authentication terminal 30 acquires the user's personal information from the management server 20 by transmitting the biometric information acquired from the user to the management server 20. The authentication terminal 30 provides a service to the user by using the acquired personal information.
 図20は、第1の実施形態に係る認証端末30の処理構成(処理モジュール)の一例を示す図である。図20を参照すると、認証端末30は、通信制御部401と、生体情報取得部402と、サービス提供部403と、メッセージ出力部404と、記憶部405と、を備える。 FIG. 20 is a diagram showing an example of a processing configuration (processing module) of the authentication terminal 30 according to the first embodiment. Referring to FIG. 20, the authentication terminal 30 includes a communication control unit 401, a biometric information acquisition unit 402, a service providing unit 403, a message output unit 404, and a storage unit 405.
 通信制御部401は、他の装置との間の通信を制御する手段である。例えば、通信制御部401は、管理サーバ20からデータ(パケット)を受信する。また、通信制御部401は、管理サーバ20に向けてデータを送信する。通信制御部401は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部401は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部401を介して他の装置とデータの送受信を行う。 The communication control unit 401 is a means for controlling communication with other devices. For example, the communication control unit 401 receives data (packets) from the management server 20. Further, the communication control unit 401 transmits data to the management server 20. The communication control unit 401 passes the data received from the other device to the other processing module. The communication control unit 401 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from other devices via the communication control unit 401.
 生体情報取得部402は、カメラを制御し、利用者の生体情報(顔画像)を取得する手段である。生体情報取得部402は、定期的又は所定のタイミングにおいて自装置の前方を撮像する。生体情報取得部402は、取得した画像に人の顔画像が含まれるか否かを判定し、顔画像が含まれる場合には取得した画像データから顔画像を抽出する。 The biometric information acquisition unit 402 is a means for controlling the camera and acquiring the biometric information (face image) of the user. The biological information acquisition unit 402 images the front of the own device at regular intervals or at predetermined timings. The biological information acquisition unit 402 determines whether or not the acquired image includes a human face image, and if the acquired image includes a face image, extracts the face image from the acquired image data.
 なお、生体情報取得部402による顔画像の検出処理や顔画像の抽出処理には既存の技術を用いることができるので詳細な説明を省略する。例えば、生体情報取得部402は、CNN(Convolutional Neural Network)により学習された学習モデルを用いて、画像データの中から顔画像(顔領域)を抽出してもよい。あるいは、生体情報取得部402は、テンプレートマッチング等の手法を用いて顔画像を抽出してもよい。 Since the existing technology can be used for the face image detection process and the face image extraction process by the biological information acquisition unit 402, detailed description thereof will be omitted. For example, the biological information acquisition unit 402 may extract a face image (face region) from the image data by using a learning model learned by CNN (Convolutional Neural Network). Alternatively, the biological information acquisition unit 402 may extract a face image by using a technique such as template matching.
 生体情報取得部402は、抽出した顔画像をサービス提供部403に引き渡す。 The biometric information acquisition unit 402 delivers the extracted face image to the service provision unit 403.
 サービス提供部403は、所定のサービスを利用者に提供する手段である。サービス提供部403は、生体情報取得部402から取得した顔画像を管理サーバ20に送信する。管理サーバ20は、当該顔画像に対応する個人情報(例えば、氏名等)を返信する。サービス提供部403は、当該返信された個人情報を用いて、利用者にサービスを提供する。サービス提供部403は、利用者に対してサービスの提供が終了すると、管理サーバ20に「サービス提供終了通知」を送信する。 The service providing unit 403 is a means for providing a predetermined service to the user. The service providing unit 403 transmits the face image acquired from the biometric information acquisition unit 402 to the management server 20. The management server 20 returns personal information (for example, name, etc.) corresponding to the face image. The service providing unit 403 provides the service to the user by using the returned personal information. When the service provision to the user is completed, the service providing unit 403 sends a "service provision end notification" to the management server 20.
 メッセージ出力部404は、利用者に対して種々のメッセージを出力する手段である。例えば、メッセージ出力部404は、利用者の認証結果に関するメッセージや、サービス提供に関するメッセージを出力する。メッセージ出力部404は、液晶モニタ等の表示デバイスを用いてメッセージを表示してもよいし、スピーカー等の音響機器を用いて音声メッセージを再生してもよい。 The message output unit 404 is a means for outputting various messages to the user. For example, the message output unit 404 outputs a message regarding the user's authentication result and a message regarding service provision. The message output unit 404 may display a message using a display device such as a liquid crystal monitor, or may reproduce a voice message using an audio device such as a speaker.
 記憶部405は、認証端末30の動作に必要な情報を記憶する。 The storage unit 405 stores information necessary for the operation of the authentication terminal 30.
[情報サーバ]
 図21は、第1の実施形態に係る情報サーバ40の処理構成(処理モジュール)の一例を示す図である。図21を参照すると、情報サーバ40は、通信制御部501と、行動情報処理部502と、記憶部503と、を備える。 [Information server]
FIG. 21 is a diagram showing an example of a processing configuration (processing module) of the information server 40 according to the first embodiment. Referring to FIG. 21, the information server 40 includes a communication control unit 501, an action information processing unit 502, and a storage unit 503.
 通信制御部501は、他の装置との間の通信を制御する手段である。例えば、通信制御部501は、管理サーバ20からデータ(パケット)を受信する。また、通信制御部501は、管理サーバ20に向けてデータを送信する。通信制御部501は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部501は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部501を介して他の装置とデータの送受信を行う。 The communication control unit 501 is a means for controlling communication with other devices. For example, the communication control unit 501 receives data (packets) from the management server 20. Further, the communication control unit 501 transmits data to the management server 20. The communication control unit 501 passes the data received from the other device to the other processing module. The communication control unit 501 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 501.
 行動情報処理部502は、管理サーバ20から取得した行動情報を処理する手段である。行動情報処理部502は、取得した行動情報を記憶部503に記憶する。 The behavior information processing unit 502 is a means for processing the behavior information acquired from the management server 20. The behavior information processing unit 502 stores the acquired behavior information in the storage unit 503.
 行動情報処理部502は、取得した行動情報に個人情報(例えば、氏名、年齢等)が含まれている場合には、当該行動情報の提供者(個人情報提供者)に支払う対価を決定する。例えば、行動情報処理部502は、図22に示すような得られた個人情報の種別と支払う対価(金額、ポイント等)を定めたテーブル情報を参照し、対価を決定する。行動情報処理部502は、提供された個人情報それぞれの種類に対応する対価の合計を計算し、個人情報提供者に支払う対価とする。なお、情報センターは、提供される情報の価値に応じて対価の多寡を定める。 When the acquired behavior information includes personal information (for example, name, age, etc.), the behavior information processing unit 502 determines the consideration to be paid to the provider of the behavior information (personal information provider). For example, the behavior information processing unit 502 determines the consideration by referring to the table information that defines the type of the obtained personal information and the consideration (amount, points, etc.) to be paid as shown in FIG. 22. The behavior information processing unit 502 calculates the total amount of consideration corresponding to each type of personal information provided, and uses it as the consideration to be paid to the personal information provider. The information center determines the amount of consideration according to the value of the information provided.
 行動情報処理部502は、決定した対価を管理サーバ20に通知する。 The behavior information processing unit 502 notifies the management server 20 of the determined consideration.
 記憶部503は、情報サーバ40の動作の必要な情報を記憶する手段である。 The storage unit 503 is a means for storing information necessary for the operation of the information server 40.
 情報サーバ40は、蓄積された行動情報を解析し、事業者等に販売するための情報を生成する。しかし、当該機能は本願の趣旨とは異なるため、当該機能に関する説明は省略する。 The information server 40 analyzes the accumulated behavior information and generates information for selling to a business operator or the like. However, since the function is different from the purpose of the present application, the description of the function will be omitted.
 このように、情報サーバ40は、利用者(サービス提供を受けた認証成功者)から提供された個人情報の種類に応じて当該利用者に支払う対価を決定する。また、情報サーバ40は、利用者に支払う対価を管理サーバ20に通知する。管理サーバ20は、利用者の対価受取情報に基づき通知された対価を支払う。 In this way, the information server 40 determines the consideration to be paid to the user according to the type of personal information provided by the user (authentication successful person who received the service provision). Further, the information server 40 notifies the management server 20 of the consideration paid to the user. The management server 20 pays the consideration notified based on the consideration receipt information of the user.
[端末]
 図23は、第1の実施形態に係る端末50の処理構成(処理モジュール)の一例を示す図である。図23を参照すると、端末50は、通信制御部601と、個人情報制御部602と、記憶部603と、を備える。 [Terminal]
FIG. 23 is a diagram showing an example of a processing configuration (processing module) of the terminal 50 according to the first embodiment. Referring to FIG. 23, the terminal 50 includes a communication control unit 601, a personal information control unit 602, and a storage unit 603.
 通信制御部601は、他の装置との間の通信を制御する手段である。例えば、通信制御部601は、管理サーバ20からデータ(パケット)を受信する。また、通信制御部601は、管理サーバ20に向けてデータを送信する。通信制御部601は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部601は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部601を介して他の装置とデータの送受信を行う。 The communication control unit 601 is a means for controlling communication with other devices. For example, the communication control unit 601 receives data (packets) from the management server 20. Further, the communication control unit 601 transmits data to the management server 20. The communication control unit 601 passes the data received from the other device to the other processing module. The communication control unit 601 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 601.
 個人情報制御部602は、利用者の意思に応じてサービス提供者が保持する個人情報を情報サーバ40に提供するか否かを制御する手段である。 The personal information control unit 602 is a means for controlling whether or not to provide the personal information held by the service provider to the information server 40 according to the intention of the user.
