WO2022044274A1 - Authentication control device, authentication system, authentication control method, and non-transitory computer-readable medium - Google Patents

Authentication control device, authentication system, authentication control method, and non-transitory computer-readable medium Download PDF

Info

Publication number
WO2022044274A1
WO2022044274A1 PCT/JP2020/032660 JP2020032660W WO2022044274A1 WO 2022044274 A1 WO2022044274 A1 WO 2022044274A1 JP 2020032660 W JP2020032660 W JP 2020032660W WO 2022044274 A1 WO2022044274 A1 WO 2022044274A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
biometric
user
biometric authentication
biometric information
Prior art date
Application number
PCT/JP2020/032660
Other languages
French (fr)
Japanese (ja)
Inventor
秀典 北方
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to PCT/JP2020/032660 priority Critical patent/WO2022044274A1/en
Priority to JP2022545212A priority patent/JPWO2022044274A5/en
Publication of WO2022044274A1 publication Critical patent/WO2022044274A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • This disclosure relates to an authentication control device, an authentication system, an authentication control method, and a non-temporary computer-readable medium.
  • biometric authentication has been used in various scenes.
  • biometric authentication methods such as face recognition and iris recognition is expected.
  • Patent Document 1 discloses an authentication system that is installed at the entrance of a special area provided inside a closed space and controls admission by face recognition.
  • the authentication system of Patent Document 1 aims to speed up the face authentication process by narrowing down the search range of the face image to be searched based on the collation result of the identification information obtained from the ID card of the visitor. There is.
  • Patent Document 2 discloses a hotel system that determines whether or not to enter a room by collating the face information of the user.
  • the user can enter the room without carrying the room key.
  • Patent Document 3 discloses a biometric authentication device that uses a user's fingerprint and a vein of the palm as biometric information. In this way, by using a plurality of biometric information, it is possible to more reliably confirm the identity of the user.
  • This disclosure is made to solve such a problem, and is an authentication control device, an authentication system, an authentication control method, and a non-authentication control device, which can reduce a decrease in user convenience in multimodal authentication.
  • the purpose is to provide a temporary computer-readable medium.
  • the authentication control device is A biometric information acquisition means for acquiring the first biometric information and the second biometric information of a predetermined user, and An authentication control means for controlling at least one of a first biometric authentication using the first biometric information and a second biometric authentication using the second biometric information.
  • a determination means for determining whether or not to use the result of the other biometric authentication. It is equipped with.
  • the authentication system for this disclosure is An authentication terminal that acquires multiple types of biometric information from a given user
  • the authentication control device connected to the authentication terminal and Equipped with The authentication control device is The first biometric information and the second biometric information of the user are acquired from the authentication terminal, and the user's first biometric information and the second biometric information are acquired. At least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information is controlled. When at least one of the first biometric authentication and the second biometric authentication is successful, it is determined whether or not to use the result of the other biometric authentication.
  • the authentication control method for this disclosure is The computer Acquire the first biometric information and the second biometric information of a predetermined user, At least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information is controlled. When at least one of the first biometric authentication and the second biometric authentication is successful, it is determined whether or not to use the result of the other biometric authentication.
  • Non-temporary computer-readable media containing the authentication control program for this disclosure may be used.
  • the biometric information acquisition process for acquiring the first biometric information and the second biometric information of a predetermined user, and Authentication control processing that controls at least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information, and When at least one of the first biometric authentication and the second biometric authentication is successful, a determination process for determining whether or not to use the result of the other biometric authentication, and Is to be executed by the computer.
  • an authentication control device it is possible to provide an authentication control device, an authentication system, an authentication control method, and a non-temporary computer-readable medium that can reduce the deterioration of user convenience in multimodal authentication.
  • FIG. It is a block diagram which shows the structure of the authentication control apparatus which concerns on Embodiment 1.
  • FIG. It is a flowchart which shows the process of the authentication control apparatus which concerns on Embodiment 1.
  • FIG. It is a block diagram which shows the structure of the authentication system which concerns on Embodiment 2.
  • FIG. It is a flowchart which shows the biometric information registration process of the authentication apparatus which concerns on Embodiment 2.
  • FIG. It is a block diagram which shows the structure of the authentication terminal which concerns on Embodiment 2.
  • FIG. It is a block diagram which shows the structure of the authentication control apparatus which concerns on Embodiment 2.
  • FIG. It is a figure which shows an example of the biometric authentication system used in the authentication control system which concerns on Embodiment 2.
  • FIG. It is a flowchart which shows the process of the authentication control apparatus which concerns on Embodiment 2.
  • FIG. It is a block diagram which shows the structure of the authentication control apparatus which concerns on Embodiment 5.
  • FIG. 1 is a block diagram showing a configuration of the authentication control device 10 according to the present embodiment.
  • the authentication control device 10 includes a biometric information acquisition unit 11, an authentication control unit 12, and a determination unit 13.
  • the biometric information acquisition unit 11 acquires the first biometric information and the second biometric information of a predetermined user.
  • the authentication control unit 12 controls at least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information. If at least one of the first biometric authentication and the second biometric authentication is successful, the determination unit 13 determines whether or not to use the result of the other biometric authentication.
  • the determination unit 13 determines the success or failure of the executed biometric authentication as "one".
  • "using the result of the other biometric authentication” includes, for example, providing services and performing various controls according to the result.
  • the authentication control unit 12 may control (execute) the biometric authentication of the other.
  • FIG. 2 is a flowchart showing the flow of the authentication control method according to the first embodiment.
  • the biometric information acquisition unit 11 acquires the first biometric information and the second biometric information of a predetermined user (S11).
  • the authentication control unit 12 controls at least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information (S12).
  • the determination unit 13 determines whether or not to use the result of the other biometric authentication (S14).
  • both the first and second biometric authentications fail (No in S13)
  • the authentication control device 10 ends the process.
  • the authentication control device 10 As described above, according to the authentication control device 10 according to the present embodiment, if at least one of the first biometric authentication and the second biometric authentication is successful, the result of the other biometric authentication is used. Since it is determined whether or not it is, it is possible to reduce the deterioration of user convenience in multimodal authentication.
  • the authentication control device 10 includes a processor, a memory, and a storage device as a configuration (not shown). Further, the storage device stores a computer program in which the processing of the authentication control method according to the first embodiment is implemented. Then, the processor reads the computer program from the storage device into the memory and executes the computer program. As a result, the processor realizes the functions of the biometric information acquisition unit 11, the authentication control unit 12, and the determination unit 13.
  • the biometric information acquisition unit 11, the authentication control unit 12, and the determination unit 13 may each be realized by dedicated hardware.
  • a part or all of each component of each device may be realized by a general-purpose or dedicated circuitry, a processor, or a combination thereof. These may be composed of a single chip or may be composed of a plurality of chips connected via a bus. A part or all of each component of each device may be realized by the combination of the circuit or the like and the program described above.
  • a processor a CPU (Central Processing Unit), a GPU (Graphics Processing Unit), an FPGA (field-programmable gate array), or the like can be used.
  • each component of the authentication control device 10 when a part or all of each component of the authentication control device 10 is realized by a plurality of information processing devices and circuits, the plurality of information processing devices and circuits may be centrally arranged. It may be distributed.
  • the information processing device, the circuit, and the like may be realized as a form in which each is connected via a communication network, such as a client-server system and a cloud computing system.
  • the function of the authentication control device 10 may be provided in the SaaS (Software as a Service) format.
  • FIG. 3 is a block diagram showing the overall configuration of the authentication system 1000 according to the second embodiment.
  • the authentication system 1000 includes an authentication device 100, an authentication control device 200, and authentication terminals 400a to 400g.
  • Each of the authentication device 100, the authentication control device 200, and the authentication terminals 400a to 400g is connected via the network N.
  • the network N is a wired or wireless communication line.
  • the authentication terminals 400a to 400g are installed at places in the hotel where biometric authentication is required.
  • Each authentication terminal 400 performs biometric authentication to the user U in each application and installation location.
  • Each authentication terminal 400 supports multimodal authentication, and for example, authentication can be performed by either face authentication or iris authentication.
  • Each authentication terminal 400 is, for example, a digital signage, and includes a display unit 440 that displays a display prompting the user U for biometric authentication and a display indicating the result of the authentication result.
  • the user U who is a customer of the hotel will be described as the user U1.
  • the user U1 registers in advance the information necessary for accommodation (accommodation date, name, contact information, etc.) in the authentication control device 200 through a reservation web site or the like. Further, the authentication control device 200 stores that the user U1 is a customer in association with the user ID as an attribute of the user U1. Further, the user U1 registers the face image of the user U1 in the authentication device 100 in advance through a reservation web site or the like. As a result, the user U1 can use face recognition in the hotel.
  • the authentication terminals 400a to 400g collate the face image registered in the authentication device 100 in advance with the face image taken in the hotel by comparing their characteristic information, and perform biometric authentication for the user U1.
  • the user U1 can receive a predetermined service in the hotel.
  • the user U1 may register the iris image together with the face recognition image in advance, but since a dedicated camera (infrared camera) is required to acquire the iris image, the user U1 is only the face image here. Will be explained as if it were registered in advance. Therefore, the user U1 registers only the face image by himself / herself from the web site or the like in advance, and registers the iris image by using the authentication terminal 400 after visiting the hotel.
  • the user U1 may register in advance whether or not he / she agrees to use the iris authentication including the shooting of the iris at the time of making an accommodation reservation. This makes it possible to promptly carry out the iris registration procedure after visiting the museum.
  • the authentication terminal 400a installed at the entrance performs biometric authentication to the user U1.
  • the authentication terminal 400a can urge the user U1 to perform face authentication by displaying a message on the display unit 440 or the like. Further, the authentication terminal 400a may provide guidance to the user U1 by voice along with a display by a speaker or the like.
  • the authentication terminal 400a photographs the face of the user U1 with a built-in camera, and authenticates the face of the user U1 using the captured face image. Specifically, the authentication terminal 400a transmits a biometric authentication request to the authentication control device 200 together with the captured face image.
  • the authentication control device 200 receives the biometric authentication request from the authentication terminal 400a, performs a predetermined process, and transmits the biometric authentication request to the authentication device 100.
  • the authentication device 100 receives a biometric authentication request from the authentication control device 200, performs biometric authentication, and returns the result to the authentication control device 200.
  • the authentication control device 200 returns the result to the authentication terminal 400a.
  • the authentication terminal 400a can receive the authentication result for the user U1. More details about these processes will be described later.
  • the authentication terminal 400a displays a message such as "Successful face authentication” or "Welcome, Mr. XX” on the display unit 440.
  • the user U1 can grasp that the face authentication has been successful from the face image registered at the time of reservation.
  • the user U1 performs the check-in procedure at the authentication terminal 400b installed at the counter.
  • the authentication terminal 400b photographs the face of the user U1 with the built-in camera, and performs face authentication of the user U1 based on the captured face image. If the face recognition is successful, the employee at the counter performs the check-in procedure for the user U1. Subsequently, the authentication terminal 400b displays a display prompting the user U1 to take an iris in order to use the iris authentication in the scene of providing various services in the hall.
  • the authentication terminal 400b will display a message such as "Next, the iris registration process will be performed based on the permission to use the iris authentication.” It is displayed on the display unit 440 and the iris of the user U1 is photographed. If the user U1 does not consent to the use of iris authentication in advance, the authentication terminal 400b displays necessary items on the display unit 440 and confirms to the user U1 whether or not he / she agrees to use the iris recognition. .. The user U1 answers whether or not he / she agrees with the iris authentication by, for example, pressing a button displayed on the display unit 440. When the user U1 agrees to shoot the iris, the authentication terminal 400b shoots the iris of the user U1 by the built-in infrared camera.
  • the captured iris image is stored in the authentication device 100 in association with the user ID and the like via the network N.
  • the user U1 can use the iris authentication in the subsequent procedures. Therefore, the user U1 can not only use face authentication and iris authentication independently, but can also handle the case where multimodal authentication using a plurality of authentication methods is required.
  • the iris registration process may be performed on any authentication terminal 400 other than the authentication terminal 400b.
  • a message such as "Iris authentication is available. Please register the iris.” Is displayed to the user U1 who has not registered the iris. It may be displayed on the unit 440 to prompt the user U1 to register the iris.
  • the authentication terminal 400 may not perform the above display for the user U who has input that he / she does not agree to use the iris authentication.
  • the user U1 After completing the check-in procedure, the user U1 performs biometric authentication using the authentication terminal 400c at the entrance of the accommodation building when moving from the entrance to the accommodation building. Multimodal certification is performed here because access to the accommodation building needs to be strictly controlled.
  • the authentication terminal 400c performs face authentication and iris authentication to the user U1. If the authentication is successful, the door to the accommodation building opens and the user U1 can enter the accommodation building.
  • the display unit 440 displays a message such as "Mr. XX, face authentication and iris authentication have been successful.”
  • the user U1 enters the accommodation room reserved by himself / herself.
  • authentication terminals 400d to 400f are installed at the entrances of the rooms A to C, respectively.
  • the user U1 authenticates with the authentication terminal 400 installed in front of the room reserved by the user U1. Since strict identity verification is performed by multimodal authentication at the entrance of the accommodation building, user U1 is authenticated only by face authentication here.
  • the user U1 authenticates at the authentication terminal 400d installed in front of the room A. If the face recognition is successful, the room A is unlocked and the user U1 can enter the room A. If the user U1 tries to authenticate with the authentication terminal 400 installed in front of the room where he / she is not planning to stay, the authentication fails. In this case, the authentication terminal 400 may display the fact that the authentication has failed on the display unit 440 and prompt the user U1 to confirm the room number.
  • the authentication terminal 400g installed at the souvenir shop's cash register performs multimodal authentication using face authentication and iris authentication.
  • the user U1 is authenticated by the authentication terminal 400b installed at the counter, as at the time of check-in. Since check-out involves payment of accommodation charges, etc., multi-modal authentication by face authentication and iris authentication is performed as in the case of souvenir shops.
  • User U who is an employee, will be described as user U2.
  • the user U2 takes an image of the face and the iris using the authentication terminal 400 or the like, and registers these biometric information in the authentication device 100 in advance.
  • the user U2 can use face authentication and iris authentication at each authentication terminal 400 in the hotel.
  • the authentication control device 200 stores that the user U2 is an employee in association with the user ID as an attribute of the user U2.
  • biometric authentication is performed at each authentication terminal 400 as in the case of the user U1.
  • the biometric authentication method used differs between the user U1 who is a customer and the user U2 who is an employee. The details of the specific processing will be described later, and the differences due to the attributes of the user U will be described below.
  • FIG. 9 is a diagram showing an example of biometric authentication required according to the attribute of the user U and the installation location of the authentication terminal 400.
  • the upper part of the table shown in FIG. 9 shows the biometric authentication required for the user U1 already described.
  • the authentication method in the accommodation building or the accommodation room is different between the user U1 and the user U2, for example.
  • authentication is performed using face authentication and iris authentication at the authentication terminal 400c at the entrance of the accommodation building.
  • user U2 can pass through the same accommodation building entrance only with successful iris recognition. Therefore, the user U2 can enter the accommodation building from the entrance even if he / she is wearing a mask, for example.
  • the display unit 440 displays a message such as "Employee ID: XX number ⁇ -san iris authentication succeeded.”
  • the user U1 can enter the room A only by face authentication, whereas the user U2 needs to succeed in face authentication and iris authentication in order to enter the rooms A to C. be.
  • the user U2 only performs face recognition at the entrance of the accommodation building, so that it is necessary to strictly confirm the identity when entering the accommodation room.
  • the number and method of biometric authentication performed by each authentication terminal 400 can be determined according to the attribute of the user U, the installation location of the authentication terminal 400, and the use of biometric authentication. Can be decided. As a result, multimodal authentication can be appropriately performed without deteriorating the convenience of the user U.
  • the authentication device 100 collates the images such as faces and irises included in the request or the biometric information of these with the biometric information of each user U, and collates the result (the collation result ( It is an information processing device that returns the authentication result) to the requester.
  • the authentication device 100 stores biometric information of a plurality of users U. Further, the authentication device 100 can store a plurality of biological feature information for one user U and perform authentication using each biological feature information.
  • the biometric information is the characteristic information of the biometric information used for biometric authentication.
  • the biological information is, for example, a face, an iris, a fingerprint, a vein, or the like. In the second embodiment, face authentication and iris authentication are used as an example of biometric authentication.
  • FIG. 4 is a block diagram showing the configuration of the authentication device 100 according to the second embodiment.
  • the authentication device 100 includes a biometric information DB (DataBase) 110, a detection unit 120, a feature point extraction unit 130, a registration unit 140, and an authentication unit 150.
  • DataBase biometric information DB
  • the biometric information DB 110 stores the user ID 111, the biometric information 112 of the user ID, and the biometric authentication method 113 in association with each other.
  • the biological feature information 112 is a set of feature points extracted from a face image or an iris image.
  • the biometric authentication method 113 is an authentication method such as face authentication, iris authentication, and vein authentication.
  • the authentication device 100 may delete the biological feature information 112 in the biological information DB 110 in response to a request from the registered user U of the biological feature information 112. Alternatively, the authentication device 100 may be deleted after a certain period of time has elapsed from the registration of the biological feature information 112.
  • the detection unit 120 detects a face or iris region included in the registered image for registering biological information, and outputs the region to the feature point extraction unit 130.
  • the feature point extraction unit 130 extracts feature points from the face region or the like detected by the detection unit 120, and outputs biological feature information to the registration unit 140. Further, the feature point extraction unit 130 extracts feature points included in a face image or the like received from the authentication control device 200, and outputs biological feature information to the authentication unit 150.
  • the registration unit 140 newly issues the user ID 111 when registering the biological feature information.
  • the registration unit 140 registers the issued user ID 111 and the biological feature information 112 extracted from the registered image in the biological information DB 110 in association with each other.
  • the authentication unit 150 performs biometric authentication using the biometric information 112. Specifically, the authentication unit 150 collates the biological feature information extracted from the face image or the like with the biological feature information 112 in the biological information DB 110.
  • the authentication unit 150 returns to the authentication control device 200 whether or not the biological feature information matches.
  • the presence or absence of matching of biological feature information corresponds to the success or failure of authentication.
  • the fact that the biological feature information matches (with matching) means that the degree of matching is equal to or higher than a predetermined value.
  • FIG. 5 is a flowchart showing the flow of the biometric information registration process according to the second embodiment.
  • the authentication device 100 acquires the registered image included in the biometric information registration request (S21).
  • the authentication device 100 receives a biometric information registration request from an authentication terminal 400, an accommodation web site, or the like via a network N.
  • the detection unit 120 detects a face region or the like included in the registered image (S22).
  • the feature point extraction unit 130 extracts feature points from the face region or the like detected in step S22, and outputs biological feature information to the registration unit 140 (S23).
  • the registration unit 140 issues the user ID 111 and registers the user ID 111, the biometric information 112, and the biometric authentication method 113 in the biometric information DB 110 in association with each other (S24).
  • the authentication device 100 may receive the biometric information 112 from a terminal or the like owned by the user U, and may register the biometric information 112 in the biometric information DB 110 in association with the user ID 111 and the biometric authentication method 113.
  • FIG. 6 is a flowchart showing the flow of biometric authentication processing by the authentication device 100 according to the second embodiment.
  • the feature point extraction unit 130 acquires a face image or the like for authentication included in the biometric authentication request (S31).
  • the authentication device 100 receives a biometric authentication request from the authentication control device 200 via the network N, and extracts biometric characteristic information from the biometric image included in the biometric authentication request as in steps S21 to S23.
  • the authentication device 100 may receive biometric information from the authentication control device 200.
  • the authentication unit 150 collates the acquired biological characteristic information with the biological characteristic information 112 of the biological information DB 110 (S32).
  • the biometric information matches that is, when the degree of matching of the biometric information is equal to or higher than a predetermined value (Yes in S33)
  • the authentication unit 150 identifies the user ID 111 of the user U whose biometric information matches (S34).
  • the authentication unit 150 returns the user ID 111 specified that the biometric authentication was successful to the authentication control device 200 (S35).
  • the authentication unit 150 returns to the authentication control device 200 that the biometric authentication has failed (S36).
  • the authentication unit 150 does not need to try to collate with all the biological feature information 112 in the biological information DB 110.
  • the authentication unit 150 can receive the biometric authentication request including the biometric authentication method 113, and can perform collation from those that match the biometric authentication method 113.
  • the authentication unit 150 may preferentially try to collate with the biometric characteristic information registered in the period from the day when the biometric authentication request is received to several days before. These can improve the collation speed. Further, when the above-mentioned priority collation fails, it is advisable to collate with all the remaining biological characteristic information.
  • FIG. 7 is a block diagram showing the configuration of the authentication terminal 400 according to the second embodiment. Since the authentication terminals 400a to 400g are the same as the authentication terminal 400, their illustrations are omitted.
  • the authentication terminal 400 includes a first camera 410, a second camera 411, a storage unit 420, a communication unit 430, a display unit 440, and a control unit 450.
  • the first camera 410 and the second camera 411 are photographing devices that take pictures under the control of the control unit 450.
  • the first camera 410 photographs the face of the user U
  • the second camera 411 photographs the iris of the user U.
  • the second camera 411 is an infrared camera capable of photographing an iris.
  • the storage unit 420 is a storage device that stores a program for realizing each function of the authentication terminal 400.
  • the communication unit 430 is a communication interface with the network N.
  • the display unit 440 is at least a display device. Further, the display unit 440 may be an input / output unit including a display device and an input device, for example, a touch panel.
  • the control unit 450 controls the hardware of the authentication terminal 400.
  • the control unit 450 includes a shooting control unit 451, a registration unit 452, an authentication control unit 453, and a display control unit 454.
  • the shooting control unit 451 controls the first camera 410 and the second camera 411, and shoots the registered image or the authentication image of the user U.
  • the registered image and the authentication image taken by the first camera 410 and the second camera 411 are images including at least the face region and the iris region of the user U, respectively.
  • the shooting control unit 451 outputs the registered image to the registration unit 452. Further, the photographing control unit 451 outputs the authentication image to the authentication control unit 453.
  • the registration unit 452 transmits a biometric information registration request including a registered image to the authentication device 100 via the network N.
  • the authentication control unit 453 transmits a biometric authentication request including an authentication image to the authentication control device 200 via the network N. Further, the authentication control unit 453 transmits the place ID for identifying the installed place and the use of the biometric authentication to the authentication control device 200 including the use of the biometric authentication in the biometric authentication request. Uses include, for example, information on whether or not to include payment processing and identity verification. Further, the authentication control unit 453 may include the terminal ID that identifies the authentication terminal 400 in the biometric authentication request and transmit it to the authentication control device 200 instead of the place ID. In that case, the authentication control device 200 associates the terminal ID of the authentication terminal 400 with the location ID of the installation location of the authentication terminal 400 and stores it in the storage unit 210 in advance. As a result, the authentication control device 200 can refer to the storage unit 210 and acquire the location ID of the authentication terminal 400 based on the terminal ID included in the received biometric authentication request.
  • the authentication control unit 453 receives the biometric authentication result and outputs the biometric authentication result to the display control unit 454. If the authentication result is successful, the authentication control unit 453 outputs an instruction signal for executing the service to the control device of the predetermined service.
  • the predetermined service is, for example, opening / closing a door (gate), unlocking a lock, executing a payment process, executing a check-in process, executing a check-out process, and the like.
  • predetermined services include various services provided according to the success of user U authentication. As a result, the user U can receive the provision of a predetermined service requested to be authenticated, such as entering the accommodation room and payment processing, by using the result of the biometric authentication.
  • the display control unit 454 displays the display content according to the biometric authentication result on the display unit 440.
  • the display control unit 454 displays, for example, to the user U that the authentication has succeeded or failed. Further, the display control unit 454 may display the biometric authentication method, the name of the user U, and the like on the display unit 440 together with the authentication result. For example, the display control unit 454 displays "Mr. XX, face authentication succeeded.”, "Mr. XX, face authentication and iris authentication succeeded.” Information such as the name may be hidden or in a format that cannot identify an individual, if necessary.
  • the display control unit 454 displays information such as the employee ID and affiliation, for example, "Employee ID: XX number ⁇ -san, iris authentication was successful.” It may be displayed at the same time. In addition to these, the display control unit 454 may guide the user U to perform operations necessary for biometric authentication (remove the mask, turn the face toward the authentication terminal 400, etc.).
  • the authentication control device 200 is an information processing device that controls the biometric authentication process of the user U in the authentication terminal 400.
  • the authentication control device 200 may be redundant to a plurality of servers, or each functional block may be realized by a plurality of computers.
  • the authentication control device 200 receives a biometric authentication request including the biometric information of the user U, the location ID of the authentication terminal 400, and the use of biometric authentication from the authentication terminal 400.