 個人情報制御部602は、管理サーバ20から情報提供照会を受信すると、管理サーバ20に記憶された個人情報を情報サーバ40に提供することを承諾するか否かに関する利用者の意思を取得する。具体的には、個人情報制御部602は、図7に示すようなGUIを表示し、個人情報提供に対する包括的(全体的)な利用者の意思を取得する。 When the personal information control unit 602 receives the information provision inquiry from the management server 20, the personal information control unit 602 acquires the user's intention as to whether or not to consent to provide the personal information stored in the management server 20 to the information server 40. Specifically, the personal information control unit 602 displays a GUI as shown in FIG. 7 and acquires a comprehensive (overall) user's intention to provide personal information.
 利用者に個人情報を提供する意思がなければ、個人情報制御部602は、その旨を管理サーバ20に通知する。具体的には、個人情報制御部602は、情報提供照会に対する否定応答を管理サーバ20に送信する。 If the user does not intend to provide personal information, the personal information control unit 602 notifies the management server 20 to that effect. Specifically, the personal information control unit 602 sends a negative response to the information provision inquiry to the management server 20.
 利用者に個人情報を提供する意思があれば、個人情報制御部602は、図8、図9に示すようなGUIを表示し、情報センター(第三者)に対して提供を許可する個人情報の種類を取得する。個人情報制御部602は、図8、図9に示す個人情報の種類に関し、管理サーバ20から取得する個人情報の項目一覧に基づいて決定する。図8、図9では、利用者が第三者に提供可能な個人情報を選択するインターフェイスを図示しているが、各個人情報について提供許可、提供拒否(YES、NO)を設定するようなインターフェイスが用いられてもよい。 If the user intends to provide personal information, the personal information control unit 602 displays a GUI as shown in FIGS. 8 and 9, and personal information is permitted to be provided to the information center (third party). Get the type of. The personal information control unit 602 determines the types of personal information shown in FIGS. 8 and 9 based on a list of items of personal information acquired from the management server 20. 8 and 9 show an interface for selecting personal information that can be provided to a third party by the user, but an interface for setting provision permission and provision refusal (YES, NO) for each personal information. May be used.
 サービス提供者(管理サーバ20)が異なれば、管理サーバ20が記憶している個人情報も異なる。従って、管理サーバ20から取得した個人情報の項目一覧を参照することで、個人情報制御部602が情報サーバ40に提供できない個人情報の選択を利用者に要求することもない。 If the service provider (management server 20) is different, the personal information stored in the management server 20 will also be different. Therefore, by referring to the item list of personal information acquired from the management server 20, the personal information control unit 602 does not request the user to select personal information that cannot be provided to the information server 40.
 個人情報制御部602は、図8、図9に示すGUIにより取得した個人情報の種類を管理サーバ20に送信する。具体的には、個人情報制御部602は、当該利用者により許可された個人情報の種類を含む肯定応答を管理サーバ20に送信する。 The personal information control unit 602 transmits the type of personal information acquired by the GUI shown in FIGS. 8 and 9 to the management server 20. Specifically, the personal information control unit 602 transmits an acknowledgment including the type of personal information permitted by the user to the management server 20.
 記憶部603は、端末50の動作に必要な情報を記憶する。 The storage unit 603 stores information necessary for the operation of the terminal 50.
[システムの動作]
 続いて、第1の実施形態に係る認証システムの動作について説明する。なお、動作の説明は、サービス登録フェーズ、サービス提供フェーズ及び情報収集フェーズについて行い、利用者登録フェーズに関する説明を省略する。 [System operation]
Subsequently, the operation of the authentication system according to the first embodiment will be described. The operation will be described for the service registration phase, the service provision phase, and the information collection phase, and the description regarding the user registration phase will be omitted.
 図24は、第1の実施形態に係る認証システムのサービス登録フェーズに関する動作の一例を示すシーケンス図である。 FIG. 24 is a sequence diagram showing an example of the operation related to the service registration phase of the authentication system according to the first embodiment.
 管理サーバ20は、利用者から個人情報(サービスを提供するために必要な情報)、ユーザID、パスワードを取得する(ステップS01)。 The management server 20 acquires personal information (information necessary for providing the service), user ID, and password from the user (step S01).
 管理サーバ20は、取得したユーザID及びパスワードとサービス提供者IDを含むサービス登録要求を認証サーバ10に送信する(ステップS02)。 The management server 20 transmits a service registration request including the acquired user ID, password, and service provider ID to the authentication server 10 (step S02).
 認証サーバ10は、取得したユーザID、パスワード及びサービス提供者IDを用いてサービスユーザIDを生成する(ステップS03)。 The authentication server 10 generates a service user ID using the acquired user ID, password, and service provider ID (step S03).
 認証サーバ10は、サービス提供者IDとサービスユーザIDを認証情報データベースに格納する(ステップS04)。 The authentication server 10 stores the service provider ID and the service user ID in the authentication information database (step S04).
 認証サーバ10は、サービスユーザIDを含む応答(サービス登録要求に対する応答)を管理サーバ20に送信する(ステップS05)。 The authentication server 10 transmits a response including the service user ID (response to the service registration request) to the management server 20 (step S05).
 管理サーバ20は、ステップS01にて取得した個人情報と、認証サーバ10から取得したサービスユーザIDを対応付けて、利用者情報データベースに格納する(ステップS06)。 The management server 20 associates the personal information acquired in step S01 with the service user ID acquired from the authentication server 10 and stores it in the user information database (step S06).
 このように、管理サーバ20は、ユーザID、パスワード、サービス提供者IDを含む認証要求を認証サーバ10に送信することで、サービスユーザIDを取得する。管理サーバ20は、当該取得したサービスユーザIDと利用者の個人情報を対応付けて記憶する。 In this way, the management server 20 acquires the service user ID by transmitting the authentication request including the user ID, password, and service provider ID to the authentication server 10. The management server 20 stores the acquired service user ID in association with the personal information of the user.
 図25は、第1の実施形態に係る認証システムのサービス提供フェーズに関する動作の一例を示すシーケンス図である。 FIG. 25 is a sequence diagram showing an example of the operation related to the service provision phase of the authentication system according to the first embodiment.
 認証端末30は、利用者の顔画像(生体情報)を取得し、当該取得した顔画像を管理サーバ20に送信する(ステップS11)。 The authentication terminal 30 acquires a user's face image (biological information) and transmits the acquired face image to the management server 20 (step S11).
 管理サーバ20は、取得した顔画像から特徴量を生成する(ステップS12)。 The management server 20 generates a feature amount from the acquired face image (step S12).
 管理サーバ20は、当該生成された特徴量とサービス提供者IDを含む認証要求を認証サーバ10に送信する(ステップS13)。 The management server 20 transmits an authentication request including the generated feature amount and the service provider ID to the authentication server 10 (step S13).
 認証サーバ10は、認証要求に含まれる特徴量とサービス提供者IDを用いた認証処理を実行し、対応するサービスユーザIDを特定する(ステップS14)。 The authentication server 10 executes an authentication process using the feature amount included in the authentication request and the service provider ID, and identifies the corresponding service user ID (step S14).
 認証サーバ10は、特定したサービスユーザIDを含む応答(認証要求に対する応答)を管理サーバ20に送信する(ステップS15)。 The authentication server 10 transmits a response (response to the authentication request) including the specified service user ID to the management server 20 (step S15).
 管理サーバ20は、取得したサービスユーザIDを用いて利用者情報データベースを検索し、対応する個人情報を特定する(ステップS16)。 The management server 20 searches the user information database using the acquired service user ID, and identifies the corresponding personal information (step S16).
 管理サーバ20は、特定した個人情報を認証端末30に送信する(ステップS17)。 The management server 20 transmits the specified personal information to the authentication terminal 30 (step S17).
 認証端末30は、取得した個人情報を用いてサービスを提供する(ステップS18)。 The authentication terminal 30 provides a service using the acquired personal information (step S18).
 サービスの提供が終了すると、認証端末30は、サービス提供終了通知を管理サーバ20に送信する(ステップS19)。 When the service provision is completed, the authentication terminal 30 sends a service provision end notification to the management server 20 (step S19).
 図26は、第1の実施形態に係る認証システムの情報収集フェーズに関する動作の一例を示すシーケンス図である。 FIG. 26 is a sequence diagram showing an example of the operation related to the information collection phase of the authentication system according to the first embodiment.
 認証端末30からサービス提供終了通知を受信すると、管理サーバ20は、情報提供照会を端末50に送信する(ステップS21)。 Upon receiving the service provision end notification from the authentication terminal 30, the management server 20 sends an information provision inquiry to the terminal 50 (step S21).
 情報提供照会を受信すると、端末50は、個人情報を第三者(情報センター、情報サーバ40)に提供することについての利用者の意向を取得するためのGUIを生成する(個人情報提供の可否取得;ステップS22)。 Upon receiving the information provision inquiry, the terminal 50 generates a GUI for acquiring the user's intention to provide personal information to a third party (information center, information server 40) (whether or not personal information can be provided). Acquisition; step S22).
 利用者が個人情報の提供に同意すれば、端末50は、第三者に提供可能な個人情報の種類を選択するためのGUIを生成する(提供する個人情報の選択;ステップS23)。 If the user agrees to provide personal information, the terminal 50 generates a GUI for selecting the type of personal information that can be provided to a third party (selection of personal information to be provided; step S23).
 端末50は、利用者が選択した個人情報の種類を含む応答(情報提供照会に対する応答)を生成し、管理サーバ20に送信する(ステップS24)。 The terminal 50 generates a response (response to an information provision inquiry) including the type of personal information selected by the user and sends it to the management server 20 (step S24).
 管理サーバ20は、提供が許可された個人情報と概略情報を含む行動情報を情報サーバ40に送信する(ステップS25)。 The management server 20 transmits behavior information including personal information and outline information permitted to be provided to the information server 40 (step S25).
 情報サーバ40は、取得した行動情報を記憶する(ステップS26)と共に、個人情報提供者に支払う対価を決定する(ステップS27)。 The information server 40 stores the acquired behavior information (step S26) and determines the consideration to be paid to the personal information provider (step S27).
 情報サーバ40は、決定した対価を管理サーバ20に通知する。(ステップS28)。 The information server 40 notifies the management server 20 of the determined consideration. (Step S28).
 管理サーバ20は、個人情報提供者の対価受取情報を参照し、管理サーバ20から通知された対価を利用者に支払う(ステップS29)。 The management server 20 refers to the consideration receipt information of the personal information provider, and pays the consideration notified from the management server 20 to the user (step S29).
 以上のように、第1の実施形態に係る認証システムでは、利用者にサービスの提供が行われると、当該サービスの提供により生じる情報(サービスの概略を示す概略情報)に加え、サービスの提供を受けた利用者の個人情報が情報センターに送信される。その際、利用者は、自身の個人情報のうち第三者に提供を許可する項目を選択できるので、意に沿わない個人情報の提供を拒否できる。即ち、利用者が自らの考えに基づいて、個人情報の提供又は拒否を制御することができる。 As described above, in the authentication system according to the first embodiment, when a service is provided to a user, the service is provided in addition to the information generated by the provision of the service (schematic information indicating the outline of the service). The personal information of the received user is sent to the information center. At that time, since the user can select an item of his / her personal information that is permitted to be provided to a third party, he / she can refuse to provide personal information that he / she does not intend. That is, the user can control the provision or refusal of personal information based on his / her own idea.