  • the authentication control device 200 determines a first biometric authentication method from a plurality of biometric authentication methods according to the installation location of the authentication terminal 400 or the use of biometric authentication, and makes a first biometric authentication request by the determined method. It is transmitted to the authentication device 100.
  • the authentication control device 200 When the authentication control device 200 receives from the authentication device 100 that the first biometric authentication has been successful, the authentication control device 200 identifies the attribute of the user U. The authentication control device 200 determines whether or not to use the result of the second biometric authentication in consideration of the attribute of the user U in addition to the installation location of the authentication terminal 400 and the use of biometric authentication. When it is determined that the result of the second biometric authentication is used, the authentication control device 200 determines that the second biometric authentication is performed for the user U, and controls the second biometric authentication.
  • the authentication control device 200 transmits the second biometric authentication request to the authentication device 100.
  • the authentication control device 200 receives from the authentication device 100 that the second biometric authentication has been successful, the authentication control device 200 transmits the fact to the authentication terminal 400.
  • FIG. 8 is a block diagram showing the configuration of the authentication control device 200 according to the second embodiment.
  • the authentication control device 200 includes a storage unit 210, a memory 220, a communication unit 230, and a control unit 240.
  • the storage unit 210 is a storage device for a hard disk, a flash memory, or the like.
  • the storage unit 210 stores the program 211, the attribute information 212, and the authentication method information 213.
  • the program 211 is a computer program in which the processing of the authentication control method according to the second embodiment is implemented.
  • the attribute information 212 is the attribute information of each user U. Specifically, the attribute information 212 is information in which the user ID 2121 and the attribute 2122 are associated with each other.
  • the user ID 2121 is information that identifies the user U.
  • the attribute 2122 is information indicating the attribute of the user U, and includes, for example, whether the user is a customer or an employee.
  • the authentication method information 213 is information in which the location ID 2131, the use 2132, the attribute 2133, and the authentication method 2134 are associated with each other. As already described with reference to FIG. 9, the authentication method and the combination thereof performed on the user U are determined according to the installation location of the authentication terminal 400, the use of biometric authentication, and the attributes of the user U. The authentication method information 213 is stored in association with each other.
  • the combination of authentication methods shown in FIG. 9 is an example, and is not limited to this. For example, the number of authentication methods to be combined may be increased or decreased depending on the high accuracy of biometric authentication, or the attributes of the user U may be further subdivided. For example, for employees, the combination of authentication methods may be adjusted according to the position and years of employment, and the application of iris recognition may be changed between those who wear masks less frequently and those who wear masks for cleaning work. May be good.
  • the memory 220 is a volatile storage device such as a RAM (Random Access Memory), and is a storage area for temporarily holding information when the control unit 240 operates.
  • the communication unit 230 is a communication interface with the network N.
  • the control unit 240 is a processor, that is, a control device that controls each configuration of the authentication control device 200.
  • the control unit 240 reads the program 211 from the storage unit 210 into the memory 220, and executes the program 211.
  • the control unit 240 realizes the functions of the biological information acquisition unit 241, the authentication control unit 242, the determination unit 243, and the determination unit 244.
  • the biological information acquisition unit 241 is an example of the above-mentioned biological information acquisition unit 11.
  • the biometric information acquisition unit 241 acquires the first biometric information and the second biometric information of a predetermined user U who performs biometric authentication. Specifically, the biometric information acquisition unit 241 acquires the first and second biometric information from the authentication terminal 400 via the network N.
  • the first and second biometric information is, for example, biometric information of the face and iris of the user U taken by the first camera 410 and the second camera 411.
  • the authentication control unit 242 is an example of the above-mentioned authentication control unit 12.
  • the authentication control unit 242 controls at least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information.
  • the authentication control unit 242 controls the first biometric authentication by using the first biometric information acquired by the biometric information acquisition unit 241.
  • the authentication control unit 242 transmits the first biometric authentication request to the authentication device 100 via the network N.
  • the first biometric authentication request includes the first biometric information.
  • the first biometric authentication method is determined by the determination unit 244, which will be described later.
  • the first biometric authentication request may include information on the first biometric authentication method. This can improve the collation speed in the authentication device 100.
  • the authentication control unit 242 controls the second biometric authentication when it is determined by the determination unit 243, which will be described later, to perform the second biometric authentication for the user U. Specifically, the authentication control unit 242 transmits a second biometric authentication request to the authentication device 100 via the network N.
  • the second biometric authentication request includes the second biometric information of the user U. Similar to the above, the second biometric authentication request may include information on the second biometric authentication method.
  • the determination unit 243 is an example of the determination unit 13 described above. If at least one of the first biometric authentication and the second biometric authentication is successful, the determination unit 13 determines whether or not to use the result of the other biometric authentication. In the present embodiment, the determination unit 243 determines whether or not to use the result of the second biometric authentication when the first biometric authentication is successful. Specifically, the determination unit 243 identifies the attribute of the user U who has succeeded in the first biometric authentication, and determines whether or not to use the result of the second biometric authentication based on the identified attribute. Further, when it is determined that the result of the second biometric authentication is used, the determination unit 243 determines that the second biometric authentication is performed.
  • the determination unit 243 determines whether or not to use the result of the second biometric authentication described above, for example, based on the conditions shown in the table of FIG. That is, the determination unit 243 determines whether or not to use the result of the second biometric authentication according to the attribute of the user U, the installation location of the authentication terminal 400, and the use of the biometric authentication, and then the second biometric authentication. Judge whether or not to perform.
  • the authentication terminal 400 is installed at the entrance of the accommodation building (a common entrance to a plurality of service provision locations for each of a plurality of service recipients of services provided according to the success of authentication). It is assumed that the user U1 has succeeded in face authentication as the first biometric authentication.
  • the determination unit 243 identifies the attribute of the user U1 as a customer (service provider) based on the attribute information 212. Further, the determination unit 243 determines whether or not to use the result of the second biometric authentication for the user U1 with reference to the authentication method information 213 based on the attribute of the specified user U1.
  • the user U1 who is a customer needs not only face authentication but also iris authentication.
  • the determination unit 243 determines that the result of the second biometric authentication is used, and the second biometric authentication is used. It is determined that biometric authentication will be performed. Similarly, when the user U is an employee (service provider), the determination is made based on the authentication method information 213. The determination unit 243 identifies that the attribute of the user U2 is an employee for the user U2 who has succeeded in the iris authentication which is the first biometric authentication, and refers to the authentication method information 213 based on the specified attribute. It is determined that the result of the second biometric authentication is not used for U2, and it is determined that the second biometric authentication is not performed.
  • the authentication terminal 400 is installed in front of the accommodation room (the entrance of the service providing place provided according to the success of biometric authentication), and the user U1 faces as the first biometric authentication. It is assumed that the authentication is successful. Similar to the above, the determination unit 243 identifies the attribute of the user U1 as a customer based on the attribute information 212. Based on the attribute of the specified user U1, the determination unit 243 determines that the result of the second biometric authentication is not used for the user U1 by referring to the authentication method information 213, and also performs the second biometric authentication. Judge not to do.
  • the determination unit 243 identifies the attribute of the user U2 as an employee, and based on the specified attribute, performs the authentication method information 213. It is determined that the result of the second biometric authentication is used by reference. Then, the determination unit 243 determines that the second biometric authentication is performed.
  • a customer who has already performed multimodal authentication at the entrance of the accommodation building can be permitted to enter the room only by face authentication when entering the accommodation room.
  • the determination unit 243 determines that the second biometric authentication is used regardless of the attribute of the user U, and performs the second biometric authentication. You may judge. In the example shown in FIG. 9, in the souvenir shop, a second biometric authentication is required regardless of whether the attribute of the user U is a customer or an employee. As a result, it is possible to perform stricter identity verification for payment processing as compared with the provision of other services.
  • the determination unit 244 determines the first biometric authentication method from a plurality of biometric authentication methods according to the use or installation location of the authentication terminal 400. For example, in the example shown in FIG. 9, iris authentication is required at the entrance of the accommodation building regardless of the attribute of the user U. Therefore, the determination unit 244 decides to use iris recognition as the first biometric authentication method. Similarly, in the accommodation room, the first biometric authentication is determined as face authentication.
  • the determination unit 244 may determine the first biometric authentication method in consideration of the accuracy of the authentication method. For example, even if only face authentication is required as the first biometric authentication, if the user U is wearing a mask and can only acquire the iris image, iris authentication with higher authentication accuracy is determined as the first biometric authentication method. You can do it. Further, in the case where any authentication method may be used and a plurality of biometric information can be acquired from the authentication terminal 400, a plurality of biometric information is acquired and the first biometric method is given priority to a more accurate authentication method. It may be decided as authentication.
  • FIG. 10 is a flowchart showing the flow of the authentication control process according to the second embodiment.
  • the biometric information acquisition unit 241 receives the biometric authentication request from the authentication terminal 400, and acquires the first and second biometric information (S401).
  • the determination unit 244 determines the first biometric authentication method according to the use or installation location of the authentication terminal 400 (S402).
  • the authentication control unit 242 transmits a first biometric authentication request corresponding to the determined first biometric authentication method to the authentication device 100 (S403).
  • the authentication control unit 242 receives the result of the first biometric authentication from the authentication device 100, and determines whether or not the first biometric authentication is successful (S404).
  • the determination unit 243 identifies the attribute of the user U (S405). Further, the determination unit 243 determines whether or not to use the result of the second biometric authentication, and determines whether or not to perform the second biometric authentication according to the determination result (S406). For example, the determination unit 243 makes a determination with reference to the authentication method information 213.
  • the authentication control unit 242 transmits the second biometric authentication request to the authentication device 100 (S407).
  • the authentication control unit 242 receives the result of the second biometric authentication from the authentication device 100, and determines whether or not the second biometric authentication is successful (S408). When the second biometric authentication is successful (Yes in S408), the authentication control unit 242 returns to the authentication terminal 400 that the biometric authentication was successful (S409).
  • step S404 When the first biometric authentication fails in step S404 (No in S404) and when the second biometric authentication fails in step S408 (No in S408), the authentication control unit 242 authenticates that the biometric authentication has failed. Reply to the terminal 400 (S410).
  • step S406 If it is determined in step S406 that the second biometric authentication is not performed (No in S406), the authentication control unit 242 returns to the authentication terminal 400 that the biometric authentication was successful (S409).
  • an instruction signal for executing processing such as opening / closing the door (gate), unlocking the lock, executing payment processing, executing check-in processing, and executing check-out processing is sent from the authentication terminal 400. It is output to the control device of each service. As a result, the user U can receive desired services such as entry into each facility and payment processing.
  • the authentication system 1000 determines whether the attribute of the user U is specified by the success of the first biometric authentication and the result of the second biometric authentication is used based on the specified attribute. It is possible to determine whether or not to perform the second biometric authentication. Further, the first biometric authentication method can be determined according to the use or installation location of the authentication terminal 400. Therefore, for example, even if the user U is wearing a mask, depending on the attributes of the user U, the purpose of use of the authentication terminal 400, and the installation location, the identity verification of the user U can be appropriately performed without removing the mask. It can be carried out.
  • strict identity verification can be performed according to the use of biometric authentication, such as requiring multimodal authentication regardless of the attribute of the user U. From the above, according to the authentication system 1000 according to the present embodiment, it is possible to appropriately confirm the identity while reducing the deterioration of the convenience of the user U in the multimodal authentication.
  • the third embodiment is a modification of the second embodiment described above.
  • the authentication control device 200 first controls the first biometric authentication, and then controls the second biometric authentication according to the success.
  • the authentication control device 200 according to the present embodiment first controls both the first and second biometric authentication, and when at least one of these biometric authentication is successful, the result of the other biometric authentication is obtained. It determines whether or not to use it.
  • FIG. 11 is a flowchart showing the flow of the authentication control process according to the present embodiment.
  • the biometric information acquisition unit 241 receives the biometric authentication request from the authentication terminal 400, and acquires the first and second biometric information (S501).
  • the authentication control unit 242 transmits the first and second biometric authentication requests using the acquired first and second biometric information to the authentication device 100 (S502).
  • the determination unit 244 may determine the first biometric authentication method, but since the first and second biometric authentications are performed together in the present embodiment, the description thereof will be omitted here.
  • the authentication control unit 242 receives the results of the first and second biometric authentications from the authentication device 100, and determines whether or not at least one of the biometric authentications has been successful (S503). If either biometric authentication is successful (Yes in S503), the determination unit 243 identifies the attribute of the user U (S504). Further, the determination unit 243 determines whether or not to use the result of the other biometric authentication based on the specified attribute (S505). For example, the determination unit 243 makes a determination with reference to the authentication method information 213.
  • the authentication control unit 242 determines whether or not the other biometric authentication is successful (S506).
  • the authentication control unit 242 returns to the authentication terminal 400 that the biometric authentication was successful (S507).
  • step S503 When the first biometric authentication fails in step S503 (No of S503) and when the other biometric authentication fails in step S506 (No of S506), the authentication control unit 242 indicates that the biometric authentication has failed. Reply to 400 (S508).
  • step S505 If it is determined in step S505 that the result of the other biometric authentication is not used (No in S505), the authentication control unit 242 returns to the authentication terminal 400 that the biometric authentication was successful (S507). ..
  • the user U can receive the desired service such as opening / closing the door (gate).
  • the first and second biometric authentications are performed together, and when at least one of them succeeds, the attribute of the user U is specified and based on the specified attribute. It is determined whether or not to use the result of the other biometric authentication. For example, it is assumed that the user U performs face recognition and iris recognition when wearing a mask. It is considered that the user U fails in the face recognition and succeeds in the iris recognition. However, due to the success of the iris recognition, the authentication control device 200 identifies the attribute of the user U, and based on the attribute, the result of the face recognition ( Failure) can be determined.
  • the user U receives the desired service even if the face authentication fails by determining that the face authentication result is not used. It becomes possible. Therefore, according to the authentication control device 200 according to the present embodiment, the same effect as that of the second embodiment can be obtained.
  • the fourth embodiment is a modification of the second embodiment described above.
  • the authentication control device 200a according to the present embodiment performs an authentication process for a biometric authentication request received from the authentication terminal 400 without going through the authentication device 100, and returns the result to the authentication terminal 400.
  • FIG. 12 is a block diagram showing the configuration of the authentication control device 200a according to the present embodiment.
  • the authentication control device 200a includes a storage unit 210, a memory 220, a communication unit 230, and a control unit 240.
  • the storage unit 210 further stores the biological information 214 in addition to the program 211, the attribute information 212, and the authentication method information 213.
  • the biometric information 214 corresponds to the biometric information DB 110 of the above-mentioned authentication device 100, and the user ID 2141, the biometric characteristic information 2142, and the biometric authentication method 2143 are stored in association with each other.
  • the biometric information acquisition unit 241a determines whether or not the second biometric information is registered in the biometric information 214 for the user U who has succeeded in the first biometric authentication, and if the second biometric information is not registered, the user U The second biometric information is obtained from. For example, when the user U registers only the face information and the iris information is not registered, the biometric information acquisition unit 241a acquires the iris information of the user U. Then, the biometric information acquisition unit 241a registers the user ID, the registered first biometric information face information, and the acquired second biometric information iris information in association with the biometric information 214.
  • the second biometric information acquisition unit 241a acquires the iris image via the network N.
  • the biometric information acquisition unit 241a also has the functions of the detection unit 120, the feature point extraction unit 130, the registration unit 140, and the authentication unit 150 in the authentication device 100. That is, the biometric information acquisition unit 241a detects the iris region from the iris image included in the biometric information registration request received from the authentication terminal 400, extracts the characteristic information of the iris, and issues the user ID. Further, the biometric information acquisition unit 241a registers the biometric information 214 in which the user ID 2141 is associated with the first and second biometric information 2142 and the biometric authentication method 2143 in the storage unit 210.
  • the authentication control unit 242a performs biometric authentication by collating the feature information extracted from the area such as the face and iris of the user U included in the acquired captured image with the biometric feature information 2142 stored in the storage unit 210. To control. Since the configurations other than the above are the same as those in the second embodiment, their description will be omitted.
  • the same effect as that of the second embodiment can be obtained.
  • the fifth embodiment is a modification of the second embodiment described above.
  • the authentication control device 200b according to the present embodiment has the function of the authentication terminal 400 described in the second embodiment.
  • FIG. 13 is a block diagram showing a configuration of the authentication control device 200b according to the present embodiment.
  • the authentication control device 200b includes a storage unit 210, a memory 220, a communication unit 230, a control unit 240, a first camera 250, a second camera 251 and a display unit. It is equipped with 260. Further, the control unit 240 can realize each function of the photographing control unit 245, the registration unit 246, and the display control unit 248 in addition to the functions described in the second embodiment.
  • the first camera 250, the second camera 251 and the display unit 260 correspond to the first camera 410, the second camera 411, and the display unit 440 in the second embodiment, respectively. That is, the first camera 250 photographs the face of the user U, for example, and the second camera 251 photographs the iris of the user U.
  • the display unit 260 is at least a display device, and may be an output unit including an input device, for example, a touch panel.
  • the biometric information acquisition unit 241b acquires the first and second biometric information of the user U from the face image and the iris image of the user U taken by the first camera 250 and the second camera 251.
  • the shooting control unit 245, the registration unit 246, and the display control unit 248 correspond to the shooting control unit 451, the registration unit 452, and the display control unit 454 described in the second embodiment, respectively.
  • the photographing control unit 245 outputs the registered image to the registration unit 246, but outputs the authentication image to the authentication control unit 242b.
  • the determination unit 244b determines a first biometric authentication method from a plurality of biometric authentication methods according to the application or installation location of the authentication control device 200b.
  • the authentication control unit 242b controls the first biometric authentication corresponding to the determined first biometric authentication method. Since the configurations other than the above are the same as those in the second embodiment, their description will be omitted.
  • the same effect as that of the second embodiment can be obtained.
  • the present invention is not limited to this.
  • the present disclosure can also be realized by causing the CPU to execute a computer program for arbitrary processing.
  • Non-temporary computer-readable media include various types of tangible storage mediums.
  • Examples of non-temporary computer-readable media include magnetic recording media (eg, flexible disks, magnetic tapes, hard disk drives), magneto-optical recording media (eg, magneto-optical disks), CD-ROMs (ReadOnlyMemory), CD-Rs, Includes CD-R / W, DVD (DigitalVersatileDisc), semiconductor memory (eg, mask ROM, PROM (ProgrammableROM), EPROM (ErasablePROM), flash ROM, RAM (RandomAccessMemory)).
  • magnetic recording media eg, flexible disks, magnetic tapes, hard disk drives
  • magneto-optical recording media eg, magneto-optical disks
  • CD-ROMs ReadOnlyMemory
  • CD-Rs Includes CD-R / W, DVD (DigitalVersatileDisc)
  • semiconductor memory eg, mask ROM, PROM (ProgrammableROM), EPROM (ErasablePROM), flash
  • the program may also be supplied to the computer by various types of transient computer readable medium.
  • Examples of temporary computer readable media include electrical, optical, and electromagnetic waves.
  • the temporary computer-readable medium can supply the program to the computer via a wired communication path such as an electric wire and an optical fiber, or a wireless communication path.
  • biometric authentication is not limited to the above embodiment, and can be appropriately modified without departing from the spirit. Further, the present disclosure may be carried out by appropriately combining the respective embodiments.
  • face authentication and iris authentication are used as the first and second biometric authentication methods, but other biometric authentication methods may be used.
  • biometric authentication may be performed using three or more authentication methods.
  • biometric authentication and a technique other than biometric authentication may be combined. For example, in the example shown in FIG. 9, in the authentication in front of the accommodation room, the user U2 who is an employee needs to succeed in face authentication and iris authentication.
  • the authentication terminal 400 photographs, for example, the uniform worn by the user U2 and the name tag of the employee, and determines whether or not the user U2 is an employee by image recognition or the like.
  • the authentication control device 200 may perform only the iris authentication without performing face authentication on the user U2. As a result, for example, even if the user U2 is wearing a mask, it is possible to perform authentication without removing the mask and enter the accommodation room.
  • (Appendix 1) A biometric information acquisition means for acquiring the first biometric information and the second biometric information of a predetermined user, and An authentication control means for controlling at least one of a first biometric authentication using the first biometric information and a second biometric authentication using the second biometric information.
  • An authentication control means for controlling at least one of a first biometric authentication using the first biometric information and a second biometric authentication using the second biometric information.
  • a determination means for determining whether or not to use the result of the other biometric authentication.
  • Authentication control unit (Appendix 2) The authentication control device according to Appendix 1, which controls the biometric authentication of the other, when it is determined that the authentication control means uses the result of the biometric authentication of the other.
  • the determination means is Identify the attributes of the user who succeeded in biometric authentication of one of the above, The authentication control device according to Appendix 1 or 2, which determines whether or not to use the result of the other biometric authentication based on the specified attribute.
  • the biometric information acquisition means acquires the first biometric information and the second biometric information from a predetermined authentication terminal. Further provided with a determination means for determining a first biometric authentication method from a plurality of biometric authentication methods according to the use or installation location of the authentication terminal.
  • the authentication control device according to Appendix 3, wherein the authentication control means controls the first biometric authentication corresponding to the determined first biometric authentication method.
  • the authentication terminal is installed at a common entrance to a plurality of service provision locations for each of the plurality of service recipients of the service provided according to the success of biometric authentication.
  • the determination means is When the attribute of the user who succeeds in the biometric authentication of one of them is the provider of the service, it is determined that the result of the biometric authentication of the other is used. When the attribute of the user is the provider of the service, it is determined that the result of the biometric authentication of the other is not used.
  • the authentication control device according to any one of Supplementary note 4 to 6, wherein the one biometric authentication has higher authentication accuracy than the other biometric authentication.
  • (Appendix 8) Further provided with a storage means in which the user and the first biometric information are at least associated with each other.
  • the biometric information acquisition means is When the second biometric information is not registered in the storage means for the user who succeeded in the first biometric authentication, the second biometric information is acquired from the user.
  • the authentication control device according to any one of Supplementary note 1 to 7, wherein the user and the first biometric information are associated with the acquired second biometric information and registered in the storage means. (Appendix 9)
  • the authentication control means determines a first biometric authentication method according to the use or installation location of the authentication control device from a plurality of biometric authentication methods, and corresponds to the determined first biometric authentication method.
  • the authentication control device according to any one of Supplementary note 1 to 3, which controls the first biometric authentication.
  • An authentication terminal that acquires multiple types of biometric information from a given user
  • the authentication control device connected to the authentication terminal and Equipped with The authentication control device is
  • the first biometric information and the second biometric information of the user are acquired from the authentication terminal, and the user's first biometric information and the second biometric information are acquired.
  • At least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information is controlled.
  • the authentication control device is The authentication system according to Appendix 10 that controls the biometric authentication of the other when it is determined to use the result of the biometric authentication of the other.
  • the computer Acquire the first biometric information and the second biometric information of a predetermined user, At least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information is controlled.
  • the biometric information acquisition process for acquiring the first biometric information and the second biometric information of a predetermined user, and Authentication control processing that controls at least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information, and When at least one of the first biometric authentication and the second biometric authentication is successful, a determination process for determining whether or not to use the result of the other biometric authentication, and A non-temporary computer-readable medium that contains an authentication control program that causes a computer to run.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The purpose of the present invention is to provide an authentication control device which can reduce deterioration in the convenience of a user in multimodal authentication. This authentication control device (10) comprises: a biological information acquisition means (11) which acquires first biological information and second biological information about a prescribed user; an authentication control means (12) which controls at least one among first biometric authentication using the first biological information and second biometric authentication using the second biological information; and a determination means (13) which, when at least one among the first biometric authentication and the second biometric authentication succeeds, determines whether to use the other biometric authentication result.

Description

認証制御装置、認証システム、認証制御方法及び非一時的なコンピュータ可読媒体Authentication control device, authentication system, authentication control method and non-temporary computer readable medium
 本開示は、認証制御装置、認証システム、認証制御方法及び非一時的なコンピュータ可読媒体に関する。 This disclosure relates to an authentication control device, an authentication system, an authentication control method, and a non-temporary computer-readable medium.
 近年、様々なシーンで生体認証が活用されている。とりわけ、感染症への懸念から、顔認証や虹彩認証等の非接触型の生体認証方式の活用が期待されている。 In recent years, biometric authentication has been used in various scenes. In particular, due to concerns about infectious diseases, the use of non-contact biometric authentication methods such as face recognition and iris recognition is expected.
 例えば、特許文献1には、閉空間のさらに内部に設けられた特別エリアの入口などに設置され、顔認証による入場コントロールを行う認証システムが開示されている。特許文献1の認証システムでは、入場者のIDカードから取得される識別情報等の照合結果に基づき検索対象となる顔画像の検索範囲の絞り込みを行うことで、顔認証処理の高速化を図っている。 For example, Patent Document 1 discloses an authentication system that is installed at the entrance of a special area provided inside a closed space and controls admission by face recognition. The authentication system of Patent Document 1 aims to speed up the face authentication process by narrowing down the search range of the face image to be searched based on the collation result of the identification information obtained from the ID card of the visitor. There is.
 また、特許文献2には、利用者の顔情報を照合することにより、部屋への入室の可否を決定するホテルシステムが開示されている。特許文献2のホテルシステムでは、利用者は、部屋の鍵を携行することなく、部屋の入室を行うことができる。 Further, Patent Document 2 discloses a hotel system that determines whether or not to enter a room by collating the face information of the user. In the hotel system of Patent Document 2, the user can enter the room without carrying the room key.
 さらに、近年では、上記のような1つの方式による生体認証だけでなく、複数の方式を組み合わせたマルチモーダル認証の利活用が検討されている。マルチモーダル認証を採用することで、認証精度を飛躍的に高めることができる等のメリットが得られる。例えば、特許文献3には、利用者の指紋と手のひらの静脈を生体情報として用いる生体認証装置が開示されている。このように、複数の生体情報を利用することで、より確実に利用者の本人確認を行うことが可能となる。 Furthermore, in recent years, the utilization of multimodal authentication that combines multiple methods is being considered, in addition to biometric authentication using one method as described above. By adopting multimodal authentication, there are merits such as the ability to dramatically improve the authentication accuracy. For example, Patent Document 3 discloses a biometric authentication device that uses a user's fingerprint and a vein of the palm as biometric information. In this way, by using a plurality of biometric information, it is possible to more reliably confirm the identity of the user.
国際公開第2018/110012号International Publication No. 2018/110012 特開2003-256583号公報Japanese Patent Application Laid-Open No. 2003-256583 特許第5796523号公報Japanese Patent No. 5796523
 マルチモーダル認証によって高精度な生体認証が可能となる一方、複数の生体情報の提示が必要となることで利用者の負担が増加する場合がある。例えば、顔画像と虹彩画像を用いて生体認証を行う場合、利用者がマスクをしていると顔認証に失敗することがある。このような場合、利用者は認証を行うためにマスクを外す必要がある。利用者が両手に荷物を持っている場合などには特に不便である。
 このように、生体認証を行う状況によらず一律にマルチモーダル認証を採用すると、利用者の利便性が低下するおそれある。特許文献1から3に開示された技術では、このような問題については考慮されていない。 While multimodal authentication enables highly accurate biometric authentication, the burden on the user may increase due to the need to present multiple biometric information. For example, when biometric authentication is performed using a face image and an iris image, face authentication may fail if the user wears a mask. In such a case, the user needs to remove the mask in order to perform authentication. This is especially inconvenient when the user has luggage in both hands.
In this way, if multimodal authentication is uniformly adopted regardless of the situation in which biometric authentication is performed, the convenience of the user may be reduced. The techniques disclosed in Patent Documents 1 to 3 do not consider such a problem.
 本開示は、このような問題点を解決するためになされたものであり、マルチモーダル認証における利用者の利便性の低下を軽減することが可能な認証制御装置、認証システム、認証制御方法及び非一時的なコンピュータ可読媒体を提供することを目的とする。 This disclosure is made to solve such a problem, and is an authentication control device, an authentication system, an authentication control method, and a non-authentication control device, which can reduce a decrease in user convenience in multimodal authentication. The purpose is to provide a temporary computer-readable medium.
 本開示にかかる認証制御装置は、
 所定のユーザの第1の生体情報及び第2の生体情報を取得する生体情報取得手段と、
 前記第1の生体情報を用いた第1の生体認証及び前記第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御する認証制御手段と、
 前記第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合、他方の生体認証の結果を用いるか否かを判定する判定手段と、
 を備える
 ものである。 The authentication control device according to this disclosure is
A biometric information acquisition means for acquiring the first biometric information and the second biometric information of a predetermined user, and
An authentication control means for controlling at least one of a first biometric authentication using the first biometric information and a second biometric authentication using the second biometric information.
When at least one of the first biometric authentication and the second biometric authentication is successful, a determination means for determining whether or not to use the result of the other biometric authentication.
It is equipped with.
 本開示にかかる認証システムは、
 所定のユーザから複数種類の生体情報を取得する認証端末と、
 前記認証端末と接続された認証制御装置と、
 を備え、
 前記認証制御装置は、
 前記認証端末から前記ユーザの第1の生体情報及び第2の生体情報を取得し、
 前記第1の生体情報を用いた第1の生体認証及び前記第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御し、
 前記第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合、他方の生体認証の結果を用いるか否かを判定する
 ものである。 The authentication system for this disclosure is
An authentication terminal that acquires multiple types of biometric information from a given user,
The authentication control device connected to the authentication terminal and
Equipped with
The authentication control device is
The first biometric information and the second biometric information of the user are acquired from the authentication terminal, and the user's first biometric information and the second biometric information are acquired.
At least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information is controlled.
When at least one of the first biometric authentication and the second biometric authentication is successful, it is determined whether or not to use the result of the other biometric authentication.
 本開示にかかる認証制御方法は、
 コンピュータが、
 所定のユーザの第1の生体情報及び第2の生体情報を取得し、
 前記第1の生体情報を用いた第1の生体認証及び前記第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御し、
 前記第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合、他方の生体認証の結果を用いるか否かを判定する
 ものである。 The authentication control method for this disclosure is
The computer
Acquire the first biometric information and the second biometric information of a predetermined user,
At least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information is controlled.
When at least one of the first biometric authentication and the second biometric authentication is successful, it is determined whether or not to use the result of the other biometric authentication.
 本開示にかかる認証制御プログラムが格納された非一時的なコンピュータ可読媒体は、
 所定のユーザの第1の生体情報及び第2の生体情報を取得する生体情報取得処理と、
 前記第1の生体情報を用いた第1の生体認証及び前記第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御する認証制御処理と、
 前記第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合、他方の生体認証の結果を用いるか否かを判定する判定処理と、
 をコンピュータに実行させる
 ものである。 Non-temporary computer-readable media containing the authentication control program for this disclosure may be used.
The biometric information acquisition process for acquiring the first biometric information and the second biometric information of a predetermined user, and
Authentication control processing that controls at least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information, and
When at least one of the first biometric authentication and the second biometric authentication is successful, a determination process for determining whether or not to use the result of the other biometric authentication, and
Is to be executed by the computer.
 本開示により、マルチモーダル認証における利用者の利便性の低下を軽減することが可能な認証制御装置、認証システム、認証制御方法及び非一時的なコンピュータ可読媒体を提供することができる。 According to the present disclosure, it is possible to provide an authentication control device, an authentication system, an authentication control method, and a non-temporary computer-readable medium that can reduce the deterioration of user convenience in multimodal authentication.
実施形態1にかかる認証制御装置の構成を示すブロック図である。It is a block diagram which shows the structure of the authentication control apparatus which concerns on Embodiment 1. FIG. 実施形態1にかかる認証制御装置の処理を示すフローチャートである。It is a flowchart which shows the process of the authentication control apparatus which concerns on Embodiment 1. FIG. 実施形態2にかかる認証システムの構成を示すブロック図である。It is a block diagram which shows the structure of the authentication system which concerns on Embodiment 2. 実施形態2にかかる認証装置の構成を示すブロック図である。It is a block diagram which shows the structure of the authentication apparatus which concerns on Embodiment 2. FIG. 実施形態2にかかる認証装置の生体情報登録処理を示すフローチャートである。It is a flowchart which shows the biometric information registration process of the authentication apparatus which concerns on Embodiment 2. 実施形態2にかかる認証装置の生体認証処理を示すフローチャートである。It is a flowchart which shows the biometric authentication process of the authentication apparatus which concerns on Embodiment 2. FIG. 実施形態2にかかる認証端末の構成を示すブロック図である。It is a block diagram which shows the structure of the authentication terminal which concerns on Embodiment 2. FIG. 実施形態2にかかる認証制御装置の構成を示すブロック図である。It is a block diagram which shows the structure of the authentication control apparatus which concerns on Embodiment 2. FIG. 実施形態2にかかる認証制御システムで用いられる生体認証方式の一例を示す図である。It is a figure which shows an example of the biometric authentication system used in the authentication control system which concerns on Embodiment 2. FIG. 実施形態2にかかる認証制御装置の処理を示すフローチャートである。It is a flowchart which shows the process of the authentication control apparatus which concerns on Embodiment 2. 実施形態3にかかる認証制御装置の処理を示すフローチャートである。It is a flowchart which shows the process of the authentication control apparatus which concerns on Embodiment 3. 実施形態4にかかる認証制御装置の構成を示すブロック図である。It is a block diagram which shows the structure of the authentication control apparatus which concerns on Embodiment 4. FIG. 実施形態5にかかる認証制御装置の構成を示すブロック図である。It is a block diagram which shows the structure of the authentication control apparatus which concerns on Embodiment 5.
 以下では、本開示の実施形態1について、図面を参照しながら詳細に説明する。各図面において、同一又は対応する要素には同一の符号が付されており、説明の明確化のため、必要に応じて重複説明は省略される。 Hereinafter, Embodiment 1 of the present disclosure will be described in detail with reference to the drawings. In each drawing, the same or corresponding elements are designated by the same reference numerals, and duplicate explanations are omitted as necessary for the sake of clarity of explanation.
<実施形態1>
 図1は、本実施形態にかかる認証制御装置10の構成を示すブロック図である。図1に示すように、認証制御装置10は、生体情報取得部11、認証制御部12、判定部13を備えている。
 生体情報取得部11は、所定のユーザの第1の生体情報及び第2の生体情報を取得する。
 認証制御部12は、第1の生体情報を用いた第1の生体認証及び第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御する。
 判定部13は、第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合、他方の生体認証の結果を用いるか否かを判定する。なお、認証制御部12が第1の生体認証及び第2の生体認証のうち一方しか制御(実行)していない場合、判定部13は、実行された生体認証を「一方」としてその成否を判定するのはもちろんである。また、「他方の生体認証の結果を用いる」とは、例えば、当該結果に応じたサービス提供や各種制御を行うことを含む。また、他方の生体認証が未実行、かつ、「他方の生体認証の結果を用いる」と判定された場合、認証制御部12は、他方の生体認証を制御(実行)してもよい。 <Embodiment 1>
FIG. 1 is a block diagram showing a configuration of the authentication control device 10 according to the present embodiment. As shown in FIG. 1, the authentication control device 10 includes a biometric information acquisition unit 11, an authentication control unit 12, and a determination unit 13.
The biometric information acquisition unit 11 acquires the first biometric information and the second biometric information of a predetermined user.
The authentication control unit 12 controls at least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information.
If at least one of the first biometric authentication and the second biometric authentication is successful, the determination unit 13 determines whether or not to use the result of the other biometric authentication. When the authentication control unit 12 controls (executes) only one of the first biometric authentication and the second biometric authentication, the determination unit 13 determines the success or failure of the executed biometric authentication as "one". Of course. Further, "using the result of the other biometric authentication" includes, for example, providing services and performing various controls according to the result. Further, when it is determined that the biometric authentication of the other is not executed and "the result of the biometric authentication of the other is used", the authentication control unit 12 may control (execute) the biometric authentication of the other.
 図2は、本実施形態1にかかる認証制御方法の流れを示すフローチャートである。
 まず、生体情報取得部11は、所定のユーザの第1の生体情報及び第2の生体情報を取得する(S11)。次に、認証制御部12は、第1の生体情報を用いた第1の生体認証及び前記第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御する(S12)。第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合(S13のYes)、判定部13は、他方の生体認証の結果を用いるか否かを判定する(S14)。第1及び第2の生体認証のいずれも失敗した場合(S13のNo)、認証制御装置10は処理を終了する。 FIG. 2 is a flowchart showing the flow of the authentication control method according to the first embodiment.
First, the biometric information acquisition unit 11 acquires the first biometric information and the second biometric information of a predetermined user (S11). Next, the authentication control unit 12 controls at least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information (S12). When at least one of the first biometric authentication and the second biometric authentication is successful (Yes in S13), the determination unit 13 determines whether or not to use the result of the other biometric authentication (S14). When both the first and second biometric authentications fail (No in S13), the authentication control device 10 ends the process.
 以上説明したように、本実施形態にかかる認証制御装置10によれば、第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合に、他方の生体認証の結果を用いるか否かを判定するので、マルチモーダル認証における利用者の利便性の低下を軽減することができる。 As described above, according to the authentication control device 10 according to the present embodiment, if at least one of the first biometric authentication and the second biometric authentication is successful, the result of the other biometric authentication is used. Since it is determined whether or not it is, it is possible to reduce the deterioration of user convenience in multimodal authentication.
 なお、認証制御装置10は、図示しない構成としてプロセッサ、メモリ及び記憶装置を備えるものである。また、当該記憶装置には、本実施形態1にかかる認証制御方法の処理が実装されたコンピュータプログラムが記憶されている。そして、当該プロセッサは、記憶装置からコンピュータプログラムを前記メモリへ読み込ませ、当該コンピュータプログラムを実行する。これにより、前記プロセッサは、生体情報取得部11、認証制御部12、判定部13の機能を実現する。 The authentication control device 10 includes a processor, a memory, and a storage device as a configuration (not shown). Further, the storage device stores a computer program in which the processing of the authentication control method according to the first embodiment is implemented. Then, the processor reads the computer program from the storage device into the memory and executes the computer program. As a result, the processor realizes the functions of the biometric information acquisition unit 11, the authentication control unit 12, and the determination unit 13.
 または、生体情報取得部11、認証制御部12、判定部13は、それぞれが専用のハードウェアで実現されていてもよい。また、各装置の各構成要素の一部又は全部は、汎用または専用の回路(circuitry)、プロセッサ等やこれらの組合せによって実現されもよい。これらは、単一のチップによって構成されてもよいし、バスを介して接続される複数のチップによって構成されてもよい。各装置の各構成要素の一部又は全部は、上述した回路等とプログラムとの組合せによって実現されてもよい。また、プロセッサとして、CPU(Central Processing Unit)、GPU(Graphics Processing Unit)、FPGA(field-programmable gate array)等を用いることができる。 Alternatively, the biometric information acquisition unit 11, the authentication control unit 12, and the determination unit 13 may each be realized by dedicated hardware. Further, a part or all of each component of each device may be realized by a general-purpose or dedicated circuitry, a processor, or a combination thereof. These may be composed of a single chip or may be composed of a plurality of chips connected via a bus. A part or all of each component of each device may be realized by the combination of the circuit or the like and the program described above. Further, as a processor, a CPU (Central Processing Unit), a GPU (Graphics Processing Unit), an FPGA (field-programmable gate array), or the like can be used.
 また、認証制御装置10の各構成要素の一部又は全部が複数の情報処理装置や回路等により実現される場合には、複数の情報処理装置や回路等は、集中配置されてもよいし、分散配置されてもよい。例えば、情報処理装置や回路等は、クライアントサーバシステム、クラウドコンピューティングシステム等、各々が通信ネットワークを介して接続される形態として実現されてもよい。また、認証制御装置10の機能がSaaS(Software as a Service)形式で提供されてもよい。 Further, when a part or all of each component of the authentication control device 10 is realized by a plurality of information processing devices and circuits, the plurality of information processing devices and circuits may be centrally arranged. It may be distributed. For example, the information processing device, the circuit, and the like may be realized as a form in which each is connected via a communication network, such as a client-server system and a cloud computing system. Further, the function of the authentication control device 10 may be provided in the SaaS (Software as a Service) format.
<実施形態2>
 実施形態2は、上述した実施形態1の具体例である。図3は、本実施形態2にかかる認証システム1000の全体構成を示すブロック図である。
 認証システム1000は、認証装置100、認証制御装置200、認証端末400a~400gを備えている。認証装置100、認証制御装置200、認証端末400a~400gのそれぞれは、ネットワークNを介して接続されている。ここで、ネットワークNは、有線又は無線の通信回線である。 <Embodiment 2>
The second embodiment is a specific example of the first embodiment described above. FIG. 3 is a block diagram showing the overall configuration of the authentication system 1000 according to the second embodiment.
The authentication system 1000 includes an authentication device 100, an authentication control device 200, and authentication terminals 400a to 400g. Each of the authentication device 100, the authentication control device 200, and the authentication terminals 400a to 400g is connected via the network N. Here, the network N is a wired or wireless communication line.
 本実施形態2では、認証システム1000がホテルなどの宿泊施設において実現されている場合を例に説明を行う。まず、図3を用いて本実施形態の概要を説明する。 In the second embodiment, the case where the authentication system 1000 is realized in an accommodation facility such as a hotel will be described as an example. First, the outline of the present embodiment will be described with reference to FIG.
 図3に示すように、認証端末400a~400gは、ホテル館内において生体認証が必要な場所にそれぞれ設置されている。各認証端末400は、それぞれの用途や設置場所においてユーザUに対する生体認証を行う。各認証端末400は、マルチモーダル認証に対応しており、例えば、顔認証と虹彩認証のいずれによっても認証を行うことができる。各認証端末400は、例えばデジタルサイネージであり、ユーザUに対して生体認証を促す表示や認証結果の結果を示す表示を行う表示部440を備えている。 As shown in FIG. 3, the authentication terminals 400a to 400g are installed at places in the hotel where biometric authentication is required. Each authentication terminal 400 performs biometric authentication to the user U in each application and installation location. Each authentication terminal 400 supports multimodal authentication, and for example, authentication can be performed by either face authentication or iris authentication. Each authentication terminal 400 is, for example, a digital signage, and includes a display unit 440 that displays a display prompting the user U for biometric authentication and a display indicating the result of the authentication result.
 ここで、ホテルの顧客であるユーザUをユーザU1として説明を行う。ユーザU1は、宿泊のために必要な情報(宿泊日、氏名、連絡先など)を予約用のwebサイトなどを通じて認証制御装置200に予め登録する。また、認証制御装置200には、ユーザU1が顧客であることがユーザU1の属性として、ユーザIDと対応付けて記憶される。また、ユーザU1は、ユーザU1の顔画像を予約用のwebサイト等を通じて認証装置100に予め登録する。これにより、ユーザU1は、ホテル内において顔認証を利用することができる。 Here, the user U who is a customer of the hotel will be described as the user U1. The user U1 registers in advance the information necessary for accommodation (accommodation date, name, contact information, etc.) in the authentication control device 200 through a reservation web site or the like. Further, the authentication control device 200 stores that the user U1 is a customer in association with the user ID as an attribute of the user U1. Further, the user U1 registers the face image of the user U1 in the authentication device 100 in advance through a reservation web site or the like. As a result, the user U1 can use face recognition in the hotel.
 認証端末400a~400gは、この予め認証装置100に登録された顔画像と、ホテル内で撮影した顔画像とを、それらの特徴情報の比較により照合して、ユーザU1に対する生体認証を行う。各認証端末400で生体認証に成功することにより、ユーザU1はホテル内で所定のサービスの提供を受けることが可能となる。なお、ユーザU1は顔認画像と共に虹彩画像を予め登録してもよいが、虹彩画像を取得するためには専用のカメラ(赤外線カメラ)が必要となるため、ここでは、ユーザU1は顔画像のみを事前に登録するものとして説明を行う。したがって、ユーザU1は、顔画像のみをユーザU1自身で予めwebサイト等から登録し、虹彩画像については、ホテル来館後に認証端末400を用いて登録する。ユーザU1は、虹彩の撮影を含めて虹彩認証の利用に同意するか否かを、宿泊予約の際などに予め登録してもよい。これにより、来館後の虹彩登録手続を速やかに行うことができる。 The authentication terminals 400a to 400g collate the face image registered in the authentication device 100 in advance with the face image taken in the hotel by comparing their characteristic information, and perform biometric authentication for the user U1. By succeeding in biometric authentication at each authentication terminal 400, the user U1 can receive a predetermined service in the hotel. The user U1 may register the iris image together with the face recognition image in advance, but since a dedicated camera (infrared camera) is required to acquire the iris image, the user U1 is only the face image here. Will be explained as if it were registered in advance. Therefore, the user U1 registers only the face image by himself / herself from the web site or the like in advance, and registers the iris image by using the authentication terminal 400 after visiting the hotel. The user U1 may register in advance whether or not he / she agrees to use the iris authentication including the shooting of the iris at the time of making an accommodation reservation. This makes it possible to promptly carry out the iris registration procedure after visiting the museum.
 ユーザU1がホテルに来館すると、エントランスに設置された認証端末400aは、ユーザU1に対して生体認証を行う。認証端末400aは、表示部440にメッセージを表示するなどして、ユーザU1に顔認証を促すことができる。また、認証端末400aは、スピーカ等により表示と共に音声でユーザU1への案内を行ってもよい。 When the user U1 visits the hotel, the authentication terminal 400a installed at the entrance performs biometric authentication to the user U1. The authentication terminal 400a can urge the user U1 to perform face authentication by displaying a message on the display unit 440 or the like. Further, the authentication terminal 400a may provide guidance to the user U1 by voice along with a display by a speaker or the like.
 認証端末400aは、内蔵されたカメラでユーザU1の顔を撮影し、撮影された顔画像によりユーザU1の顔認証を行う。具体的には、認証端末400aは、撮影した顔画像と共に認証制御装置200に対して生体認証要求を送信する。認証制御装置200は、認証端末400aから生体認証要求を受信して、所定の処理を行い認証装置100に対して生体認証要求を送信する。認証装置100は認証制御装置200からの生体認証要求を受けて生体認証を行い、結果を認証制御装置200に対して返信する。認証制御装置200は、その結果を認証端末400aに返信する。
 以上の処理により、認証端末400aは、ユーザU1に対する認証結果を受信することができる。これらの処理について、より詳細な内容は後述する。 The authentication terminal 400a photographs the face of the user U1 with a built-in camera, and authenticates the face of the user U1 using the captured face image. Specifically, the authentication terminal 400a transmits a biometric authentication request to the authentication control device 200 together with the captured face image. The authentication control device 200 receives the biometric authentication request from the authentication terminal 400a, performs a predetermined process, and transmits the biometric authentication request to the authentication device 100. The authentication device 100 receives a biometric authentication request from the authentication control device 200, performs biometric authentication, and returns the result to the authentication control device 200. The authentication control device 200 returns the result to the authentication terminal 400a.
By the above processing, the authentication terminal 400a can receive the authentication result for the user U1. More details about these processes will be described later.
 ユーザU1の顔認証に成功すると、認証端末400aは、表示部440に「顔認証に成功しました。」、「ようこそ、○○様」などのメッセージを表示する。これにより、ユーザU1は、予約時に登録した顔画像により、顔認証に成功したことを把握することができる。 When the face authentication of the user U1 is successful, the authentication terminal 400a displays a message such as "Successful face authentication" or "Welcome, Mr. XX" on the display unit 440. As a result, the user U1 can grasp that the face authentication has been successful from the face image registered at the time of reservation.
 続いて、ユーザU1は、カウンターに設置された認証端末400bでチェックイン手続を行う。まず、認証端末400bは、内蔵されたカメラでユーザU1の顔を撮影し、撮影された顔画像によりユーザU1の顔認証を行う。顔認証に成功した場合、カウンターの従業員は、ユーザU1のチェックイン手続を行う。続いて、認証端末400bは、館内での各種サービス提供の場面において虹彩認証を利用するため、ユーザU1に対して、虹彩の撮影を促す表示を行う。ユーザU1が虹彩認証の利用に同意する旨を予め登録している場合、認証端末400bは、「続いて、虹彩認証のご利用許可に基づき、虹彩の登録処理を行います。」などのメッセージを表示部440に表示し、ユーザU1の虹彩の撮影を行う。ユーザU1が予め虹彩認証の利用に同意していない場合、認証端末400bは、表示部440に必要な事項を表示して、虹彩認証の利用に同意するか否かをユーザU1に対して確認する。ユーザU1は、例えば表示部440上に表示されたボタンの押下等により、虹彩認証について同意するか否かを回答する。ユーザU1が虹彩の撮影に同意すると、認証端末400bは、内蔵された赤外線カメラによりユーザU1の虹彩を撮影する。 Subsequently, the user U1 performs the check-in procedure at the authentication terminal 400b installed at the counter. First, the authentication terminal 400b photographs the face of the user U1 with the built-in camera, and performs face authentication of the user U1 based on the captured face image. If the face recognition is successful, the employee at the counter performs the check-in procedure for the user U1. Subsequently, the authentication terminal 400b displays a display prompting the user U1 to take an iris in order to use the iris authentication in the scene of providing various services in the hall. If the user U1 has registered in advance that he / she agrees to use the iris authentication, the authentication terminal 400b will display a message such as "Next, the iris registration process will be performed based on the permission to use the iris authentication." It is displayed on the display unit 440 and the iris of the user U1 is photographed. If the user U1 does not consent to the use of iris authentication in advance, the authentication terminal 400b displays necessary items on the display unit 440 and confirms to the user U1 whether or not he / she agrees to use the iris recognition. .. The user U1 answers whether or not he / she agrees with the iris authentication by, for example, pressing a button displayed on the display unit 440. When the user U1 agrees to shoot the iris, the authentication terminal 400b shoots the iris of the user U1 by the built-in infrared camera.
 撮影された虹彩画像は、ネットワークNを介して、ユーザID等と対応付けられて認証装置100に記憶される。これにより、ユーザU1は以降の手続において虹彩認証を利用することが可能となる。したがって、ユーザU1は、顔認証、虹彩認証をそれぞれ単独で用いることができるだけでなく、複数の認証方式を用いたマルチモーダル認証が必要な場合にも対応することが可能となる。
 なお、上記の虹彩の登録処理は、認証端末400b以外のいずれの認証端末400で行われてもよい。また、虹彩認証の利用について予め同意をしているか否かにかかわらず、虹彩が未登録のユーザU1に対しては、「虹彩認証が利用可能です。虹彩を登録してください。」等と表示部440に表示して、ユーザU1に虹彩登録を促してもよい。また、認証端末400は、虹彩認証の利用に同意しない旨を入力したユーザUに対しては、以降は上記の表示を行わないようにしてもよい。 The captured iris image is stored in the authentication device 100 in association with the user ID and the like via the network N. As a result, the user U1 can use the iris authentication in the subsequent procedures. Therefore, the user U1 can not only use face authentication and iris authentication independently, but can also handle the case where multimodal authentication using a plurality of authentication methods is required.