 また、個人情報を収集し活用する情報センターは、利用価値の高い個人情報(例えば、氏名、住所等)には高い対価を与えることで、そのような個人情報の収集を容易とする。即ち、大きな対価が得られるので、利用者は、利用価値の高い個人情報を第三者に提供することを承諾(納得)する。また、サービス提供者が異なれば、情報センターが収集可能な個人情報も異なり、情報センターはより多様なデータを収集することができる。例えば、情報センターは、小売業から利用者の支払金額と共に利用者の年齢を取得できたり、ホテル事業者から宿泊期間と利用者の年齢、性別等を取得できたりする。 In addition, the information center that collects and utilizes personal information facilitates the collection of such personal information by giving a high price to personal information with high utility value (for example, name, address, etc.). That is, since a large amount of consideration can be obtained, the user consents (convinces) to provide personal information with high utility value to a third party. In addition, different service providers have different personal information that can be collected by the information center, and the information center can collect more diverse data. For example, the information center can obtain the age of the user as well as the payment amount of the user from the retail business, or can obtain the accommodation period and the age, gender, etc. of the user from the hotel operator.
[第2の実施形態]
 続いて、第2の実施形態について図面を参照して詳細に説明する。 [Second Embodiment]
Subsequently, the second embodiment will be described in detail with reference to the drawings.
 第2の実施形態では、認証端末30が、個人情報提供の可否を取得する場合について説明する。 In the second embodiment, a case where the authentication terminal 30 acquires whether or not to provide personal information will be described.
 第2の実施形態に係る認証システムの構成は第1の実施形態と同一とすることができるので図2に相当する説明を省略する。 Since the configuration of the authentication system according to the second embodiment can be the same as that of the first embodiment, the description corresponding to FIG. 2 will be omitted.
 第2の実施形態では、第1の実施形態にて必要とした利用者の連絡先は不要である。第2の実施形態では、認証端末30が個人情報提供の可否を取得するためである。 In the second embodiment, the contact information of the user required in the first embodiment is unnecessary. In the second embodiment, the authentication terminal 30 acquires whether or not to provide personal information.
 図27は、第2の実施形態に係る認証システムの動作を説明するための図である。 FIG. 27 is a diagram for explaining the operation of the authentication system according to the second embodiment.
 認証端末30は、管理サーバ20から個人情報を取得すると、当該個人情報を利用してサービスを提供する。サービスの提供が終わると、認証端末30は、個人情報の提供可否を尋ねるGUIを表示する。具体的には、認証端末30は、図7に示すようなGUIを生成し、個人情報の提供可否を取得する。 When the authentication terminal 30 acquires personal information from the management server 20, the authentication terminal 30 uses the personal information to provide a service. When the service is provided, the authentication terminal 30 displays a GUI asking whether or not the personal information can be provided. Specifically, the authentication terminal 30 generates a GUI as shown in FIG. 7 and acquires whether or not personal information can be provided.
 利用者が個人情報の提供に同意すると、認証端末30は、第三者に提供可能な個人情報を入力するためのGUI(例えば、図8、図9に示すようなGUI)を生成する。認証端末30は、GUIを介して取得した提供可能な個人情報を管理サーバ20に送信する。 When the user agrees to provide personal information, the authentication terminal 30 generates a GUI (for example, a GUI as shown in FIGS. 8 and 9) for inputting personal information that can be provided to a third party. The authentication terminal 30 transmits the provideable personal information acquired via the GUI to the management server 20.
 管理サーバ20は、受信した個人情報に基づき行動情報(個人情報と概略情報を含む行動情報)を情報サーバ40に送信(提供)する。 The management server 20 transmits (provides) behavior information (behavior information including personal information and summary information) to the information server 40 based on the received personal information.
 上記第2の実施形態に係る認証システムの動作を実現するためには、認証端末30に第1の実施形態に係る端末50の「個人情報制御機能」が含まれていればよい。即ち、図28に示すように、第2の実施形態に係る認証端末30は、個人情報制御部406を備えていればよい。 In order to realize the operation of the authentication system according to the second embodiment, the authentication terminal 30 may include the "personal information control function" of the terminal 50 according to the first embodiment. That is, as shown in FIG. 28, the authentication terminal 30 according to the second embodiment may include the personal information control unit 406.
 以上のように、第2の実施形態に係る認証システムでは、認証端末30は、認証成功者に対してサービスの提供を終了すると、当該認証成功者が第三者に提供を許可する個人情報の種類を入力するためのGUIを生成する。管理サーバ20は、当該認証端末30を介して個人情報提供に関する利用者の意思を取得する。第2の実施形態によっても、利用者は、生体認証によるサービスに関する個人情報を適切に制御、管理できる。 As described above, in the authentication system according to the second embodiment, when the authentication terminal 30 ends the provision of the service to the authentication successful person, the authentication successful person permits the provision of personal information to a third party. Generate a GUI to enter the type. The management server 20 acquires the user's intention regarding the provision of personal information via the authentication terminal 30. The second embodiment also allows the user to appropriately control and manage personal information regarding the biometric authentication service.
 続いて、認証システムを構成する各装置のハードウェアについて説明する。図29は、管理サーバ20のハードウェア構成の一例を示す図である。 Next, the hardware of each device that constitutes the authentication system will be described. FIG. 29 is a diagram showing an example of the hardware configuration of the management server 20.
 管理サーバ20は、情報処理装置(所謂、コンピュータ)により構成可能であり、図29に例示する構成を備える。例えば、管理サーバ20は、プロセッサ311、メモリ312、入出力インターフェイス313及び通信インターフェイス314等を備える。上記プロセッサ311等の構成要素は内部バス等により接続され、相互に通信可能に構成されている。 The management server 20 can be configured by an information processing device (so-called computer), and includes the configuration illustrated in FIG. 29. For example, the management server 20 includes a processor 311, a memory 312, an input / output interface 313, a communication interface 314, and the like. The components such as the processor 311 are connected by an internal bus or the like and are configured to be able to communicate with each other.
 但し、図29に示す構成は、管理サーバ20のハードウェア構成を限定する趣旨ではない。管理サーバ20は、図示しないハードウェアを含んでもよい。また、管理サーバ20に含まれるプロセッサ311等の数も図29の例示に限定する趣旨ではなく、例えば、複数のプロセッサ311が管理サーバ20に含まれていてもよい。 However, the configuration shown in FIG. 29 does not mean to limit the hardware configuration of the management server 20. The management server 20 may include hardware (not shown). Further, the number of processors 311 and the like included in the management server 20 is not limited to the example of FIG. 29, and for example, a plurality of processors 311 may be included in the management server 20.
 プロセッサ311は、例えば、CPU(Central Processing Unit)、MPU(Micro Processing Unit)、DSP(Digital Signal Processor)等のプログラマブルなデバイスである。あるいは、プロセッサ311は、FPGA(Field Programmable Gate Array)、ASIC(Application Specific Integrated Circuit)等のデバイスであってもよい。プロセッサ311は、オペレーティングシステム(OS;Operating System)を含む各種プログラムを実行する。 The processor 311 is a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), and a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
 メモリ312は、RAM(Random Access Memory)、ROM(Read Only Memory)、HDD(Hard Disk Drive)、SSD(Solid State Drive)等である。メモリ312は、OSプログラム、アプリケーションプログラム、各種データを格納する。 The memory 312 is a RAM (RandomAccessMemory), a ROM (ReadOnlyMemory), an HDD (HardDiskDrive), an SSD (SolidStateDrive), or the like. The memory 312 stores an OS program, an application program, and various data.
 入出力インターフェイス313は、図示しない表示装置や入力装置のインターフェイスである。表示装置は、例えば、液晶ディスプレイ等である。入力装置は、例えば、キーボードやマウス等のユーザ操作を受け付ける装置である。 The input / output interface 313 is an interface of a display device or an input device (not shown). The display device is, for example, a liquid crystal display or the like. The input device is, for example, a device that accepts user operations such as a keyboard and a mouse.
 通信インターフェイス314は、他の装置と通信を行う回路、モジュール等である。例えば、通信インターフェイス314は、無線通信回路やNIC(Network Interface Card)等を備える。 The communication interface 314 is a circuit, module, etc. that communicates with other devices. For example, the communication interface 314 includes a wireless communication circuit, a NIC (Network Interface Card), and the like.
 管理サーバ20の機能は、各種処理モジュールにより実現される。当該処理モジュールは、例えば、メモリ312に格納されたプログラムをプロセッサ311が実行することで実現される。また、当該プログラムは、コンピュータが読み取り可能な記憶媒体に記録することができる。記憶媒体は、半導体メモリ、ハードディスク、磁気記録媒体、光記録媒体等の非トランジェント(non-transitory)なものとすることができる。即ち、本発明は、コンピュータプログラム製品として具現することも可能である。また、上記プログラムは、ネットワークを介してダウンロードするか、あるいは、プログラムを記憶した記憶媒体を用いて、更新することができる。さらに、上記処理モジュールは、半導体チップにより実現されてもよい。 The function of the management server 20 is realized by various processing modules. The processing module is realized, for example, by the processor 311 executing a program stored in the memory 312. The program can also be recorded on a computer-readable storage medium. The storage medium may be a non-transient such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium. That is, the present invention can also be embodied as a computer program product. Further, the above program can be downloaded via a network or updated by using a storage medium in which the program is stored. Further, the processing module may be realized by a semiconductor chip.
 なお、認証サーバ10、認証端末30、情報サーバ40、端末50等も管理サーバ20と同様に情報処理装置により構成可能であり、その基本的なハードウェア構成は管理サーバ20と相違する点はないので説明を省略する。例えば、認証端末30は、利用者を撮像するためのカメラを備えていればよい。 The authentication server 10, the authentication terminal 30, the information server 40, the terminal 50, and the like can also be configured by the information processing device in the same manner as the management server 20, and the basic hardware configuration thereof is not different from that of the management server 20. Therefore, the explanation is omitted. For example, the authentication terminal 30 may be provided with a camera for photographing the user.
 管理サーバ20は、コンピュータを搭載し、当該コンピュータにプログラムを実行させることで管理サーバ20の機能が実現できる。また、管理サーバ20は、当該プログラムにより個人情報提供方法を実行する。 The management server 20 is equipped with a computer, and the function of the management server 20 can be realized by causing the computer to execute a program. Further, the management server 20 executes the personal information providing method by the program.
[変形例]
 なお、上記実施形態にて説明した認証システムの構成、動作等は例示であって、システムの構成等を限定する趣旨ではない。 [Modification example]
The configuration, operation, and the like of the authentication system described in the above embodiment are examples, and are not intended to limit the system configuration and the like.