The iris registration process may be performed on any authentication terminal 400 other than the authentication terminal 400b. In addition, regardless of whether or not you have consented to the use of iris authentication in advance, a message such as "Iris authentication is available. Please register the iris." Is displayed to the user U1 who has not registered the iris. It may be displayed on the unit 440 to prompt the user U1 to register the iris. Further, the authentication terminal 400 may not perform the above display for the user U who has input that he / she does not agree to use the iris authentication.
 チェックイン手続を終えると、ユーザU1は、エントランスから宿泊棟に移動する際に、宿泊棟の入口において、認証端末400cにより生体認証を行う。宿泊棟への出入りは厳格に管理される必要があるため、ここではマルチモーダル認証が行われる。認証端末400cは、ユーザU1に対し顔認証及び虹彩認証を行う。認証に成功すると宿泊棟へのドアが開き、ユーザU1は宿泊棟に入ることができる。表示部440は、例えば、「○○様、顔認証と虹彩認証に成功しました。」等のメッセージを表示する。 After completing the check-in procedure, the user U1 performs biometric authentication using the authentication terminal 400c at the entrance of the accommodation building when moving from the entrance to the accommodation building. Multimodal certification is performed here because access to the accommodation building needs to be strictly controlled. The authentication terminal 400c performs face authentication and iris authentication to the user U1. If the authentication is successful, the door to the accommodation building opens and the user U1 can enter the accommodation building. The display unit 440 displays a message such as "Mr. XX, face authentication and iris authentication have been successful."
 続いて、ユーザU1は、自身が予約した宿泊部屋への入室を行う。図3に示すように、部屋A~Cの入口には認証端末400d~400fがそれぞれ設置されている。ユーザU1は、自身が予約した部屋の前に設置された認証端末400により認証を行う。宿泊棟の入口においてマルチモーダル認証により厳格な本人確認を行っているため、ここでは、顔認証のみによってユーザU1の認証を行う。 Subsequently, the user U1 enters the accommodation room reserved by himself / herself. As shown in FIG. 3, authentication terminals 400d to 400f are installed at the entrances of the rooms A to C, respectively. The user U1 authenticates with the authentication terminal 400 installed in front of the room reserved by the user U1. Since strict identity verification is performed by multimodal authentication at the entrance of the accommodation building, user U1 is authenticated only by face authentication here.
 例えば、ユーザU1が宿泊する部屋が部屋Aである場合、ユーザU1は、部屋Aの前に設置された認証端末400dにおいて認証を行う。顔認証に成功すると、部屋Aの鍵が開けられ、ユーザU1は部屋Aに入室することができる。ユーザU1が宿泊予定ではない部屋の前に設置された認証端末400において認証を試みた場合には、認証は失敗する。この場合、認証端末400は、認証に失敗した旨を表示部440に表示して、部屋番号の確認をユーザU1に促すなどしてもよい。 For example, when the room in which the user U1 stays is the room A, the user U1 authenticates at the authentication terminal 400d installed in front of the room A. If the face recognition is successful, the room A is unlocked and the user U1 can enter the room A. If the user U1 tries to authenticate with the authentication terminal 400 installed in front of the room where he / she is not planning to stay, the authentication fails. In this case, the authentication terminal 400 may display the fact that the authentication has failed on the display unit 440 and prompt the user U1 to confirm the room number.
 また、ユーザU1が土産屋において買い物をする場合には、決済処理が伴うので厳格に本人確認を行う必要がある。そのため、土産屋のレジに設置された認証端末400gでは、顔認証及び虹彩認証を用いたマルチモーダル認証が行われる。 Also, when user U1 makes a purchase at a souvenir shop, it is necessary to strictly confirm his / her identity because payment processing is involved. Therefore, the authentication terminal 400g installed at the souvenir shop's cash register performs multimodal authentication using face authentication and iris authentication.
 そして、顧客がチェックアウトする際には、チェックイン時と同様、カウンターに設置された認証端末400bによりユーザU1の認証が行われる。チェックアウトにあたっては宿泊料金等の決済を伴うため、土産屋の場合と同様、顔認証及び虹彩認証によるマルチモーダル認証が行われる。 Then, when the customer checks out, the user U1 is authenticated by the authentication terminal 400b installed at the counter, as at the time of check-in. Since check-out involves payment of accommodation charges, etc., multi-modal authentication by face authentication and iris authentication is performed as in the case of souvenir shops.
 ここまでは、ユーザUがホテルに宿泊する顧客である場合を想定して、各場面で用いられる生体認証の方式について説明してきた。以下では、ユーザUが顧客でなく、ホテルの従業員である場合について説明する。 Up to this point, the biometric authentication method used in each situation has been explained assuming that the user U is a customer staying at a hotel. In the following, a case where the user U is not a customer but an employee of the hotel will be described.
 従業員であるユーザUを、ユーザU2として説明を行う。ユーザU2は、認証端末400などを用いて顔及び虹彩の画像を撮影し、予めこれらの生体情報を認証装置100に登録しておく。これにより、ユーザU2は、ホテル内の各認証端末400において顔認証及び虹彩認証を利用することができる。また、認証制御装置200には、ユーザU2が従業員であることがユーザU2の属性として、ユーザIDと対応付けて記憶される。 User U, who is an employee, will be described as user U2. The user U2 takes an image of the face and the iris using the authentication terminal 400 or the like, and registers these biometric information in the authentication device 100 in advance. As a result, the user U2 can use face authentication and iris authentication at each authentication terminal 400 in the hotel. Further, the authentication control device 200 stores that the user U2 is an employee in association with the user ID as an attribute of the user U2.
 ユーザU2についても、ユーザU1の場合と同様、各認証端末400において生体認証が行われる。但し、同じ場所に設置された認証端末400であっても、顧客であるユーザU1と従業員であるユーザU2とでは、用いられる生体認証方式が異なる。具体的な処理の内容については後述することとして、以下ではユーザUの属性による差異について説明する。 As for the user U2, biometric authentication is performed at each authentication terminal 400 as in the case of the user U1. However, even if the authentication terminal 400 is installed in the same place, the biometric authentication method used differs between the user U1 who is a customer and the user U2 who is an employee. The details of the specific processing will be described later, and the differences due to the attributes of the user U will be described below.
 図9は、ユーザUの属性と認証端末400の設置場所とに応じて、必要とする生体認証の一例を示す図である。図9に示す表の上段については、既に述べたユーザU1に対して必要な生体認証を示している。図9に示すように、ユーザU1とユーザU2とでは、例えば宿泊棟や宿泊部屋における認証方式が異なる。
 例えば、上述のユーザU1の例では、宿泊棟入口の認証端末400cにおいて顔認証及び虹彩認証を用いて認証を行った。しかし、ユーザU2は、同じ宿泊棟入口を虹彩認証の成功のみで通過することができる。したがって、ユーザU2は、例えばマスクをしたままであっても、エントランスから宿泊棟に入ることができる。ユーザU2が認証端末400cにおいて虹彩認証に成功すると、表示部440は、例えば、「従業員ID:XX番 △△さん 虹彩認証に成功しました。」等のメッセージを表示する。 FIG. 9 is a diagram showing an example of biometric authentication required according to the attribute of the user U and the installation location of the authentication terminal 400. The upper part of the table shown in FIG. 9 shows the biometric authentication required for the user U1 already described. As shown in FIG. 9, the authentication method in the accommodation building or the accommodation room is different between the user U1 and the user U2, for example.
For example, in the above-mentioned example of the user U1, authentication is performed using face authentication and iris authentication at the authentication terminal 400c at the entrance of the accommodation building. However, user U2 can pass through the same accommodation building entrance only with successful iris recognition. Therefore, the user U2 can enter the accommodation building from the entrance even if he / she is wearing a mask, for example. When the user U2 succeeds in iris authentication on the authentication terminal 400c, the display unit 440 displays a message such as "Employee ID: XX number △△ -san iris authentication succeeded."
 一方、上述のユーザU1の例では、ユーザU1が顔認証のみで部屋Aに入室できたのに対し、ユーザU2が部屋A~Cに入るためには、顔認証及び虹彩認証に成功する必要がある。ユーザU1の場合と異なり、ユーザU2は、宿泊棟入口においては顔認証のみしか行っていないため、宿泊部屋への入室の際には厳格に本人確認を行う必要があるためである。 On the other hand, in the above-mentioned example of the user U1, the user U1 can enter the room A only by face authentication, whereas the user U2 needs to succeed in face authentication and iris authentication in order to enter the rooms A to C. be. This is because, unlike the case of the user U1, the user U2 only performs face recognition at the entrance of the accommodation building, so that it is necessary to strictly confirm the identity when entering the accommodation room.
 また、ユーザU2が土産屋において商品を購入する際は、ユーザU1と同様、顔認証及び虹彩認証によるマルチモーダル認証を行う必要がある。決済を含む処理については、従業員であっても厳格に本人確認を行う必要があるからである。 Further, when the user U2 purchases a product at a souvenir shop, it is necessary to perform multimodal authentication by face authentication and iris authentication as in the case of user U1. This is because it is necessary for even employees to strictly verify their identities for processing including payment.
 以上のように、本実施形態にかかる認証システム1000によれば、ユーザUの属性、認証端末400の設置場所、生体認証の用途に応じて、各認証端末400で行う生体認証の数や方式を決定することができる。これにより、ユーザUの利便性を低下させることなく、適切にマルチモーダル認証を行うことができる。 As described above, according to the authentication system 1000 according to the present embodiment, the number and method of biometric authentication performed by each authentication terminal 400 can be determined according to the attribute of the user U, the installation location of the authentication terminal 400, and the use of biometric authentication. Can be decided. As a result, multimodal authentication can be appropriately performed without deteriorating the convenience of the user U.
 以上が、本実施形態にかかる認証システム1000が行う処理の概要である。続いて、認証システム1000を構成する認証装置100、認証端末400、認証制御装置200のそれぞれについて詳細に説明する。 The above is the outline of the processing performed by the authentication system 1000 according to this embodiment. Subsequently, each of the authentication device 100, the authentication terminal 400, and the authentication control device 200 constituting the authentication system 1000 will be described in detail.
 認証装置100は、外部から受信した生体認証要求に応じて、当該要求に含まれる顔や虹彩等の画像又はこれらの生体特徴情報について、各ユーザUの生体特徴情報と照合を行い、照合結果(認証結果)を要求元へ返信する情報処理装置である。認証装置100は、複数のユーザUの生体特徴情報を記憶する。また、認証装置100は、1人のユーザUにつき複数の生体特徴情報を記憶し、それぞれの生体特徴情報を用いて認証を行うことができる。生体特徴情報とは、生体認証に用いる生体情報の特徴情報である。生体情報は、例えば顔、虹彩、指紋、静脈等である。本実施形態2では、生体認証の一例として、顔認証及び虹彩認証を用いている。 In response to the biometric authentication request received from the outside, the authentication device 100 collates the images such as faces and irises included in the request or the biometric information of these with the biometric information of each user U, and collates the result (the collation result ( It is an information processing device that returns the authentication result) to the requester. The authentication device 100 stores biometric information of a plurality of users U. Further, the authentication device 100 can store a plurality of biological feature information for one user U and perform authentication using each biological feature information. The biometric information is the characteristic information of the biometric information used for biometric authentication. The biological information is, for example, a face, an iris, a fingerprint, a vein, or the like. In the second embodiment, face authentication and iris authentication are used as an example of biometric authentication.
 図4は、本実施形態2にかかる認証装置100の構成を示すブロック図である。認証装置100は、生体情報DB(DataBase)110と、検出部120と、特徴点抽出部130と、登録部140と、認証部150とを備える。 FIG. 4 is a block diagram showing the configuration of the authentication device 100 according to the second embodiment. The authentication device 100 includes a biometric information DB (DataBase) 110, a detection unit 120, a feature point extraction unit 130, a registration unit 140, and an authentication unit 150.
 生体情報DB110は、ユーザID111、当該ユーザIDの生体特徴情報112、生体認証方式113を対応付けて記憶する。生体特徴情報112は、顔画像や虹彩画像から抽出された特徴点の集合である。生体認証方式113は、顔認証、虹彩認証、静脈認証等の認証方式である。なお、認証装置100は、生体特徴情報112の登録ユーザUからの要望に応じて、生体情報DB110内の生体特徴情報112を削除してもよい。または、認証装置100は、生体特徴情報112の登録から一定期間経過後に削除してもよい。 The biometric information DB 110 stores the user ID 111, the biometric information 112 of the user ID, and the biometric authentication method 113 in association with each other. The biological feature information 112 is a set of feature points extracted from a face image or an iris image. The biometric authentication method 113 is an authentication method such as face authentication, iris authentication, and vein authentication. The authentication device 100 may delete the biological feature information 112 in the biological information DB 110 in response to a request from the registered user U of the biological feature information 112. Alternatively, the authentication device 100 may be deleted after a certain period of time has elapsed from the registration of the biological feature information 112.
 検出部120は、生体情報を登録するための登録画像に含まれる顔や虹彩の領域を検出し、特徴点抽出部130に出力する。特徴点抽出部130は、検出部120が検出した顔領域等から特徴点を抽出し、登録部140に生体特徴情報を出力する。また、特徴点抽出部130は、認証制御装置200から受信した顔画像等に含まれる特徴点を抽出し、認証部150に生体特徴情報を出力する。 The detection unit 120 detects a face or iris region included in the registered image for registering biological information, and outputs the region to the feature point extraction unit 130. The feature point extraction unit 130 extracts feature points from the face region or the like detected by the detection unit 120, and outputs biological feature information to the registration unit 140. Further, the feature point extraction unit 130 extracts feature points included in a face image or the like received from the authentication control device 200, and outputs biological feature information to the authentication unit 150.
 登録部140は、生体特徴情報の登録に際して、ユーザID111を新規に発行する。登録部140は、発行したユーザID111と、登録画像から抽出した生体特徴情報112とを対応付けて生体情報DB110へ登録する。認証部150は、生体特徴情報112を用いた生体認証を行う。具体的には、認証部150は、顔画像等から抽出された生体特徴情報と、生体情報DB110内の生体特徴情報112との照合を行う。認証部150は、生体特徴情報の一致の有無を認証制御装置200に返信する。生体特徴情報の一致の有無は、認証の成否に対応する。なお、生体特徴情報が一致する(一致有)とは、一致度が所定値以上である場合をいうものとする。 The registration unit 140 newly issues the user ID 111 when registering the biological feature information. The registration unit 140 registers the issued user ID 111 and the biological feature information 112 extracted from the registered image in the biological information DB 110 in association with each other. The authentication unit 150 performs biometric authentication using the biometric information 112. Specifically, the authentication unit 150 collates the biological feature information extracted from the face image or the like with the biological feature information 112 in the biological information DB 110. The authentication unit 150 returns to the authentication control device 200 whether or not the biological feature information matches. The presence or absence of matching of biological feature information corresponds to the success or failure of authentication. In addition, the fact that the biological feature information matches (with matching) means that the degree of matching is equal to or higher than a predetermined value.
 続いて、本実施形態2にかかる生体情報の登録処理及び認証処理について説明する。図5は、本実施形態2にかかる生体情報登録処理の流れを示すフローチャートである。まず、認証装置100は、生体情報登録要求に含まれる登録画像を取得する(S21)。例えば、認証装置100は、生体情報登録要求を、認証端末400や宿泊用webサイト等からネットワークNを介して受け付ける。次に、検出部120は、登録画像に含まれる顔領域等を検出する(S22)。次に、特徴点抽出部130は、ステップS22で検出した顔領域等から特徴点を抽出し、登録部140に生体特徴情報を出力する(S23)。最後に、登録部140は、ユーザID111を発行し、当該ユーザID111、生体特徴情報112、生体認証方式113を対応付けて生体情報DB110に登録する(S24)。認証装置100は、ユーザUが所有する端末等から生体特徴情報112を受信し、生体特徴情報112をユーザID111及び生体認証方式113と対応付けて生体情報DB110に登録してもよい。 Subsequently, the biometric information registration process and the authentication process according to the second embodiment will be described. FIG. 5 is a flowchart showing the flow of the biometric information registration process according to the second embodiment. First, the authentication device 100 acquires the registered image included in the biometric information registration request (S21). For example, the authentication device 100 receives a biometric information registration request from an authentication terminal 400, an accommodation web site, or the like via a network N. Next, the detection unit 120 detects a face region or the like included in the registered image (S22). Next, the feature point extraction unit 130 extracts feature points from the face region or the like detected in step S22, and outputs biological feature information to the registration unit 140 (S23). Finally, the registration unit 140 issues the user ID 111 and registers the user ID 111, the biometric information 112, and the biometric authentication method 113 in the biometric information DB 110 in association with each other (S24). The authentication device 100 may receive the biometric information 112 from a terminal or the like owned by the user U, and may register the biometric information 112 in the biometric information DB 110 in association with the user ID 111 and the biometric authentication method 113.
 図6は、本実施形態2にかかる認証装置100による生体認証処理の流れを示すフローチャートである。まず、特徴点抽出部130は、生体認証要求に含まれる認証用の顔画像等を取得する(S31)。例えば、認証装置100は、認証制御装置200からネットワークNを介して生体認証要求を受信し、生体認証要求に含まれる生体画像からステップS21からS23のように生体特徴情報を抽出する。または、認証装置100は、認証制御装置200から生体特徴情報を受信してもよい。 FIG. 6 is a flowchart showing the flow of biometric authentication processing by the authentication device 100 according to the second embodiment. First, the feature point extraction unit 130 acquires a face image or the like for authentication included in the biometric authentication request (S31). For example, the authentication device 100 receives a biometric authentication request from the authentication control device 200 via the network N, and extracts biometric characteristic information from the biometric image included in the biometric authentication request as in steps S21 to S23. Alternatively, the authentication device 100 may receive biometric information from the authentication control device 200.
 次に、認証部150は、取得した生体特徴情報を、生体情報DB110の生体特徴情報112と照合する(S32)。生体特徴情報が一致した場合、つまり、生体特徴情報の一致度が所定値以上である場合(S33のYes)、認証部150は、生体特徴情報が一致したユーザUのユーザID111を特定する(S34)。そして、認証部150は、生体認証に成功した旨と特定したユーザID111とを認証制御装置200に返信する(S35)。一致する生体特徴情報が存在しない場合(S33のNo)、認証部150は、生体認証に失敗した旨を認証制御装置200に返信する(S36)。 Next, the authentication unit 150 collates the acquired biological characteristic information with the biological characteristic information 112 of the biological information DB 110 (S32). When the biometric information matches, that is, when the degree of matching of the biometric information is equal to or higher than a predetermined value (Yes in S33), the authentication unit 150 identifies the user ID 111 of the user U whose biometric information matches (S34). ). Then, the authentication unit 150 returns the user ID 111 specified that the biometric authentication was successful to the authentication control device 200 (S35). When there is no matching biometric information (No in S33), the authentication unit 150 returns to the authentication control device 200 that the biometric authentication has failed (S36).
 なお、ステップS32において、認証部150は、生体情報DB110内の全ての生体特徴情報112との照合を試みる必要はない。例えば、認証部150は、生体認証要求に生体認証方式113を含めて受信し、生体認証方式113が一致するものの中から照合を行うことができる。または、認証部150は、生体認証要求を受け付けた当日から数日前までの期間に登録が行われた生体特徴情報と優先的に照合を試みるなどしてもよい。これらにより、照合速度が向上し得る。また、上記優先的な照合に失敗した場合、残り全ての生体特徴情報と照合を行うようにするとよい。 Note that in step S32, the authentication unit 150 does not need to try to collate with all the biological feature information 112 in the biological information DB 110. For example, the authentication unit 150 can receive the biometric authentication request including the biometric authentication method 113, and can perform collation from those that match the biometric authentication method 113. Alternatively, the authentication unit 150 may preferentially try to collate with the biometric characteristic information registered in the period from the day when the biometric authentication request is received to several days before. These can improve the collation speed. Further, when the above-mentioned priority collation fails, it is advisable to collate with all the remaining biological characteristic information.
 次に、認証端末400について詳細に説明する。図7は、本実施形態2にかかる認証端末400の構成を示すブロック図である。なお、認証端末400a~400gについては認証端末400と同等であるため、これらの図示を省略する。認証端末400は、第1のカメラ410と、第2のカメラ411と、記憶部420と、通信部430と、表示部440と、制御部450とを備える。 Next, the authentication terminal 400 will be described in detail. FIG. 7 is a block diagram showing the configuration of the authentication terminal 400 according to the second embodiment. Since the authentication terminals 400a to 400g are the same as the authentication terminal 400, their illustrations are omitted. The authentication terminal 400 includes a first camera 410, a second camera 411, a storage unit 420, a communication unit 430, a display unit 440, and a control unit 450.
 第1のカメラ410及び第2のカメラ411は、制御部450の制御に応じて撮影を行う撮影装置である。本実施形態2では、第1のカメラ410がユーザUの顔を撮影し、第2のカメラ411がユーザUの虹彩を撮影する。第2のカメラ411は、虹彩の撮影が可能な赤外線カメラである。 The first camera 410 and the second camera 411 are photographing devices that take pictures under the control of the control unit 450. In the second embodiment, the first camera 410 photographs the face of the user U, and the second camera 411 photographs the iris of the user U. The second camera 411 is an infrared camera capable of photographing an iris.
 記憶部420は、認証端末400の各機能を実現するためのプログラムが格納される記憶装置である。
 通信部430は、ネットワークNとの通信インタフェースである。
 表示部440は、少なくとも表示装置である。また、表示部440は、表示装置と入力装置を含む入出力部、例えば、タッチパネルであってもよい。 The storage unit 420 is a storage device that stores a program for realizing each function of the authentication terminal 400.
The communication unit 430 is a communication interface with the network N.
The display unit 440 is at least a display device. Further, the display unit 440 may be an input / output unit including a display device and an input device, for example, a touch panel.
 制御部450は、認証端末400が有するハードウェアの制御を行う。制御部450は、撮影制御部451と、登録部452と、認証制御部453と、表示制御部454とを備える。 The control unit 450 controls the hardware of the authentication terminal 400. The control unit 450 includes a shooting control unit 451, a registration unit 452, an authentication control unit 453, and a display control unit 454.
 撮影制御部451は、第1のカメラ410及び第2のカメラ411を制御し、ユーザUの登録画像又は認証用画像を撮影する。第1のカメラ410及び第2のカメラ411が撮影する登録画像及び認証用画像は、少なくとも当該ユーザUの顔領域及び虹彩領域をそれぞれ含む画像である。撮影制御部451は、登録画像を登録部452へ出力する。また、撮影制御部451は、認証用画像を認証制御部453へ出力する。 The shooting control unit 451 controls the first camera 410 and the second camera 411, and shoots the registered image or the authentication image of the user U. The registered image and the authentication image taken by the first camera 410 and the second camera 411 are images including at least the face region and the iris region of the user U, respectively. The shooting control unit 451 outputs the registered image to the registration unit 452. Further, the photographing control unit 451 outputs the authentication image to the authentication control unit 453.
 登録部452は、登録画像を含む生体情報登録要求をネットワークNを介して認証装置100へ送信する。 The registration unit 452 transmits a biometric information registration request including a registered image to the authentication device 100 via the network N.
 認証制御部453は、認証用画像を含む生体認証要求をネットワークNを介して認証制御装置200へ送信する。また、認証制御部453は、設置されている場所を識別する場所IDと、生体認証の用途をこの生体認証要求に含めて認証制御装置200に対して送信する。用途には、例えば決済処理や本人確認を含むか否かの情報が含まれる。また、認証制御部453は、場所IDに代えて、認証端末400を識別する端末IDを、この生体認証要求に含めて認証制御装置200に送信してもよい。その場合、認証制御装置200は、認証端末400の端末IDと、その認証端末400の設置場所の場所IDとを対応付けて、予め記憶部210に記憶しておく。これにより、認証制御装置200は、受信した生体認証要求に含まれる端末IDに基づいて、記憶部210を参照し、認証端末400の場所IDを取得することができる。 The authentication control unit 453 transmits a biometric authentication request including an authentication image to the authentication control device 200 via the network N. Further, the authentication control unit 453 transmits the place ID for identifying the installed place and the use of the biometric authentication to the authentication control device 200 including the use of the biometric authentication in the biometric authentication request. Uses include, for example, information on whether or not to include payment processing and identity verification. Further, the authentication control unit 453 may include the terminal ID that identifies the authentication terminal 400 in the biometric authentication request and transmit it to the authentication control device 200 instead of the place ID. In that case, the authentication control device 200 associates the terminal ID of the authentication terminal 400 with the location ID of the installation location of the authentication terminal 400 and stores it in the storage unit 210 in advance. As a result, the authentication control device 200 can refer to the storage unit 210 and acquire the location ID of the authentication terminal 400 based on the terminal ID included in the received biometric authentication request.
 認証制御部453は、生体認証結果を受信し、生体認証結果を表示制御部454へ出力する。また、認証結果が成功である場合、認証制御部453は、所定のサービスの制御機器に対し、そのサービスを実行させるための指示信号を出力する。所定のサービスとは、例えば、ドア(ゲート)の開閉、施錠の開錠、決済処理の実行、チェックイン処理の実行、チェックアウト処理の実行等である。これらに限らず、所定のサービスには、ユーザUの認証の成功に応じて提供される種々のサービスが含まれる。これにより、ユーザUは、生体認証の結果を用いて、宿泊部屋への入室や決済処理など、認証を求められた所定のサービスの提供を受けることができる。 The authentication control unit 453 receives the biometric authentication result and outputs the biometric authentication result to the display control unit 454. If the authentication result is successful, the authentication control unit 453 outputs an instruction signal for executing the service to the control device of the predetermined service. The predetermined service is, for example, opening / closing a door (gate), unlocking a lock, executing a payment process, executing a check-in process, executing a check-out process, and the like. Not limited to these, predetermined services include various services provided according to the success of user U authentication. As a result, the user U can receive the provision of a predetermined service requested to be authenticated, such as entering the accommodation room and payment processing, by using the result of the biometric authentication.
 表示制御部454は、生体認証結果に応じた表示内容を表示部440へ表示する。表示制御部454は、例えば、認証が成功した旨または失敗した旨をユーザUに対して表示する。また、表示制御部454は、生体認証の方式、ユーザUの氏名等を認証結果と併せて表示部440へ表示してもよい。例えば、表示制御部454は、「○○様、顔認証に成功しました。」、「○○様、顔認証と虹彩認証に成功しました。」などと表示する。氏名等の情報は、必要に応じて非表示や個人を特定できない形式にしてもよい。また、ユーザUが従業員の場合には、表示制御部454は、例えば「従業員ID:XX番 △△さん 虹彩認証に成功しました。」のように、従業員IDや所属等の情報を併せて表示してもよい。これらに加え、表示制御部454は、生体認証のために必要な動作(マスクを外す、顔を認証端末400に向けるなど)をユーザUに対して案内してもよい。 The display control unit 454 displays the display content according to the biometric authentication result on the display unit 440. The display control unit 454 displays, for example, to the user U that the authentication has succeeded or failed. Further, the display control unit 454 may display the biometric authentication method, the name of the user U, and the like on the display unit 440 together with the authentication result. For example, the display control unit 454 displays "Mr. XX, face authentication succeeded.", "Mr. XX, face authentication and iris authentication succeeded." Information such as the name may be hidden or in a format that cannot identify an individual, if necessary. If the user U is an employee, the display control unit 454 displays information such as the employee ID and affiliation, for example, "Employee ID: XX number △△ -san, iris authentication was successful." It may be displayed at the same time. In addition to these, the display control unit 454 may guide the user U to perform operations necessary for biometric authentication (remove the mask, turn the face toward the authentication terminal 400, etc.).
 図3に戻り説明を続ける。認証制御装置200は、認証端末400におけるユーザUの生体認証処理を制御する情報処理装置である。認証制御装置200は、複数台のサーバに冗長化されてもよく、各機能ブロックが複数台のコンピュータで実現されてもよい。 Return to Fig. 3 and continue the explanation. The authentication control device 200 is an information processing device that controls the biometric authentication process of the user U in the authentication terminal 400. The authentication control device 200 may be redundant to a plurality of servers, or each functional block may be realized by a plurality of computers.