 上記実施形態では、利用者がユーザID、パスワードを決定し、当該ユーザID、パスワードを用いてシステムに登録された利用者(システム利用者)を特定することを説明した。しかし、認証システムが、システム利用者を一意に特定するID(識別子)を決定してもよい。例えば、利用者登録フェーズにおいて、認証サーバ10は利用者の生体情報(顔画像、特徴量)を取得する。認証サーバ10は、当該生体情報に基づき上記IDを生成してもよい。例えば、認証サーバ10は、顔画像の特徴量からハッシュ値を計算し、当該計算されたハッシュ値を、ユーザID、パスワードの代わりとして用いてもよい。顔画像の特徴量は利用者ごとに異なり、当該特徴量から生成されたハッシュ値も利用者ごとに異なるため、システム利用者のIDとして用いることができる。 In the above embodiment, it has been described that the user determines the user ID and password, and identifies the user (system user) registered in the system by using the user ID and password. However, the authentication system may determine an ID (identifier) that uniquely identifies the system user. For example, in the user registration phase, the authentication server 10 acquires the user's biometric information (face image, feature amount). The authentication server 10 may generate the above ID based on the biometric information. For example, the authentication server 10 may calculate a hash value from the feature amount of the face image and use the calculated hash value as a substitute for the user ID and password. Since the feature amount of the face image differs for each user and the hash value generated from the feature amount also differs for each user, it can be used as an ID of the system user.
 上記実施形態では、利用者登録フェーズとサービス登録フェーズが異なるタイミングで実行されることを説明したが、これらのフェーズは実質的に同タイミングにて実行されてもよい。例えば、利用者がサービスの提供を希望するサービス提供者に設置された認証端末30が用いられ、上記2つの登録フェーズが実行されてもよい。具体的には、利用者は、認証端末30を用いて利用者登録を行い、その後、連続して、サービス登録を行ってもよい。この場合、認証端末30は、認証サーバ10の利用者登録機能(利用者登録部202)と管理サーバ20の個人情報取得機能(個人情報取得部302)を備えればよい。 In the above embodiment, it has been explained that the user registration phase and the service registration phase are executed at different timings, but these phases may be executed at substantially the same timing. For example, the authentication terminal 30 installed in the service provider that the user wishes to provide the service may be used, and the above two registration phases may be executed. Specifically, the user may perform user registration using the authentication terminal 30, and then continuously perform service registration. In this case, the authentication terminal 30 may be provided with a user registration function (user registration unit 202) of the authentication server 10 and a personal information acquisition function (personal information acquisition unit 302) of the management server 20.
 サービス提供者が有する複数の認証端末30は、同じ敷地や建物等に設置されていなくともよい。サービス提供者が共通すれば、各認証端末30は空間的に離れた場所に設置されていてもよい。 The plurality of authentication terminals 30 owned by the service provider do not have to be installed on the same site, building, or the like. If the service providers are common, each authentication terminal 30 may be installed in a spatially separated place.
 上記実施形態では、1つのサービス提供者に1つのサービス提供者IDを割り当てることを説明したが、複数のサービス提供者に対して1つのサービス提供者IDが割り当てられてもよい。複数のサービス提供者をグループとしてまとめ、グループごとにサービス提供者IDが発行されてもよい。例えば、サービス提供者S1とS2が連携し、同じサービスを提供するような場合には、これらのサービス提供者S1、S2に対して共通のサービス提供者IDが発行されてもよい。 In the above embodiment, one service provider ID is assigned to one service provider, but one service provider ID may be assigned to a plurality of service providers. A plurality of service providers may be grouped together and a service provider ID may be issued for each group. For example, when the service providers S1 and S2 cooperate to provide the same service, a common service provider ID may be issued to the service providers S1 and S2.
 上記実施形態では、管理サーバ20から認証サーバ10に「顔画像から生成された特徴量」に係る生体情報が送信される場合について説明した。しかし、管理サーバ20から認証サーバ10に「顔画像」に係る生体情報が送信されてもよい。この場合、認証サーバ10は、取得した顔画像から特徴量を生成し、認証処理(照合処理)を実行すればよい。 In the above embodiment, the case where the biometric information related to the "feature amount generated from the face image" is transmitted from the management server 20 to the authentication server 10 has been described. However, the biometric information related to the "face image" may be transmitted from the management server 20 to the authentication server 10. In this case, the authentication server 10 may generate a feature amount from the acquired face image and execute the authentication process (verification process).
 上記実施形態では、認証端末30が顔画像を取得し、管理サーバ20が当該顔画像から特徴量を生成する場合について説明した。しかし、認証端末30が顔画像から特徴量を生成し、当該生成した特徴量を管理サーバ20に送信してもよい。即ち、管理サーバ20が特徴量の生成を行わなくてもよい。 In the above embodiment, the case where the authentication terminal 30 acquires the face image and the management server 20 generates the feature amount from the face image has been described. However, the authentication terminal 30 may generate a feature amount from the face image and transmit the generated feature amount to the management server 20. That is, the management server 20 does not have to generate the feature amount.
 上記実施形態では、サービス登録フェーズにて、利用者が個人情報の登録の際、ユーザIDとパスワードをサービス提供者に入力する場合について説明した(図11参照)。しかし、当該ユーザIDとパスワードに替えて、利用者の生体情報(顔画像)がサービス提供者に入力されてもよい。この場合、管理サーバ20は、顔画像から生成された特徴量とサービス提供者IDを含むサービス登録要求を認証サーバ10に送信する。認証サーバ10は、当該要求に含まれる特徴量と認証情報データベースに登録された特徴量を用いた照合処理を実行し、対応する利用者を特定する。認証サーバ10は、利用者の特定(認証)に成功した場合に、サービスユーザIDを払い出す。このような対応により、利用者がユーザIDやパスワードを失念している場合でも、利用者は、容易にサービス登録を行える。あるいは、サービス提供者は、ユーザIDとパスワードに加え、利用者の生体情報(顔画像)を取得してもよい。この場合、認証サーバ10は、ユーザID、パスワード、生体情報が一致した場合に、サービスユーザIDを払い出してもよい(生体情報とパスワードを利用した二要素認証が実行されてもよい)。 In the above embodiment, a case where the user inputs a user ID and a password to the service provider when registering personal information in the service registration phase has been described (see FIG. 11). However, instead of the user ID and password, the user's biometric information (face image) may be input to the service provider. In this case, the management server 20 transmits a service registration request including the feature amount generated from the face image and the service provider ID to the authentication server 10. The authentication server 10 executes a collation process using the feature amount included in the request and the feature amount registered in the authentication information database, and identifies the corresponding user. The authentication server 10 issues a service user ID when the user is successfully identified (authentication). With such a response, even if the user has forgotten the user ID and password, the user can easily register the service. Alternatively, the service provider may acquire the biometric information (face image) of the user in addition to the user ID and password. In this case, the authentication server 10 may issue the service user ID when the user ID, password, and biometric information match (two-factor authentication using the biometric information and password may be executed).
 サービス提供者は、認証サーバ10から取得した情報や認証端末30から取得した情報をキャッシュ(一時的に保持)してもよい。例えば、管理サーバ20は、認証端末30から取得した生体情報と当該生体情報に基づく認証の結果(サービスユーザID)を所定の期間、キャッシュする。管理サーバ20は、認証端末30から生体情報を取得した際、最初にキャッシュされたデータを確認し、取得した生体情報にヒットするキャッシュデータが存在すれば、認証要求を認証サーバ10へ送信しない。管理サーバ20は、キャッシュデータに含まれるサービスユーザIDを用いて個人情報を特定する。あるいは、管理サーバ20は、生体情報と個人情報の組み合わせをキャッシュしてもよい。あるいは、サービスの種類に応じて、キャッシュされたデータを削除する条件を変更してもよい。例えば、ホテル事業者による宿泊サービスが提供される場合には、管理サーバ20は、宿泊客の滞在期間が終了したタイミングでキャッシュデータを削除してもよい。 The service provider may cache (temporarily hold) the information acquired from the authentication server 10 and the information acquired from the authentication terminal 30. For example, the management server 20 caches the biometric information acquired from the authentication terminal 30 and the authentication result (service user ID) based on the biometric information for a predetermined period. When the management server 20 acquires the biometric information from the authentication terminal 30, the management server 20 confirms the cached data first, and if there is cache data that hits the acquired biometric information, the management server 20 does not send the authentication request to the authentication server 10. The management server 20 identifies personal information using the service user ID included in the cache data. Alternatively, the management server 20 may cache a combination of biometric information and personal information. Alternatively, the conditions for deleting the cached data may be changed according to the type of service. For example, when the accommodation service is provided by the hotel operator, the management server 20 may delete the cache data at the timing when the guest's stay period ends.
 各装置(認証サーバ10、管理サーバ20、認証端末30)間のデータ送受信の形態は特に限定されないが、これら装置間で送受信されるデータは暗号化されていてもよい。これらの装置間では、生体情報が送受信され、当該生体情報を適切に保護するためには、暗号化されたデータが送受信されることが望ましい。 The form of data transmission / reception between each device (authentication server 10, management server 20, authentication terminal 30) is not particularly limited, but the data transmitted / received between these devices may be encrypted. Biometric information is transmitted and received between these devices, and it is desirable that encrypted data be transmitted and received in order to appropriately protect the biometric information.
 上記実施形態では、サービス提供者ごとに個人情報提供の可否を利用者が決定することについて説明した。しかし、端末50は、認証システム全体について、個人情報提供の可否を入力するようなGUIを用意してもよい。 In the above embodiment, it has been explained that the user decides whether or not to provide personal information for each service provider. However, the terminal 50 may prepare a GUI for inputting whether or not to provide personal information for the entire authentication system.
 上記実施形態で、サービス提供者からサービスの提供がなされた後に、個人情報提供の可否が判断されている。しかし、個人情報提供の可否は、サービス提供前に行われてもよい。即ち、認証サーバ10による認証が行われた後であれば、サービス提供前、サービス提供後いずれのタイミングで個人情報提供の可否が判断されてもよい。 In the above embodiment, it is determined whether or not personal information can be provided after the service is provided by the service provider. However, whether or not personal information is provided may be determined before the service is provided. That is, if the authentication is performed by the authentication server 10, it may be determined at any time before the service is provided or after the service is provided whether or not the personal information can be provided.
 上記実施形態では、端末50が個人情報提供に関する可否を取得する場合について説明した。端末50は、当該用途とは異なる用途に用いられてもよい。例えば、利用者は、端末50を利用して認証サーバ10に登録された他の情報を更新してもよい。例えば、利用者は、端末50を用いて認証サーバ10にアクセスし、生体認証によりサービスの提供を受けるサービス提供者を選択してもよい。即ち、利用者は、認証サーバ10を介してサービス登録を行ってもよい。その際、サービス提供者の数が多ければ、利用頻度の低いサービス提供者や最近利用していないサービス提供者が優先して表示されてもよい。あるいは、利用者は、端末50を用いて、システムやサービスからの退会を申し込んでもよい。 In the above embodiment, the case where the terminal 50 acquires whether or not the personal information is provided has been described. The terminal 50 may be used for a purpose different from that used. For example, the user may use the terminal 50 to update other information registered in the authentication server 10. For example, the user may access the authentication server 10 using the terminal 50 and select a service provider who receives the service by biometric authentication. That is, the user may register the service via the authentication server 10. At that time, if the number of service providers is large, service providers that are infrequently used or service providers that have not been used recently may be displayed with priority. Alternatively, the user may apply for withdrawal from the system or service by using the terminal 50.
 管理サーバ20は、情報サーバ40が提供された各個人情報に与える対価についての情報を予め取得し、当該取得した情報に基づいて利用者に還元される対価に関する情報を端末50や認証端末30に通知してもよい。例えば、管理サーバ20は、情報提供通知に含まれる個人情報の項目一覧と各項目が提供された場合に与えられる対価を端末50に通知してもよい。この場合、端末50は、図30に示すようなGUIを表示することができる。図30に示すように、端末50は、提供する個人情報の種類に応じて得られる対価(金銭、仮想通貨、オンラインショッピングで使用可能なポイント等)が異なることを明記してもよい。また、図30に示すように、端末50は、選択された個人情報を第三者に提供することで得られる対価の合計を表示してもよい。 The management server 20 acquires in advance information about the consideration given to each personal information provided by the information server 40, and transfers the information about the consideration returned to the user based on the acquired information to the terminal 50 and the authentication terminal 30. You may notify. For example, the management server 20 may notify the terminal 50 of the item list of personal information included in the information provision notification and the consideration given when each item is provided. In this case, the terminal 50 can display the GUI as shown in FIG. As shown in FIG. 30, the terminal 50 may specify that the consideration (money, virtual currency, points that can be used for online shopping, etc.) obtained differs depending on the type of personal information provided. Further, as shown in FIG. 30, the terminal 50 may display the total consideration obtained by providing the selected personal information to a third party.
 端末50や認証端末30は、第三者への提供が許可された個人情報それぞれについて提供データの提供期間を入力するようなGUIを表示してもよい(図31参照)。例えば、端末50や認証端末30は、図31に示すように、提供期間(例えば、1か月、1年、10年、無期限)を選択できるようなGUIを表示する。あるいは、端末50や認証端末30は、提供期間の開始と終了を入力するなGUIを表示してもよい(利用者は、20XX/YY/ZZ~20ZZ/YY/XXのような形式で提供期間を入力してもよい)。端末50や認証端末30は、提供が許可された個人情報と共に提供期間を管理サーバ20に通知する。管理サーバ20は、これらの情報を含む行動情報を情報サーバ40に送信する。情報サーバ40は、提供された個人情報の種類と、提供された個人情報の種類それぞれについてのデータの提供期間の長さに応じて対価を決定する。情報サーバ40は、指定された提供期間が過ぎた場合には記憶している個人情報を破棄する。 The terminal 50 or the authentication terminal 30 may display a GUI for inputting the provision period of the provided data for each of the personal information permitted to be provided to a third party (see FIG. 31). For example, as shown in FIG. 31, the terminal 50 and the authentication terminal 30 display a GUI that allows the provision period (for example, 1 month, 1 year, 10 years, indefinite period) to be selected. Alternatively, the terminal 50 or the authentication terminal 30 may display a GUI for inputting the start and end of the provision period (the user may display the provision period in a format such as 20XX / YY / ZZ to 20ZZ / YY / XX. May be entered). The terminal 50 and the authentication terminal 30 notify the management server 20 of the provision period together with the personal information permitted to be provided. The management server 20 transmits behavior information including these information to the information server 40. The information server 40 determines the consideration according to the type of personal information provided and the length of the data provision period for each type of personal information provided. The information server 40 discards the stored personal information when the designated provision period has passed.
 上記実施形態では、個人情報の提供先として1つの情報センターを例示した。しかし、複数の情報センター(情報バンク)に個人情報が提供されてもよい。この場合、利用者は、複数の情報センターのうち個人情報の提供を許可する情報センターを選択してもよい。具体的には、管理サーバ20は、状況提供照会を送信する際、提携している情報センター(情報サーバ40)に関する情報も併せて端末50等に送信する。例えば、管理サーバ20は、情報センターの名称等を端末50等に送信する。端末50や認証端末30は、取得した情報を用いて図32に示すようなGUIを表示し、各情報センターについて個別に個人情報の提供可否を取得してもよい。即ち、端末50や認証端末30は、複数の情報センターそれぞれについて個人情報の提供を許可するか否かを入力するためのGUIを生成してもよい。 In the above embodiment, one information center is exemplified as a destination for providing personal information. However, personal information may be provided to a plurality of information centers (information banks). In this case, the user may select an information center that permits the provision of personal information from a plurality of information centers. Specifically, when the management server 20 transmits the status provision inquiry, the management server 20 also transmits information about the affiliated information center (information server 40) to the terminal 50 or the like. For example, the management server 20 transmits the name of the information center or the like to the terminal 50 or the like. The terminal 50 or the authentication terminal 30 may display a GUI as shown in FIG. 32 using the acquired information, and individually acquire whether or not to provide personal information for each information center. That is, the terminal 50 and the authentication terminal 30 may generate a GUI for inputting whether or not to permit the provision of personal information for each of the plurality of information centers.
 また、端末50や認証端末30は、情報提供が許可された情報センターそれぞれについて提供する個人情報を選択するようなGUI(図8、図9、図30、図31に示すようなGUI)を表示してもよい。端末50、認証端末30は、各情報センターから得られる対価も併せて表示してもよい(個人情報の提供先に応じて得られる対価が異なっていてもよい)。 Further, the terminal 50 and the authentication terminal 30 display a GUI (GUI as shown in FIGS. 8, 9, 30, and 31) for selecting personal information to be provided for each information center permitted to provide information. You may. The terminal 50 and the authentication terminal 30 may also display the consideration obtained from each information center (the consideration obtained may differ depending on the destination to which the personal information is provided).
 図8や図9等のGUIにおいて、端末50や認証端末30は個人情報の種類を表示するのではなく、利用者(認証成功者)の個人情報をそのまま表示してもよい(図33参照)。 In the GUI of FIGS. 8 and 9, the terminal 50 and the authentication terminal 30 may display the personal information of the user (successful authentication person) as it is, instead of displaying the type of personal information (see FIG. 33). ..
 上記実施形態では、利用者の身元確認について言及していないが、認証システムのいずれかで利用者の身元確認が行われてもよい。例えば、利用者登録をする際、認証サーバ10が利用者の身元確認を行ってもよい。この場合、認証サーバ10の利用者登録部202は、利用者の身元確認書類(例えば、パスポート等)を端末50から取得し、利用者の顔画像と身元確認書類に記載された顔画像を用いた1対1照合を実行してもよい。認証サーバ10は、当該照合に成功した利用者に関して、利用者登録を行ってもよい。あるいは、サービス登録の際に同様の身元確認が行われてもよい。認証システムのいずれかにおいて利用者の身元確認が行われることで、情報センターに提供される個人情報の信頼性が担保される。 In the above embodiment, the identity confirmation of the user is not mentioned, but the identity confirmation of the user may be performed by any of the authentication systems. For example, when registering a user, the authentication server 10 may confirm the identity of the user. In this case, the user registration unit 202 of the authentication server 10 acquires the user's identity verification document (for example, a passport, etc.) from the terminal 50, and uses the user's face image and the face image described in the identity verification document. The one-to-one collation may be performed. The authentication server 10 may perform user registration for a user who has succeeded in the verification. Alternatively, the same identity verification may be performed at the time of service registration. By confirming the identity of the user in any of the authentication systems, the reliability of the personal information provided to the information center is guaranteed.
 上記実施形態では、管理サーバ20が端末50に対して情報提供照会を送信することで、利用者に生体認証が実行された事実を通知している。しかし、認証サーバ10が当該事実を端末50に通知してもよい。この場合、端末50は、認証サーバ10からの通知を契機として情報提供可否に関するGUI等を表示してもよい。 In the above embodiment, the management server 20 sends an information provision inquiry to the terminal 50 to notify the user of the fact that biometric authentication has been executed. However, the authentication server 10 may notify the terminal 50 of the fact. In this case, the terminal 50 may display a GUI or the like regarding whether or not information can be provided, triggered by a notification from the authentication server 10.
 上記説明で用いた流れ図(フローチャート、シーケンス図)では、複数の工程(処理)が順番に記載されているが、実施形態で実行される工程の実行順序は、その記載の順番に制限されない。実施形態では、例えば各処理を並行して実行する等、図示される工程の順番を内容的に支障のない範囲で変更することができる。 In the flow chart (flow chart, sequence diagram) used in the above description, a plurality of processes (processes) are described in order, but the execution order of the processes executed in the embodiment is not limited to the order of description. In the embodiment, the order of the illustrated processes can be changed within a range that does not hinder the contents, for example, each process is executed in parallel.
 上記の実施形態は本願開示の理解を容易にするために詳細に説明したものであり、上記説明したすべての構成が必要であることを意図したものではない。また、複数の実施形態について説明した場合には、各実施形態は単独で用いてもよいし、組み合わせて用いてもよい。例えば、実施形態の構成の一部を他の実施形態の構成に置き換えることや、実施形態の構成に他の実施形態の構成を加えることも可能である。さらに、実施形態の構成の一部について他の構成の追加、削除、置換が可能である。 The above embodiment has been described in detail in order to facilitate understanding of the disclosure of the present application, and is not intended to require all the configurations described above. Moreover, when a plurality of embodiments are described, each embodiment may be used alone or in combination. For example, it is possible to replace a part of the configuration of the embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of the embodiment. Further, it is possible to add, delete, or replace a part of the configuration of the embodiment with another configuration.
 上記の説明により、本発明の産業上の利用可能性は明らかであるが、本発明は、小売店やホテル業者等の顧客を認証する認証システムなどに好適に適用可能である。 Although the industrial applicability of the present invention is clear from the above description, the present invention is suitably applicable to an authentication system for authenticating customers such as retail stores and hotel operators.
 上記の実施形態の一部又は全部は、以下の付記のようにも記載され得るが、以下には限られない。
[付記1]
 情報サーバと、
 複数の利用者それぞれの生体情報を記憶し、前記記憶された生体情報を用いて生体認証を行う、認証サーバと、
 前記生体認証による認証成功者にサービスを提供するための個人情報を記憶すると共に、前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可した個人情報を含む行動情報を前記情報サーバに送信する、管理サーバと、
 を含む、認証システム。
[付記2]
 前記認証成功者が所持する端末をさらに含み、
 前記管理サーバは、前記認証成功者に対してサービスの提供が終了すると、前記端末に対して、個人情報の提供可否に関する照会であって、自装置に記憶された個人情報のリストを含む照会を送信し、
 前記端末は、前記個人情報のリストを用いて、前記認証成功者が前記第三者に提供を許可する個人情報の種類を入力するためのGUIを生成する、付記1に記載の認証システム。
[付記3]
 前記管理サーバは、前記端末から前記個人情報の提供可否に関する照会に対する肯定応答を受信すると、前記行動情報を前記情報サーバに送信する、付記2に記載の認証システム。
[付記4]
 前記管理サーバは、前記認証成功者が第三者への提供を許可した個人情報と、前記認証成功者に対して提供されたサービスの概略に関する概略情報と、を含む前記行動情報を前記情報サーバに送信する、付記1乃至3のいずれか一に記載の認証システム
[付記5]