 具体的には、まず、認証制御装置200は、認証端末400からユーザUの生体情報、認証端末400の場所ID、生体認証の用途を含む生体認証要求を受け付ける。認証制御装置200は、認証端末400の設置場所又は生体認証の用途に応じて、複数の生体認証方式の中から第1の生体認証方式を決定し、決定した方式による第1の生体認証要求を認証装置100に対して送信する。 Specifically, first, the authentication control device 200 receives a biometric authentication request including the biometric information of the user U, the location ID of the authentication terminal 400, and the use of biometric authentication from the authentication terminal 400. The authentication control device 200 determines a first biometric authentication method from a plurality of biometric authentication methods according to the installation location of the authentication terminal 400 or the use of biometric authentication, and makes a first biometric authentication request by the determined method. It is transmitted to the authentication device 100.
 認証制御装置200は、第1の生体認証に成功した旨を認証装置100から受信すると、ユーザUの属性を特定する。認証制御装置200は、認証端末400の設置場所及び生体認証の用途に加え、ユーザUの属性を加味して、第2の生体認証の結果を用いるか否かを判定する。第2の生体認証の結果を用いると判定された場合、認証制御装置200は、ユーザUに対して第2の生体認証を行うと判定し、第2の生体認証を制御する。 When the authentication control device 200 receives from the authentication device 100 that the first biometric authentication has been successful, the authentication control device 200 identifies the attribute of the user U. The authentication control device 200 determines whether or not to use the result of the second biometric authentication in consideration of the attribute of the user U in addition to the installation location of the authentication terminal 400 and the use of biometric authentication. When it is determined that the result of the second biometric authentication is used, the authentication control device 200 determines that the second biometric authentication is performed for the user U, and controls the second biometric authentication.
 第2の生体認証を行うと判定された場合、認証制御装置200は、認証装置100に対して第2の生体認証要求を送信する。認証制御装置200は、第2の生体認証に成功した旨を認証装置100から受信すると、その旨を認証端末400に送信する。
 上記の処理により、生体認証に成功したユーザUは、宿泊部屋への入室や決済処理など、所望のサービスの提供を受けることができる。 If it is determined to perform the second biometric authentication, the authentication control device 200 transmits the second biometric authentication request to the authentication device 100. When the authentication control device 200 receives from the authentication device 100 that the second biometric authentication has been successful, the authentication control device 200 transmits the fact to the authentication terminal 400.
By the above processing, the user U who has succeeded in biometric authentication can be provided with a desired service such as entry into an accommodation room and payment processing.
 次に、認証制御装置200について詳細に説明する。図8は、本実施形態2にかかる認証制御装置200の構成を示すブロック図である。認証制御装置200は、記憶部210と、メモリ220と、通信部230と、制御部240とを備える。 Next, the authentication control device 200 will be described in detail. FIG. 8 is a block diagram showing the configuration of the authentication control device 200 according to the second embodiment. The authentication control device 200 includes a storage unit 210, a memory 220, a communication unit 230, and a control unit 240.
 記憶部210は、ハードディスク、フラッシュメモリ等の記憶装置である。記憶部210は、プログラム211と、属性情報212と、認証方式情報213とを記憶する。
 プログラム211は、本実施形態2にかかる認証制御方法の処理が実装されたコンピュータプログラムである。 The storage unit 210 is a storage device for a hard disk, a flash memory, or the like. The storage unit 210 stores the program 211, the attribute information 212, and the authentication method information 213.
The program 211 is a computer program in which the processing of the authentication control method according to the second embodiment is implemented.
 属性情報212は、各ユーザUの属性情報である。具体的には、属性情報212は、ユーザID2121と属性2122とを対応付けた情報である。ユーザID2121は、ユーザUを識別する情報である。属性2122は、ユーザUの属性を示す情報であり、例えば、ユーザが顧客であるか従業員であるかが含まれる。 The attribute information 212 is the attribute information of each user U. Specifically, the attribute information 212 is information in which the user ID 2121 and the attribute 2122 are associated with each other. The user ID 2121 is information that identifies the user U. The attribute 2122 is information indicating the attribute of the user U, and includes, for example, whether the user is a customer or an employee.
 認証方式情報213は、場所ID2131と、用途2132と、属性2133と、認証方式2134とを対応付けた情報である。既に図9を用いて説明したように、ユーザUに対して行う認証方式やその組み合わせは、認証端末400の設置場所、生体認証の用途、ユーザUの属性に応じて決定される。認証方式情報213はこれらを対応付けて記憶したものである。
 なお、図9に示す認証方式の組み合わせは一例であり、これに限られない。例えば、生体認証の精度の高さによって、組み合わせる認証方式の数を増減させてもよいし、ユーザUの属性をさらに細分化させてもよい。例えば、従業員においては、役職や在職年数などに応じて認証方式の組み合わせを調整してもよいし、清掃業務などのマスクをする頻度が低い者と高い者とで虹彩認証の適用を変えてもよい。 The authentication method information 213 is information in which the location ID 2131, the use 2132, the attribute 2133, and the authentication method 2134 are associated with each other. As already described with reference to FIG. 9, the authentication method and the combination thereof performed on the user U are determined according to the installation location of the authentication terminal 400, the use of biometric authentication, and the attributes of the user U. The authentication method information 213 is stored in association with each other.
The combination of authentication methods shown in FIG. 9 is an example, and is not limited to this. For example, the number of authentication methods to be combined may be increased or decreased depending on the high accuracy of biometric authentication, or the attributes of the user U may be further subdivided. For example, for employees, the combination of authentication methods may be adjusted according to the position and years of employment, and the application of iris recognition may be changed between those who wear masks less frequently and those who wear masks for cleaning work. May be good.
 メモリ220は、RAM(Random Access Memory)等の揮発性記憶装置であり、制御部240の動作時に一時的に情報を保持するための記憶領域である。
 通信部230は、ネットワークNとの通信インタフェースである。 The memory 220 is a volatile storage device such as a RAM (Random Access Memory), and is a storage area for temporarily holding information when the control unit 240 operates.
The communication unit 230 is a communication interface with the network N.
 制御部240は、認証制御装置200の各構成を制御するプロセッサつまり制御装置である。制御部240は、記憶部210からプログラム211をメモリ220へ読み込ませ、プログラム211を実行する。これにより、制御部240は、生体情報取得部241、認証制御部242、判定部243、決定部244の機能を実現する。 The control unit 240 is a processor, that is, a control device that controls each configuration of the authentication control device 200. The control unit 240 reads the program 211 from the storage unit 210 into the memory 220, and executes the program 211. As a result, the control unit 240 realizes the functions of the biological information acquisition unit 241, the authentication control unit 242, the determination unit 243, and the determination unit 244.
 生体情報取得部241は、上述した生体情報取得部11の一例である。生体情報取得部241は、生体認証を行う所定のユーザUの第1の生体情報及び第2の生体情報を取得する。具体的には、生体情報取得部241は、第1及び第2の生体情報を認証端末400からネットワークNを介して取得する。第1及び第2の生体情報は、例えば、第1のカメラ410及び第2のカメラ411により撮影されたユーザUの顔及び虹彩の生体情報である。 The biological information acquisition unit 241 is an example of the above-mentioned biological information acquisition unit 11. The biometric information acquisition unit 241 acquires the first biometric information and the second biometric information of a predetermined user U who performs biometric authentication. Specifically, the biometric information acquisition unit 241 acquires the first and second biometric information from the authentication terminal 400 via the network N. The first and second biometric information is, for example, biometric information of the face and iris of the user U taken by the first camera 410 and the second camera 411.
 認証制御部242は、上述した認証制御部12の一例である。認証制御部242は、第1の生体情報を用いた第1の生体認証及び第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御する。
 本実施形態では、まず、認証制御部242は、生体情報取得部241が取得した第1の生体情報を用いて、第1の生体認証を制御する。具体的には、認証制御部242は、ネットワークNを介して、第1の生体認証要求を認証装置100に対して送信する。第1の生体認証要求には、第1の生体情報が含まれる。第1の生体認証方式は、後述する決定部244により決定される。なお、第1の生体認証要求には、第1の生体認証方式の情報を含めてもよい。これにより、認証装置100における照合速度が向上し得る。 The authentication control unit 242 is an example of the above-mentioned authentication control unit 12. The authentication control unit 242 controls at least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information.
In the present embodiment, first, the authentication control unit 242 controls the first biometric authentication by using the first biometric information acquired by the biometric information acquisition unit 241. Specifically, the authentication control unit 242 transmits the first biometric authentication request to the authentication device 100 via the network N. The first biometric authentication request includes the first biometric information. The first biometric authentication method is determined by the determination unit 244, which will be described later. The first biometric authentication request may include information on the first biometric authentication method. This can improve the collation speed in the authentication device 100.
 続いて、認証制御部242は、後述する判定部243により、ユーザUに対して第2の生体認証を行うと判定された場合、第2の生体認証を制御する。具体的には、認証制御部242は、ネットワークNを介して、第2の生体認証要求を認証装置100に対して送信する。第2の生体認証要求には、ユーザUの第2の生体情報が含まれる。上記と同様、第2の生体認証要求には、第2の生体認証方式の情報を含めてもよい。 Subsequently, the authentication control unit 242 controls the second biometric authentication when it is determined by the determination unit 243, which will be described later, to perform the second biometric authentication for the user U. Specifically, the authentication control unit 242 transmits a second biometric authentication request to the authentication device 100 via the network N. The second biometric authentication request includes the second biometric information of the user U. Similar to the above, the second biometric authentication request may include information on the second biometric authentication method.
 判定部243は、上述した判定部13の一例である。判定部13は、第1の生体認証及び第2の生体認証のうち少なくとも一方が成功した場合、他方の生体認証の結果を用いるか否かを判定する。本実施形態では、判定部243は、第1の生体認証に成功した場合、第2の生体認証の結果を用いるか否かを判定する。具体的には、判定部243は、第1の生体認証に成功したユーザUの属性を特定し、特定した属性に基づいて、第2の生体認証の結果を用いるか否かを判定する。また、第2の生体認証の結果を用いると判定した場合、判定部243は、第2の生体認証を行うと判定する。 The determination unit 243 is an example of the determination unit 13 described above. If at least one of the first biometric authentication and the second biometric authentication is successful, the determination unit 13 determines whether or not to use the result of the other biometric authentication. In the present embodiment, the determination unit 243 determines whether or not to use the result of the second biometric authentication when the first biometric authentication is successful. Specifically, the determination unit 243 identifies the attribute of the user U who has succeeded in the first biometric authentication, and determines whether or not to use the result of the second biometric authentication based on the identified attribute. Further, when it is determined that the result of the second biometric authentication is used, the determination unit 243 determines that the second biometric authentication is performed.
 判定部243は、例えば図9の表に示すような条件に基づいて、上記の第2の生体認証の結果を用いるか否かの判定を行う。すなわち、判定部243は、ユーザUの属性、認証端末400の設置場所、生体認証の用途に応じて、第2の生体認証の結果を用いるか否かを判定し、続いて第2の生体認証を行うか否かを判定する。 The determination unit 243 determines whether or not to use the result of the second biometric authentication described above, for example, based on the conditions shown in the table of FIG. That is, the determination unit 243 determines whether or not to use the result of the second biometric authentication according to the attribute of the user U, the installation location of the authentication terminal 400, and the use of the biometric authentication, and then the second biometric authentication. Judge whether or not to perform.
 例えば、図9に示す例において、認証端末400が宿泊棟入口(認証の成功に応じて提供されるサービスの複数の提供対象者のそれぞれに対する複数のサービス提供場所への共通の入口)に設置されており、ユーザU1が第1の生体認証として顔認証に成功しているとする。判定部243は、属性情報212に基づいて、ユーザU1の属性を顧客(サービスの提供対象者)であると特定する。また、判定部243は特定したユーザU1の属性に基づいて、認証方式情報213を参照してユーザU1に対して第2の生体認証の結果を用いるか否かを判定する。宿泊棟入口においては、顧客であるユーザU1には、顔認証だけでなく虹彩認証が必要であるので、判定部243は、第2の生体認証の結果を用いると判定し、また、第2の生体認証を行うと判定する。
 ユーザUが、従業員(サービスの提供者)である場合も同様に認証方式情報213に基づいて判定が行われる。判定部243は、第1の生体認証である虹彩認証に成功したユーザU2について、ユーザU2の属性が従業員であると特定し、特定した属性に基づいて、認証方式情報213を参照してユーザU2に対しては第2の生体認証の結果を用いないと判定し、また、第2の生体認証を行わないと判定する。 For example, in the example shown in FIG. 9, the authentication terminal 400 is installed at the entrance of the accommodation building (a common entrance to a plurality of service provision locations for each of a plurality of service recipients of services provided according to the success of authentication). It is assumed that the user U1 has succeeded in face authentication as the first biometric authentication. The determination unit 243 identifies the attribute of the user U1 as a customer (service provider) based on the attribute information 212. Further, the determination unit 243 determines whether or not to use the result of the second biometric authentication for the user U1 with reference to the authentication method information 213 based on the attribute of the specified user U1. At the entrance of the accommodation building, the user U1 who is a customer needs not only face authentication but also iris authentication. Therefore, the determination unit 243 determines that the result of the second biometric authentication is used, and the second biometric authentication is used. It is determined that biometric authentication will be performed.
Similarly, when the user U is an employee (service provider), the determination is made based on the authentication method information 213. The determination unit 243 identifies that the attribute of the user U2 is an employee for the user U2 who has succeeded in the iris authentication which is the first biometric authentication, and refers to the authentication method information 213 based on the specified attribute. It is determined that the result of the second biometric authentication is not used for U2, and it is determined that the second biometric authentication is not performed.
 このような判定を行うことにより、顧客に対しては、顔認証及び虹彩認証により宿泊棟に入る際の本人確認を厳格に行うことができるので、顧客でない者が宿泊棟内に立ち入ることを防ぐことができる。また、従業員に対しては、虹彩認証のみで宿泊棟に入ることができるので、例えば、従業員がマスクをしている場合でも、マスクを外すことなく、効率的に本人確認を行うことができる。なお、虹彩認証は顔認証よりも認証精度が高いため、虹彩認証のみで宿泊棟に入る場合にも厳格な本人確認を行うことが可能であると考えられる。 By making such a judgment, it is possible to strictly verify the identity of the customer when entering the accommodation building by face recognition and iris recognition, so that it is possible to prevent a person who is not a customer from entering the accommodation building. be able to. In addition, employees can enter the accommodation building only with iris recognition, so even if the employee is wearing a mask, it is possible to efficiently verify the identity without removing the mask. can. Since iris authentication has higher authentication accuracy than face authentication, it is considered possible to perform strict identity verification even when entering the accommodation building using only iris authentication.
 また、図9に示す例において、認証端末400が宿泊部屋前(生体認証の成功に応じて提供されるサービスの提供場所の入口)に設置されており、ユーザU1が第1の生体認証として顔認証に成功しているとする。
 上記と同様、判定部243は、属性情報212に基づいて、ユーザU1の属性を顧客であると特定する。判定部243は、特定したユーザU1の属性に基づいて、認証方式情報213を参照してユーザU1に対して第2の生体認証の結果を用いないと判定し、また、第2の生体認証を行わないと判定する。
 また、ユーザU2が第1の生体認証として顔認証に成功している場合、判定部243は、ユーザU2の属性を従業員であると特定し、特定した属性に基づいて、認証方式情報213を参照して第2の生体認証の結果を用いると判定する。そして、判定部243は、第2の生体認証を行うと判定する。 Further, in the example shown in FIG. 9, the authentication terminal 400 is installed in front of the accommodation room (the entrance of the service providing place provided according to the success of biometric authentication), and the user U1 faces as the first biometric authentication. It is assumed that the authentication is successful.
Similar to the above, the determination unit 243 identifies the attribute of the user U1 as a customer based on the attribute information 212. Based on the attribute of the specified user U1, the determination unit 243 determines that the result of the second biometric authentication is not used for the user U1 by referring to the authentication method information 213, and also performs the second biometric authentication. Judge not to do.
Further, when the user U2 succeeds in face recognition as the first biometric authentication, the determination unit 243 identifies the attribute of the user U2 as an employee, and based on the specified attribute, performs the authentication method information 213. It is determined that the result of the second biometric authentication is used by reference. Then, the determination unit 243 determines that the second biometric authentication is performed.
 このような判定を行うことにより、宿泊棟入口において既にマルチモーダル認証を行った顧客に対しては、宿泊部屋への入室の際は顔認証のみで入室を許可することができる。また、従業員に対しては、宿泊棟入口と比較して、より厳格に本人確認を行うことができる。 By making such a judgment, a customer who has already performed multimodal authentication at the entrance of the accommodation building can be permitted to enter the room only by face authentication when entering the accommodation room. In addition, it is possible to verify the identity of employees more strictly than at the entrance of the accommodation building.
 また、判定部243は、認証端末400の用途が決済処理を含む場合には、ユーザUの属性等にかかわらず、第2の生体認証を用いると判定し、また第2の生体認証を行うと判定してもよい。図9に示す例では、土産屋においては、ユーザUの属性が顧客であっても従業員であっても、第2の生体認証が必要である。これにより、決済処理については、他のサービスの提供と比較して、より厳格な本人確認を行うことができる。 Further, when the use of the authentication terminal 400 includes payment processing, the determination unit 243 determines that the second biometric authentication is used regardless of the attribute of the user U, and performs the second biometric authentication. You may judge. In the example shown in FIG. 9, in the souvenir shop, a second biometric authentication is required regardless of whether the attribute of the user U is a customer or an employee. As a result, it is possible to perform stricter identity verification for payment processing as compared with the provision of other services.
 決定部244は、認証端末400の用途又は設置場所に応じて複数の生体認証方式の中から第1の生体認証方式を決定する。例えば、図9に示す例において、宿泊棟入口では、ユーザUの属性にかかわらず虹彩認証が必要である。よって、決定部244は、第1の生体認証方式として虹彩認証を用いることを決定する。同様に、宿泊部屋においては第1の生体認証を顔認証として決定する。 The determination unit 244 determines the first biometric authentication method from a plurality of biometric authentication methods according to the use or installation location of the authentication terminal 400. For example, in the example shown in FIG. 9, iris authentication is required at the entrance of the accommodation building regardless of the attribute of the user U. Therefore, the determination unit 244 decides to use iris recognition as the first biometric authentication method. Similarly, in the accommodation room, the first biometric authentication is determined as face authentication.
 なお、決定部244は、認証方式の精度を考慮して、第1の生体認証方式を決定してもよい。例えば、第1の生体認証として顔認証のみが必要な場合でも、ユーザUがマスクをしており虹彩画像しか取得できなければ、より認証精度の高い虹彩認証を第1の生体認証方式として決定してよい。
 また、いずれの認証方式でもよい場合であって、認証端末400から複数の生体情報を取得できる場合には、複数の生体情報を取得し、より精度の高い認証方式を優先的に第1の生体認証として決定してもよい。 The determination unit 244 may determine the first biometric authentication method in consideration of the accuracy of the authentication method. For example, even if only face authentication is required as the first biometric authentication, if the user U is wearing a mask and can only acquire the iris image, iris authentication with higher authentication accuracy is determined as the first biometric authentication method. You can do it.
Further, in the case where any authentication method may be used and a plurality of biometric information can be acquired from the authentication terminal 400, a plurality of biometric information is acquired and the first biometric method is given priority to a more accurate authentication method. It may be decided as authentication.
 図10は、本実施形態2にかかる認証制御処理の流れを示すフローチャートである。まず、生体情報取得部241は、認証端末400から生体認証要求を受信し、第1及び第2の生体情報を取得する(S401)。 FIG. 10 is a flowchart showing the flow of the authentication control process according to the second embodiment. First, the biometric information acquisition unit 241 receives the biometric authentication request from the authentication terminal 400, and acquires the first and second biometric information (S401).
 次に、決定部244は、認証端末400の用途又は設置場所に応じて第1の生体認証方式を決定する(S402)。認証制御部242は、決定した第1の生体認証方式に対応する第1の生体認証要求を認証装置100に対して送信する(S403)。 Next, the determination unit 244 determines the first biometric authentication method according to the use or installation location of the authentication terminal 400 (S402). The authentication control unit 242 transmits a first biometric authentication request corresponding to the determined first biometric authentication method to the authentication device 100 (S403).
 認証制御部242は、認証装置100から第1の生体認証の結果を受信し、第1の生体認証が成功したか否かを判定する(S404)。第1の生体認証が成功した場合(S404のYes)、判定部243は、ユーザUの属性を特定する(S405)。また、判定部243は、第2の生体認証の結果を用いるか否かを判定し、その判定結果に応じて、第2の生体認証を行うか否かを判定する(S406)。例えば、判定部243は、認証方式情報213を参照して、判定を行う。 The authentication control unit 242 receives the result of the first biometric authentication from the authentication device 100, and determines whether or not the first biometric authentication is successful (S404). When the first biometric authentication is successful (Yes in S404), the determination unit 243 identifies the attribute of the user U (S405). Further, the determination unit 243 determines whether or not to use the result of the second biometric authentication, and determines whether or not to perform the second biometric authentication according to the determination result (S406). For example, the determination unit 243 makes a determination with reference to the authentication method information 213.
 第2の生体認証を行うと判定された場合(S406のYes)、認証制御部242は、第2の生体認証要求を認証装置100に対して送信する(S407)。 When it is determined to perform the second biometric authentication (Yes in S406), the authentication control unit 242 transmits the second biometric authentication request to the authentication device 100 (S407).
 認証制御部242は、認証装置100から第2の生体認証の結果を受信し、第2の生体認証が成功したか否かを判定する(S408)。第2の生体認証が成功した場合(S408のYes)、認証制御部242は、生体認証に成功した旨を認証端末400に対して返信する(S409)。 The authentication control unit 242 receives the result of the second biometric authentication from the authentication device 100, and determines whether or not the second biometric authentication is successful (S408). When the second biometric authentication is successful (Yes in S408), the authentication control unit 242 returns to the authentication terminal 400 that the biometric authentication was successful (S409).
 ステップS404で第1の生体認証に失敗した場合(S404のNo)及びステップS408で第2の生体認証に失敗した場合(S408のNo)、認証制御部242は、生体認証に失敗した旨を認証端末400に対して返信する(S410)。 When the first biometric authentication fails in step S404 (No in S404) and when the second biometric authentication fails in step S408 (No in S408), the authentication control unit 242 authenticates that the biometric authentication has failed. Reply to the terminal 400 (S410).
 また、ステップS406において、第2の生体認証を行わないと判定された場合(S406のNo)、認証制御部242は、生体認証に成功した旨を認証端末400に対して返信する(S409)。 If it is determined in step S406 that the second biometric authentication is not performed (No in S406), the authentication control unit 242 returns to the authentication terminal 400 that the biometric authentication was successful (S409).
 生体認証に成功すると(S409)、ドア(ゲート)の開閉、施錠の開錠、決済処理の実行、チェックイン処理の実行、チェックアウト処理の実行等の処理を実行させる指示信号が認証端末400から各サービスの制御機器に対して出力される。これにより、ユーザUは、各施設への入室や決済処理など、所望のサービスの提供を受けることができる。 When biometric authentication is successful (S409), an instruction signal for executing processing such as opening / closing the door (gate), unlocking the lock, executing payment processing, executing check-in processing, and executing check-out processing is sent from the authentication terminal 400. It is output to the control device of each service. As a result, the user U can receive desired services such as entry into each facility and payment processing.
 以上説明したように、本実施形態にかかる認証システム1000によれば、第1の生体認証の成功によりユーザUの属性を特定し、特定した属性に基づいて第2の生体認証の結果を用いるか否か及び第2の生体認証を行うか否かの判定を行うことができる。また、第1の生体認証方式は、認証端末400の用途又は設置場所に応じて決定することができる。したがって、例えば、ユーザUがマスクをしている場合であっても、ユーザUの属性や認証端末400の用途や設置場所によっては、マスクを外すことなく、かつ、適切にユーザUの本人確認を行うことができる。また、例えば、決済処理においては、ユーザUの属性にかかわらずマルチモーダル認証を必要とするなど、生体認証の用途に応じて厳格な本人確認を行うことができる。
 以上より、本実施形態にかかる認証システム1000によれば、マルチモーダル認証におけるユーザUの利便性の低下を軽減しつつ、適切に本人確認を行うことが可能である。 As described above, according to the authentication system 1000 according to the present embodiment, whether the attribute of the user U is specified by the success of the first biometric authentication and the result of the second biometric authentication is used based on the specified attribute. It is possible to determine whether or not to perform the second biometric authentication. Further, the first biometric authentication method can be determined according to the use or installation location of the authentication terminal 400. Therefore, for example, even if the user U is wearing a mask, depending on the attributes of the user U, the purpose of use of the authentication terminal 400, and the installation location, the identity verification of the user U can be appropriately performed without removing the mask. It can be carried out. Further, for example, in the payment process, strict identity verification can be performed according to the use of biometric authentication, such as requiring multimodal authentication regardless of the attribute of the user U.
From the above, according to the authentication system 1000 according to the present embodiment, it is possible to appropriately confirm the identity while reducing the deterioration of the convenience of the user U in the multimodal authentication.
<実施形態3>
 本実施形態3は、上述した実施形態2の変形例である。実施形態2では、認証制御装置200は、まず第1の生体認証を制御し、その成功に応じて第2の生体認証の制御を行った。これに対し、本実施形態にかかる認証制御装置200は、まず第1及び第2の生体認証を共に制御し、これらのうち少なくとも一方の生体認証が成功した場合に、他方の生体認証の結果を用いるか否かを判定するものである。 <Embodiment 3>
The third embodiment is a modification of the second embodiment described above. In the second embodiment, the authentication control device 200 first controls the first biometric authentication, and then controls the second biometric authentication according to the success. On the other hand, the authentication control device 200 according to the present embodiment first controls both the first and second biometric authentication, and when at least one of these biometric authentication is successful, the result of the other biometric authentication is obtained. It determines whether or not to use it.
 本実施形態にかかる認証制御装置200の構成は、実施形態2と同様であるので、その説明を省略する。
 図11は、本実施形態にかかる認証制御処理の流れを示すフローチャートである。まず、生体情報取得部241は、認証端末400から生体認証要求を受信し、第1及び第2の生体情報を取得する(S501)。 Since the configuration of the authentication control device 200 according to the present embodiment is the same as that of the second embodiment, the description thereof will be omitted.
FIG. 11 is a flowchart showing the flow of the authentication control process according to the present embodiment. First, the biometric information acquisition unit 241 receives the biometric authentication request from the authentication terminal 400, and acquires the first and second biometric information (S501).
 次に、認証制御部242は、取得した第1及び第2の生体情報をそれぞれ用いた第1及び第2の生体認証要求を認証装置100に対して送信する(S502)。なお、実施形態2と同様、第1の生体認証方式を決定部244が決定してもよいが、本実施形態では第1及び第2の生体認証を共に行うので、ここでは説明を省略する。 Next, the authentication control unit 242 transmits the first and second biometric authentication requests using the acquired first and second biometric information to the authentication device 100 (S502). As in the second embodiment, the determination unit 244 may determine the first biometric authentication method, but since the first and second biometric authentications are performed together in the present embodiment, the description thereof will be omitted here.
 認証制御部242は、認証装置100から第1及び第2の生体認証の結果を受信し、少なくともいずれか一方の生体認証に成功したか否かを判定する(S503)。いずれか一方の生体認証が成功した場合(S503のYes)、判定部243は、ユーザUの属性を特定する(S504)。また、判定部243は、特定した属性に基づいて、他方の生体認証の結果を用いるか否かを判定する(S505)。例えば、判定部243は、認証方式情報213を参照して、判定を行う。 The authentication control unit 242 receives the results of the first and second biometric authentications from the authentication device 100, and determines whether or not at least one of the biometric authentications has been successful (S503). If either biometric authentication is successful (Yes in S503), the determination unit 243 identifies the attribute of the user U (S504). Further, the determination unit 243 determines whether or not to use the result of the other biometric authentication based on the specified attribute (S505). For example, the determination unit 243 makes a determination with reference to the authentication method information 213.
 他方の生体認証の結果を用いると判定された場合(S505のYes)、認証制御部242は、他方の生体認証が成功したか否かを判定する(S506)。 When it is determined that the result of the other biometric authentication is used (Yes in S505), the authentication control unit 242 determines whether or not the other biometric authentication is successful (S506).
 他方の生体認証が成功した場合(S506のYes)、認証制御部242は、生体認証に成功した旨を認証端末400に対して返信する(S507)。 When the other biometric authentication is successful (Yes in S506), the authentication control unit 242 returns to the authentication terminal 400 that the biometric authentication was successful (S507).
 ステップS503で第1の生体認証に失敗した場合(S503のNo)及びステップS506で他方の生体認証に失敗した場合(S506のNo)、認証制御部242は、生体認証に失敗した旨を認証端末400に対して返信する(S508)。 When the first biometric authentication fails in step S503 (No of S503) and when the other biometric authentication fails in step S506 (No of S506), the authentication control unit 242 indicates that the biometric authentication has failed. Reply to 400 (S508).
 また、ステップS505において、他方の生体認証の結果を用いないと判定された場合(S505のNo)、認証制御部242は、生体認証に成功した旨を認証端末400に対して返信する(S507)。 If it is determined in step S505 that the result of the other biometric authentication is not used (No in S505), the authentication control unit 242 returns to the authentication terminal 400 that the biometric authentication was successful (S507). ..
 生体認証に成功すると(S507)、ユーザUは、ドア(ゲート)の開閉等、所望のサービスの提供を受けることができる。 If the biometric authentication is successful (S507), the user U can receive the desired service such as opening / closing the door (gate).
 以上説明したように、本実施形態にかかる認証制御装置200では、第1及び第2の生体認証を共に行い、少なくとも一方が成功した場合に、ユーザUの属性を特定し、特定した属性に基づいて他方の生体認証の結果を用いるか否かを判定する。例えば、ユーザUがマスク着用時に顔認証及び虹彩認証を行ったとする。ユーザUは、顔認証に失敗し、虹彩認証に成功すると考えられるが、虹彩認証の成功により、認証制御装置200は、ユーザUの属性を特定し、その属性に基づいて、顔認証の結果(失敗)を用いるか否かを判定することができる。したがって、例えば、虹彩認証の成功のみで認証成功となる場面においては、顔認証の結果を用いないと判定することで、顔認証に失敗した場合であっても、ユーザUは所望のサービスを受けることが可能となる。
 したがって、本実施形態にかかる認証制御装置200によれば、実施形態2と同様の効果を奏することができる。 As described above, in the authentication control device 200 according to the present embodiment, the first and second biometric authentications are performed together, and when at least one of them succeeds, the attribute of the user U is specified and based on the specified attribute. It is determined whether or not to use the result of the other biometric authentication. For example, it is assumed that the user U performs face recognition and iris recognition when wearing a mask. It is considered that the user U fails in the face recognition and succeeds in the iris recognition. However, due to the success of the iris recognition, the authentication control device 200 identifies the attribute of the user U, and based on the attribute, the result of the face recognition ( Failure) can be determined. Therefore, for example, in a situation where the authentication is successful only by the success of the iris authentication, the user U receives the desired service even if the face authentication fails by determining that the face authentication result is not used. It becomes possible.
Therefore, according to the authentication control device 200 according to the present embodiment, the same effect as that of the second embodiment can be obtained.
<実施形態4>
 本実施形態4は、上述した実施形態2の変形例である。本実施形態にかかる認証制御装置200aは、認証端末400から受信した生体認証要求に対し、認証装置100を介すことなく認証処理を行い、その結果を認証端末400に返信するものである。 <Embodiment 4>
The fourth embodiment is a modification of the second embodiment described above. The authentication control device 200a according to the present embodiment performs an authentication process for a biometric authentication request received from the authentication terminal 400 without going through the authentication device 100, and returns the result to the authentication terminal 400.
 図12は、本実施形態にかかる認証制御装置200aの構成を示すブロック図である。図12に示すように、認証制御装置200aは、記憶部210と、メモリ220と、通信部230と、制御部240とを備えている。記憶部210は、プログラム211と、属性情報212と、認証方式情報213に加え、生体情報214をさらに記憶する。 FIG. 12 is a block diagram showing the configuration of the authentication control device 200a according to the present embodiment. As shown in FIG. 12, the authentication control device 200a includes a storage unit 210, a memory 220, a communication unit 230, and a control unit 240. The storage unit 210 further stores the biological information 214 in addition to the program 211, the attribute information 212, and the authentication method information 213.
 生体情報214は、上述した認証装置100の生体情報DB110に相当するものであり、ユーザID2141と、生体特徴情報2142と、生体認証方式2143とが対応付けられて記憶されている。 The biometric information 214 corresponds to the biometric information DB 110 of the above-mentioned authentication device 100, and the user ID 2141, the biometric characteristic information 2142, and the biometric authentication method 2143 are stored in association with each other.
 生体情報取得部241aは、第1の生体認証に成功したユーザUについて、生体情報214に第2の生体情報が登録されているかを判定し、第2の生体情報が未登録の場合、ユーザUから第2の生体情報を取得する。例えば、ユーザUが顔情報のみを登録し、虹彩情報が未登録の場合、生体情報取得部241aは、ユーザUの虹彩情報を取得する。そして、生体情報取得部241aは、ユーザID、登録済みの第1の生体情報である顔情報、取得した第2の生体情報である虹彩情報を対応付けて、生体情報214に登録する。 The biometric information acquisition unit 241a determines whether or not the second biometric information is registered in the biometric information 214 for the user U who has succeeded in the first biometric authentication, and if the second biometric information is not registered, the user U The second biometric information is obtained from. For example, when the user U registers only the face information and the iris information is not registered, the biometric information acquisition unit 241a acquires the iris information of the user U. Then, the biometric information acquisition unit 241a registers the user ID, the registered first biometric information face information, and the acquired second biometric information iris information in association with the biometric information 214.
 第2の生体情報の取得にあたっては、実施形態2で説明したように、表示部440に虹彩の撮影をする旨のメッセージを表示し、ユーザUの同意を得る方法がある。ユーザUが虹彩の撮影に同意すると、第2のカメラ411がユーザUの虹彩を撮影し、生体情報取得部241aがネットワークNを介して虹彩画像を取得する。 In acquiring the second biometric information, as described in the second embodiment, there is a method of displaying a message to the effect that the iris is to be photographed on the display unit 440 and obtaining the consent of the user U. When the user U agrees to take the iris, the second camera 411 takes the iris of the user U, and the biological information acquisition unit 241a acquires the iris image via the network N.
 また、生体情報取得部241aは、認証装置100における検出部120、特徴点抽出部130、登録部140、認証部150の機能をも有している。つまり、生体情報取得部241aは、認証端末400から受信した生体情報登録要求に含まれる虹彩画像から虹彩領域を検出し、虹彩の特徴情報を抽出し、ユーザIDを発行する。また、生体情報取得部241aは、ユーザID2141と第1及び第2の生体特徴情報2142及び生体認証方式2143とを対応付けた生体情報214を記憶部210に登録する。 The biometric information acquisition unit 241a also has the functions of the detection unit 120, the feature point extraction unit 130, the registration unit 140, and the authentication unit 150 in the authentication device 100. That is, the biometric information acquisition unit 241a detects the iris region from the iris image included in the biometric information registration request received from the authentication terminal 400, extracts the characteristic information of the iris, and issues the user ID. Further, the biometric information acquisition unit 241a registers the biometric information 214 in which the user ID 2141 is associated with the first and second biometric information 2142 and the biometric authentication method 2143 in the storage unit 210.
 認証制御部242aは、取得した撮影画像に含まれるユーザUの顔や虹彩等の領域から抽出された特徴情報と、記憶部210に記憶された生体特徴情報2142とを照合することにより、生体認証を制御する。
 上記以外の構成については、実施形態2と同様であるので、それらの説明を省略する。 The authentication control unit 242a performs biometric authentication by collating the feature information extracted from the area such as the face and iris of the user U included in the acquired captured image with the biometric feature information 2142 stored in the storage unit 210. To control.
Since the configurations other than the above are the same as those in the second embodiment, their description will be omitted.
 以上説明したように、本実施形態にかかる認証制御装置200aによれば、実施形態2と同様の効果を奏することができる。 As described above, according to the authentication control device 200a according to the present embodiment, the same effect as that of the second embodiment can be obtained.
<実施形態5>
 本実施形態5は、上述した実施形態2の変形例である。本実施形態にかかる認証制御装置200bは、実施形態2で説明した認証端末400の機能を有するものである。 <Embodiment 5>
The fifth embodiment is a modification of the second embodiment described above. The authentication control device 200b according to the present embodiment has the function of the authentication terminal 400 described in the second embodiment.
 図13は、本実施形態にかかる認証制御装置200bの構成を示すブロック図である。図13に示すように、認証制御装置200bは、記憶部210と、メモリ220と、通信部230と、制御部240に加えて、第1のカメラ250と、第2のカメラ251と、表示部260とを備えている。
 また、制御部240は、実施形態2で説明した機能に加えて、撮影制御部245、登録部246、表示制御部248の各機能を実現することが可能である。 FIG. 13 is a block diagram showing a configuration of the authentication control device 200b according to the present embodiment. As shown in FIG. 13, the authentication control device 200b includes a storage unit 210, a memory 220, a communication unit 230, a control unit 240, a first camera 250, a second camera 251 and a display unit. It is equipped with 260.
Further, the control unit 240 can realize each function of the photographing control unit 245, the registration unit 246, and the display control unit 248 in addition to the functions described in the second embodiment.
 第1のカメラ250、第2のカメラ251、表示部260は、それぞれ実施形態2における第1のカメラ410、第2のカメラ411、表示部440に相当する。つまり、第1のカメラ250は、例えばユーザUの顔を撮影し、第2のカメラ251は、ユーザUの虹彩を撮影する。表示部260は、少なくとも表示装置であり、入力装置を含む出力部、例えば、タッチパネルであってもよい。 The first camera 250, the second camera 251 and the display unit 260 correspond to the first camera 410, the second camera 411, and the display unit 440 in the second embodiment, respectively. That is, the first camera 250 photographs the face of the user U, for example, and the second camera 251 photographs the iris of the user U. The display unit 260 is at least a display device, and may be an output unit including an input device, for example, a touch panel.
 生体情報取得部241bは、ユーザUの第1及び第2の生体情報を、第1のカメラ250及び第2のカメラ251により撮影されたユーザUの顔画像及び虹彩画像から取得する。 The biometric information acquisition unit 241b acquires the first and second biometric information of the user U from the face image and the iris image of the user U taken by the first camera 250 and the second camera 251.
 撮影制御部245、登録部246、表示制御部248は、それぞれ実施形態2で説明した撮影制御部451、登録部452、表示制御部454に相当する。ただし、撮影制御部245は、登録画像を登録部246へ出力するが、認証用画像は認証制御部242bへ出力する。 The shooting control unit 245, the registration unit 246, and the display control unit 248 correspond to the shooting control unit 451, the registration unit 452, and the display control unit 454 described in the second embodiment, respectively. However, the photographing control unit 245 outputs the registered image to the registration unit 246, but outputs the authentication image to the authentication control unit 242b.
 決定部244bは、認証制御装置200bの用途又は設置場所に応じて複数の生体認証方式の中から第1の生体認証方式を決定する。認証制御部242bは、決定された第1の生体認証方式に対応する第1の生体認証を制御する。
 上記以外の構成については、実施形態2と同様であるので、それらの説明を省略する。 The determination unit 244b determines a first biometric authentication method from a plurality of biometric authentication methods according to the application or installation location of the authentication control device 200b. The authentication control unit 242b controls the first biometric authentication corresponding to the determined first biometric authentication method.
Since the configurations other than the above are the same as those in the second embodiment, their description will be omitted.
 以上説明したように、本実施形態にかかる認証制御装置200bによれば、実施形態2と同様の効果を奏することができる。 As described above, according to the authentication control device 200b according to the present embodiment, the same effect as that of the second embodiment can be obtained.
 なお、上述の実施形態では、ハードウェアの構成として説明したが、これに限定されるものではない。本開示は、任意の処理を、CPUにコンピュータプログラムを実行させることにより実現することも可能である。 Although described as a hardware configuration in the above-described embodiment, the present invention is not limited to this. The present disclosure can also be realized by causing the CPU to execute a computer program for arbitrary processing.
 上述の例において、プログラムは、様々なタイプの非一時的なコンピュータ可読媒体(non-transitory computer readable medium)を用いて格納され、コンピュータに供給することができる。非一時的なコンピュータ可読媒体は、様々なタイプの実体のある記録媒体(tangible storage medium)を含む。非一時的なコンピュータ可読媒体の例は、磁気記録媒体(例えばフレキシブルディスク、磁気テープ、ハードディスクドライブ)、光磁気記録媒体(例えば光磁気ディスク)、CD-ROM(Read Only Memory)、CD-R、CD-R/W、DVD(Digital Versatile Disc)、半導体メモリ(例えば、マスクROM、PROM(Programmable ROM)、EPROM(Erasable PROM)、フラッシュROM、RAM(Random Access Memory))を含む。また、プログラムは、様々なタイプの一時的なコンピュータ可読媒体(transitory computer readable medium)によってコンピュータに供給されてもよい。一時的なコンピュータ可読媒体の例は、電気信号、光信号、及び電磁波を含む。一時的なコンピュータ可読媒体は、電線及び光ファイバ等の有線通信路、又は無線通信路を介して、プログラムをコンピュータに供給できる。 In the above example, the program can be stored and supplied to the computer using various types of non-transitory computer readable medium. Non-temporary computer-readable media include various types of tangible storage mediums. Examples of non-temporary computer-readable media include magnetic recording media (eg, flexible disks, magnetic tapes, hard disk drives), magneto-optical recording media (eg, magneto-optical disks), CD-ROMs (ReadOnlyMemory), CD-Rs, Includes CD-R / W, DVD (DigitalVersatileDisc), semiconductor memory (eg, mask ROM, PROM (ProgrammableROM), EPROM (ErasablePROM), flash ROM, RAM (RandomAccessMemory)). The program may also be supplied to the computer by various types of transient computer readable medium. Examples of temporary computer readable media include electrical, optical, and electromagnetic waves. The temporary computer-readable medium can supply the program to the computer via a wired communication path such as an electric wire and an optical fiber, or a wireless communication path.
 なお、本開示は上記実施形態に限られたものではなく、趣旨を逸脱しない範囲で適宜変更することが可能である。また、本開示は、それぞれの実施形態を適宜組み合わせて実施されてもよい。
 例えば、上述の説明では第1及び第2の生体認証方式として顔認証及び虹彩認証を用いて説明したが、これ以外の生体認証方式でもよい。また、3つ以上の認証方式を用いて生体認証を行ってもよい。
 また、生体認証を複数用いる代わりに、生体認証と、生体認証以外の技術とを組み合わせてもよい。例えば、図9に示す例において、宿泊部屋前の認証では、従業員であるユーザU2は、顔認証及び虹彩認証に成功する必要がある。ここで、認証端末400は、例えばユーザU2が身に着けている制服や従業員の名札を撮影し、画像認識等によって、ユーザU2が従業員であるか否かを判定する。ユーザU2が従業員であると判定された場合、認証制御装置200は、ユーザU2に対しては顔認証を行わず、虹彩認証のみを行うこととしてもよい。これにより、例えばユーザU2がマスクをしている場合でも、マスクを外すことなく認証を行い、宿泊部屋に入室することが可能となる。 The present disclosure is not limited to the above embodiment, and can be appropriately modified without departing from the spirit. Further, the present disclosure may be carried out by appropriately combining the respective embodiments.
For example, in the above description, face authentication and iris authentication are used as the first and second biometric authentication methods, but other biometric authentication methods may be used. In addition, biometric authentication may be performed using three or more authentication methods.
Further, instead of using a plurality of biometric authentication, biometric authentication and a technique other than biometric authentication may be combined. For example, in the example shown in FIG. 9, in the authentication in front of the accommodation room, the user U2 who is an employee needs to succeed in face authentication and iris authentication. Here, the authentication terminal 400 photographs, for example, the uniform worn by the user U2 and the name tag of the employee, and determines whether or not the user U2 is an employee by image recognition or the like. When it is determined that the user U2 is an employee, the authentication control device 200 may perform only the iris authentication without performing face authentication on the user U2. As a result, for example, even if the user U2 is wearing a mask, it is possible to perform authentication without removing the mask and enter the accommodation room.
 上記の実施形態の一部又は全部は、以下の付記のようにも記載されうるが、以下には限られない。
 (付記1)
 所定のユーザの第1の生体情報及び第2の生体情報を取得する生体情報取得手段と、
 前記第1の生体情報を用いた第1の生体認証及び前記第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御する認証制御手段と、
 前記第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合、他方の生体認証の結果を用いるか否かを判定する判定手段と、
 を備える
 認証制御装置。
 (付記2)
 前記認証制御手段は、前記他方の生体認証の結果を用いると判定された場合に、前記他方の生体認証を制御する
 付記1に記載の認証制御装置。
 (付記3)
 前記判定手段は、
 前記一方の生体認証に成功した前記ユーザの属性を特定し、
 前記特定した属性に基づいて前記他方の生体認証の結果を用いるか否かを判定する
 付記1又は2に記載の認証制御装置。
 (付記4)
 前記生体情報取得手段は、所定の認証端末から前記第1の生体情報及び前記第2の生体情報を取得し、
 前記認証端末の用途又は設置場所に応じて複数の生体認証方式の中から第1の生体認証方式を決定する決定手段をさらに備え、
 前記認証制御手段は、前記決定された前記第1の生体認証方式に対応する前記第1の生体認証を制御する
 付記3に記載の認証制御装置。
 (付記5)
 前記判定手段は、前記認証端末の用途が決済処理を含む場合、前記他方の生体認証の結果を用いると判定する
 付記4に記載の認証制御装置。
 (付記6)
 前記認証端末は、生体認証の成功に応じて提供されるサービスの提供場所の入口に設置され、
 前記判定手段は、
 前記一方の生体認証に成功した前記ユーザの属性が前記サービスの提供者である場合、前記他方の生体認証の結果を用いると判定し、
 前記ユーザの属性が前記サービスの提供対象者である場合、前記他方の生体認証の結果を用いないと判定する
 付記4又は5に記載の認証制御装置。
 (付記7)
 前記認証端末は、生体認証の成功に応じて提供されるサービスの複数の提供対象者のそれぞれに対する複数のサービス提供場所への共通の入口に設置され、
 前記判定手段は、
 前記一方の生体認証に成功した前記ユーザの属性が前記サービスの提供対象者である場合、前記他方の生体認証の結果を用いると判定し、
 前記ユーザの属性が前記サービスの提供者である場合、前記他方の生体認証の結果を用いないと判定し、
 前記一方の生体認証は、前記他方の生体認証より認証精度が高い
 付記4乃至6のいずれか1項に記載の認証制御装置。
 (付記8)
 前記ユーザと前記第1の生体情報とを少なくとも対応付けた記憶手段をさらに備え、
 前記生体情報取得手段は、
 前記第1の生体認証に成功したユーザについて前記記憶手段に前記第2の生体情報が未登録の場合、当該ユーザから当該第2の生体情報を取得し、
 前記ユーザ及び前記第1の生体情報と前記取得した第2の生体情報とを対応付けて前記記憶手段に登録する
 付記1乃至7のいずれか1項に記載の認証制御装置。
 (付記9)
 前記認証制御手段は、複数の生体認証方式の中から、前記認証制御装置の用途又は設置場所に応じた第1の生体認証方式を決定し、前記決定された第1の生体認証方式に対応する前記第1の生体認証を制御する
 付記1乃至3のいずれか1項に記載の認証制御装置。
 (付記10)
 所定のユーザから複数種類の生体情報を取得する認証端末と、
 前記認証端末と接続された認証制御装置と、
 を備え、
 前記認証制御装置は、
 前記認証端末から前記ユーザの第1の生体情報及び第2の生体情報を取得し、
 前記第1の生体情報を用いた第1の生体認証及び前記第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御し、
 前記第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合、他方の生体認証の結果を用いるか否かを判定する
 認証システム。
 (付記11)
 前記認証制御装置は、
 前記他方の生体認証の結果を用いると判定された場合に、前記他方の生体認証を制御する
 付記10に記載の認証システム。
 (付記12)
 コンピュータが、
 所定のユーザの第1の生体情報及び第2の生体情報を取得し、
 前記第1の生体情報を用いた第1の生体認証及び前記第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御し、
 前記第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合、他方の生体認証の結果を用いるか否かを判定する
 認証制御方法。
 (付記13)
 所定のユーザの第1の生体情報及び第2の生体情報を取得する生体情報取得処理と、
 前記第1の生体情報を用いた第1の生体認証及び前記第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御する認証制御処理と、
 前記第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合、他方の生体認証の結果を用いるか否かを判定する判定処理と、
 をコンピュータに実行させる認証制御プログラムが格納された非一時的なコンピュータ可読媒体。 Some or all of the above embodiments may also be described, but not limited to:
(Appendix 1)
A biometric information acquisition means for acquiring the first biometric information and the second biometric information of a predetermined user, and
An authentication control means for controlling at least one of a first biometric authentication using the first biometric information and a second biometric authentication using the second biometric information.
When at least one of the first biometric authentication and the second biometric authentication is successful, a determination means for determining whether or not to use the result of the other biometric authentication.
Authentication control unit.
(Appendix 2)
The authentication control device according to Appendix 1, which controls the biometric authentication of the other, when it is determined that the authentication control means uses the result of the biometric authentication of the other.
(Appendix 3)
The determination means is
Identify the attributes of the user who succeeded in biometric authentication of one of the above,
The authentication control device according to Appendix 1 or 2, which determines whether or not to use the result of the other biometric authentication based on the specified attribute.
(Appendix 4)
The biometric information acquisition means acquires the first biometric information and the second biometric information from a predetermined authentication terminal.
Further provided with a determination means for determining a first biometric authentication method from a plurality of biometric authentication methods according to the use or installation location of the authentication terminal.
The authentication control device according to Appendix 3, wherein the authentication control means controls the first biometric authentication corresponding to the determined first biometric authentication method.
(Appendix 5)
The authentication control device according to Appendix 4, wherein the determination means determines to use the result of the other biometric authentication when the use of the authentication terminal includes payment processing.
(Appendix 6)
The authentication terminal is installed at the entrance of the service providing place provided according to the success of biometric authentication.
The determination means is
When the attribute of the user who succeeds in the biometric authentication of one of them is the provider of the service, it is determined that the result of the biometric authentication of the other is used.
The authentication control device according to Appendix 4 or 5, which determines that the result of biometric authentication of the other is not used when the attribute of the user is the provider of the service.
(Appendix 7)
The authentication terminal is installed at a common entrance to a plurality of service provision locations for each of the plurality of service recipients of the service provided according to the success of biometric authentication.
The determination means is
When the attribute of the user who succeeds in the biometric authentication of one of them is the provider of the service, it is determined that the result of the biometric authentication of the other is used.
When the attribute of the user is the provider of the service, it is determined that the result of the biometric authentication of the other is not used.
The authentication control device according to any one of Supplementary note 4 to 6, wherein the one biometric authentication has higher authentication accuracy than the other biometric authentication.
(Appendix 8)
Further provided with a storage means in which the user and the first biometric information are at least associated with each other.
The biometric information acquisition means is
When the second biometric information is not registered in the storage means for the user who succeeded in the first biometric authentication, the second biometric information is acquired from the user.
The authentication control device according to any one of Supplementary note 1 to 7, wherein the user and the first biometric information are associated with the acquired second biometric information and registered in the storage means.
(Appendix 9)
The authentication control means determines a first biometric authentication method according to the use or installation location of the authentication control device from a plurality of biometric authentication methods, and corresponds to the determined first biometric authentication method. The authentication control device according to any one of Supplementary note 1 to 3, which controls the first biometric authentication.
(Appendix 10)
An authentication terminal that acquires multiple types of biometric information from a given user,
The authentication control device connected to the authentication terminal and
Equipped with
The authentication control device is
The first biometric information and the second biometric information of the user are acquired from the authentication terminal, and the user's first biometric information and the second biometric information are acquired.
At least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information is controlled.
An authentication system for determining whether or not to use the result of the other biometric authentication when at least one of the first biometric authentication and the second biometric authentication is successful.
(Appendix 11)
The authentication control device is
The authentication system according to Appendix 10 that controls the biometric authentication of the other when it is determined to use the result of the biometric authentication of the other.
(Appendix 12)
The computer
Acquire the first biometric information and the second biometric information of a predetermined user,
At least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information is controlled.
An authentication control method for determining whether or not to use the result of the other biometric authentication when at least one of the first biometric authentication and the second biometric authentication is successful.
(Appendix 13)
The biometric information acquisition process for acquiring the first biometric information and the second biometric information of a predetermined user, and
Authentication control processing that controls at least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information, and
When at least one of the first biometric authentication and the second biometric authentication is successful, a determination process for determining whether or not to use the result of the other biometric authentication, and
A non-temporary computer-readable medium that contains an authentication control program that causes a computer to run.
 10 認証制御装置
 11 生体情報取得部
 12 認証制御部
 13 判定部
 100 認証装置
 110 生体情報DB
 111 ユーザID
 112 生体特徴情報
 113 生体認証方式
 120 検出部
 130 特徴点抽出部
 140 登録部
 150 認証部
 200、200a、200b 認証制御装置
 210 記憶部
 211 プログラム
 212 属性情報
 213 認証方式情報
 214 生体情報
 220 メモリ
 230 通信部
 240 制御部
 241、241a 生体情報取得部
 242、242a、242b 認証制御部
 243 判定部
 244 決定部
 400、400a~400g 認証端末
 410 第1のカメラ
 411 第2のカメラ
 420 記憶部
 430 通信部
 440 表示部
 450 制御部
 451 撮影制御部
 452 登録部
 453 認証制御部
 454 表示制御部
 1000 認証システム
 2121 ユーザID
 2122 属性
 2131 場所ID
 2132 用途
 2133 属性
 2134 認証方式
 2141 ユーザID
 2142 生体特徴情報
 2143 生体認証方式
 N ネットワーク
 U ユーザ 10 Authentication control device 11 Biometric information acquisition unit 12 Authentication control unit 13 Judgment unit 100 Authentication device 110 Biometric information DB
111 User ID
112 Biometric information 113 Biometric authentication method 120 Detection unit 130 Feature point extraction unit 140 Registration unit 150 Authentication unit 200, 200a, 200b Authentication control device 210 Storage unit 211 Program 212 Attribute information 213 Authentication method information 214 Biometric information 220 Memory 230 Communication unit 240 Control unit 241 and 241a Biometric information acquisition unit 242, 242a, 242b Authentication control unit 243 Judgment unit 244 Decision unit 400, 400a to 400g Authentication terminal 410 First camera 411 Second camera 420 Storage unit 430 Communication unit 440 Display unit 450 Control unit 451 Shooting control unit 452 Registration unit 453 Authentication control unit 454 Display control unit 1000 Authentication system 2121 User ID
2122 attribute 2131 location ID
2132 Usage 2133 Attribute 2134 Authentication method 2141 User ID
2142 Biometric information 2143 Biometric authentication method N network U user