 前記情報サーバは、前記認証成功者から提供された個人情報の種類に応じて前記認証成功者に支払う対価を決定する、付記1乃至4のいずれか一に記載の認証システム。
[付記6]
 前記管理サーバは、前記対価を受け取るための対価受取情報を記憶し、
 前記情報サーバは、前記認証成功者に支払う対価を前記管理サーバに通知し、
 前記管理サーバは、前記認証成功者の前記対価受取情報に基づき前記通知された対価を支払う、付記5に記載の認証システム。
[付記7]
 前記端末は、前記第三者に個人情報を提供することで得られる対価が表示されたGUIを生成する、付記2又は3に記載の認証システム。
[付記8]
 前記端末は、前記第三者への提供が許可された個人情報の種類それぞれについて提供データの提供期間を入力するためのGUIを生成する、付記2、3又は7のいずれか一に記載の認証システム。
[付記9]
 前記情報サーバは、前記提供された個人情報の種類と、前記提供された個人情報の種類それぞれについてのデータの提供期間の長さと、に応じて前記認証成功者に支払う対価を決定する、付記5に記載の認証システム。
[付記10]
 前記端末は、複数の前記第三者それぞれについて個人情報の提供を許可するか否かを入力するためのGUIを生成する、付記2、3、7、8いずれか一に記載の認証システム。
[付記11]
 前記管理サーバと接続され、被認証者の生体情報を取得し、前記認証成功者にサービスを提供する認証端末をさらに含み、
 前記認証端末は、前記認証成功者に対してサービスの提供を終了すると、前記認証成功者が前記第三者に提供を許可する個人情報の種類を入力するためのGUIを生成する、付記1に記載の認証システム。
[付記12]
 前記生体情報は、顔画像又は前記顔画像から生成された特徴量である、付記1乃至11のいずれか一に記載の認証システム。
[付記13]
 生体認証による認証成功者にサービスを提供するための個人情報を記憶する管理サーバと接続され、
 前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可する個人情報を入力するためのGUIを生成する、端末。
[付記14]
 情報サーバと、
 複数の利用者それぞれの生体情報を記憶し、前記記憶された生体情報を用いて生体認証を行う、認証サーバと、に接続され、
 前記生体認証による認証成功者にサービスを提供するための個人情報を記憶すると共に、前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可した個人情報を含む行動情報を前記情報サーバに送信する、管理サーバ。
[付記15]
 情報サーバと、
 複数の利用者それぞれの生体情報を記憶し、前記記憶された生体情報を用いて生体認証を行う、認証サーバと、に接続された管理サーバにおいて、
 前記生体認証による認証成功者にサービスを提供するための個人情報を記憶し、
 前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可した個人情報を含む行動情報を前記情報サーバに送信する、個人情報提供方法。
[付記16]
 情報サーバと、
 複数の利用者それぞれの生体情報を記憶し、前記記憶された生体情報を用いて生体認証を行う、認証サーバと、に接続された管理サーバに搭載されたコンピュータに、
 前記生体認証による認証成功者にサービスを提供するための個人情報を記憶する処理と、
 前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可した個人情報を含む行動情報を前記情報サーバに送信する処理と、
 を実行させるためのプログラムを記憶する、コンピュータ読取可能な記憶媒体。 Some or all of the above embodiments may also be described, but not limited to:
[Appendix 1]
Information server and
An authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information.
The personal information for providing the service to the successful authentication person by biometric authentication is stored, and among the personal information of the successful authentication person to which the service is provided, the individual who the successful authentication person permits to provide to a third party. A management server that sends behavioral information including information to the information server,
Including authentication system.
[Appendix 2]
Including the terminal owned by the successful authentication person,
When the provision of the service to the successful authentication person is completed, the management server makes an inquiry to the terminal regarding whether or not the personal information can be provided, and includes an inquiry including a list of personal information stored in the own device. Send and
The authentication system according to Appendix 1, wherein the terminal uses the list of personal information to generate a GUI for the successful authentication person to input the type of personal information permitted to be provided to the third party.
[Appendix 3]
The authentication system according to Appendix 2, wherein when the management server receives an acknowledgment to an inquiry regarding whether or not the personal information can be provided from the terminal, the management server transmits the action information to the information server.
[Appendix 4]
The management server uses the information server to provide the behavioral information including personal information that the successful authentication person has authorized to provide to a third party and outline information about the outline of the service provided to the successful authentication person. The authentication system according to any one of Supplementary note 1 to 3 to be transmitted to [Appendix 5].
The authentication system according to any one of Supplementary note 1 to 4, wherein the information server determines the consideration to be paid to the successful authentication person according to the type of personal information provided by the successful authentication person.
[Appendix 6]
The management server stores the consideration receipt information for receiving the consideration, and the management server stores the consideration receipt information.
The information server notifies the management server of the consideration to be paid to the successful authentication person, and the information server notifies the management server.
The authentication system according to Appendix 5, wherein the management server pays the notified consideration based on the consideration receipt information of the authentication successful person.
[Appendix 7]
The authentication system according to Appendix 2 or 3, wherein the terminal generates a GUI displaying the consideration obtained by providing personal information to the third party.
[Appendix 8]
The authentication according to any one of Supplementary note 2, 3 or 7, wherein the terminal generates a GUI for inputting the provision period of the provided data for each type of personal information permitted to be provided to the third party. system.
[Appendix 9]
The information server determines the type of personal information provided, the length of the data provision period for each type of personal information provided, and the consideration paid to the successful authentication person, Appendix 5. Authentication system described in.
[Appendix 10]
The authentication system according to any one of Supplementary Provisions 2, 3, 7, and 8, wherein the terminal generates a GUI for inputting whether or not to permit the provision of personal information to each of the plurality of third parties.
[Appendix 11]
It further includes an authentication terminal that is connected to the management server, acquires biometric information of the authenticated person, and provides a service to the authenticated successful person.
When the authentication terminal ends the provision of the service to the authentication successful person, the authentication terminal generates a GUI for inputting the type of personal information that the authentication successful person permits to provide to the third party. The authentication system described.
[Appendix 12]
The authentication system according to any one of Supplementary note 1 to 11, wherein the biometric information is a face image or a feature amount generated from the face image.
[Appendix 13]
Connected to a management server that stores personal information for providing services to successful biometric authentication
A terminal that generates a GUI for inputting personal information of a successful authentication person to whom the service is provided, which is permitted to be provided to a third party by the successful authentication person.
[Appendix 14]
Information server and
It is connected to an authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information.
The personal information for providing the service to the successful authentication person by the biometric authentication is stored, and among the personal information of the successful authentication person to which the service is provided, the individual who the successful authentication person permits to provide to a third party. A management server that sends behavioral information including information to the information server.
[Appendix 15]
Information server and
In a management server connected to an authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information.
Store personal information for providing services to those who have succeeded in biometric authentication.
A method for providing personal information, in which behavioral information including personal information of a successful authentication person to whom the service is provided is permitted to be provided to a third party is transmitted to the information server.
[Appendix 16]
Information server and
A computer installed in a management server connected to an authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information.
The process of storing personal information for providing services to those who have succeeded in biometric authentication,
A process of transmitting behavioral information including personal information of a successful authentication person to whom the service is provided, including personal information that the successful authentication person has permitted to be provided to a third party, to the information server.
A computer-readable storage medium that stores programs for executing.
 なお、引用した上記の先行技術文献の各開示は、本書に引用をもって繰り込むものとする。以上、本発明の実施形態を説明したが、本発明はこれらの実施形態に限定されるものではない。これらの実施形態は例示にすぎないということ、及び、本発明のスコープ及び精神から逸脱することなく様々な変形が可能であるということは、当業者に理解されるであろう。即ち、本発明は、請求の範囲を含む全開示、技術的思想にしたがって当業者であればなし得る各種変形、修正を含むことは勿論である。 The disclosures of the above-mentioned prior art documents cited shall be incorporated into this document by citation. Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments. It will be appreciated by those skilled in the art that these embodiments are merely exemplary and that various modifications are possible without departing from the scope and spirit of the invention. That is, it goes without saying that the present invention includes all disclosure including claims, various modifications and modifications that can be made by those skilled in the art in accordance with the technical idea.
10、102 認証サーバ
20、20-1、20-2、103 管理サーバ
30、30-1、30-2、31-1、31-2 認証端末
40、101 情報サーバ
50 端末
201、301、401、501、601 通信制御部
202 利用者登録部
203、304 データベース(DB;Data Base)管理部
204 サービス登録部
205 認証部
206、307、405、503、603 記憶部
302 個人情報取得部
303 サービス登録要求部
305 認証要求部
306 行動情報提供部
311 プロセッサ
312 メモリ
313 入出力インターフェイス
314 通信インターフェイス
402 生体情報取得部
403 サービス提供部
404 メッセージ出力部
406、602 個人情報制御部
502 行動情報処理部 10, 102 Authentication server 20, 20-1, 20-2, 103 Management server 30, 30-1, 30-2, 31-1, 31-2 Authentication terminal 40, 101 Information server 50 Terminal 201, 301, 401, 501, 601 Communication control unit 202 User registration unit 203, 304 Database (DB; Data Base) management unit 204 Service registration unit 205 Authentication unit 206, 307, 405, 503, 603 Storage unit 302 Personal information acquisition unit 303 Service registration request Unit 305 Authentication request unit 306 Behavior information provision unit 311 Processor 312 Memory 313 Input / output interface 314 Communication interface 402 Biometric information acquisition unit 403 Service provision unit 404 Message output unit 406, 602 Personal information control unit 502 Behavior information processing unit