Claims (13)

  1.  所定のユーザの第1の生体情報及び第2の生体情報を取得する生体情報取得手段と、
     前記第1の生体情報を用いた第1の生体認証及び前記第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御する認証制御手段と、
     前記第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合、他方の生体認証の結果を用いるか否かを判定する判定手段と、
     を備える
     認証制御装置。     A biometric information acquisition means for acquiring the first biometric information and the second biometric information of a predetermined user, and
    An authentication control means for controlling at least one of a first biometric authentication using the first biometric information and a second biometric authentication using the second biometric information.
    When at least one of the first biometric authentication and the second biometric authentication is successful, a determination means for determining whether or not to use the result of the other biometric authentication.
    Authentication control unit.
  2.  前記認証制御手段は、前記他方の生体認証の結果を用いると判定された場合に、前記他方の生体認証を制御する
     請求項1に記載の認証制御装置。     The authentication control device according to claim 1, wherein the authentication control means controls the biometric authentication of the other when it is determined to use the result of the biometric authentication of the other.
  3.  前記判定手段は、
     前記一方の生体認証に成功した前記ユーザの属性を特定し、
     前記特定した属性に基づいて前記他方の生体認証の結果を用いるか否かを判定する
     請求項1又は2に記載の認証制御装置。     The determination means is
    Identify the attributes of the user who succeeded in biometric authentication of one of the above,
    The authentication control device according to claim 1 or 2, wherein it is determined whether or not to use the result of the other biometric authentication based on the specified attribute.
  4.  前記生体情報取得手段は、所定の認証端末から前記第1の生体情報及び前記第2の生体情報を取得し、
     前記認証端末の用途又は設置場所に応じて複数の生体認証方式の中から第1の生体認証方式を決定する決定手段をさらに備え、
     前記認証制御手段は、前記決定された前記第1の生体認証方式に対応する前記第1の生体認証を制御する
     請求項3に記載の認証制御装置。     The biometric information acquisition means acquires the first biometric information and the second biometric information from a predetermined authentication terminal.
    Further provided with a determination means for determining a first biometric authentication method from a plurality of biometric authentication methods according to the use or installation location of the authentication terminal.
    The authentication control device according to claim 3, wherein the authentication control means controls the first biometric authentication corresponding to the determined first biometric authentication method.
  5.  前記判定手段は、前記認証端末の用途が決済処理を含む場合、前記他方の生体認証の結果を用いると判定する
     請求項4に記載の認証制御装置。     The authentication control device according to claim 4, wherein the determination means determines to use the result of the other biometric authentication when the use of the authentication terminal includes payment processing.
  6.  前記認証端末は、生体認証の成功に応じて提供されるサービスの提供場所の入口に設置され、
     前記判定手段は、
     前記一方の生体認証に成功した前記ユーザの属性が前記サービスの提供者である場合、前記他方の生体認証の結果を用いると判定し、
     前記ユーザの属性が前記サービスの提供対象者である場合、前記他方の生体認証の結果を用いないと判定する
     請求項4又は5に記載の認証制御装置。     The authentication terminal is installed at the entrance of the service providing place provided according to the success of biometric authentication.
    The determination means is
    When the attribute of the user who succeeds in the biometric authentication of one of them is the provider of the service, it is determined that the result of the biometric authentication of the other is used.
    The authentication control device according to claim 4 or 5, wherein when the attribute of the user is the provider of the service, it is determined that the result of the biometric authentication of the other is not used.
  7.  前記認証端末は、生体認証の成功に応じて提供されるサービスの複数の提供対象者のそれぞれに対する複数のサービス提供場所への共通の入口に設置され、
     前記判定手段は、
     前記一方の生体認証に成功した前記ユーザの属性が前記サービスの提供対象者である場合、前記他方の生体認証の結果を用いると判定し、
     前記ユーザの属性が前記サービスの提供者である場合、前記他方の生体認証の結果を用いないと判定し、
     前記一方の生体認証は、前記他方の生体認証より認証精度が高い
     請求項4乃至6のいずれか1項に記載の認証制御装置。     The authentication terminal is installed at a common entrance to a plurality of service provision locations for each of the plurality of service recipients of the service provided according to the success of biometric authentication.
    The determination means is
    When the attribute of the user who succeeds in the biometric authentication of one of them is the provider of the service, it is determined that the result of the biometric authentication of the other is used.
    When the attribute of the user is the provider of the service, it is determined that the result of the biometric authentication of the other is not used.
    The authentication control device according to any one of claims 4 to 6, wherein the one biometric authentication has higher authentication accuracy than the other biometric authentication.
  8.  前記ユーザと前記第1の生体情報とを少なくとも対応付けた記憶手段をさらに備え、
     前記生体情報取得手段は、
     前記第1の生体認証に成功したユーザについて前記記憶手段に前記第2の生体情報が未登録の場合、当該ユーザから当該第2の生体情報を取得し、
     前記ユーザ及び前記第1の生体情報と前記取得した第2の生体情報とを対応付けて前記記憶手段に登録する
     請求項1乃至7のいずれか1項に記載の認証制御装置。     Further provided with a storage means in which the user and the first biometric information are at least associated with each other.
    The biometric information acquisition means is
    When the second biometric information is not registered in the storage means for the user who succeeded in the first biometric authentication, the second biometric information is acquired from the user.
    The authentication control device according to any one of claims 1 to 7, wherein the user and the first biometric information are associated with the acquired second biometric information and registered in the storage means.
  9.  前記認証制御手段は、複数の生体認証方式の中から、前記認証制御装置の用途又は設置場所に応じた第1の生体認証方式を決定し、前記決定された第1の生体認証方式に対応する前記第1の生体認証を制御する
     請求項1乃至3のいずれか1項に記載の認証制御装置。     The authentication control means determines a first biometric authentication method according to the use or installation location of the authentication control device from a plurality of biometric authentication methods, and corresponds to the determined first biometric authentication method. The authentication control device according to any one of claims 1 to 3, which controls the first biometric authentication.
  10.  所定のユーザから複数種類の生体情報を取得する認証端末と、
     前記認証端末と接続された認証制御装置と、
     を備え、
     前記認証制御装置は、
     前記認証端末から前記ユーザの第1の生体情報及び第2の生体情報を取得し、
     前記第1の生体情報を用いた第1の生体認証及び前記第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御し、
     前記第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合、他方の生体認証の結果を用いるか否かを判定する
     認証システム。     An authentication terminal that acquires multiple types of biometric information from a given user,
    The authentication control device connected to the authentication terminal and
    Equipped with
    The authentication control device is
    The first biometric information and the second biometric information of the user are acquired from the authentication terminal, and the user's first biometric information and the second biometric information are acquired.
    At least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information is controlled.
    An authentication system for determining whether or not to use the result of the other biometric authentication when at least one of the first biometric authentication and the second biometric authentication is successful.
  11.  前記認証制御装置は、
     前記他方の生体認証の結果を用いると判定された場合に、前記他方の生体認証を制御する
     請求項10に記載の認証システム。     The authentication control device is
    The authentication system according to claim 10, wherein when it is determined to use the result of the other biometric authentication, the other biometric authentication is controlled.
  12.  コンピュータが、
     所定のユーザの第1の生体情報及び第2の生体情報を取得し、
     前記第1の生体情報を用いた第1の生体認証及び前記第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御し、
     前記第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合、他方の生体認証の結果を用いるか否かを判定する
     認証制御方法。     The computer
    Acquire the first biometric information and the second biometric information of a predetermined user,
    At least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information is controlled.
    An authentication control method for determining whether or not to use the result of the other biometric authentication when at least one of the first biometric authentication and the second biometric authentication is successful.
  13.  所定のユーザの第1の生体情報及び第2の生体情報を取得する生体情報取得処理と、
     前記第1の生体情報を用いた第1の生体認証及び前記第2の生体情報を用いた第2の生体認証のうち少なくとも一方を制御する認証制御処理と、
     前記第1の生体認証及び前記第2の生体認証のうち少なくとも一方が成功した場合、他方の生体認証の結果を用いるか否かを判定する判定処理と、
     をコンピュータに実行させる認証制御プログラムが格納された非一時的なコンピュータ可読媒体。     The biometric information acquisition process for acquiring the first biometric information and the second biometric information of a predetermined user, and
    Authentication control processing that controls at least one of the first biometric authentication using the first biometric information and the second biometric authentication using the second biometric information, and
    When at least one of the first biometric authentication and the second biometric authentication is successful, a determination process for determining whether or not to use the result of the other biometric authentication, and
    A non-temporary computer-readable medium that contains an authentication control program that causes a computer to run.
PCT/JP2020/032660 2020-08-28 2020-08-28 Authentication control device, authentication system, authentication control method, and non-transitory computer-readable medium WO2022044274A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2020/032660 WO2022044274A1 (en) 2020-08-28 2020-08-28 Authentication control device, authentication system, authentication control method, and non-transitory computer-readable medium
JP2022545212A JPWO2022044274A5 (en) 2020-08-28 Authentication control device, authentication system, authentication control method and authentication control program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/032660 WO2022044274A1 (en) 2020-08-28 2020-08-28 Authentication control device, authentication system, authentication control method, and non-transitory computer-readable medium

Publications (1)

Publication Number Publication Date
WO2022044274A1 true WO2022044274A1 (en) 2022-03-03

Family

ID=80352932

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/032660 WO2022044274A1 (en) 2020-08-28 2020-08-28 Authentication control device, authentication system, authentication control method, and non-transitory computer-readable medium

Country Status (1)

Country Link
WO (1) WO2022044274A1 (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005317049A (en) * 2001-04-17 2005-11-10 Matsushita Electric Ind Co Ltd Personal authentication system and method
JP2007066330A (en) * 2006-11-15 2007-03-15 Toppan Printing Co Ltd Authentication device and its method
JP2007193476A (en) * 2006-01-18 2007-08-02 Hitachi Omron Terminal Solutions Corp Biometrics authentication device and transaction processing method using biometrics authentication
JP2011123532A (en) * 2009-12-08 2011-06-23 Hitachi Ltd System and method of biometric authentication using multiple kinds of templates
JP2013030124A (en) * 2011-07-29 2013-02-07 Nippon Telegr & Teleph Corp <Ntt> User authentication system, method, program, and device
JP2015203974A (en) * 2014-04-14 2015-11-16 三菱電機株式会社 authentication system
JP2017060103A (en) * 2015-09-18 2017-03-23 ヤフー株式会社 Selection device, selection method, selection program and authentication processing system
US20200026939A1 (en) * 2018-07-20 2020-01-23 Lg Electronics Inc. Electronic device and method for controlling the same

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005317049A (en) * 2001-04-17 2005-11-10 Matsushita Electric Ind Co Ltd Personal authentication system and method
JP2007193476A (en) * 2006-01-18 2007-08-02 Hitachi Omron Terminal Solutions Corp Biometrics authentication device and transaction processing method using biometrics authentication
JP2007066330A (en) * 2006-11-15 2007-03-15 Toppan Printing Co Ltd Authentication device and its method
JP2011123532A (en) * 2009-12-08 2011-06-23 Hitachi Ltd System and method of biometric authentication using multiple kinds of templates
JP2013030124A (en) * 2011-07-29 2013-02-07 Nippon Telegr & Teleph Corp <Ntt> User authentication system, method, program, and device
JP2015203974A (en) * 2014-04-14 2015-11-16 三菱電機株式会社 authentication system
JP2017060103A (en) * 2015-09-18 2017-03-23 ヤフー株式会社 Selection device, selection method, selection program and authentication processing system
US20200026939A1 (en) * 2018-07-20 2020-01-23 Lg Electronics Inc. Electronic device and method for controlling the same

Also Published As

Publication number Publication date
JPWO2022044274A1 (en) 2022-03-03

Similar Documents

Publication Publication Date Title
JP6787391B2 (en) Face matching system, face matching method, and program
JP7050231B2 (en) Face image processing method and face image processing device
US11798332B2 (en) Information processing apparatus, information processing system, and information processing method
WO2022059081A1 (en) Input control device, input system, input control method, and non-transitory computer-readable medium
US20230342451A1 (en) Information processing device
JP7196932B2 (en) Information processing device, information processing method, and program
JP2017151832A (en) Wait time calculation system
JP2018077552A (en) Gate control system and method thereof
JP2024056872A (en) Stay management apparatus, stay management method, and program
JP2023025299A (en) Facility management device, facility management method, and computer program
JP2021068371A (en) Accommodation management system, accommodation management apparatus, accommodation management method, and computer program
JP7505557B2 (en) Information processing device, face recognition promotion system, information processing method, and program
JP5117865B2 (en) Biometric authentication system, biometric authentication method, and biometric authentication program
WO2021191986A1 (en) Visit assistance device, visit assistance method, and non-transitory computer-readable medium storing program
WO2022044274A1 (en) Authentication control device, authentication system, authentication control method, and non-transitory computer-readable medium
US20230086771A1 (en) Data management system, data management method, and data management program
WO2022003852A1 (en) Authentication control device, authentication control system, authentication control method, and non-transitory computer readable medium
WO2022003853A1 (en) Authentication control device, authentication control system, authentication control method, and non-transitory computer-readable medium
WO2014092665A1 (en) Integrated user authentication system in self-service machines
US20240243923A1 (en) Facility usage control apparatus, system, method, and computer readable medium
JP7332079B1 (en) Terminal, system, terminal control method and program
WO2022065059A1 (en) Authentication system
WO2023176167A1 (en) Registration device, registration method, and program
WO2022176042A1 (en) Server device, system, biometric authentication method, and recording medium
WO2022190310A1 (en) Entry control device, entry control system, entry control method, and non-transitory computer-readable medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20951524

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2022545212

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20951524

Country of ref document: EP

Kind code of ref document: A1