Claims (16)

  1.  情報サーバと、
     複数の利用者それぞれの生体情報を記憶し、前記記憶された生体情報を用いて生体認証を行う、認証サーバと、
     前記生体認証による認証成功者にサービスを提供するための個人情報を記憶すると共に、前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可した個人情報を含む行動情報を前記情報サーバに送信する、管理サーバと、
     を含む、認証システム。     Information server and
    An authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information.
    The personal information for providing the service to the successful authentication person by biometric authentication is stored, and among the personal information of the successful authentication person to which the service is provided, the individual who the successful authentication person permits to provide to a third party. A management server that sends behavioral information including information to the information server,
    Including authentication system.
  2.  前記認証成功者が所持する端末をさらに含み、
     前記管理サーバは、前記認証成功者に対してサービスの提供が終了すると、前記端末に対して、個人情報の提供可否に関する照会であって、自装置に記憶された個人情報のリストを含む照会を送信し、
     前記端末は、前記個人情報のリストを用いて、前記認証成功者が前記第三者に提供を許可する個人情報の種類を入力するためのGUIを生成する、請求項1に記載の認証システム。     Including the terminal owned by the successful authentication person,
    When the provision of the service to the successful authentication person is completed, the management server makes an inquiry to the terminal regarding whether or not the personal information can be provided, and includes an inquiry including a list of personal information stored in the own device. Send and
    The authentication system according to claim 1, wherein the terminal uses the list of personal information to generate a GUI for the successful authentication person to input the type of personal information permitted to be provided to the third party.
  3.  前記管理サーバは、前記端末から前記個人情報の提供可否に関する照会に対する肯定応答を受信すると、前記行動情報を前記情報サーバに送信する、請求項2に記載の認証システム。 The authentication system according to claim 2, wherein when the management server receives an acknowledgment to an inquiry regarding whether or not the personal information can be provided from the terminal, the management server transmits the action information to the information server.
  4.  前記管理サーバは、前記認証成功者が第三者への提供を許可した個人情報と、前記認証成功者に対して提供されたサービスの概略に関する概略情報と、を含む前記行動情報を前記情報サーバに送信する、請求項1乃至3のいずれか一項に記載の認証システム。 The management server uses the information server to provide the behavioral information including personal information that the successful authentication person has authorized to provide to a third party and outline information about the outline of the service provided to the successful authentication person. The authentication system according to any one of claims 1 to 3 to be transmitted to.
  5.  前記情報サーバは、前記認証成功者から提供された個人情報の種類に応じて前記認証成功者に支払う対価を決定する、請求項1乃至4のいずれか一項に記載の認証システム。 The authentication system according to any one of claims 1 to 4, wherein the information server determines the consideration to be paid to the successful authentication person according to the type of personal information provided by the successful authentication person.
  6.  前記管理サーバは、前記対価を受け取るための対価受取情報を記憶し、
     前記情報サーバは、前記認証成功者に支払う対価を前記管理サーバに通知し、
     前記管理サーバは、前記認証成功者の前記対価受取情報に基づき前記通知された対価を支払う、請求項5に記載の認証システム。     The management server stores the consideration receipt information for receiving the consideration, and the management server stores the consideration receipt information.
    The information server notifies the management server of the consideration to be paid to the successful authentication person, and the information server notifies the management server.
    The authentication system according to claim 5, wherein the management server pays the notified consideration based on the consideration receipt information of the authentication successful person.
  7.  前記端末は、前記第三者に個人情報を提供することで得られる対価が表示されたGUIを生成する、請求項2又は3に記載の認証システム。 The authentication system according to claim 2 or 3, wherein the terminal generates a GUI displaying the consideration obtained by providing personal information to the third party.
  8.  前記端末は、前記第三者への提供が許可された個人情報の種類それぞれについて提供データの提供期間を入力するためのGUIを生成する、請求項2、3又は7のいずれか一項に記載の認証システム。 The terminal according to any one of claims 2, 3 or 7, which generates a GUI for inputting a provision period of provided data for each type of personal information permitted to be provided to the third party. Authentication system.
  9.  前記情報サーバは、前記提供された個人情報の種類と、前記提供された個人情報の種類それぞれについてのデータの提供期間の長さと、に応じて前記認証成功者に支払う対価を決定する、請求項5に記載の認証システム。 The information server determines the type of personal information provided, the length of the data provision period for each of the types of personal information provided, and the consideration paid to the successful authentication person. The authentication system according to 5.
  10.  前記端末は、複数の前記第三者それぞれについて個人情報の提供を許可するか否かを入力するためのGUIを生成する、請求項2、3、7又は8のいずれか一項に記載の認証システム。 The authentication according to any one of claims 2, 3, 7 or 8, wherein the terminal generates a GUI for inputting whether or not to permit the provision of personal information to each of the plurality of third parties. system.
  11.  前記管理サーバと接続され、被認証者の生体情報を取得し、前記認証成功者にサービスを提供する認証端末をさらに含み、
     前記認証端末は、前記認証成功者に対してサービスの提供を終了すると、前記認証成功者が前記第三者に提供を許可する個人情報の種類を入力するためのGUIを生成する、請求項1に記載の認証システム。     It further includes an authentication terminal that is connected to the management server, acquires biometric information of the authenticated person, and provides a service to the authenticated successful person.
    When the authentication terminal ends the provision of the service to the authentication successful person, the authentication terminal generates a GUI for inputting the type of personal information that the authentication successful person permits to provide to the third party, claim 1. Authentication system described in.
  12.  前記生体情報は、顔画像又は前記顔画像から生成された特徴量である、請求項1乃至11のいずれか一項に記載の認証システム。 The authentication system according to any one of claims 1 to 11, wherein the biometric information is a face image or a feature amount generated from the face image.
  13.  生体認証による認証成功者にサービスを提供するための個人情報を記憶する管理サーバと接続され、
     前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可する個人情報を入力するためのGUIを生成する、端末。     Connected to a management server that stores personal information for providing services to successful biometric authentication
    A terminal that generates a GUI for inputting personal information of a successful authentication person to whom the service is provided, which is permitted to be provided to a third party by the successful authentication person.
  14.  情報サーバと、
     複数の利用者それぞれの生体情報を記憶し、前記記憶された生体情報を用いて生体認証を行う、認証サーバと、に接続され、
     前記生体認証による認証成功者にサービスを提供するための個人情報を記憶すると共に、前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可した個人情報を含む行動情報を前記情報サーバに送信する、管理サーバ。     Information server and
    It is connected to an authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information.
    The personal information for providing the service to the successful authentication person by the biometric authentication is stored, and among the personal information of the successful authentication person to which the service is provided, the individual who the successful authentication person permits to provide to a third party. A management server that sends behavioral information including information to the information server.
  15.  情報サーバと、
     複数の利用者それぞれの生体情報を記憶し、前記記憶された生体情報を用いて生体認証を行う、認証サーバと、に接続された管理サーバにおいて、
     前記生体認証による認証成功者にサービスを提供するための個人情報を記憶し、
     前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可した個人情報を含む行動情報を前記情報サーバに送信する、個人情報提供方法。     Information server and
    In a management server connected to an authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information.
    Store personal information for providing services to those who have succeeded in biometric authentication.
    A method for providing personal information, in which behavioral information including personal information of a successful authentication person to whom the service is provided is permitted to be provided to a third party is transmitted to the information server.
  16.  情報サーバと、
     複数の利用者それぞれの生体情報を記憶し、前記記憶された生体情報を用いて生体認証を行う、認証サーバと、に接続された管理サーバに搭載されたコンピュータに、
     前記生体認証による認証成功者にサービスを提供するための個人情報を記憶する処理と、
     前記サービスが提供された認証成功者の個人情報のうち前記認証成功者が第三者への提供を許可した個人情報を含む行動情報を前記情報サーバに送信する処理と、
     を実行させるためのプログラムを記憶する、コンピュータ読取可能な記憶媒体。     Information server and
    A computer installed in a management server connected to an authentication server that stores biometric information of each of a plurality of users and performs biometric authentication using the stored biometric information.
    The process of storing personal information for providing services to those who have succeeded in biometric authentication,
    A process of transmitting behavioral information including personal information of a successful authentication person to whom the service is provided, including personal information that the successful authentication person has permitted to be provided to a third party, to the information server.
    A computer-readable storage medium that stores programs for executing.
PCT/JP2020/032371 2020-08-27 2020-08-27 Authentication system, terminal, management server, personal information providing method, and storage medium WO2022044205A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2022545002A JPWO2022044205A5 (en) 2020-08-27 Authentication system, terminal, management server, personal information providing method and program
PCT/JP2020/032371 WO2022044205A1 (en) 2020-08-27 2020-08-27 Authentication system, terminal, management server, personal information providing method, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/032371 WO2022044205A1 (en) 2020-08-27 2020-08-27 Authentication system, terminal, management server, personal information providing method, and storage medium

Publications (1)

Publication Number Publication Date
WO2022044205A1 true WO2022044205A1 (en) 2022-03-03

Family

ID=80354874

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/032371 WO2022044205A1 (en) 2020-08-27 2020-08-27 Authentication system, terminal, management server, personal information providing method, and storage medium

Country Status (1)

Country Link
WO (1) WO2022044205A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016091067A (en) * 2014-10-29 2016-05-23 ソフトバンク株式会社 Individual information distribution method, individual information distribution system and individual information distribution provider device
JP2018155570A (en) * 2017-03-17 2018-10-04 本田技研工業株式会社 Information provision on-vehicle device, information provision system, and information provision program

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016091067A (en) * 2014-10-29 2016-05-23 ソフトバンク株式会社 Individual information distribution method, individual information distribution system and individual information distribution provider device
JP2018155570A (en) * 2017-03-17 2018-10-04 本田技研工業株式会社 Information provision on-vehicle device, information provision system, and information provision program

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
AKIYAMA, HIROKOET ET AL.: "Design and implementation of personal activity information storing feature in information bank system", IPSJ SYMPOSIUM SERIES, vol. 2013, no. 2, 3 July 2013 (2013-07-03), pages 1953 - 1957, XP55909344, ISSN: 1882-0840 *

Also Published As

Publication number Publication date
JPWO2022044205A1 (en) 2022-03-03

Similar Documents

Publication Publication Date Title
US20210224795A1 (en) Escrow non-face-to-face cryptocurrency transaction device and method using phone number
CN107735999A (en) The certification for passing through multiple approach based on functions of the equipments and user's request
WO2020246403A1 (en) Information processing device and information processing method
JP4413575B2 (en) Information processing apparatus that supports integrated management of account service information, integrated management method of account service information, program, and recording medium
JP7171504B2 (en) Personal information management server, personal information management method and personal information management system
WO2021214970A1 (en) Information processing device, system, facial image updating method, and storage medium
JP2015082140A (en) Onetime password issuing device, program, and onetime password issuing method
JPWO2004053759A1 (en) Personal information management system, mediation system, and terminal device
WO2022137954A1 (en) Authentication server, authentication system, and authentication server control method and storage medium
JP6871296B2 (en) Mediation server, program, and information processing method
WO2022044205A1 (en) Authentication system, terminal, management server, personal information providing method, and storage medium
WO2021260856A1 (en) Authentication system, authentication server, registration method, and storage medium
WO2022118639A1 (en) Authentication server, system, authentication server control method, and recording medium
WO2021255821A1 (en) Authentication server, facial image update recommendation method and storage medium
WO2022024281A1 (en) Authentication server, authentication system, authentication request processing method, and storage medium
JP7124979B2 (en) Server device, authentication system, authentication method, program and method
WO2021240749A1 (en) Server device, system, subsidy application method, and non-transitory computer-readable medium
WO2021214969A1 (en) Authentication system, terminal, control method for terminal, and storage medium
JP2002229956A (en) Biometrics certification system, biometrics certification autority, service provision server, biometrics certification method and program, and service provision method and program
JP6445725B1 (en) Authentication system
WO2022190344A1 (en) System and proxy payment method
WO2022190345A1 (en) System and method
WO2022185542A1 (en) Server device, terminal, system, server control method, and storage medium
JP7458270B2 (en) User authentication support device
JP7363982B2 (en) Authentication terminal, authentication terminal control method and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20951458

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2022545002

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20951458

Country of ref document: EP

Kind code of ref document: A1